From: Todd C. Miller <Todd.Miller@courtesan.com>
Date: Fri, 18 Jan 2008 22:32:52 +0000 (+0000)
Subject: When copying gr_mem we must guarantee that the storage space for
X-Git-Tag: SUDO_1_7_0~223
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=2a5a01c22dbacd368766bcf3357ef830f90c83aa;p=sudo

When copying gr_mem we must guarantee that the storage space for
gr_mem is properly aligned.  The simplest way to do this is to
simply store gr_mem directly after struct group.  This is not a
problem for gr_passwd or gr_name as they are simple strings.
---

diff --git a/pwutil.c b/pwutil.c
index 1b0224b7d..f8ddac839 100644
--- a/pwutil.c
+++ b/pwutil.c
@@ -458,12 +458,11 @@ sudo_grdup(gr)
 
     /*
      * Copy in group contents and make strings relative to space
-     * at the end of the buffer.
+     * at the end of the buffer.  Note that gr_mem must come
+     * immediately after struct group to guarantee proper alignment.
      */
     (void)memcpy(newgr, gr, sizeof(struct group));
     cp += sizeof(struct group);
-    FIELD_COPY(gr, newgr, gr_name, nsize);
-    FIELD_COPY(gr, newgr, gr_passwd, psize);
     if (gr->gr_mem) {
 	newgr->gr_mem = (char **)cp;
 	cp += sizeof(char *) * nmem;
@@ -475,6 +474,8 @@ sudo_grdup(gr)
 	}
 	newgr->gr_mem[nmem] = NULL;
     }
+    FIELD_COPY(gr, newgr, gr_passwd, psize);
+    FIELD_COPY(gr, newgr, gr_name, nsize);
 
     return(newgr);
 }