Re: [PATCH 1/3] BSD: Ensure UNIX socket credentials are valid

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, Sep 24, 2013 at 11:44:54AM -0500, Doug Goldstein wrote:
> Ensure that the socket credentials we got back on BSD are valid before
> using them.
> ---
>  src/rpc/virnetsocket.c | 12 ++++++++++++
>  1 file changed, 12 insertions(+)
> 
> diff --git a/src/rpc/virnetsocket.c b/src/rpc/virnetsocket.c
> index b311aae..49c6ddc 100644
> --- a/src/rpc/virnetsocket.c
> +++ b/src/rpc/virnetsocket.c
> @@ -1166,6 +1166,18 @@ int virNetSocketGetUNIXIdentity(virNetSocketPtr sock,
>          return -1;
>      }
>  
> +    if (cr.cr_version != XUCRED_VERSION) {
> +        virReportError(VIR_ERR_SYSTEM_ERROR, "%s",
> +                       _("Failed to get valid client socket identity"));
> +        return -1;
> +    }
> +
> +    if (cr.cr_ngroups == 0) {
> +        virReportError(VIR_ERR_SYSTEM_ERROR, "%s",
> +                       _("Failed to get valid client socket identity groups"));
> +        return -1;
> +    }
> +
>      *pid = -1;
>      *uid = cr.cr_uid;
>      *gid = cr.cr_gid;

ACK,

Though presumably this still won't make things work, as we'll now get a fatal
error reported, rather than silently using bogus data ?


Daniel
-- 
|: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org              -o-             http://virt-manager.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org       -o-       http://live.gnome.org/gtk-vnc :|

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list




[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]