From ec91ed00f14c70cca9749347b8ebc19d72d9885b Mon Sep 17 00:00:00 2001 From: Alexander Larsson Date: Thu, 12 Apr 2012 16:43:49 +0200 Subject: Detect "empty" socket credentials on Linux Linux uses struct ucred to pass over socket credentials. Historically this has always worked in recievemsg, if SO_PASSCRED was set on the socket, even if the remote side didn't pass any credits. But this change broke that: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=16e5726269611b71c930054ffe9b858c1cea88eb;hp=a9e9fd7182332d0cf5f3e601df3e71dd431b70d7 However, it doesn't actually fail getting the credentials, it just returns an "empty" one, as initialized by cred_to_ucred() at: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=blob;f=net/core/sock.c;h=b29ab61b029cf7f76fda992ecfcb8dcaa06b0483;#l756 So, we detect this and fail the credentials reading. This actually happened in real life with gdbus acting as a server, as gdbus expected an ucred but libdbus didn't send one. --- gio/gunixcredentialsmessage.c | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'gio/gunixcredentialsmessage.c') diff --git a/gio/gunixcredentialsmessage.c b/gio/gunixcredentialsmessage.c index 47d517377..7cbbab953 100644 --- a/gio/gunixcredentialsmessage.c +++ b/gio/gunixcredentialsmessage.c @@ -144,6 +144,13 @@ g_unix_credentials_message_deserialize (gint level, ucred = data; + if (ucred->uid == (uid_t)-1 && + ucred->gid == (gid_t)-1) + { + /* This happens if the remote side didn't pass the credentials */ + goto out; + } + credentials = g_credentials_new (); g_credentials_set_native (credentials, G_CREDENTIALS_TYPE_LINUX_UCRED, ucred); message = g_unix_credentials_message_new_with_credentials (credentials); -- cgit v1.2.1