The branch main has been updated by kevans:
URL:
https://cgit.FreeBSD.org/src/commit/?id=08f5e06c5e3332de231a664ffd6f7856e9fead07
commit 08f5e06c5e3332de231a664ffd6f7856e9fead07
Author: Kyle Evans <kev...@freebsd.org>
AuthorDate: 2025-08-15 15:08:18 +0000
Commit: Kyle Evans <kev...@freebsd.org>
CommitDate: 2025-08-15 15:08:18 +0000
kern: fix freebsd14 getgroups(2) compat
We need to actually copyout the remainder of the groups if the egid
succeeded, not failed. My test that was designed to catch this along
with the previously-found syzkaller panic did not zero out the groups
array prior to re-fetching, so it did not catch that entries beyond the
first were not actually populated.
Pointy hat: kevans
Fixes: 9da2fe96ff ("kern: fix setgroups(2) and getgroups(2) [...]")
---
sys/kern/kern_prot.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/sys/kern/kern_prot.c b/sys/kern/kern_prot.c
index beab30a9d157..dac0e40b0599 100644
--- a/sys/kern/kern_prot.c
+++ b/sys/kern/kern_prot.c
@@ -332,7 +332,7 @@ freebsd14_getgroups(struct thread *td, struct
freebsd14_getgroups_args *uap)
}
error = copyout(&cred->cr_gid, uap->gidset, sizeof(gid_t));
- if (error != 0)
+ if (error == 0)
error = copyout(cred->cr_groups, uap->gidset + 1,
(ngrp - 1) * sizeof(gid_t));
