From 330edf6a1ec91fa5a9829d6450fa4fff0b91c693 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Jos=C3=A9=20Bollo?= <jose.bollo@iot.bzh>
Date: Thu, 3 Aug 2017 12:16:58 +0200
Subject: [PATCH] afb-cred: fix default values
MIME-Version: 1.0
Content-Type: text/plain; charset=utf8
Content-Transfer-Encoding: 8bit

Because SO_PEERCRED returns without error even when no data
is available (tcp by example), the resulting uid is now tested.

Also, for tcp, by default avoid by default to create a default
user value. Instead, return NULL. This will allow client having
an HTTP/Websocket connection to get full rights on the binder.

Change-Id: I2defb585bf79c023e2391c2e18d6de17e5112770
Signed-off-by: José Bollo <jose.bollo@iot.bzh>
---
 src/afb-cred.c | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/src/afb-cred.c b/src/afb-cred.c
index 87661f19..eda0c9dd 100644
--- a/src/afb-cred.c
+++ b/src/afb-cred.c
@@ -29,6 +29,10 @@
 
 #define MAX_LABEL_LENGTH  1024
 
+#if !defined(NO_DEFAULT_PEERCRED) && !defined(ADD_DEFAULT_PEERCRED)
+#  define NO_DEFAULT_PEERCRED
+#endif
+
 #if !defined(DEFAULT_PEERSEC_LABEL)
 #  define DEFAULT_PEERSEC_LABEL "NoLabel"
 #endif
@@ -117,15 +121,15 @@ struct afb_cred *afb_cred_create_for_socket(int fd)
 	/* get the credentials */
 	length = (socklen_t)(sizeof ucred);
 	rc = getsockopt(fd, SOL_SOCKET, SO_PEERCRED, &ucred, &length);
-	if (rc < 0 || length != (socklen_t)(sizeof ucred)) {
+	if (rc < 0 || length != (socklen_t)(sizeof ucred) || !~ucred.uid) {
 #if !defined(NO_DEFAULT_PEERCRED)
-		if (!rc)
-			errno = EINVAL;
-		return NULL;
-#else
 		ucred.uid = DEFAULT_PEERCRED_UID;
 		ucred.gid = DEFAULT_PEERCRED_GID;
 		ucred.pid = DEFAULT_PEERCRED_PID;
+#else
+		if (!rc)
+			errno = EINVAL;
+		return NULL;
 #endif
 	}
 
-- 
2.16.6