[libvirt] [PATCH] util: portably check for unchanged uid

We've already scrubbed for comparisons of 'uid_t == -1' (which fail on platforms where uid_t is a u16), but another one snuck in. * src/util/virutil.c (virSetUIDGIDWithCaps): Correct uid comparison. * cfg.mk (sc_prohibit_risky_id_promotion): New rule. --- cfg.mk | 6 ++++++ src/util/virutil.c | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/cfg.mk b/cfg.mk index b95a90b..394521e 100644 --- a/cfg.mk +++ b/cfg.mk @@ -389,6 +389,12 @@ sc_prohibit_setuid: halt='use virSetUIDGID, not raw set*id' \ $(_sc_search_regexp) +# Don't compare *id_t against raw -1. +sc_prohibit_risky_id_promotion: + @prohibit='\b(user|group|[ug]id) *[=!]= *-' \ + halt='cast -1 to ([ug]id_t) before comparing against id' \ + $(_sc_search_regexp) + # Use snprintf rather than s'printf, even if buffer is provably large enough, # since gnulib has more guarantees for snprintf portability sc_prohibit_sprintf: diff --git a/src/util/virutil.c b/src/util/virutil.c index a0d1530..42b4295 100644 --- a/src/util/virutil.c +++ b/src/util/virutil.c @@ -3011,7 +3011,7 @@ virSetUIDGIDWithCaps(uid_t uid, gid_t gid, unsigned long long capBits, * change the capabilities bounding set. */ - if (clearExistingCaps || (uid != -1 && uid != 0)) + if (clearExistingCaps || (uid != (uid_t)-1 && uid != 0)) capng_clear(CAPNG_SELECT_BOTH); for (ii = 0; ii <= CAP_LAST_CAP; ii++) { -- 1.8.1.4