diff options
| author | Andrew G. Morgan <morgan@kernel.org> | 2021-08-26 20:24:47 -0700 |
|---|---|---|
| committer | Andrew G. Morgan <morgan@kernel.org> | 2021-08-26 20:24:47 -0700 |
| commit | c90b5debdf28acc010d5ee50ff5ff0c97ab0e367 (patch) | |
| tree | 997cab52eda411ad6d9785138c699feb259c3860 /progs | |
| parent | 07cdff9ac969c35f1b2e4c0ccb5e3cc5fdceb2b2 (diff) | |
| download | libcap2-c90b5debdf28acc010d5ee50ff5ff0c97ab0e367.tar.gz | |
Fix some static analysis results.
This series of issues was found by Zoltan Fridrich.
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
Diffstat (limited to 'progs')
| -rw-r--r-- | progs/capsh.c | 17 | ||||
| -rw-r--r-- | progs/getcap.c | 8 | ||||
| -rw-r--r-- | progs/setcap.c | 6 |
3 files changed, 26 insertions, 5 deletions
diff --git a/progs/capsh.c b/progs/capsh.c index 50c2c99..42d9064 100644 --- a/progs/capsh.c +++ b/progs/capsh.c @@ -101,7 +101,16 @@ static void display_current_iab(void) char *text; iab = cap_iab_get_proc(); + if (iab == NULL) { + perror("failed to get IAB for process"); + exit(1); + } text = cap_iab_to_text(iab); + if (text == NULL) { + perror("failed to obtain text for IAB"); + cap_free(iab); + exit(1); + } printf("Current IAB: %s\n", text); cap_free(text); cap_free(iab); @@ -436,6 +445,10 @@ int main(int argc, char *argv[], char *envp[]) child = 0; char *temp_name = cap_to_name(cap_max_bits() - 1); + if (temp_name == NULL) { + perror("obtaining highest capability name"); + exit(1); + } if (temp_name[0] != 'c') { printf("WARNING: libcap needs an update (cap=%d should have a name).\n", cap_max_bits() - 1); @@ -1014,6 +1027,10 @@ int main(int argc, char *argv[], char *envp[]) const char **lines = explanations[cap]; int j; char *name = cap_to_name(cap); + if (name == NULL) { + perror("invalid named cap"); + exit(1); + } char *match = strcasestr(name, argv[i]+10); cap_free(name); if (match != NULL) { diff --git a/progs/getcap.c b/progs/getcap.c index eec733b..7df7f0e 100644 --- a/progs/getcap.c +++ b/progs/getcap.c @@ -110,11 +110,11 @@ int main(int argc, char **argv) for (i=optind; argv[i] != NULL; i++) { struct stat stbuf; - - if (lstat(argv[i], &stbuf) != 0) { - fprintf(stderr, "%s (%s)\n", argv[i], strerror(errno)); + char *arg = argv[i]; + if (lstat(arg, &stbuf) != 0) { + fprintf(stderr, "%s (%s)\n", arg, strerror(errno)); } else if (recursive) { - nftw(argv[i], do_getcap, 20, FTW_PHYS); + nftw(arg, do_getcap, 20, FTW_PHYS); } else { int tflag = S_ISREG(stbuf.st_mode) ? FTW_F : (S_ISLNK(stbuf.st_mode) ? FTW_SL : FTW_NS); diff --git a/progs/setcap.c b/progs/setcap.c index 54260be..066e47f 100644 --- a/progs/setcap.c +++ b/progs/setcap.c @@ -167,9 +167,12 @@ int main(int argc, char **argv) } cap_on_file = cap_get_file(*++argv); - if (cap_on_file == NULL) { cap_on_file = cap_from_text("="); + if (cap_on_file == NULL) { + perror("unable to use missing capability"); + exit(1); + } } cmp = cap_compare(cap_on_file, cap_d); @@ -252,6 +255,7 @@ int main(int argc, char **argv) argv[0]); exit(1); } + /* FALLTHROUGH */ default: fprintf(stderr, "Failed to set capabilities on file '%s': %s\n", |