From 2f6426a5433b4cd9026a51db1787bca66fa88252 Mon Sep 17 00:00:00 2001 From: Thomas Osterried Date: Thu, 18 Aug 2011 09:51:08 +0000 Subject: Fix for CVE-2011-2910: check return status of setuid(), .. --- ax25/ax25d.c | 16 ++++++++++------ ax25/axspawn.c | 5 +++-- 2 files changed, 13 insertions(+), 8 deletions(-) (limited to 'ax25') diff --git a/ax25/ax25d.c b/ax25/ax25d.c index 126ec39..3ed47ca 100644 --- a/ax25/ax25d.c +++ b/ax25/ax25d.c @@ -1,5 +1,5 @@ /* - * $Id: ax25d.c,v 1.8 2009/06/21 18:01:55 ralf Exp $ + * $Id: ax25d.c,v 1.9 2011/08/18 09:51:08 dl9sau Exp $ * * This is my version of axl.c, written for the LBBS code to make it * compatable with the kernel AX25 driver. It appears to work, with @@ -577,7 +577,7 @@ close_link: /* close link */ /* setproctitle("ax25d [%s]: disconnecting", User); */ close(new); - return 0; + exit(0); } login: /* setproctitle("ax25d [%s]: login", User); */ @@ -614,11 +614,15 @@ login: closelog(); /* Make root secure, before we exec() */ - setgroups(0, grps); /* Strip any supplementary gid's */ - setgid(raxl->gid); - setuid(raxl->uid); + /* Strip any supplementary gid's */ + if (setgroups(0, grps) == -1) + exit(1); + if (setgid(raxl->gid) == -1) + exit(1); + if (setuid(raxl->uid) == -1) + exit(1); execve(raxl->exec, argv, NULL); - return 1; + exit(1); default: close(new); diff --git a/ax25/axspawn.c b/ax25/axspawn.c index 544abea..a2b132b 100644 --- a/ax25/axspawn.c +++ b/ax25/axspawn.c @@ -1,6 +1,6 @@ /* * - * $Id: axspawn.c,v 1.24 2010/03/31 08:06:59 dl9sau Exp $ + * $Id: axspawn.c,v 1.25 2011/08/18 09:51:08 dl9sau Exp $ * * axspawn.c - run a program from ax25d. * @@ -1693,7 +1693,8 @@ again: pututline(&ut_line); endutent(); - setsid(); + if (setsid() == -1) + exit(1); chargc = 0; envc = 0; -- cgit v1.2.3