From 92b064f43d537ce62387489f6048660bb2df469d Mon Sep 17 00:00:00 2001
From: Mateusz Guzik <mjg@FreeBSD.org>
Date: Sun, 26 Oct 2014 05:39:42 +0000
Subject: [PATCH] Use a temporary buffer in sys_setgroups for requests with <=
 XU_NGROUPS groups.

Submitted by:	Tiwei Bie <btw mail.ustc.edu.cn>
X-Additional: JuniorJobs project
MFC after:	2 weeks
---
 sys/kern/kern_prot.c | 17 ++++++++++++-----
 1 file changed, 12 insertions(+), 5 deletions(-)

diff --git a/sys/kern/kern_prot.c b/sys/kern/kern_prot.c
index f12468d83562..73f6ab7fbfbd 100644
--- a/sys/kern/kern_prot.c
+++ b/sys/kern/kern_prot.c
@@ -806,17 +806,24 @@ int
 sys_setgroups(struct thread *td, struct setgroups_args *uap)
 {
 	gid_t *groups = NULL;
+	gid_t smallgroups[XU_NGROUPS];
+	u_int gidsetsize;
 	int error;
 
-	if (uap->gidsetsize > ngroups_max + 1)
+	gidsetsize = uap->gidsetsize;
+	if (gidsetsize > ngroups_max + 1)
 		return (EINVAL);
-	groups = malloc(uap->gidsetsize * sizeof(gid_t), M_TEMP, M_WAITOK);
-	error = copyin(uap->gidset, groups, uap->gidsetsize * sizeof(gid_t));
+	if (gidsetsize > XU_NGROUPS)
+		groups = malloc(gidsetsize * sizeof(gid_t), M_TEMP, M_WAITOK);
+	else
+		groups = smallgroups;
+	error = copyin(uap->gidset, groups, gidsetsize * sizeof(gid_t));
 	if (error)
 		goto out;
-	error = kern_setgroups(td, uap->gidsetsize, groups);
+	error = kern_setgroups(td, gidsetsize, groups);
 out:
-	free(groups, M_TEMP);
+	if (gidsetsize > XU_NGROUPS)
+		free(groups, M_TEMP);
 	return (error);
 }