[PATCH] Fix NO_LOCAL_CLIENT_CRED build

Jon TURNEY jon.turney at dronecode.org.uk
Thu Jul 2 09:40:53 PDT 2015 

On 01/07/2015 15:11, Ray Strode wrote:
>> Yes, I think so.  Revised patch attached.
>>
>> I've tested this a few ways and it seems to be working correctly, but
>> it's hard for me to be sure that this is doing the correct thing on all
>> targets.
>
> Thanks for working on this! Seems right to me.  My only
> comment is I think have_so_peercred could be prefixed with
> xorg_cv_sys_ / AC_CACHE_CHECK could be used to interface with
> configure's caching mechanism, but I don't think that really matters.

Makes sense. Revised patch attached.

-------------- next part --------------
From 3b2b66694214700404e3334a694921b991a46a95 Mon Sep 17 00:00:00 2001
From: Jon TURNEY <jon.turney at dronecode.org.uk>
Date: Mon, 29 Jun 2015 19:46:51 +0100
Subject: [PATCH] Fix NO_LOCAL_CLIENT_CRED build (v3)

This is a build fix for MinGW

Commit 4b4b9086 "os: support new implicit local user access mode [CVE-2015-3164
2/3]" carefully places the relevant code it adds under !NO_LOCAL_CLIENT_CRED,
but unfortunately doesn't notice that NO_LOCAL_CLIENT_CRED is defined as a
side-effect in the middle of GetLocalClientCreds(), so many of these checks
precede it's definition.

Move the check if NO_LOCAL_CLIENT_CRED should be defined to configure.ac, so it
always occurs before it's first use.

v2:
Move check to configure.ac

v3:
Use AC_CACHE_CHECK and name cache varaible appropriately

Cc: Ray Strode <rstrode at redhat.com>
Signed-off-by: Jon TURNEY <jon.turney at dronecode.org.uk>
---
 configure.ac            | 18 ++++++++++++++++++
 include/dix-config.h.in |  3 +++
 os/access.c             |  1 -
 3 files changed, 21 insertions(+), 1 deletion(-)

diff --git a/configure.ac b/configure.ac
index 328563e..c0c5fc5 100644
--- a/configure.ac
+++ b/configure.ac
@@ -223,6 +223,24 @@ AC_REPLACE_FUNCS([reallocarray strcasecmp strcasestr strlcat strlcpy strndup])
 
 AC_CHECK_DECLS([program_invocation_short_name], [], [], [[#include <errno.h>]])
 
+dnl Check for SO_PEERCRED #define
+AC_CACHE_CHECK([for SO_PEERCRED in sys/socket.h],
+	       [xorg_cv_sys_have_so_peercred],
+	       [AC_EGREP_CPP(yes_have_so_peercred,[
+#include <sys/types.h>
+#include <sys/socket.h>
+#ifdef SO_PEERCRED
+yes_have_so_peercred
+#endif
+],
+	       [xorg_cv_sys_have_so_peercred=yes],
+	       [xorg_cv_sys_have_so_peercred=no])])
+
+dnl define NO_LOCAL_CLIENT_CRED if no getpeereid, getpeerucred or SO_PEERCRED
+if test "x$ac_cv_func_getpeereid" = xno && test "x$ac_cv_func_getpeerucred" = xno && test "x$xorg_cv_sys_have_so_peercred" = xno ; then
+	AC_DEFINE([NO_LOCAL_CLIENT_CRED], 1, [Define to 1 if no local socket credentials interface exists])
+fi
+
 dnl Find the math libary, then check for cbrt function in it.
 AC_CHECK_LIB(m, sqrt)
 AC_CHECK_FUNCS([cbrt])
diff --git a/include/dix-config.h.in b/include/dix-config.h.in
index c2ba434..daaff8d 100644
--- a/include/dix-config.h.in
+++ b/include/dix-config.h.in
@@ -518,4 +518,7 @@
 /* Listen on local socket */
 #undef LISTEN_LOCAL
 
+/* Define if no local socket credentials interface exists */
+#undef NO_LOCAL_CLIENT_CRED
+
 #endif /* _DIX_CONFIG_H_ */
diff --git a/os/access.c b/os/access.c
index 75e7a69..54f0690 100644
--- a/os/access.c
+++ b/os/access.c
@@ -1221,7 +1221,6 @@ GetLocalClientCreds(ClientPtr client, LocalClientCredRec ** lccp)
 #endif
 #else
     /* No system call available to get the credentials of the peer */
-#define NO_LOCAL_CLIENT_CRED
     return -1;
 #endif
 }
-- 
2.1.4

More information about the xorg-devel mailing list