capability: let's protect against the kernel eventually doing more than 64 caps

Everyone will be in trouble then (as quite widely caps are store in
64bit fields). But let's protect ourselves at least to the point that we
ignore all higher caps for now.

diff --git a/src/basic/capability-util.c b/src/basic/capability-util.c
index e700edf2608dd51b7976e0dfe4cc660f8e51cea5..45fadb9faa9a2216abeb99773b0e5bca58526e30 100644 (file)
--- a/src/basic/capability-util.c
+++ b/src/basic/capability-util.c
@@ -47,6 +47,13 @@ unsigned long cap_last_cap(void) {
         if (r >= 0) {
                 r = safe_atolu(content, &p);
                 if (r >= 0) {
+
+                        if (p > 63) /* Safety for the future: if one day the kernel learns more than 64 caps,
+                                     * then we are in trouble (since we, as much userspace and kernel space
+                                     * store capability masks in uint64_t types. Let's hence protect
+                                     * ourselves against that and always cap at 63 for now. */
+                                p = 63;
+
                         saved = p;
                         valid = true;
                         return p;
@@ -58,17 +65,15 @@ unsigned long cap_last_cap(void) {
 
         if (prctl(PR_CAPBSET_READ, p) < 0) {
 
-                /* Hmm, look downwards, until we find one that
-                 * works */
+                /* Hmm, look downwards, until we find one that works */
                 for (p--; p > 0; p --)
                         if (prctl(PR_CAPBSET_READ, p) >= 0)
                                 break;
 
         } else {
 
-                /* Hmm, look upwards, until we find one that doesn't
-                 * work */
-                for (;; p++)
+                /* Hmm, look upwards, until we find one that doesn't work */
+                for (; p < 63; p++)
                         if (prctl(PR_CAPBSET_READ, p+1) < 0)
                                 break;
         }