Using snprintf to build up argv seems archaic. * daemon/remote.c (remoteDispatchAuthPolkit): Modernize command call. --- daemon/remote.c | 42 +++++++++++++++++------------------------- 1 files changed, 17 insertions(+), 25 deletions(-) diff --git a/daemon/remote.c b/daemon/remote.c index b158b8b..7f552a7 100644 --- a/daemon/remote.c +++ b/daemon/remote.c @@ -2468,26 +2468,17 @@ remoteDispatchAuthPolkit(virNetServerPtr server ATTRIBUTE_UNUSED, uid_t callerUid = -1; const char *action; int status = -1; - char pidbuf[50]; - char ident[100]; - int rv = -1; + char *ident = NULL; struct daemonClientPrivate *priv = virNetServerClientGetPrivateData(client); - - memset(ident, 0, sizeof ident); + virCommandPtr cmd = NULL; virMutexLock(&priv->lock); action = virNetServerClientGetReadonly(client) ? "org.libvirt.unix.monitor" : "org.libvirt.unix.manage"; - const char * const pkcheck [] = { - PKCHECK_PATH, - "--action-id", action, - "--process", pidbuf, - "--allow-user-interaction", - NULL - }; + cmd = virCommandNewArgList(PKCHECK_PATH, "--action-id", action, NULL); VIR_DEBUG("Start PolicyKit auth %d", virNetServerClientGetFD(client)); if (virNetServerClientGetAuth(client) != VIR_NET_SERVER_SERVICE_AUTH_POLKIT) { @@ -2495,28 +2486,25 @@ remoteDispatchAuthPolkit(virNetServerPtr server ATTRIBUTE_UNUSED, goto authfail; } - if (virNetServerClientGetUNIXIdentity(client, &callerUid, &callerGid, &callerPid) < 0) { + if (virNetServerClientGetUNIXIdentity(client, &callerUid, &callerGid, + &callerPid) < 0) { goto authfail; } VIR_INFO("Checking PID %d running as %d", callerPid, callerUid); - rv = snprintf(pidbuf, sizeof pidbuf, "%d", callerPid); - if (rv < 0 || rv >= sizeof pidbuf) { - VIR_ERROR(_("Caller PID was too large %d"), callerPid); - goto authfail; - } + virCommandAddArg(cmd, "--process"); + virCommandAddArgFormat(cmd, "%d", callerPid); + virCommandAddArg(cmd, "--allow-user-interaction"); - rv = snprintf(ident, sizeof ident, "pid:%d,uid:%d", callerPid, callerUid); - if (rv < 0 || rv >= sizeof ident) { - VIR_ERROR(_("Caller identity was too large %d:%d"), callerPid, callerUid); + if (virAsprintf(&ident, "pid:%d,uid:%d", callerPid, callerUid) < 0) { + virReportOOMError(); goto authfail; } - if (virRun(pkcheck, &status) < 0) { - VIR_ERROR(_("Cannot invoke %s"), PKCHECK_PATH); + if (virCommandRun(cmd, &status) < 0) goto authfail; - } + if (status != 0) { char *tmp = virCommandTranslateStatus(status); VIR_ERROR(_("Policy kit denied action %s from pid %d, uid %d: %s"), @@ -2533,10 +2521,14 @@ remoteDispatchAuthPolkit(virNetServerPtr server ATTRIBUTE_UNUSED, virNetServerClientSetIdentity(client, ident); virMutexUnlock(&priv->lock); + virCommandFree(cmd); + VIR_FREE(ident); return 0; error: + virCommandFree(cmd); + VIR_FREE(ident); virResetLastError(); virNetError(VIR_ERR_AUTH_FAILED, "%s", _("authentication failed")); @@ -2553,7 +2545,7 @@ authfail: authdeny: PROBE(RPC_SERVER_CLIENT_AUTH_DENY, "client=%p auth=%d identity=%s", - client, REMOTE_AUTH_POLKIT, (char *)ident); + client, REMOTE_AUTH_POLKIT, ident); goto error; } #elif HAVE_POLKIT0 -- 1.7.7.6 -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list