]> xenbits.xensource.com Git - libvirt.git/commit
projects / libvirt.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 55da099) | patch
better error checking for LOCAL_PEERCRED
authorBrian Candler <b.candler@pobox.com>
Thu, 17 Oct 2013 12:21:57 +0000 (06:21 -0600)
committerEric Blake <eblake@redhat.com>
Thu, 17 Oct 2013 12:24:49 +0000 (06:24 -0600)
commitaa0f09929d02ccdbf3ca9502a1fd39d90db0c690
treeb201677879767b88350baf8b10f478bd6c28f054tree
parent55da09933f0e77b5bb5b7f22fad6916376d4ce2dcommit | diff
better error checking for LOCAL_PEERCRED

This patch improves the error checking in the LOCAL_PEERCRED version
of virNetSocketGetUNIXIdentity, used by FreeBSD and Mac OSX.

1. The error return paths now correctly unlock the socket. This is
implemented in exactly the same way as the SO_PEERCRED version,
using "goto cleanup"

2. cr.cr_ngroups is initialised to -1, and cr.cr_ngroups is checked
for negative and overlarge values.

This means that if the getsockopt() call returns success but doesn't
actually update the xucred structure, this is now caught. This
happened previously when getsockopt was called with SOL_SOCKET
instead of SOL_LOCAL, prior to commit 5a468b3, and resulted in
random uids being accepted.

Signed-off-by: Eric Blake <eblake@redhat.com>
src/rpc/virnetsocket.c diff | blob | blame | history
Unnamed repository; edit this file 'description' to name the repository.