security-and-privacy/gnupg
security-and-privacy
/
gnupg
mirror of git://git.gnupg.org/gnupg.git
1
0
Fork 0
Code Releases Activity

agent: Fix segv running in --server mode 

* agent/command.c (start_command_handler): Do not write to
CLIENT_CREDS after an error.
--

assuan_get_peercred is special insofar that it returns a pointer into
CTX.  Writing data via this pointer should never be done.

Fixes-commit: 28aa689058
Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
Werner Koch 2018-07-02 20:22:42 +02:00
parent 1aacd12471
commit 3978df943d
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
1 changed files with 14 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
agent/command.c
View File

@ -3351,7 +3351,8 @@ start_command_handler (ctrl_t ctrl, gnupg_fd_t listen_fd, gnupg_fd_t fd)
for (;;)
{
assuan_peercred_t client_creds;
assuan_peercred_t client_creds; /* Note: Points into CTX. */
pid_t pid;
rc = assuan_accept (ctx);
if (gpg_err_code (rc) == GPG_ERR_EOF || rc == -1)
@ -3367,17 +3368,21 @@ start_command_handler (ctrl_t ctrl, gnupg_fd_t listen_fd, gnupg_fd_t fd)
rc = assuan_get_peercred (ctx, &client_creds);
if (rc)
{
log_info ("Assuan get_peercred failed: %s\n", gpg_strerror (rc));
client_creds->pid = assuan_get_pid (ctx);
if (listen_fd == GNUPG_INVALID_FD && fd == GNUPG_INVALID_FD)
;
else
log_info ("Assuan get_peercred failed: %s\n", gpg_strerror (rc));
pid = assuan_get_pid (ctx);
ctrl->client_uid = -1;
}
ctrl->server_local->connect_from_self =
(client_creds->pid == getpid ());
if (client_creds->pid != ASSUAN_INVALID_PID)
ctrl->client_pid = (unsigned long)client_creds->pid;
else
ctrl->client_pid = 0;
ctrl->client_uid = client_creds->uid;
{
pid = client_creds->pid;
ctrl->client_uid = client_creds->uid;
}
ctrl->client_pid = (pid == ASSUAN_INVALID_PID)? 0 : (unsigned long)pid;
ctrl->server_local->connect_from_self = (pid == getpid ());
rc = assuan_process (ctx);
if (rc)