[PATCH] Fix NO_LOCAL_CLIENT_CRED build

Jon TURNEY jon.turney at dronecode.org.uk
Wed Jul 1 06:44:22 PDT 2015


On 30/06/2015 15:12, Ray Strode wrote:
>> This is a build fix for MinGW
> ...
>> Move the check if NO_LOCAL_CLIENT_CRED should be defined to before it's first
>> use.
> Well, Alan wondered if anyone is actually using NO_LOCAL_CLIENT_CRED, now we know!
>
> Patch doesn't look wrong to me, but I wonder if maybe it should get put in configure.ac?
> I think that's a more typical place for platform specific definitions.

Yes, I think so.  Revised patch attached.

I've tested this a few ways and it seems to be working correctly, but 
it's hard for me to be sure that this is doing the correct thing on all 
targets.

-------------- next part --------------
From f44b1021f5f3a6227fd62fba29f11917ecd25013 Mon Sep 17 00:00:00 2001
From: Jon TURNEY <jon.turney at dronecode.org.uk>
Date: Mon, 29 Jun 2015 19:46:51 +0100
Subject: [PATCH] Fix NO_LOCAL_CLIENT_CRED build (v2)

This is a build fix for MinGW

Commit 4b4b9086 "os: support new implicit local user access mode [CVE-2015-3164
2/3]" carefully places the relevant code it adds under !NO_LOCAL_CLIENT_CRED,
but unfortunately doesn't notice that NO_LOCAL_CLIENT_CRED is defined as a
side-effect in the middle of GetLocalClientCreds(), so many of these checks
precede it's definition.

Move the check if NO_LOCAL_CLIENT_CRED should be defined to configure.ac, so it
always occurs before it's first use.

Signed-off-by: Jon TURNEY <jon.turney at dronecode.org.uk>
Cc: Ray Strode <rstrode at redhat.com>
---
 configure.ac            | 23 +++++++++++++++++++++++
 include/dix-config.h.in |  3 +++
 os/access.c             |  1 -
 3 files changed, 26 insertions(+), 1 deletion(-)

diff --git a/configure.ac b/configure.ac
index 328563e..f0f2995 100644
--- a/configure.ac
+++ b/configure.ac
@@ -223,6 +223,29 @@ AC_REPLACE_FUNCS([reallocarray strcasecmp strcasestr strlcat strlcpy strndup])
 
 AC_CHECK_DECLS([program_invocation_short_name], [], [], [[#include <errno.h>]])
 
+dnl Check for SO_PEERCRED #define
+AC_MSG_CHECKING([for SO_PEERCRED in sys/socket.h])
+AC_EGREP_CPP(yes_have_so_peercred,[
+#include <sys/types.h>
+#include <sys/socket.h>
+#ifdef SO_PEERCRED
+yes_have_so_peercred
+#endif
+],
+[
+	have_so_peercred=yes
+	AC_MSG_RESULT([yes])
+],
+[
+	have_so_peercred=no
+	AC_MSG_RESULT([no])
+])
+
+dnl define NO_LOCAL_CLIENT_CRED if no getpeereid, getpeerucred or SO_PEERCRED
+if test "x$ac_cv_func_getpeereid" = xno && test "x$ac_cv_func_getpeerucred" = xno && test "x$have_so_peercred" = xno ; then
+	AC_DEFINE([NO_LOCAL_CLIENT_CRED], 1, [Define to 1 if no local socket credentials interface exists])
+fi
+
 dnl Find the math libary, then check for cbrt function in it.
 AC_CHECK_LIB(m, sqrt)
 AC_CHECK_FUNCS([cbrt])
diff --git a/include/dix-config.h.in b/include/dix-config.h.in
index c2ba434..daaff8d 100644
--- a/include/dix-config.h.in
+++ b/include/dix-config.h.in
@@ -518,4 +518,7 @@
 /* Listen on local socket */
 #undef LISTEN_LOCAL
 
+/* Define if no local socket credentials interface exists */
+#undef NO_LOCAL_CLIENT_CRED
+
 #endif /* _DIX_CONFIG_H_ */
diff --git a/os/access.c b/os/access.c
index 75e7a69..54f0690 100644
--- a/os/access.c
+++ b/os/access.c
@@ -1221,7 +1221,6 @@ GetLocalClientCreds(ClientPtr client, LocalClientCredRec ** lccp)
 #endif
 #else
     /* No system call available to get the credentials of the peer */
-#define NO_LOCAL_CLIENT_CRED
     return -1;
 #endif
 }
-- 
2.1.4



More information about the xorg-devel mailing list