On Tue, Sep 24, 2013 at 11:44:54AM -0500, Doug Goldstein wrote:
Ensure that the socket credentials we got back on BSD are valid before using them. --- src/rpc/virnetsocket.c | 12 ++++++++++++ 1 file changed, 12 insertions(+)
diff --git a/src/rpc/virnetsocket.c b/src/rpc/virnetsocket.c index b311aae..49c6ddc 100644 --- a/src/rpc/virnetsocket.c +++ b/src/rpc/virnetsocket.c @@ -1166,6 +1166,18 @@ int virNetSocketGetUNIXIdentity(virNetSocketPtr sock, return -1; }
+ if (cr.cr_version != XUCRED_VERSION) { + virReportError(VIR_ERR_SYSTEM_ERROR, "%s", + _("Failed to get valid client socket identity")); + return -1; + } + + if (cr.cr_ngroups == 0) { + virReportError(VIR_ERR_SYSTEM_ERROR, "%s", + _("Failed to get valid client socket identity groups")); + return -1; + } + *pid = -1; *uid = cr.cr_uid; *gid = cr.cr_gid;
ACK, Though presumably this still won't make things work, as we'll now get a fatal error reported, rather than silently using bogus data ? Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|