Open alejandro-colomar opened 1 year ago
The patch would be:
diff --git a/src/nxt_clone.c b/src/nxt_clone.c
index a9b39ac1..5395ab80 100644
--- a/src/nxt_clone.c
+++ b/src/nxt_clone.c
@@ -395,12 +395,6 @@ nxt_clone_vldt_credential_gidmap(nxt_task_t *task,
for (j = 0; j < map->size; j++) {
m = map->map[j];
- if (!base_ok && creds->base_gid >= (nxt_gid_t) m.container
- && creds->base_gid < (nxt_gid_t) (m.container+m.size))
- {
- base_ok = 1;
- }
-
if (creds->gids[i] >= (nxt_gid_t) m.container
&& creds->gids[i] < (nxt_gid_t) (m.container+m.size))
{
@@ -414,16 +408,14 @@ nxt_clone_vldt_credential_gidmap(nxt_task_t *task,
}
}
- if (!base_ok) {
- for (i = 0; i < map->size; i++) {
- m = map->map[i];
+ for (i = 0; i < map->size; i++) {
+ m = map->map[i];
- if (creds->base_gid >= (nxt_gid_t) m.container
- && creds->base_gid < (nxt_gid_t) (m.container+m.size))
- {
- base_ok = 1;
- break;
- }
+ if (creds->base_gid >= (nxt_gid_t) m.container
+ && creds->base_gid < (nxt_gid_t) (m.container+m.size))
+ {
+ base_ok = 1;
+ break;
}
}
Consider the following code:
It's running the check for
base_ok
many times in a loop (once for every suplementary group), and the result will be the same always, and then once again after the loop. I believe we can keep the last check and remove the first one (the one within the supplementary groups' loop).I'm suggesting this as a prepatch for the fix for https://github.com/nginx/unit/issues/788, since this code affects the fix. I'd like to make sure I'm not missing something.