From: Serge Hallyn Date: Fri, 6 Sep 2013 01:31:55 +0000 (-0500) Subject: sanity-check number of detected capabilities X-Git-Tag: lxc-1.0.0.alpha1~1^2~3 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2caf9a97d90a61e5eaf9d7c218e5bcc35dfbfbb3;p=thirdparty%2Flxc.git sanity-check number of detected capabilities Signed-off-by: Serge Hallyn --- diff --git a/src/lxc/conf.c b/src/lxc/conf.c index 83613ed99..2d95e5dad 100644 --- a/src/lxc/conf.c +++ b/src/lxc/conf.c @@ -1852,6 +1852,9 @@ static int dropcaps_except(struct lxc_list *caps) int numcaps = lxc_caps_last_cap() + 1; INFO("found %d capabilities\n", numcaps); + if (numcaps <= 0 || numcaps > 200) + return -1; + // caplist[i] is 1 if we keep capability i int *caplist = alloca(numcaps * sizeof(int)); memset(caplist, 0, numcaps * sizeof(int));