diff options
author | Alexander Larsson <alexl@redhat.com> | 2012-04-12 16:43:49 +0200 |
---|---|---|
committer | Alexander Larsson <alexl@redhat.com> | 2012-04-12 16:43:49 +0200 |
commit | ec91ed00f14c70cca9749347b8ebc19d72d9885b (patch) | |
tree | bb4fc45450669fc82a4dce23a299cd1b67252e53 /gio/gunixcredentialsmessage.c | |
parent | 69d929e67fd44d9a20c64064cc7e06f5d3cead82 (diff) | |
download | glib-ec91ed00f14c70cca9749347b8ebc19d72d9885b.tar.gz |
Detect "empty" socket credentials on Linux
Linux uses struct ucred to pass over socket credentials. Historically
this has always worked in recievemsg, if SO_PASSCRED was set on the socket,
even if the remote side didn't pass any credits. But this change broke that:
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=16e5726269611b71c930054ffe9b858c1cea88eb;hp=a9e9fd7182332d0cf5f3e601df3e71dd431b70d7
However, it doesn't actually fail getting the credentials, it just returns
an "empty" one, as initialized by cred_to_ucred() at:
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=blob;f=net/core/sock.c;h=b29ab61b029cf7f76fda992ecfcb8dcaa06b0483;#l756
So, we detect this and fail the credentials reading.
This actually happened in real life with gdbus acting as a server, as
gdbus expected an ucred but libdbus didn't send one.
Diffstat (limited to 'gio/gunixcredentialsmessage.c')
-rw-r--r-- | gio/gunixcredentialsmessage.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/gio/gunixcredentialsmessage.c b/gio/gunixcredentialsmessage.c index 47d517377..7cbbab953 100644 --- a/gio/gunixcredentialsmessage.c +++ b/gio/gunixcredentialsmessage.c @@ -144,6 +144,13 @@ g_unix_credentials_message_deserialize (gint level, ucred = data; + if (ucred->uid == (uid_t)-1 && + ucred->gid == (gid_t)-1) + { + /* This happens if the remote side didn't pass the credentials */ + goto out; + } + credentials = g_credentials_new (); g_credentials_set_native (credentials, G_CREDENTIALS_TYPE_LINUX_UCRED, ucred); message = g_unix_credentials_message_new_with_credentials (credentials); |