From da9f177e085c8c49efe6cbda0b90939f7f1e759a Mon Sep 17 00:00:00 2001 From: Peter Bex Date: Fri, 24 Sep 2021 08:25:07 +0200 Subject: [PATCH] Add checks to current user/group id setters in (chicken process-context posix) Fixes #1787 --- NEWS | 9 +++++++++ manual/Acknowledgements | 4 ++-- posixunix.scm | 26 +++++++++++++++----------- 3 files changed, 26 insertions(+), 13 deletions(-) diff --git a/NEWS b/NEWS index 3118461b..0ce3a1bd 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,12 @@ +5.3.0rc4 + +- Core libraries + - In (chicken process-context posix), the setters for current-user-id, + current-effective-user-id and current-group-id now check that the + new user/group value is a fixnum instead of blindly passing it on + to the C implementation (which would cause bogus user ids to be set). + Fixes #1787, thanks to Christopher Brannon. + 5.3.0rc3 - Build system diff --git a/manual/Acknowledgements b/manual/Acknowledgements index fcaaa92f..8e6ac12b 100644 --- a/manual/Acknowledgements +++ b/manual/Acknowledgements @@ -7,8 +7,8 @@ Annis, Jason E. Aten, Marc Baily, Peter Barabas, Andrei Barbu, Jonah Beckford, Arto Bendiken, Andy Bennett, Kevin Beranek, Peter Bex, Jean-Francois Bignolles, Oivind Binde, Alaric Blagrave Snell-Pym, Dave Bodenstab, Fabian Böhlke, T. Kurt Bond, Ashley Bone, Dominique Boucher, -Terence Brannon, Roy Bryant, Adam Buchbinder, Hans Bulfone, "Category -5", Taylor Campbell, Naruto Canada, Mark Carter, Esteban U. Caamano +Christopher Brannon, Terence Brannon, Roy Bryant, Adam Buchbinder, Hans Bulfone, +"Category 5", Taylor Campbell, Naruto Canada, Mark Carter, Esteban U. Caamano Castro, Semih Cemiloglu, Alex Charlton, Franklin Chen, Joo ChurlSoo, Thomas Chust, Gian Paolo Ciceri, Fulvio Ciriaco, Paul Colby, Tobia Conforto, John Cowan, Grzegorz Chrupala, James Crippen, Evan Hanson, diff --git a/posixunix.scm b/posixunix.scm index e8cf8526..992d8eed 100644 --- a/posixunix.scm +++ b/posixunix.scm @@ -602,6 +602,7 @@ static int set_file_mtime(char *filename, C_word atime, C_word mtime) (getter-with-setter (foreign-lambda int "C_getuid") (lambda (id) + (##sys#check-fixnum id 'current-user-id) (when (fx< (##core#inline "C_setuid" id) 0) (##sys#update-errno) (##sys#error 'current-user-id!-setter "cannot set user ID" id) ) ) @@ -611,29 +612,32 @@ static int set_file_mtime(char *filename, C_word atime, C_word mtime) (getter-with-setter (foreign-lambda int "C_geteuid") (lambda (id) - (when (fx< (##core#inline "C_seteuid" id) 0) - (##sys#update-errno) - (##sys#error - 'effective-user-id!-setter "cannot set effective user ID" id) ) ) + (##sys#check-fixnum id 'current-effective-user-id) + (when (fx< (##core#inline "C_seteuid" id) 0) + (##sys#update-errno) + (##sys#error + 'effective-user-id!-setter "cannot set effective user ID" id) ) ) "(chicken.process-context.posix#current-effective-user-id)")) (set! chicken.process-context.posix#current-group-id (getter-with-setter (foreign-lambda int "C_getgid") (lambda (id) - (when (fx< (##core#inline "C_setgid" id) 0) - (##sys#update-errno) - (##sys#error 'current-group-id!-setter "cannot set group ID" id) ) ) + (##sys#check-fixnum id 'current-group-id) + (when (fx< (##core#inline "C_setgid" id) 0) + (##sys#update-errno) + (##sys#error 'current-group-id!-setter "cannot set group ID" id) ) ) "(chicken.process-context.posix#current-group-id)") ) (set! chicken.process-context.posix#current-effective-group-id (getter-with-setter (foreign-lambda int "C_getegid") (lambda (id) - (when (fx< (##core#inline "C_setegid" id) 0) - (##sys#update-errno) - (##sys#error - 'effective-group-id!-setter "cannot set effective group ID" id) ) ) + (##sys#check-fixnum id 'current-effective-group-id) + (when (fx< (##core#inline "C_setegid" id) 0) + (##sys#update-errno) + (##sys#error + 'effective-group-id!-setter "cannot set effective group ID" id) ) ) "(chicken.process-context.posix#current-effective-group-id)") ) (define-foreign-variable _user-name nonnull-c-string "C_user->pw_name") -- 2.31.1