(getgrouplist): Don't copy too much into the user buffer if more
groups are found than fit into it.
(fixes CAN-2003-0689)
===================================================================
RCS file: /cvs/glibc/libc/grp/initgroups.c,v
retrieving revision 1.28
retrieving revision 1.29
diff -u -r1.28 -r1.29
--- libc/grp/initgroups.c	2002/03/13 17:51:09	1.28
+++ libc/grp/initgroups.c	2003/04/23 21:26:34	1.29
@@ -1,4 +1,4 @@
-/* Copyright (C) 1989,91,93,1996-2001, 2002 Free Software Foundation, Inc.
+/* Copyright (C) 1989,91,93,1996-2002, 2003 Free Software Foundation, Inc.
    This file is part of the GNU C Library.
 
    The GNU C Library is free software; you can redistribute it and/or
@@ -23,6 +23,7 @@
 #include <stdlib.h>
 #include <string.h>
 #include <unistd.h>
+#include <sys/param.h>
 #include <sys/types.h>
 #include <nsswitch.h>
 
@@ -207,6 +208,9 @@
     return -1;
 
   result = internal_getgrouplist (user, group, &size, &newgroups, -1);
+
+  memcpy (groups, newgroups, MIN (*ngroups, result) * sizeof (gid_t));
+
   if (result > *ngroups)
     {
       *ngroups = result;
@@ -215,8 +219,6 @@
   else
     *ngroups = result;
 
-  memcpy (groups, newgroups, *ngroups * sizeof (gid_t));
-
   free (newgroups);
   return result;
 }