On 03/14/2013 06:35 PM, Eric Blake wrote: > We've already scrubbed for comparisons of 'uid_t == -1' (which fail > on platforms where uid_t is a u16), but another one snuck in. ACK (and sorry for the botched "bugfix" :-/) > > * src/util/virutil.c (virSetUIDGIDWithCaps): Correct uid comparison. > * cfg.mk (sc_prohibit_risky_id_promotion): New rule. > --- > cfg.mk | 6 ++++++ > src/util/virutil.c | 2 +- > 2 files changed, 7 insertions(+), 1 deletion(-) > > diff --git a/cfg.mk b/cfg.mk > index b95a90b..394521e 100644 > --- a/cfg.mk > +++ b/cfg.mk > @@ -389,6 +389,12 @@ sc_prohibit_setuid: > halt='use virSetUIDGID, not raw set*id' \ > $(_sc_search_regexp) > > +# Don't compare *id_t against raw -1. > +sc_prohibit_risky_id_promotion: > + @prohibit='\b(user|group|[ug]id) *[=!]= *-' \ > + halt='cast -1 to ([ug]id_t) before comparing against id' \ > + $(_sc_search_regexp) > + As we discussed on IRC, I'm slightly concerned about false positives when user, group, or [gu]id is used as something other than [gu]id_t, but the most common case of this would be for a char*, and I doubt we would ever be comparing a char* with !=, so I think it's okay (certainly better than the alternative of pushing a release only to find that we don't compile on some platform). -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list