From 847a99a0ec7e57f740ed946d79416e75b1c3c53a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Love=20H=C3=B6rnquist=20=C3=85strand?= <lha@kth.se>
Date: Tue, 8 Aug 2006 21:43:58 +0000
Subject: [PATCH] Check return values from setuid, prompted by MIT advisory. 
 Thanks to Tom Yu at MIT, and Michael Calmer and Marcus Meissner at SUSE. 
 Either of CVE-2006-3083 or CVE-2006-3084.

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17878 ec53bebd-3082-4978-b11e-865c3cabbd6b
---
 appl/rcp/rcp.c  | 9 ++++++---
 appl/rcp/util.c | 3 ++-
 2 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/appl/rcp/rcp.c b/appl/rcp/rcp.c
index e61246ac3..9a138c784 100644
--- a/appl/rcp/rcp.c
+++ b/appl/rcp/rcp.c
@@ -119,13 +119,15 @@ main(int argc, char **argv)
 
 	if (fflag) {			/* Follow "protocol", send data. */
 		response();
-		setuid(userid);
+		if (setuid(userid) < 0)
+			errx(1, "setuid failed");
 		source(argc, argv);
 		exit(errs);
 	}
 
 	if (tflag) {			/* Receive data. */
-		setuid(userid);
+		if (setuid(userid) < 0)
+			errx(1, "setuid failed");
 		sink(argc, argv);
 		exit(errs);
 	}
@@ -221,7 +223,8 @@ toremote(char *targ, int argc, char **argv)
 				if (response() < 0)
 					exit(1);
 				free(bp);
-				setuid(userid);
+				if (setuid(userid) < 0)
+					errx(1, "setuid failed");
 			}
 			source(1, argv+i);
 		}
diff --git a/appl/rcp/util.c b/appl/rcp/util.c
index a50c1d5f9..58f8b1527 100644
--- a/appl/rcp/util.c
+++ b/appl/rcp/util.c
@@ -112,7 +112,8 @@ susystem(s, userid)
 		return (127);
 
 	case 0:
-		(void)setuid(userid);
+		if (setuid(userid) < 0)
+			_exit(127);
 		execl(_PATH_BSHELL, "sh", "-c", s, NULL);
 		_exit(127);
 	}