The branch main has been updated by kevans:
URL:
https://cgit.FreeBSD.org/src/commit/?id=91ea7e2ce2b5b2ff4702c3092cfe944862d58172
commit 91ea7e2ce2b5b2ff4702c3092cfe944862d58172
Author: Kyle Evans <kev...@freebsd.org>
AuthorDate: 2025-09-13 22:19:46 +0000
Commit: Kyle Evans <kev...@freebsd.org>
CommitDate: 2025-09-13 22:19:46 +0000
libc: fix the _FORTIFY_SOURCE build of getgrouplist(3)
We need <unistd.h> to get our prototype normally, but WARNS in libc is
way too low to surface that.
Additionally, _FORTIFY_SOURCE needs to include <ssp/unistd.h> by way of
<unistd.h> to actually export an implementation of getgrouplist(3). The
version defined in the .c gets named __ssp_real_getgrouplist() and the
actual implementation comes from the redirect stub in <ssp/unistd.h>,
which basically gets optimized away in the built object because our
__builtin_object_size() check is trivially false when we cannot resolve
any object sizes in this translation unit.
This could be argued as a design flaw in _FORTIFY_SOURCE, but we should
grab <unistd.h> for our prototype anyways so let's kick the can down
the road instead of re-thinking it for 15.0.
Reported by: Shawn Webb (HardenedBSD)
Fixes: d3f8ed6066 ("getgrouplist(3): Remove superfluous [...]")
MFC after: 3 days
---
lib/libc/gen/getgrouplist.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/lib/libc/gen/getgrouplist.c b/lib/libc/gen/getgrouplist.c
index cb23b9b2316d..9c57b7031336 100644
--- a/lib/libc/gen/getgrouplist.c
+++ b/lib/libc/gen/getgrouplist.c
@@ -31,6 +31,7 @@
#include <sys/types.h>
+#include <unistd.h>
#include <ssp/ssp.h>
extern int __getgroupmembership(const char *, gid_t, gid_t *, int, int *);
