From: Howard Chu <hyc@openldap.org>
Date: Wed, 4 Dec 2002 20:50:19 +0000 (+0000)
Subject: Fix prev commit - require passed descriptor to be a pipe (FIFO) and
X-Git-Tag: NO_SLAP_OP_BLOCKS~723
X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=1363d4bf1add052588cd6a03633a91220aed4aa0;p=openldap

Fix prev commit - require passed descriptor to be a pipe (FIFO) and
require it to only be accessible by its owner, otherwise ignore it.
---

diff --git a/libraries/liblutil/getpeereid.c b/libraries/liblutil/getpeereid.c
index 80d90d1ffe..9954be6421 100644
--- a/libraries/liblutil/getpeereid.c
+++ b/libraries/liblutil/getpeereid.c
@@ -62,9 +62,13 @@ int getpeereid( int s, uid_t *euid, gid_t *egid )
 	msg.msg_accrightslen = sizeof(fd);
 	if( recvmsg( s, &msg, 0) >= 0 && msg.msg_accrightslen == sizeof(int) )
 	{
+		/* We must receive a valid descriptor, it must be a pipe,
+		 * and it must only be accessible by its owner.
+		 */
 		dummy = fstat( fd, &st );
 		close(fd[0]);
-		if( dummy == 0 )
+		if( dummy == 0 && S_ISFIFO(st.st_mode) &&
+			((st.st_mode & (S_IRWXG|S_IRWXO)) == 0))
 		{
 			*euid = st.st_uid;
 			*egid = st.st_gid;