From: Tobias Brunner <tobias@strongswan.org>
Date: Wed, 24 Jul 2013 06:43:10 +0000 (+0200)
Subject: capabilities: Proper error handling when reading groups
X-Git-Tag: 5.1.0~37
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=cfdd23b96710dbfe94d5d3f5bb9c23afa0b80e98;p=thirdparty%2Fstrongswan.git

capabilities: Proper error handling when reading groups
---

diff --git a/src/libstrongswan/utils/capabilities.c b/src/libstrongswan/utils/capabilities.c
index 31a7291c90..c5e90b6c38 100644
--- a/src/libstrongswan/utils/capabilities.c
+++ b/src/libstrongswan/utils/capabilities.c
@@ -90,12 +90,19 @@ static bool has_group(gid_t group)
 		return TRUE;
 	}
 	ngroups = sysconf(_SC_NGROUPS_MAX);
-	groups = calloc(ngroups, sizeof(gid_t));
+	if (ngroups == -1)
+	{
+		DBG1(DBG_LIB, "getting groups for current process failed: %s",
+			 strerror(errno));
+		return FALSE;
+	}
+	groups = calloc(ngroups + 1, sizeof(gid_t));
 	ngroups = getgroups(ngroups, groups);
 	if (ngroups == -1)
 	{
 		DBG1(DBG_LIB, "getting groups for current process failed: %s",
 			 strerror(errno));
+		free(groups);
 		return FALSE;
 	}
 	for (i = 0; i < ngroups; i++)