machined: call pidref_verify() in some cases this was missing

We need to protect us from recycled PIDs here like everywhere else: once
we read data from /proc/$PID/ we need to validate that $PID still points
to the original pidfd.

(cherry picked from commit 3c70cbae0ff15d3dc5877173015187db81e004be)

diff --git a/src/machine/machine.c b/src/machine/machine.c
index 26ce1556a57e1303057ffba92fd522400ae865a4..8611058810d07170aedfc538f24e4ebf9b2d1760 100644 (file)
--- a/src/machine/machine.c
+++ b/src/machine/machine.c
@@ -1087,6 +1087,10 @@ int machine_get_uid_shift(Machine *m, uid_t *ret) {
         if (uid_range != (uid_t) gid_range)
                 return -ENXIO;
 
+        r = pidref_verify(&m->leader);
+        if (r < 0)
+                return r;
+
         *ret = uid_shift;
         return 0;
 }
@@ -1139,6 +1143,10 @@ static int machine_owns_uid_internal(
                 if (!uid_is_valid(converted))
                         return -EINVAL;
 
+                r = pidref_verify(&machine->leader);
+                if (r < 0)
+                        return r;
+
                 if (ret_internal_uid)
                         *ret_internal_uid = converted;
 
@@ -1202,6 +1210,10 @@ static int machine_translate_uid_internal(
                 if (!uid_is_valid(converted))
                         return -EINVAL;
 
+                r = pidref_verify(&machine->leader);
+                if (r < 0)
+                        return r;
+
                 if (ret_host_uid)
                         *ret_host_uid = converted;