Fix polkit0 authentication

Commit 7033c5f2 introduced some bugs in polkit0 authentication. Fix libvirtd segfault in remoteDispatchAuthPolkit(). Fix polkit authentication bypass when caller UID = 0.
2025-01-03 11:35:19 +00:00 · 2012-02-15 10:01:50 -07:00 · 2012-02-15 10:01:50 -07:00 · fcdfa31f3c
commit fcdfa31f3c
parent c05ec92021
1 changed files with 9 additions and 11 deletions
--- a/daemon/remote.c
+++ b/daemon/remote.c
@ -2052,17 +2052,17 @@ remoteDispatchAuthList(virNetServerPtr server ATTRIBUTE_UNUSED,
        } else if (callerUid == 0) {
            char *ident;
            if (virAsprintf(&ident, "pid:%lld,uid:%d",
-                            (long long) callerPid, callerUid) >= 0) {
-                VIR_INFO("Bypass polkit auth for privileged client %s",
-                         ident);
+                            (long long) callerPid, callerUid) < 0) {
+                virReportOOMError();
+                goto cleanup;
+            }
+            VIR_INFO("Bypass polkit auth for privileged client %s", ident);
            if (virNetServerClientSetIdentity(client, ident) < 0)
                virResetLastError();
            else
                auth = VIR_NET_SERVER_SERVICE_AUTH_NONE;
            VIR_FREE(ident);
        }
-            rv = -1;
-        }
    }

    ret->types.types_len = 1;
@ -2593,8 +2593,6 @@ remoteDispatchAuthPolkit(virNetServerPtr server,
    struct daemonClientPrivate *priv =
        virNetServerClientGetPrivateData(client);

-    memset(ident, 0, sizeof ident);
-
    virMutexLock(&priv->lock);

    action = virNetServerClientGetReadonly(client) ?