Fix for CVE-2011-2910: check return status of setuid(), ..

2 files changed, 13 insertions, 8 deletions

diff --git a/ax25/ax25d.c b/ax25/ax25d.c
index 126ec39..3ed47ca 100644
--- a/ax25/ax25d.c
+++ b/ax25/ax25d.c
@@ -1,5 +1,5 @@
 /*
- * $Id: ax25d.c,v 1.8 2009/06/21 18:01:55 ralf Exp $
+ * $Id: ax25d.c,v 1.9 2011/08/18 09:51:08 dl9sau Exp $
  *
  *  This is my version of axl.c, written for the LBBS code to make it
  *    compatable with the kernel AX25 driver.  It appears to work, with
@@ -577,7 +577,7 @@ close_link:
 							/* close link */
 							/* setproctitle("ax25d [%s]: disconnecting", User); */
 							close(new);
-							return 0;
+							exit(0);
 						}
 login:
 						/* setproctitle("ax25d [%s]: login", User); */
@@ -614,11 +614,15 @@ login:
 							closelog();
 
 						/* Make root secure, before we exec() */
-						setgroups(0, grps);	/* Strip any supplementary gid's */
-						setgid(raxl->gid);
-						setuid(raxl->uid);
+						/* Strip any supplementary gid's */
+						if (setgroups(0, grps) == -1)
+							exit(1);
+						if (setgid(raxl->gid) == -1)
+							exit(1);
+						if (setuid(raxl->uid) == -1)
+							exit(1);
 						execve(raxl->exec, argv, NULL);
-						return 1;
+						exit(1);
 
 					default:
 						close(new);
diff --git a/ax25/axspawn.c b/ax25/axspawn.c
index 544abea..a2b132b 100644
--- a/ax25/axspawn.c
+++ b/ax25/axspawn.c
@@ -1,6 +1,6 @@
 /*
  *
- * $Id: axspawn.c,v 1.24 2010/03/31 08:06:59 dl9sau Exp $
+ * $Id: axspawn.c,v 1.25 2011/08/18 09:51:08 dl9sau Exp $
  *
  * axspawn.c - run a program from ax25d.
  *
@@ -1693,7 +1693,8 @@ again:
                 pututline(&ut_line);
                 endutent();
 
-		setsid();
+		if (setsid() == -1)
+			exit(1);
 
                 chargc = 0;
                 envc = 0;