[PATCH] Fix NO_LOCAL_CLIENT_CRED build
Jon TURNEY
jon.turney at dronecode.org.uk
Mon Jul 6 09:15:44 PDT 2015
On 04/07/2015 05:21, Ray Strode wrote:
> On Thu, Jul 2, 2015 at 12:40 PM, Jon TURNEY wrote:
>> Makes sense. Revised patch attached.
> LGTM
I'm going to choose to assume that is a Reviewed-by:
Keith,
Please consider applying to master.
Thanks.
-------------- next part --------------
From 7cd1a3cd8c904fff156eb51008a8fce696371fc6 Mon Sep 17 00:00:00 2001
From: Jon TURNEY <jon.turney at dronecode.org.uk>
Date: Mon, 29 Jun 2015 19:46:51 +0100
Subject: [PATCH] Fix NO_LOCAL_CLIENT_CRED build (v3)
This is a build fix for MinGW
Commit 4b4b9086 "os: support new implicit local user access mode [CVE-2015-3164
2/3]" carefully places the relevant code it adds under !NO_LOCAL_CLIENT_CRED,
but unfortunately doesn't notice that NO_LOCAL_CLIENT_CRED is defined as a
side-effect in the middle of GetLocalClientCreds(), so many of these checks
precede it's definition.
Move the check if NO_LOCAL_CLIENT_CRED should be defined to configure.ac, so it
always occurs before it's first use.
v2:
Move check to configure.ac
v3:
Use AC_CACHE_CHECK and name cache varaible appropriately
Signed-off-by: Jon TURNEY <jon.turney at dronecode.org.uk>
Reviewed-by: Ray Strode <rstrode at redhat.com>
---
configure.ac | 18 ++++++++++++++++++
include/dix-config.h.in | 3 +++
os/access.c | 1 -
3 files changed, 21 insertions(+), 1 deletion(-)
diff --git a/configure.ac b/configure.ac
index 328563e..c0c5fc5 100644
--- a/configure.ac
+++ b/configure.ac
@@ -223,6 +223,24 @@ AC_REPLACE_FUNCS([reallocarray strcasecmp strcasestr strlcat strlcpy strndup])
AC_CHECK_DECLS([program_invocation_short_name], [], [], [[#include <errno.h>]])
+dnl Check for SO_PEERCRED #define
+AC_CACHE_CHECK([for SO_PEERCRED in sys/socket.h],
+ [xorg_cv_sys_have_so_peercred],
+ [AC_EGREP_CPP(yes_have_so_peercred,[
+#include <sys/types.h>
+#include <sys/socket.h>
+#ifdef SO_PEERCRED
+yes_have_so_peercred
+#endif
+],
+ [xorg_cv_sys_have_so_peercred=yes],
+ [xorg_cv_sys_have_so_peercred=no])])
+
+dnl define NO_LOCAL_CLIENT_CRED if no getpeereid, getpeerucred or SO_PEERCRED
+if test "x$ac_cv_func_getpeereid" = xno && test "x$ac_cv_func_getpeerucred" = xno && test "x$xorg_cv_sys_have_so_peercred" = xno ; then
+ AC_DEFINE([NO_LOCAL_CLIENT_CRED], 1, [Define to 1 if no local socket credentials interface exists])
+fi
+
dnl Find the math libary, then check for cbrt function in it.
AC_CHECK_LIB(m, sqrt)
AC_CHECK_FUNCS([cbrt])
diff --git a/include/dix-config.h.in b/include/dix-config.h.in
index c2ba434..daaff8d 100644
--- a/include/dix-config.h.in
+++ b/include/dix-config.h.in
@@ -518,4 +518,7 @@
/* Listen on local socket */
#undef LISTEN_LOCAL
+/* Define if no local socket credentials interface exists */
+#undef NO_LOCAL_CLIENT_CRED
+
#endif /* _DIX_CONFIG_H_ */
diff --git a/os/access.c b/os/access.c
index 75e7a69..54f0690 100644
--- a/os/access.c
+++ b/os/access.c
@@ -1221,7 +1221,6 @@ GetLocalClientCreds(ClientPtr client, LocalClientCredRec ** lccp)
#endif
#else
/* No system call available to get the credentials of the peer */
-#define NO_LOCAL_CLIENT_CRED
return -1;
#endif
}
--
2.4.5
More information about the xorg-devel
mailing list