1 files changed, 38 insertions, 13 deletions

diff --git a/libtrivfs/io-restrict-auth.c b/libtrivfs/io-restrict-auth.c
index a1324410..9ff6168e 100644
--- a/libtrivfs/io-restrict-auth.c
+++ b/libtrivfs/io-restrict-auth.c
@@ -1,5 +1,5 @@
 /*
-   Copyright (C) 1993, 1994, 1995, 1996 Free Software Foundation
+   Copyright (C) 1993,94,95,96,2001 Free Software Foundation
 
 This file is part of the GNU Hurd.
 
@@ -44,7 +44,7 @@ trivfs_S_io_restrict_auth (struct trivfs_protid *cred,
 			   uid_t *gids, u_int ngids)
 {
   int i;
-  error_t err = 0;
+  error_t err;
   struct trivfs_protid *newcred;
   struct idvec *uvec, *gvec;
   struct iouser *user;
@@ -52,26 +52,51 @@ trivfs_S_io_restrict_auth (struct trivfs_protid *cred,
   if (!cred)
     return EOPNOTSUPP;
   
-  uvec = make_idvec ();
-  gvec = make_idvec ();
-
-  user = iohelp_create_iouser (uvec, gvec);
-
   if (cred->isroot)
+    /* CRED has root access, and so may use any ids.  */
     {
-      /* CRED has root access, and so may use any ids.  */
-      idvec_set_ids (uvec, uids, nuids);
-      idvec_set_ids (gvec, gids, ngids);
+      err = iohelp_create_complex_iouser (&user, uids, nuids, gids, ngids);
+      if (err)
+        return err;
     }
   else
     {
+      uvec = make_idvec ();
+      if (! uvec)
+        return ENOMEM;
+
+      gvec = make_idvec ();
+      if (! gvec)
+        {
+	  idvec_free (uvec);
+	  return ENOMEM;
+	}
+
       /* Otherwise, use any of the requested ids that CRED already has.  */
       for (i = 0; i < cred->user->uids->num; i++)
 	if (listmember (uids, cred->user->uids->ids[i], nuids))
-	  idvec_add (uvec, cred->user->uids->ids[i]);
+	  {
+	    err = idvec_add (uvec, cred->user->uids->ids[i]);
+	    if (err)
+	      goto out;
+	  }
+
       for (i = 0; i < cred->user->gids->num; i++)
 	if (listmember (gids, cred->user->gids->ids[i], ngids))
-	  idvec_add (gvec, cred->user->gids->ids[i]);
+	  {
+	    err = idvec_add (gvec, cred->user->gids->ids[i]);
+	    if (err)
+	      goto out;
+	  }
+
+      err = iohelp_create_iouser (&user, uvec, gvec);
+      if (err)
+        {
+	out:
+	  idvec_free (uvec);
+	  idvec_free (gvec);
+	  return err;
+	}
     }
 
   err = ports_create_port (cred->po->cntl->protid_class,
@@ -89,7 +114,7 @@ trivfs_S_io_restrict_auth (struct trivfs_protid *cred,
   newcred->po = cred->po;
   newcred->po->refcnt++;
   mutex_unlock (&cred->po->cntl->lock);
-  if (cred->isroot && idvec_contains (uvec, 0))
+  if (cred->isroot && idvec_contains (user->uids, 0))
     newcred->isroot = 1;
   newcred->user = user;
   newcred->hook = cred->hook;