machined: call pidref_verify() in some cases this was missing

We need to protect us from recycled PIDs here like everywhere else: once
we read data from /proc/$PID/ we need to validate that $PID still points
to the original pidfd.

diff --git a/src/machine/machine.c b/src/machine/machine.c
index 9f78a9c7d33b0a2c3de973416a691358fd953650..9bee46a10e2a463f121f509c69e50fef711c7cca 100644 (file)
--- a/src/machine/machine.c
+++ b/src/machine/machine.c
@@ -1195,6 +1195,10 @@ int machine_get_uid_shift(Machine *m, uid_t *ret) {
         if (uid_range != (uid_t) gid_range)
                 return -ENXIO;
 
+        r = pidref_verify(&m->leader);
+        if (r < 0)
+                return r;
+
         *ret = uid_shift;
         return 0;
 }
@@ -1247,6 +1251,10 @@ static int machine_owns_uid_internal(
                 if (!uid_is_valid(converted))
                         return -EINVAL;
 
+                r = pidref_verify(&machine->leader);
+                if (r < 0)
+                        return r;
+
                 if (ret_internal_uid)
                         *ret_internal_uid = converted;
 
@@ -1310,6 +1318,10 @@ static int machine_translate_uid_internal(
                 if (!uid_is_valid(converted))
                         return -EINVAL;
 
+                r = pidref_verify(&machine->leader);
+                if (r < 0)
+                        return r;
+
                 if (ret_host_uid)
                         *ret_host_uid = converted;