Fix for Debian bugs 400591 & 487223: cap_copy_ext()

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=400591
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=487223

Correct fix implemented as suggested by Matt.

Reported-by: Matt Kern <matt.kern@undue.org>
Reported-by: Torsten Werner <twerner@debian.org>
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>

3 files changed, 59 insertions, 10 deletions

diff --git a/contrib/bug400591/Makefile b/contrib/bug400591/Makefile
new file mode 100644
index 0000000..f6e0ea3
--- /dev/null
+++ b/contrib/bug400591/Makefile
@@ -0,0 +1,8 @@
+all: bug
+
+bug: bug.c ../../libcap Makefile
+	make -C ../../libcap
+	cc --static -o $@ $< -L../../libcap -lcap
+
+clean:
+	rm -f bug.o bug
diff --git a/contrib/bug400591/bug.c b/contrib/bug400591/bug.c
new file mode 100644
index 0000000..363ca27
--- /dev/null
+++ b/contrib/bug400591/bug.c
@@ -0,0 +1,44 @@
+#include <assert.h>
+#include <stdlib.h>
+#include <sys/capability.h>
+
+/*
+ * Original from http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=400591
+ *
+ * Modified to test more functions.. AGM - 2008/07/06.
+ */
+
+int main (int argc, char *argv[])
+{
+  cap_t caps, caps2;
+  ssize_t size, copy_size;
+  void *buffer;
+  char *text1, *text2;
+
+  caps = cap_init();
+  assert (caps);
+  
+  assert(capgetp(1, caps) == 0);
+
+  text1 = cap_to_text(caps, NULL);
+  assert(text1);
+
+  size = cap_size (caps);
+  assert (size>0  && size<1024);
+
+  buffer = malloc (size);
+  assert (buffer);
+
+  copy_size = cap_copy_ext (buffer, caps, size);
+  assert (copy_size == size);
+
+  caps2 = cap_copy_int(buffer);
+  assert (caps2);
+  
+  text2 = cap_to_text(caps, NULL);
+  assert(text2);
+
+  assert(strcmp(text1, text2) == 0);
+
+  return 0;
+}
diff --git a/libcap/cap_extint.c b/libcap/cap_extint.c
index 7f4e07c..4992360 100644
--- a/libcap/cap_extint.c
+++ b/libcap/cap_extint.c
@@ -9,7 +9,7 @@
 
 /*
  * External representation for capabilities. (exported as a fixed
- * length (void *))
+ * length)
  */
 #define CAP_EXT_MAGIC "\220\302\001\121"
 #define CAP_EXT_MAGIC_SIZE 4
@@ -18,8 +18,10 @@ const static __u8 external_magic[CAP_EXT_MAGIC_SIZE+1] = CAP_EXT_MAGIC;
 struct cap_ext_struct {
     __u8 magic[CAP_EXT_MAGIC_SIZE];
     __u8 length_of_capset;
-/* note, we arrange these so the caps are stacked with byte-size
-   resolution */
+    /*
+     * note, we arrange these so the caps are stacked with byte-size
+     * resolution
+     */
     __u8 bytes[CAP_SET_SIZE][NUMBER_OF_CAP_SETS];
 };
 
@@ -77,11 +79,6 @@ ssize_t cap_copy_ext(void *cap_ext, cap_t cap_d, ssize_t length)
  * the internal rep should be liberated with cap_free().
  */
 
-/*
- * XXX - need to take a little more care when importing small
- * capability sets.
- */
-
 cap_t cap_copy_int(const void *cap_ext)
 {
     const struct cap_ext_struct *export =
@@ -90,8 +87,8 @@ cap_t cap_copy_int(const void *cap_ext)
     int set, blen;
 
     /* Does the external representation make sense? */
-    if (export == NULL || !memcmp(export->magic, external_magic
-				  , CAP_EXT_MAGIC_SIZE)) {
+    if ((export == NULL)
+	|| memcmp(export->magic, external_magic, CAP_EXT_MAGIC_SIZE)) {
 	errno = EINVAL;
 	return NULL;
     }