diff options
author | Andrew G. Morgan <morgan@kernel.org> | 2008-07-06 12:11:42 -0700 |
---|---|---|
committer | Andrew G. Morgan <morgan@kernel.org> | 2008-07-06 12:11:42 -0700 |
commit | 3463a1393551bff930d19e50417e6e57f1df7324 (patch) | |
tree | 26c2218be8e46c6a7ccb340cbaa259c5c4135248 | |
parent | 3fa808f5886d08c45866217cfe6e6e9def7de04e (diff) | |
download | libcap-3463a1393551bff930d19e50417e6e57f1df7324.tar.gz |
Fix for Debian bugs 400591 & 487223: cap_copy_ext()
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=400591
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=487223
Correct fix implemented as suggested by Matt.
Reported-by: Matt Kern <matt.kern@undue.org>
Reported-by: Torsten Werner <twerner@debian.org>
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
-rw-r--r-- | contrib/bug400591/Makefile | 8 | ||||
-rw-r--r-- | contrib/bug400591/bug.c | 44 | ||||
-rw-r--r-- | libcap/cap_extint.c | 17 |
3 files changed, 59 insertions, 10 deletions
diff --git a/contrib/bug400591/Makefile b/contrib/bug400591/Makefile new file mode 100644 index 0000000..f6e0ea3 --- /dev/null +++ b/contrib/bug400591/Makefile @@ -0,0 +1,8 @@ +all: bug + +bug: bug.c ../../libcap Makefile + make -C ../../libcap + cc --static -o $@ $< -L../../libcap -lcap + +clean: + rm -f bug.o bug diff --git a/contrib/bug400591/bug.c b/contrib/bug400591/bug.c new file mode 100644 index 0000000..363ca27 --- /dev/null +++ b/contrib/bug400591/bug.c @@ -0,0 +1,44 @@ +#include <assert.h> +#include <stdlib.h> +#include <sys/capability.h> + +/* + * Original from http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=400591 + * + * Modified to test more functions.. AGM - 2008/07/06. + */ + +int main (int argc, char *argv[]) +{ + cap_t caps, caps2; + ssize_t size, copy_size; + void *buffer; + char *text1, *text2; + + caps = cap_init(); + assert (caps); + + assert(capgetp(1, caps) == 0); + + text1 = cap_to_text(caps, NULL); + assert(text1); + + size = cap_size (caps); + assert (size>0 && size<1024); + + buffer = malloc (size); + assert (buffer); + + copy_size = cap_copy_ext (buffer, caps, size); + assert (copy_size == size); + + caps2 = cap_copy_int(buffer); + assert (caps2); + + text2 = cap_to_text(caps, NULL); + assert(text2); + + assert(strcmp(text1, text2) == 0); + + return 0; +} diff --git a/libcap/cap_extint.c b/libcap/cap_extint.c index 7f4e07c..4992360 100644 --- a/libcap/cap_extint.c +++ b/libcap/cap_extint.c @@ -9,7 +9,7 @@ /* * External representation for capabilities. (exported as a fixed - * length (void *)) + * length) */ #define CAP_EXT_MAGIC "\220\302\001\121" #define CAP_EXT_MAGIC_SIZE 4 @@ -18,8 +18,10 @@ const static __u8 external_magic[CAP_EXT_MAGIC_SIZE+1] = CAP_EXT_MAGIC; struct cap_ext_struct { __u8 magic[CAP_EXT_MAGIC_SIZE]; __u8 length_of_capset; -/* note, we arrange these so the caps are stacked with byte-size - resolution */ + /* + * note, we arrange these so the caps are stacked with byte-size + * resolution + */ __u8 bytes[CAP_SET_SIZE][NUMBER_OF_CAP_SETS]; }; @@ -77,11 +79,6 @@ ssize_t cap_copy_ext(void *cap_ext, cap_t cap_d, ssize_t length) * the internal rep should be liberated with cap_free(). */ -/* - * XXX - need to take a little more care when importing small - * capability sets. - */ - cap_t cap_copy_int(const void *cap_ext) { const struct cap_ext_struct *export = @@ -90,8 +87,8 @@ cap_t cap_copy_int(const void *cap_ext) int set, blen; /* Does the external representation make sense? */ - if (export == NULL || !memcmp(export->magic, external_magic - , CAP_EXT_MAGIC_SIZE)) { + if ((export == NULL) + || memcmp(export->magic, external_magic, CAP_EXT_MAGIC_SIZE)) { errno = EINVAL; return NULL; } |