From f8a7bffd5e4de4b5d580af0f3888540da31afa86 Mon Sep 17 00:00:00 2001 From: cptpcrd Date: Sun, 30 Jul 2023 18:38:22 -0400 Subject: [PATCH 1/2] dbus-sysdeps-unix: Handle empty supplementary group list It is valid for getsockopt(SO_PEERGROUPS) to return len=0; that indicates the process has no supplementary groups. Rather than failing, simply use the returned empty list (and add the primary GID to it). Without this change, calling GetConnectionCredentials on a bus name owned by a process with no supplementary groups does not return the UnixGroupIDs field, even though it is easy to determine that the process only has one GID (the primary GID). --- dbus/dbus-sysdeps-unix.c | 7 ------- 1 file changed, 7 deletions(-) diff --git a/dbus/dbus-sysdeps-unix.c b/dbus/dbus-sysdeps-unix.c index c1c9f182..486c4e21 100644 --- a/dbus/dbus-sysdeps-unix.c +++ b/dbus/dbus-sysdeps-unix.c @@ -2001,13 +2001,6 @@ add_groups_to_credentials (int client_fd, _dbus_verbose ("will try again with %lu\n", (unsigned long) len); } - if (len <= 0) - { - _dbus_verbose ("getsockopt(SO_PEERGROUPS) yielded <= 0 bytes: %ld\n", - (long) len); - goto out; - } - if (len > n_gids * sizeof (gid_t)) { _dbus_verbose ("%lu > %zu", (unsigned long) len, n_gids * sizeof (gid_t)); From 49dd4aba42280c438b1207963f7071bfd7707775 Mon Sep 17 00:00:00 2001 From: cptpcrd Date: Mon, 31 Jul 2023 19:33:33 -0400 Subject: [PATCH 2/2] dbus-sysdeps-unix: Check socklen_t is unsigned when getting group list After the change to handle an empty list properly, the function now assumes that is true. --- dbus/dbus-sysdeps-unix.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/dbus/dbus-sysdeps-unix.c b/dbus/dbus-sysdeps-unix.c index 486c4e21..6962b077 100644 --- a/dbus/dbus-sysdeps-unix.c +++ b/dbus/dbus-sysdeps-unix.c @@ -1956,6 +1956,8 @@ add_groups_to_credentials (int client_fd, { #if defined(__linux__) && defined(SO_PEERGROUPS) _DBUS_STATIC_ASSERT (sizeof (gid_t) <= sizeof (dbus_gid_t)); + /* This function assumes socklen_t is unsigned, which is true on Linux */ + _DBUS_STATIC_ASSERT (((socklen_t) -1) > 0); gid_t *buf = NULL; socklen_t len = 1024; dbus_bool_t oom = FALSE;