[PATCH 1/3] BSD: Ensure UNIX socket credentials are valid

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Ensure that the socket credentials we got back on BSD are valid before
using them.
---
 src/rpc/virnetsocket.c | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/src/rpc/virnetsocket.c b/src/rpc/virnetsocket.c
index b311aae..49c6ddc 100644
--- a/src/rpc/virnetsocket.c
+++ b/src/rpc/virnetsocket.c
@@ -1166,6 +1166,18 @@ int virNetSocketGetUNIXIdentity(virNetSocketPtr sock,
         return -1;
     }
 
+    if (cr.cr_version != XUCRED_VERSION) {
+        virReportError(VIR_ERR_SYSTEM_ERROR, "%s",
+                       _("Failed to get valid client socket identity"));
+        return -1;
+    }
+
+    if (cr.cr_ngroups == 0) {
+        virReportError(VIR_ERR_SYSTEM_ERROR, "%s",
+                       _("Failed to get valid client socket identity groups"));
+        return -1;
+    }
+
     *pid = -1;
     *uid = cr.cr_uid;
     *gid = cr.cr_gid;
-- 
1.8.1.5

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list
[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]