kernel/groups.c: fix integer overflow in groups_search gid_t is a unsigned int. If group_info contains a gid greater than MAX_INT, groups_search() function may look on the wrong side of the search tree. This solves some unfair "permission denied" problems. Signed-off-by: Jerome Marchand <jmarchan@redhat.com> Cc: <stable@kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

commit: 1c24de60e50fb19b94d94225458da17c720f0729 [log] [tgz]
author: Jerome Marchand <jmarchan@redhat.com> Thu Sep 09 16:37:59 2010 -0700
committer: Linus Torvalds <torvalds@linux-foundation.org> Thu Sep 09 18:57:24 2010 -0700
tree: a225907a1b341f629037805f086add137e176f4a
parent: 94131e174fedd9f3f9bb148cee4be12f2d46d68e [diff]
diff --git a/kernel/groups.c b/kernel/groups.c
index 53b1916..253dc0f 100644
--- a/kernel/groups.c
+++ b/kernel/groups.c

@@ -143,10 +143,9 @@
 	right = group_info->ngroups;
 	while (left < right) {
 		unsigned int mid = (left+right)/2;
-		int cmp = grp - GROUP_AT(group_info, mid);
-		if (cmp > 0)
+		if (grp > GROUP_AT(group_info, mid))
 			left = mid + 1;
-		else if (cmp < 0)
+		else if (grp < GROUP_AT(group_info, mid))
 			right = mid;
 		else
 			return 1;
commit	1c24de60e50fb19b94d94225458da17c720f0729	[log] [tgz]
author	Jerome Marchand <jmarchan@redhat.com>	Thu Sep 09 16:37:59 2010 -0700
committer	Linus Torvalds <torvalds@linux-foundation.org>	Thu Sep 09 18:57:24 2010 -0700
tree	a225907a1b341f629037805f086add137e176f4a
parent	94131e174fedd9f3f9bb148cee4be12f2d46d68e [diff]