Overview

File libgnomesu-check-setuid-retval.patch of Package libgnomesu

Index: libgnomesu-1.0.0/pam-backend/pam.c
===================================================================
--- libgnomesu-1.0.0.orig/pam-backend/pam.c
+++ libgnomesu-1.0.0/pam-backend/pam.c
@@ -269,7 +269,12 @@ main (int argc, char *argv[])
 		#ifdef HAVE_SETFSUID
 		setfsuid (pw->pw_uid);
 		#endif /* HAVE_SETFSUID */
-		change_identity (pw);
+
+		if (change_identity (pw)) {
+			close_pam (pamh, retval);
+			fprintf (outf, PROTOCOL_ERROR);
+			return 1;
+		}
 
 		retval = pam_setcred (pamh, PAM_ESTABLISH_CRED);
 		if (retval != PAM_SUCCESS)
Index: libgnomesu-1.0.0/su-backend/common.c
===================================================================
--- libgnomesu-1.0.0.orig/su-backend/common.c
+++ libgnomesu-1.0.0/su-backend/common.c
@@ -203,7 +203,7 @@ modify_environment (const struct passwd
 }
 
 /* Become the user and group(s) specified by PW.  */
-void
+int
 change_identity (const struct passwd *pw)
 {
 	FILE *p;
@@ -213,18 +213,24 @@ change_identity (const struct passwd *pw
 	initgroups (pw->pw_name, pw->pw_gid);
 	endgrent ();
 #endif
-	if (setgid (pw->pw_gid))
+	if (setgid (pw->pw_gid)) {
 		perror ("cannot set group id");
-	if (setuid (pw->pw_uid))
+		return -1;
+	}
+	if (setuid (pw->pw_uid)) {
 		perror ("cannot set user id");
+		return -1;
+	}
 
 	/* Create a new .Xauthorization file */
-	if (!xauth_data) return;
+	if (!xauth_data) return 0;
 	p = popen ("xauth -q nmerge - 2>/dev/null", "w");
-	if (!p) return;
+	if (!p) return 0;
 
 	fwrite (xauth_data, strlen (xauth_data), 1, p);
 	safe_memset (xauth_data, 0, strlen (xauth_data));
 	g_free (xauth_data);
 	pclose (p);
+
+	return 0;
 }
Index: libgnomesu-1.0.0/su-backend/su.c
===================================================================
--- libgnomesu-1.0.0.orig/su-backend/su.c
+++ libgnomesu-1.0.0/su-backend/su.c
@@ -321,7 +321,10 @@ main (int argc, char **argv)
   }
 
   modify_environment (pw);
-  change_identity (pw);
+  if (change_identity (pw)) {
+     fprintf (outf, PROTOCOL_ERROR);
+     return 1;
+  }
 
   fprintf (outf, PROTOCOL_DONE);
   fclose (inf);
Index: libgnomesu-1.0.0/su-backend/common.h
===================================================================
--- libgnomesu-1.0.0.orig/su-backend/common.h
+++ libgnomesu-1.0.0/su-backend/common.h
@@ -28,7 +28,7 @@
 
 char *concat (const char *s1, const char *s2, const char *s3);
 void xputenv (const char *val);
-void change_identity (const struct passwd *pw);
+int change_identity (const struct passwd *pw);
 void modify_environment (const struct passwd *pw);
 void *safe_memset (void *s, int c, size_t n);
openSUSE Build Service is sponsored by
Places