Kernel: Harden sys$setgroups Vector usage against OOM

author: Brian Gianforcaro <bgianf@serenityos.org> 2021-04-30 03:10:55 -0700
committer: Linus Groh <mail@linusgroh.de> 2021-05-01 09:10:30 +0200
commit: a678851b41b4cc940ff0bc7016a05dc5b8b04e2f (patch)
tree: 6406ac04f5f4fec7ba77f99d2cfd8424babb9e99 /Kernel/Syscalls/setuid.cpp
parent: f0568bff9b344586dfa4ca2cd3d60fda426fabe6 (diff)
download: serenity-a678851b41b4cc940ff0bc7016a05dc5b8b04e2f.zip
1 files changed, 4 insertions, 2 deletions
diff --git a/Kernel/Syscalls/setuid.cpp b/Kernel/Syscalls/setuid.cpp
index e5453287c1..729a9f2196 100644
--- a/Kernel/Syscalls/setuid.cpp
+++ b/Kernel/Syscalls/setuid.cpp
@@ -163,7 +163,8 @@ KResultOr<int> Process::sys$setgroups(ssize_t count, Userspace<const gid_t*> use
     }
 
     Vector<gid_t> new_extra_gids;
-    new_extra_gids.resize(count);
+    if (!new_extra_gids.try_resize(count))
+        return ENOMEM;
     if (!copy_n_from_user(new_extra_gids.data(), user_gids, count))
         return EFAULT;
 
@@ -174,7 +175,8 @@ KResultOr<int> Process::sys$setgroups(ssize_t count, Userspace<const gid_t*> use
     }
 
     ProtectedDataMutationScope scope { *this };
-    m_extra_gids.resize(unique_extra_gids.size());
+    if (!m_extra_gids.try_resize(unique_extra_gids.size()))
+        return ENOMEM;
     size_t i = 0;
     for (auto& extra_gid : unique_extra_gids) {
         if (extra_gid == gid())
author	Brian Gianforcaro <bgianf@serenityos.org>	2021-04-30 03:10:55 -0700
committer	Linus Groh <mail@linusgroh.de>	2021-05-01 09:10:30 +0200
commit	a678851b41b4cc940ff0bc7016a05dc5b8b04e2f (patch)
tree	6406ac04f5f4fec7ba77f99d2cfd8424babb9e99 /Kernel/Syscalls/setuid.cpp
parent	f0568bff9b344586dfa4ca2cd3d60fda426fabe6 (diff)
download	serenity-a678851b41b4cc940ff0bc7016a05dc5b8b04e2f.zip