From bbcc701ee7360c39d34aed33381803d44dc5da9f Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Sat, 30 Dec 2017 15:15:03 +0100
Subject: [PATCH] tree-wide: use {pid,uid,gid}_is_valid() where appropriate

Also, drop UID/GID validity checks from getpeercred() as the kernel will
never pass us invalid UID/GID on userns, but the overflow UID/GID
instead. Add a comment about this.
---
 src/basic/socket-util.c             | 12 +++++-------
 src/libsystemd/sd-bus/bus-control.c |  6 +++---
 2 files changed, 8 insertions(+), 10 deletions(-)

diff --git a/src/basic/socket-util.c b/src/basic/socket-util.c
index 56e0e8e..d67fbd2 100644
--- a/src/basic/socket-util.c
+++ b/src/basic/socket-util.c
@@ -967,15 +967,13 @@ int getpeercred(int fd, struct ucred *ucred) {
         if (n != sizeof(struct ucred))
                 return -EIO;
 
-        /* Check if the data is actually useful and not suppressed due
-         * to namespacing issues */
-        if (u.pid <= 0)
-                return -ENODATA;
-        if (u.uid == UID_INVALID)
-                return -ENODATA;
-        if (u.gid == GID_INVALID)
+        /* Check if the data is actually useful and not suppressed due to namespacing issues */
+        if (!pid_is_valid(u.pid))
                 return -ENODATA;
 
+        /* Note that we don't check UID/GID here, as namespace translation works differently there: instead of
+         * receiving in "invalid" user/group we get the overflow UID/GID. */
+
         *ucred = u;
         return 0;
 }
diff --git a/src/libsystemd/sd-bus/bus-control.c b/src/libsystemd/sd-bus/bus-control.c
index 12478e7..ffe0af2 100644
--- a/src/libsystemd/sd-bus/bus-control.c
+++ b/src/libsystemd/sd-bus/bus-control.c
@@ -571,17 +571,17 @@ static int bus_get_owner_creds_dbus1(sd_bus *bus, uint64_t mask, sd_bus_creds **
                 return -ENOMEM;
 
         if (bus->ucred_valid) {
-                if (bus->ucred.pid > 0) {
+                if (pid_is_valid(bus->ucred.pid)) {
                         pid = c->pid = bus->ucred.pid;
                         c->mask |= SD_BUS_CREDS_PID & mask;
                 }
 
-                if (bus->ucred.uid != UID_INVALID) {
+                if (uid_is_valid(bus->ucred.uid)) {
                         c->euid = bus->ucred.uid;
                         c->mask |= SD_BUS_CREDS_EUID & mask;
                 }
 
-                if (bus->ucred.gid != GID_INVALID) {
+                if (gid_is_valid(bus->ucred.gid)) {
                         c->egid = bus->ucred.gid;
                         c->mask |= SD_BUS_CREDS_EGID & mask;
                 }
-- 
2.7.4