SSS_CLIENT: check if reponder socket was hijacked

Real life example would be: https://github.com/TigerVNC/tigervnc/blob/effd854bfd19654fa67ff3d39514a91a246b8ae6/unix/xserver/hw/vnc/xvnc.c#L369 - TigerVNC unconditionally overwrites fd=3
SSSD · Dec 20, 2023 · a285b62 · a285b62
1 parent f0c153c
commit a285b62
Showing 1 changed file with 10 additions and 0 deletions.
diff --git a/src/sss_client/common.c b/src/sss_client/common.c
@@ -767,6 +767,16 @@ static enum sss_status sss_cli_check_socket(int *errnop,
         myself_ino = myself_sb.st_ino;
     }
 
+    /* check if the socket has been hijacked */
+    if (sss_cli_sd_get() != -1) {
+        ret = fstat(sss_cli_sd_get(), &mypid_sb);
+        if ((ret != 0) || (!S_ISSOCK(mypid_sb.st_mode))
+            || (mypid_sb.st_dev != sss_cli_sb->st_dev)
+            || (mypid_sb.st_ino != sss_cli_sb->st_ino)) {
+            sss_cli_sd_set(-1);  /* don't ruin app even if it's misbehaving */
+        }
+    }
+
     /* check if the socket has been closed on the other side */
     if (sss_cli_sd_get() != -1) {
         struct pollfd pfd;