Bug 1019929 - [PATCH] improve LOCAL_PEERCRED error handling
[PATCH] improve LOCAL_PEERCRED error handling
Status: CLOSED NEXTRELEASE
Product: Virtualization Tools
Classification: Community
Component: libvirt (Show other bugs)
unspecified
Unspecified Unspecified
unspecified Severity low
: ---
: ---
Assigned To: Libvirt Maintainers
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2013-10-16 12:06 EDT by b.candler
Modified: 2014-05-13 17:07 EDT (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-10-17 08:28:49 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Patch to LOCAL_PEERCRED error handling (1.69 KB, patch)
2013-10-16 12:06 EDT, b.candler
no flags Details | Diff

  None (edit)
Description b.candler 2013-10-16 12:06:47 EDT
Created attachment 813025 [details]
Patch to LOCAL_PEERCRED error handling

This patch improves the error checking in the LOCAL_PEERCRED version of virNetSocketGetUNIXIdentity, used by FreeBSD and Mac OSX.

1. The error return paths now correctly unlock the socket. This is implemented in exactly the same way as the SO_PEERCRED version, using "goto cleanup"

2. cr.cr_ngroups is initialised to -1, and cr.cr_ngroups is checked for negative and overlarge values.

This means that if the getsockopt() call returns success but doesn't actually update the xucred structure, this is now caught. This happened previously when getsockopt was called with SOL_SOCKET instead of SOL_LOCAL, prior to commit 5a468b3, and resulted in random uids being accepted.
Comment 1 Eric Blake 2013-10-17 08:18:56 EDT
Can you please post this patch to the list (preferably via 'git send-email', but also acceptable as an attachment)?  Also, please fix it to not touch the .gnulib submodule.  It's harder for others to apply patches that didn't go through the list.
Comment 2 Eric Blake 2013-10-17 08:28:49 EDT
Nevermind; it's been fixed and pushed on your behalf:

commit aa0f09929d02ccdbf3ca9502a1fd39d90db0c690
Author: Brian Candler <b.candler@pobox.com>
Date:   Thu Oct 17 06:21:57 2013 -0600

    better error checking for LOCAL_PEERCRED
    
    This patch improves the error checking in the LOCAL_PEERCRED version
    of virNetSocketGetUNIXIdentity, used by FreeBSD and Mac OSX.
    
    1. The error return paths now correctly unlock the socket. This is
    implemented in exactly the same way as the SO_PEERCRED version,
    using "goto cleanup"
    
    2. cr.cr_ngroups is initialised to -1, and cr.cr_ngroups is checked
    for negative and overlarge values.
    
    This means that if the getsockopt() call returns success but doesn't
    actually update the xucred structure, this is now caught. This
    happened previously when getsockopt was called with SOL_SOCKET
    instead of SOL_LOCAL, prior to commit 5a468b3, and resulted in
    random uids being accepted.
    
    Signed-off-by: Eric Blake <eblake@redhat.com>

Note You need to log in before you can comment on or make changes to this bug.