From c90b5debdf28acc010d5ee50ff5ff0c97ab0e367 Mon Sep 17 00:00:00 2001
From: "Andrew G. Morgan" <morgan@kernel.org>
Date: Thu, 26 Aug 2021 20:24:47 -0700
Subject: Fix some static analysis results.

This series of issues was found by Zoltan Fridrich.

Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
---
 progs/capsh.c  | 17 +++++++++++++++++
 progs/getcap.c |  8 ++++----
 progs/setcap.c |  6 +++++-
 3 files changed, 26 insertions(+), 5 deletions(-)

(limited to 'progs')

diff --git a/progs/capsh.c b/progs/capsh.c
index 50c2c99..42d9064 100644
--- a/progs/capsh.c
+++ b/progs/capsh.c
@@ -101,7 +101,16 @@ static void display_current_iab(void)
     char *text;
 
     iab = cap_iab_get_proc();
+    if (iab == NULL) {
+	perror("failed to get IAB for process");
+	exit(1);
+    }
     text = cap_iab_to_text(iab);
+    if (text == NULL) {
+	perror("failed to obtain text for IAB");
+	cap_free(iab);
+	exit(1);
+    }
     printf("Current IAB: %s\n", text);
     cap_free(text);
     cap_free(iab);
@@ -436,6 +445,10 @@ int main(int argc, char *argv[], char *envp[])
     child = 0;
 
     char *temp_name = cap_to_name(cap_max_bits() - 1);
+    if (temp_name == NULL) {
+	perror("obtaining highest capability name");
+	exit(1);
+    }
     if (temp_name[0] != 'c') {
 	printf("WARNING: libcap needs an update (cap=%d should have a name).\n",
 	       cap_max_bits() - 1);
@@ -1014,6 +1027,10 @@ int main(int argc, char *argv[], char *envp[])
 		const char **lines = explanations[cap];
 		int j;
 		char *name = cap_to_name(cap);
+		if (name == NULL) {
+		    perror("invalid named cap");
+		    exit(1);
+		}
 		char *match = strcasestr(name, argv[i]+10);
 		cap_free(name);
 		if (match != NULL) {
diff --git a/progs/getcap.c b/progs/getcap.c
index eec733b..7df7f0e 100644
--- a/progs/getcap.c
+++ b/progs/getcap.c
@@ -110,11 +110,11 @@ int main(int argc, char **argv)
 
     for (i=optind; argv[i] != NULL; i++) {
 	struct stat stbuf;
-
-	if (lstat(argv[i], &stbuf) != 0) {
-	    fprintf(stderr, "%s (%s)\n", argv[i], strerror(errno));
+	char *arg = argv[i];
+	if (lstat(arg, &stbuf) != 0) {
+	    fprintf(stderr, "%s (%s)\n", arg, strerror(errno));
 	} else if (recursive) {
-	    nftw(argv[i], do_getcap, 20, FTW_PHYS);
+	    nftw(arg, do_getcap, 20, FTW_PHYS);
 	} else {
 	    int tflag = S_ISREG(stbuf.st_mode) ? FTW_F :
 		(S_ISLNK(stbuf.st_mode) ? FTW_SL : FTW_NS);
diff --git a/progs/setcap.c b/progs/setcap.c
index 54260be..066e47f 100644
--- a/progs/setcap.c
+++ b/progs/setcap.c
@@ -167,9 +167,12 @@ int main(int argc, char **argv)
 	    }
 
 	    cap_on_file = cap_get_file(*++argv);
-
 	    if (cap_on_file == NULL) {
 		cap_on_file = cap_from_text("=");
+		if (cap_on_file == NULL) {
+		    perror("unable to use missing capability");
+		    exit(1);
+		}
 	    }
 
 	    cmp = cap_compare(cap_on_file, cap_d);
@@ -252,6 +255,7 @@ int main(int argc, char **argv)
 				argv[0]);
 			exit(1);
 		    }
+		    /* FALLTHROUGH */
 		default:
 		    fprintf(stderr,
 			    "Failed to set capabilities on file '%s': %s\n",
-- 
cgit v1.2.1