From 87f66308d9683fb822f1d6c8e594fe8b45fb07be Mon Sep 17 00:00:00 2001
From: Robert Mustacchi <rm@joyent.com>
Date: Thu, 16 Apr 2015 15:01:56 +0000
Subject: 5853 pfexec_call() error handling could be improved 5854 pfexecd
 should initialize pfexec response buffers Reviewed by: Jerry Jelinek
 <jerry.jelinek@joyent.com> Reviewed by: Richard Lowe <richlowe@richlowe.net>
 Reviewed by: Dan McDonald <danmcd@omniti.com> Reviewed by: Steven Williamson
 <steve@freeagent.com> Approved by: Garrett D'Amore <garrett@damore.org>

---
 usr/src/cmd/pfexecd/pfexecd.c | 17 ++++++++++++++++-
 usr/src/uts/common/os/klpd.c  |  5 +++--
 2 files changed, 19 insertions(+), 3 deletions(-)

(limited to 'usr/src')

diff --git a/usr/src/cmd/pfexecd/pfexecd.c b/usr/src/cmd/pfexecd/pfexecd.c
index c8ec8a12df..1d25c09188 100644
--- a/usr/src/cmd/pfexecd/pfexecd.c
+++ b/usr/src/cmd/pfexecd/pfexecd.c
@@ -19,7 +19,7 @@
  * CDDL HEADER END
  *
  * Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved.
- *
+ * Copyright 2015, Joyent, Inc.
  */
 
 #define	_POSIX_PTHREAD_SEMANTICS 1
@@ -360,6 +360,21 @@ callback_pfexec(pfexec_arg_t *pap)
 	size_t mysz = repsz - 2 * setsz;
 	char *path = pap->pfa_path;
 
+	/*
+	 * Initialize the pfexec_reply_t to a sane state.
+	 */
+	res->pfr_vers = pap->pfa_vers;
+	res->pfr_len = 0;
+	res->pfr_ruid = PFEXEC_NOTSET;
+	res->pfr_euid = PFEXEC_NOTSET;
+	res->pfr_rgid = PFEXEC_NOTSET;
+	res->pfr_egid = PFEXEC_NOTSET;
+	res->pfr_setcred = B_FALSE;
+	res->pfr_scrubenv = B_TRUE;
+	res->pfr_allowed = B_FALSE;
+	res->pfr_ioff = 0;
+	res->pfr_loff = 0;
+
 	uuid = pap->pfa_uid;
 
 	if (getpwuid_r(uuid, &pw, buf, sizeof (buf), &pwd) != 0 || pwd == NULL)
diff --git a/usr/src/uts/common/os/klpd.c b/usr/src/uts/common/os/klpd.c
index a3cd79c41d..55734ae757 100644
--- a/usr/src/uts/common/os/klpd.c
+++ b/usr/src/uts/common/os/klpd.c
@@ -21,6 +21,7 @@
 
 /*
  * Copyright (c) 2008, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright 2015, Joyent, Inc.
  */
 
 #include <sys/atomic.h>
@@ -847,7 +848,7 @@ pfexec_call(const cred_t *cr, struct pathname *rpnp, cred_t **pfcr,
 	door_arg_t da;
 	int dres;
 	cred_t *ncr = NULL;
-	int err = -1;
+	int err = EACCES;
 	priv_set_t *iset;
 	priv_set_t *lset;
 	zone_t *myzone = crgetzone(CRED());
@@ -908,7 +909,7 @@ pfexec_call(const cred_t *cr, struct pathname *rpnp, cred_t **pfcr,
 	    prp->pfr_ioff > da.rsize - sizeof (priv_set_t) ||
 	    prp->pfr_loff > da.rsize - sizeof (priv_set_t) ||
 	    (prp->pfr_loff & (sizeof (priv_chunk_t) - 1)) != 0 ||
-	    (prp->pfr_loff & (sizeof (priv_chunk_t) - 1)) != 0)
+	    (prp->pfr_ioff & (sizeof (priv_chunk_t) - 1)) != 0)
 		goto out;
 
 	/*
-- 
cgit v1.2.3