From 869152e39e2720aab86e1d4d971bfc7a29cd8a89 Mon Sep 17 00:00:00 2001
From: Jeffrey Bencteux <jeffbencteux@gmail.com>
Date: Thu, 17 Aug 2023 11:06:41 +0200
Subject: [PATCH] pop3, comsat: fix missing checks for set*id() return values

Several set*id() family function calls return values were
unchecked in pop3 and comsat leading to potential privilege
escalations or user impersonations.

Signed-off-by: Jeffrey Bencteux <jeffbencteux@gmail.com>
---
 comsat/comsat.c | 12 ++++++++++--
 pop3d/popauth.c |  6 +++++-
 pop3d/user.c    | 13 ++++++++++---
 3 files changed, 25 insertions(+), 6 deletions(-)

diff --git a/comsat/comsat.c b/comsat/comsat.c
index bebe1336b..003e69233 100644
--- a/comsat/comsat.c
+++ b/comsat/comsat.c
@@ -534,9 +534,17 @@ change_user (const char *user)
       mu_diag_output (MU_DIAG_CRIT, _("no such user: %s"), user);
       return 1;
     }
+  if (setgid (pw->pw_gid) == -1)
+    {
+      mu_diag_output (MU_DIAG_CRIT, _("setgid failed for user: %s"), user);
+      return 1;
+    }
+  if (setuid (pw->pw_uid) == -1)
+    {
+      mu_diag_output (MU_DIAG_CRIT, _("setuid failed for user: %s"), user);
+      return 1;
+    }
 
-  setgid (pw->pw_gid);
-  setuid (pw->pw_uid);
   chdir (pw->pw_dir);
   username = user;
   return 0;
diff --git a/pop3d/popauth.c b/pop3d/popauth.c
index baa46c973..38dbddadb 100644
--- a/pop3d/popauth.c
+++ b/pop3d/popauth.c
@@ -478,7 +478,11 @@ action_create (void)
   int line = 0;
   
   /* Make sure we have proper privileges if popauth is setuid */
-  setuid (getuid ());
+  if (setuid (getuid ()) == -1)
+    {
+      mu_error(_("Dropping privileges failed"));
+      return 1;
+    }
   
   if (input_name)
     {
diff --git a/pop3d/user.c b/pop3d/user.c
index 387416f77..671d383b8 100644
--- a/pop3d/user.c
+++ b/pop3d/user.c
@@ -36,10 +36,17 @@ pop3d_begin_session ()
       mu_auth_data_destroy (&auth_data);
       return ERR_LOGIN_DELAY;
     }
-  
+
   if (auth_data->change_uid)
-    setuid (auth_data->uid);
-  
+    {
+      if (setuid (auth_data->uid) == -1)
+        {
+          mu_diag_output (MU_DIAG_INFO,
+			  _("setuid failed for user `%s'"), auth_data->name);
+          return ERR_BAD_LOGIN;
+        }
+    }
+
   if (manlock_open_mailbox (&mbox, auth_data->mailbox, 0,
 			    MU_STREAM_CREAT | MU_STREAM_RDWR))
     {
-- 
2.35.1