Fix prev commit - require passed descriptor to be a pipe (FIFO) and

author Howard Chu <hyc@openldap.org>

Wed, 4 Dec 2002 20:50:19 +0000 (20:50 +0000)

committer Howard Chu <hyc@openldap.org>

Wed, 4 Dec 2002 20:50:19 +0000 (20:50 +0000)
author Howard Chu <hyc@openldap.org>
Wed, 4 Dec 2002 20:50:19 +0000 (20:50 +0000)
committer Howard Chu <hyc@openldap.org>
Wed, 4 Dec 2002 20:50:19 +0000 (20:50 +0000)
diff --git a/libraries/liblutil/getpeereid.c b/libraries/liblutil/getpeereid.c

index 80d90d1ffe59a7601fb3a0e46988aa1ba42a6883..9954be64216a475086802cb7f9ddcd8d007422c4 100644 (file)
--- a/libraries/liblutil/getpeereid.c
+++ b/libraries/liblutil/getpeereid.c
@@ -62,9 +62,13 @@ int getpeereid( int s, uid_t *euid, gid_t *egid )
         msg.msg_accrightslen = sizeof(fd);
         if( recvmsg( s, &msg, 0) >= 0 && msg.msg_accrightslen == sizeof(int) )
         {
+               /* We must receive a valid descriptor, it must be a pipe,
+                * and it must only be accessible by its owner.
+                */
                 dummy = fstat( fd, &st );
                 close(fd[0]);
-               if( dummy == 0 )
+               if( dummy == 0 && S_ISFIFO(st.st_mode) &&
+                       ((st.st_mode & (S_IRWXG|S_IRWXO)) == 0))
                 {
                         *euid = st.st_uid;
                         *egid = st.st_gid;
author	Howard Chu <hyc@openldap.org>
	Wed, 4 Dec 2002 20:50:19 +0000 (20:50 +0000)
committer	Howard Chu <hyc@openldap.org>
	Wed, 4 Dec 2002 20:50:19 +0000 (20:50 +0000)