Created attachment 813025 [details] Patch to LOCAL_PEERCRED error handling This patch improves the error checking in the LOCAL_PEERCRED version of virNetSocketGetUNIXIdentity, used by FreeBSD and Mac OSX. 1. The error return paths now correctly unlock the socket. This is implemented in exactly the same way as the SO_PEERCRED version, using "goto cleanup" 2. cr.cr_ngroups is initialised to -1, and cr.cr_ngroups is checked for negative and overlarge values. This means that if the getsockopt() call returns success but doesn't actually update the xucred structure, this is now caught. This happened previously when getsockopt was called with SOL_SOCKET instead of SOL_LOCAL, prior to commit 5a468b3, and resulted in random uids being accepted.
Can you please post this patch to the list (preferably via 'git send-email', but also acceptable as an attachment)? Also, please fix it to not touch the .gnulib submodule. It's harder for others to apply patches that didn't go through the list.
Nevermind; it's been fixed and pushed on your behalf: commit aa0f09929d02ccdbf3ca9502a1fd39d90db0c690 Author: Brian Candler <b.candler> Date: Thu Oct 17 06:21:57 2013 -0600 better error checking for LOCAL_PEERCRED This patch improves the error checking in the LOCAL_PEERCRED version of virNetSocketGetUNIXIdentity, used by FreeBSD and Mac OSX. 1. The error return paths now correctly unlock the socket. This is implemented in exactly the same way as the SO_PEERCRED version, using "goto cleanup" 2. cr.cr_ngroups is initialised to -1, and cr.cr_ngroups is checked for negative and overlarge values. This means that if the getsockopt() call returns success but doesn't actually update the xucred structure, this is now caught. This happened previously when getsockopt was called with SOL_SOCKET instead of SOL_LOCAL, prior to commit 5a468b3, and resulted in random uids being accepted. Signed-off-by: Eric Blake <eblake>