Re: [libvirt] [PATCH 1/3] BSD: Ensure UNIX socket credentials are valid
On Tue, Sep 24, 2013 at 11:44:54AM -0500, Doug Goldstein wrote:
Ensure that the socket credentials we got back on BSD are valid
before
using them.
---
src/rpc/virnetsocket.c | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/src/rpc/virnetsocket.c b/src/rpc/virnetsocket.c
index b311aae..49c6ddc 100644
--- a/src/rpc/virnetsocket.c
+++ b/src/rpc/virnetsocket.c
@@ -1166,6 +1166,18 @@ int virNetSocketGetUNIXIdentity(virNetSocketPtr sock,
return -1;
}
+ if (cr.cr_version != XUCRED_VERSION) {
+ virReportError(VIR_ERR_SYSTEM_ERROR, "%s",
+ _("Failed to get valid client socket identity"));
+ return -1;
+ }
+
+ if (cr.cr_ngroups == 0) {
+ virReportError(VIR_ERR_SYSTEM_ERROR, "%s",
+ _("Failed to get valid client socket identity
groups"));
+ return -1;
+ }
+
*pid = -1;
*uid = cr.cr_uid;
*gid = cr.cr_gid;
ACK,
Though presumably this still won't make things work, as we'll now get a fatal
error reported, rather than silently using bogus data ?
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|