From 7af86379ef4b46bcc1e07fb8bf90d46c9537e944 Mon Sep 17 00:00:00 2001
From: Eric Blake <eblake@redhat.com>
Date: Thu, 14 Mar 2013 16:28:29 -0600
Subject: [PATCH] util: portably check for unchanged uid

We've already scrubbed for comparisons of 'uid_t == -1' (which fail
on platforms where uid_t is a u16), but another one snuck in.

* src/util/virutil.c (virSetUIDGIDWithCaps): Correct uid comparison.
* cfg.mk (sc_prohibit_risky_id_promotion): New rule.
---
 cfg.mk             | 6 ++++++
 src/util/virutil.c | 2 +-
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/cfg.mk b/cfg.mk
index b95a90b1ec..394521e476 100644
--- a/cfg.mk
+++ b/cfg.mk
@@ -389,6 +389,12 @@ sc_prohibit_setuid:
 	halt='use virSetUIDGID, not raw set*id'				\
 	  $(_sc_search_regexp)
 
+# Don't compare *id_t against raw -1.
+sc_prohibit_risky_id_promotion:
+	@prohibit='\b(user|group|[ug]id) *[=!]= *-'			\
+	halt='cast -1 to ([ug]id_t) before comparing against id'	\
+	  $(_sc_search_regexp)
+
 # Use snprintf rather than s'printf, even if buffer is provably large enough,
 # since gnulib has more guarantees for snprintf portability
 sc_prohibit_sprintf:
diff --git a/src/util/virutil.c b/src/util/virutil.c
index a0d15302dc..42b42954e3 100644
--- a/src/util/virutil.c
+++ b/src/util/virutil.c
@@ -3011,7 +3011,7 @@ virSetUIDGIDWithCaps(uid_t uid, gid_t gid, unsigned long long capBits,
      * change the capabilities bounding set.
      */
 
-    if (clearExistingCaps || (uid != -1 && uid != 0))
+    if (clearExistingCaps || (uid != (uid_t)-1 && uid != 0))
        capng_clear(CAPNG_SELECT_BOTH);
 
     for (ii = 0; ii <= CAP_LAST_CAP; ii++) {