[PATCH] Fix NO_LOCAL_CLIENT_CRED build
Jon TURNEY
jon.turney at dronecode.org.uk
Wed Jul 1 06:44:22 PDT 2015
On 30/06/2015 15:12, Ray Strode wrote:
>> This is a build fix for MinGW
> ...
>> Move the check if NO_LOCAL_CLIENT_CRED should be defined to before it's first
>> use.
> Well, Alan wondered if anyone is actually using NO_LOCAL_CLIENT_CRED, now we know!
>
> Patch doesn't look wrong to me, but I wonder if maybe it should get put in configure.ac?
> I think that's a more typical place for platform specific definitions.
Yes, I think so. Revised patch attached.
I've tested this a few ways and it seems to be working correctly, but
it's hard for me to be sure that this is doing the correct thing on all
targets.
-------------- next part --------------
From f44b1021f5f3a6227fd62fba29f11917ecd25013 Mon Sep 17 00:00:00 2001
From: Jon TURNEY <jon.turney at dronecode.org.uk>
Date: Mon, 29 Jun 2015 19:46:51 +0100
Subject: [PATCH] Fix NO_LOCAL_CLIENT_CRED build (v2)
This is a build fix for MinGW
Commit 4b4b9086 "os: support new implicit local user access mode [CVE-2015-3164
2/3]" carefully places the relevant code it adds under !NO_LOCAL_CLIENT_CRED,
but unfortunately doesn't notice that NO_LOCAL_CLIENT_CRED is defined as a
side-effect in the middle of GetLocalClientCreds(), so many of these checks
precede it's definition.
Move the check if NO_LOCAL_CLIENT_CRED should be defined to configure.ac, so it
always occurs before it's first use.
Signed-off-by: Jon TURNEY <jon.turney at dronecode.org.uk>
Cc: Ray Strode <rstrode at redhat.com>
---
configure.ac | 23 +++++++++++++++++++++++
include/dix-config.h.in | 3 +++
os/access.c | 1 -
3 files changed, 26 insertions(+), 1 deletion(-)
diff --git a/configure.ac b/configure.ac
index 328563e..f0f2995 100644
--- a/configure.ac
+++ b/configure.ac
@@ -223,6 +223,29 @@ AC_REPLACE_FUNCS([reallocarray strcasecmp strcasestr strlcat strlcpy strndup])
AC_CHECK_DECLS([program_invocation_short_name], [], [], [[#include <errno.h>]])
+dnl Check for SO_PEERCRED #define
+AC_MSG_CHECKING([for SO_PEERCRED in sys/socket.h])
+AC_EGREP_CPP(yes_have_so_peercred,[
+#include <sys/types.h>
+#include <sys/socket.h>
+#ifdef SO_PEERCRED
+yes_have_so_peercred
+#endif
+],
+[
+ have_so_peercred=yes
+ AC_MSG_RESULT([yes])
+],
+[
+ have_so_peercred=no
+ AC_MSG_RESULT([no])
+])
+
+dnl define NO_LOCAL_CLIENT_CRED if no getpeereid, getpeerucred or SO_PEERCRED
+if test "x$ac_cv_func_getpeereid" = xno && test "x$ac_cv_func_getpeerucred" = xno && test "x$have_so_peercred" = xno ; then
+ AC_DEFINE([NO_LOCAL_CLIENT_CRED], 1, [Define to 1 if no local socket credentials interface exists])
+fi
+
dnl Find the math libary, then check for cbrt function in it.
AC_CHECK_LIB(m, sqrt)
AC_CHECK_FUNCS([cbrt])
diff --git a/include/dix-config.h.in b/include/dix-config.h.in
index c2ba434..daaff8d 100644
--- a/include/dix-config.h.in
+++ b/include/dix-config.h.in
@@ -518,4 +518,7 @@
/* Listen on local socket */
#undef LISTEN_LOCAL
+/* Define if no local socket credentials interface exists */
+#undef NO_LOCAL_CLIENT_CRED
+
#endif /* _DIX_CONFIG_H_ */
diff --git a/os/access.c b/os/access.c
index 75e7a69..54f0690 100644
--- a/os/access.c
+++ b/os/access.c
@@ -1221,7 +1221,6 @@ GetLocalClientCreds(ClientPtr client, LocalClientCredRec ** lccp)
#endif
#else
/* No system call available to get the credentials of the peer */
-#define NO_LOCAL_CLIENT_CRED
return -1;
#endif
}
--
2.1.4
More information about the xorg-devel
mailing list