*: assorted fixes prompted by security analysis; more to come

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>

1 files changed, 10 insertions, 3 deletions

diff --git a/lib/Plugins/Firefox.cpp b/lib/Plugins/Firefox.cpp
index cd02a152..d9807556 100644
--- a/lib/Plugins/Firefox.cpp
+++ b/lib/Plugins/Firefox.cpp
@@ -99,6 +99,8 @@ static pid_t ExecVP(char** pArgs, uid_t uid, std::string& pOutput)
     pid_t child;
 
     xpipe(pipeout);
+
+    fflush(NULL);
     child = fork();
     if (child == -1)
     {
@@ -549,6 +551,7 @@ static void InstallDebugInfos(const char *pDebugDumpDir, std::string& build_ids)
     xpipe(pipein);
     xpipe(pipeout);
 
+    fflush(NULL);
     pid_t child = fork();
     if (child < 0)
     {
@@ -673,6 +676,7 @@ static void InstallDebugInfos(const char *pDebugDumpDir, std::string& build_ids)
     int pipeout[2]; //TODO: can we use ExecVP?
     xpipe(pipeout);
 
+    fflush(NULL);
     pid_t child = fork();
     if (child < 0)
     {
@@ -839,8 +843,9 @@ std::string CAnalyzerFirefox::GetGlobalUUID(const char *pDebugDumpDir)
     return CreateHash(package + executable + independentBacktrace);
 }
 
-static bool DebuginfoCheckPolkit(int uid)
+static bool DebuginfoCheckPolkit(uid_t uid)
 {
+    fflush(NULL);
     int child_pid = fork();
     if (child_pid < 0)
     {
@@ -857,8 +862,10 @@ static bool DebuginfoCheckPolkit(int uid)
 
     //parent
     int status;
-    if (waitpid(child_pid, &status, 0) > 0 && WEXITSTATUS(status) == 0)
-    {
+    if (waitpid(child_pid, &status, 0) > 0
+     && WIFEXITED(status)
+     && WEXITSTATUS(status) == 0
+    ) {
         return true; //authorization OK
     }
     log("UID %d is not authorized to install debuginfos", uid);