#include "net/tap-linux.h"
-#ifdef CONFIG_LIBCAP
+#ifdef CONFIG_LIBCAP_NG
#include <cap-ng.h>
#endif
if (arg == NULL) {
fprintf(stderr, "Invalid config line:\n %s\n", line);
- fclose(f);
- errno = EINVAL;
- return -1;
+ goto err;
}
*arg = 0;
}
*argend = 0;
+ if (!g_str_equal(cmd, "include") && strlen(arg) >= IFNAMSIZ) {
+ fprintf(stderr, "name `%s' too long: %zu\n", arg, strlen(arg));
+ goto err;
+ }
+
if (strcmp(cmd, "deny") == 0) {
acl_rule = g_malloc(sizeof(*acl_rule));
if (strcmp(arg, "all") == 0) {
parse_acl_file(arg, acl_list);
} else {
fprintf(stderr, "Unknown command `%s'\n", cmd);
- fclose(f);
- errno = EINVAL;
- return -1;
+ goto err;
}
}
fclose(f);
-
return 0;
+
+err:
+ fclose(f);
+ errno = EINVAL;
+ return -1;
+
}
static bool has_vnet_hdr(int fd)
return sendmsg(c, &msg, 0);
}
-#ifdef CONFIG_LIBCAP
+#ifdef CONFIG_LIBCAP_NG
static int drop_privileges(void)
{
/* clear all capabilities */
int access_allowed, access_denied;
int ret = EXIT_SUCCESS;
-#ifdef CONFIG_LIBCAP
+#ifdef CONFIG_LIBCAP_NG
/* if we're run from an suid binary, immediately drop privileges preserving
* cap_net_admin */
if (geteuid() == 0 && getuid() != geteuid()) {
usage();
return EXIT_FAILURE;
}
+ if (strlen(bridge) >= IFNAMSIZ) {
+ fprintf(stderr, "name `%s' too long: %zu\n", bridge, strlen(bridge));
+ return EXIT_FAILURE;
+ }
/* parse default acl file */
QSIMPLEQ_INIT(&acl_list);
projects / thirdparty / qemu.git / blobdiff