Check return values from setuid, prompted by MIT

advisory. Thanks to Tom Yu at MIT, and Michael Calmer and Marcus Meissner at SUSE. Either of CVE-2006-3083 or CVE-2006-3084. git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17878 ec53bebd-3082-4978-b11e-865c3cabbd6b
2006-08-08 21:43:58 +00:00
parent cd67e721c3
commit 847a99a0ec
2 changed files with 8 additions and 4 deletions
--- a/appl/rcp/rcp.c
+++ b/appl/rcp/rcp.c
@@ -119,13 +119,15 @@ main(int argc, char **argv)

 	if (fflag) {			/* Follow "protocol", send data. */
 		response();
-		setuid(userid);
+		if (setuid(userid) < 0)
+			errx(1, "setuid failed");
 		source(argc, argv);
 		exit(errs);
 	}

 	if (tflag) {			/* Receive data. */
-		setuid(userid);
+		if (setuid(userid) < 0)
+			errx(1, "setuid failed");
 		sink(argc, argv);
 		exit(errs);
 	}
@@ -221,7 +223,8 @@ toremote(char *targ, int argc, char **argv)
 				if (response() < 0)
 					exit(1);
 				free(bp);
-				setuid(userid);
+				if (setuid(userid) < 0)
+					errx(1, "setuid failed");
 			}
 			source(1, argv+i);
 		}