diff options
| author | Andrew G. Morgan <morgan@kernel.org> | 2021-08-27 09:45:46 -0700 |
|---|---|---|
| committer | Andrew G. Morgan <morgan@kernel.org> | 2021-08-27 10:26:59 -0700 |
| commit | 552db8f4116df3fad4e4ebf90a9a05a77b9486fd (patch) | |
| tree | 43f61ba7cc65f1e4d7ce253b7cd071b84655436d /progs | |
| parent | 386af0edbc9eec3b382451da782a08ba4632db06 (diff) | |
| download | libcap2-552db8f4116df3fad4e4ebf90a9a05a77b9486fd.tar.gz | |
More fixes for static analysis issues.
Further observations from Zoltan Fridrich's static analysis of libcap.
This commit also includes a fix for something I broke with the last
round of "fixing", and a test to make sure I don't make that mistake
again.
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
Diffstat (limited to 'progs')
| -rw-r--r-- | progs/capsh.c | 12 | ||||
| -rw-r--r-- | progs/setcap.c | 29 |
2 files changed, 30 insertions, 11 deletions
diff --git a/progs/capsh.c b/progs/capsh.c index 42d9064..763c08d 100644 --- a/progs/capsh.c +++ b/progs/capsh.c @@ -89,6 +89,10 @@ static void display_current(void) char *text; all = cap_get_proc(); + if (all == NULL) { + perror("failed to get process capabilities"); + exit(1); + } text = cap_to_text(all, NULL); printf("Current: %s\n", text); cap_free(text); @@ -922,6 +926,10 @@ int main(int argc, char *argv[], char *envp[]) exit(1); } orig = cap_get_proc(); + if (orig == NULL) { + perror("failed to get process capabilities"); + exit(1); + } if (cap_get_flag(orig, cap, CAP_PERMITTED, &enabled) || !enabled) { fprintf(stderr, "cap[%s] not permitted\n", argv[i]+8); exit(1); @@ -938,6 +946,10 @@ int main(int argc, char *argv[], char *envp[]) exit(1); } orig = cap_get_proc(); + if (orig == NULL) { + perror("failed to get process capabilities"); + exit(1); + } if (cap_get_flag(orig, cap, CAP_INHERITABLE, &enabled) || !enabled) { fprintf(stderr, "cap[%s] not inheritable\n", argv[i]+8); diff --git a/progs/setcap.c b/progs/setcap.c index 066e47f..f8be53a 100644 --- a/progs/setcap.c +++ b/progs/setcap.c @@ -85,9 +85,12 @@ int main(int argc, char **argv) " (old libcap?)\n"); } + cap_t cap_d = NULL; while (--argc > 0) { const char *text; - cap_t cap_d; + + cap_free(cap_d); + cap_d = NULL; if (!strcmp(*++argv, "-q")) { quiet = 1; @@ -109,7 +112,8 @@ int main(int argc, char **argv) } if (!strcmp(*argv, "-n")) { if (argc < 2) { - fprintf(stderr, "usage: .. -n <rootid> .. - rootid!=0 file caps"); + fprintf(stderr, + "usage: .. -n <rootid> .. - rootid!=0 file caps"); exit(1); } --argc; @@ -122,6 +126,7 @@ int main(int argc, char **argv) } if (!strcmp(*argv, "-r")) { + cap_free(cap_d); cap_d = NULL; } else { if (!strcmp(*argv,"-")) { @@ -144,11 +149,9 @@ int main(int argc, char **argv) } #ifdef DEBUG { - ssize_t length; - const char *result; - - result = cap_to_text(cap_d, &length); + char *result = cap_to_text(cap_d, NULL); fprintf(stderr, "caps set to: [%s]\n", result); + cap_free(result) } #endif } @@ -163,12 +166,16 @@ int main(int argc, char **argv) int cmp; if (cap_d == NULL) { - cap_d = cap_from_text("="); + cap_d = cap_init(); + if (cap_d == NULL) { + perror("unable to obtain empty capability"); + exit(1); + } } cap_on_file = cap_get_file(*++argv); if (cap_on_file == NULL) { - cap_on_file = cap_from_text("="); + cap_on_file = cap_init(); if (cap_on_file == NULL) { perror("unable to use missing capability"); exit(1); @@ -264,9 +271,9 @@ int main(int argc, char **argv) } } } - if (cap_d) { - cap_free(cap_d); - } + } + if (cap_d) { + cap_free(cap_d); } exit(0); |