From: GNU Libc Maintainers <debian-glibc@lists.debian.org>
Date: Sun, 10 Jul 2022 20:29:34 +0000 (+0100)
Subject: git-auth-leak
X-Git-Tag: archive/raspbian/2.33-8+rpi1^2~79
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=864f68346fb8bb72dff0e5e376c12997b49d904e;p=glibc.git

git-auth-leak

Committed for 2.35

commit 0e298448aad6fabf455923e72e0d1a3c56e9ab9e
Author: Samuel Thibault <samuel.thibault@ens-lyon.org>
Date:   Sun Jan 2 04:08:11 2022 +0100

    hurd: Fix auth port leak

    If access() was used before exec, _hurd_id.rid_auth would cache an
    "effective" auth port.  We do not want this to leak into the executed
    program.


Gbp-Pq: Topic hurd-i386
Gbp-Pq: Name git-auth-leak.diff
---

diff --git a/hurd/hurdexec.c b/hurd/hurdexec.c
index c39da7cf2..6a389ed6c 100644
--- a/hurd/hurdexec.c
+++ b/hurd/hurdexec.c
@@ -229,6 +229,14 @@ retry:
      reflects that our whole ID set differs from what we've set it to.  */
   __mutex_lock (&_hurd_id.lock);
   err = _hurd_check_ids ();
+
+  /* Avoid leaking the rid_auth port reference to the new progam */
+  if (_hurd_id.rid_auth != MACH_PORT_NULL)
+    {
+      __mach_port_deallocate (__mach_task_self (), _hurd_id.rid_auth);
+      _hurd_id.rid_auth = MACH_PORT_NULL;
+    }
+
   if (err == 0 && ((_hurd_id.aux.nuids >= 2 && _hurd_id.gen.nuids >= 1
 		    && _hurd_id.aux.uids[1] != _hurd_id.gen.uids[0])
 		   || (_hurd_id.aux.ngids >= 2 && _hurd_id.gen.ngids >= 1
@@ -244,11 +252,6 @@ retry:
       _hurd_id.aux.uids[1] = _hurd_id.gen.uids[0];
       _hurd_id.aux.gids[1] = _hurd_id.gen.gids[0];
       _hurd_id.valid = 0;
-      if (_hurd_id.rid_auth != MACH_PORT_NULL)
-	{
-	  __mach_port_deallocate (__mach_task_self (), _hurd_id.rid_auth);
-	  _hurd_id.rid_auth = MACH_PORT_NULL;
-	}
 
       err = __auth_makeauth (ports[INIT_PORT_AUTH],
 			     NULL, MACH_MSG_TYPE_COPY_SEND, 0,