diff options
| author | Ted Unangst <tedu@cvs.openbsd.org> | 2019-10-18 17:14:09 +0000 |
|---|---|---|
| committer | Ted Unangst <tedu@cvs.openbsd.org> | 2019-10-18 17:14:09 +0000 |
| commit | f03a695d23c61cb5cbb5c4dfa6875be2ab194f9e (patch) | |
| tree | a2164e1edf5c988dc46fc19a0b44722814150cef /lib | |
| parent | 47975b368b56bd91874a9c88293b9d6b0a1937e6 (diff) | |
setting uid to -1 won't work with setresuid, so detect that condition
and return an error instead. may prevent some unset/missing confusion.
ok deraadt millert
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/libc/gen/login_cap.c | 20 |
1 files changed, 19 insertions, 1 deletions
diff --git a/lib/libc/gen/login_cap.c b/lib/libc/gen/login_cap.c index b33c65c4291..5b19f56749a 100644 --- a/lib/libc/gen/login_cap.c +++ b/lib/libc/gen/login_cap.c @@ -1,4 +1,4 @@ -/* $OpenBSD: login_cap.c,v 1.37 2019/06/28 13:32:41 deraadt Exp $ */ +/* $OpenBSD: login_cap.c,v 1.38 2019/10/18 17:14:08 tedu Exp $ */ /* * Copyright (c) 2000-2004 Todd C. Miller <millert@openbsd.org> @@ -589,6 +589,24 @@ setusercontext(login_cap_t *lc, struct passwd *pwd, uid_t uid, u_int flags) if (pwd == NULL) flags &= ~(LOGIN_SETGROUP|LOGIN_SETLOGIN); + /* + * Verify that we haven't been given invalid values. + */ + if (flags & LOGIN_SETGROUP) { + if (pwd->pw_gid == -1) { + syslog(LOG_ERR, "setusercontext with invalid gid"); + login_close(flc); + return (-1); + } + } + if (flags & LOGIN_SETUSER) { + if (uid == -1) { + syslog(LOG_ERR, "setusercontext with invalid uid"); + login_close(flc); + return (-1); + } + } + if (flags & LOGIN_SETRESOURCES) for (i = 0; r_list[i].name; ++i) if (gsetrl(lc, r_list[i].what, r_list[i].name, |