On 03/14/2013 06:35 PM, Eric Blake wrote:
We've already scrubbed for comparisons of 'uid_t == -1' (which fail on platforms where uid_t is a u16), but another one snuck in.
ACK (and sorry for the botched "bugfix" :-/)
* src/util/virutil.c (virSetUIDGIDWithCaps): Correct uid comparison. * cfg.mk (sc_prohibit_risky_id_promotion): New rule. --- cfg.mk | 6 ++++++ src/util/virutil.c | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-)
diff --git a/cfg.mk b/cfg.mk index b95a90b..394521e 100644 --- a/cfg.mk +++ b/cfg.mk @@ -389,6 +389,12 @@ sc_prohibit_setuid: halt='use virSetUIDGID, not raw set*id' \ $(_sc_search_regexp)
+# Don't compare *id_t against raw -1. +sc_prohibit_risky_id_promotion: + @prohibit='\b(user|group|[ug]id) *[=!]= *-' \ + halt='cast -1 to ([ug]id_t) before comparing against id' \ + $(_sc_search_regexp) +
As we discussed on IRC, I'm slightly concerned about false positives when user, group, or [gu]id is used as something other than [gu]id_t, but the most common case of this would be for a char*, and I doubt we would ever be comparing a char* with !=, so I think it's okay (certainly better than the alternative of pushing a release only to find that we don't compile on some platform).