From cfdd23b96710dbfe94d5d3f5bb9c23afa0b80e98 Mon Sep 17 00:00:00 2001
From: Tobias Brunner <tobias@strongswan.org>
Date: Wed, 24 Jul 2013 08:43:10 +0200
Subject: [PATCH] capabilities: Proper error handling when reading groups

---
 src/libstrongswan/utils/capabilities.c | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/src/libstrongswan/utils/capabilities.c b/src/libstrongswan/utils/capabilities.c
index 31a7291c90..c5e90b6c38 100644
--- a/src/libstrongswan/utils/capabilities.c
+++ b/src/libstrongswan/utils/capabilities.c
@@ -90,12 +90,19 @@ static bool has_group(gid_t group)
 		return TRUE;
 	}
 	ngroups = sysconf(_SC_NGROUPS_MAX);
-	groups = calloc(ngroups, sizeof(gid_t));
+	if (ngroups == -1)
+	{
+		DBG1(DBG_LIB, "getting groups for current process failed: %s",
+			 strerror(errno));
+		return FALSE;
+	}
+	groups = calloc(ngroups + 1, sizeof(gid_t));
 	ngroups = getgroups(ngroups, groups);
 	if (ngroups == -1)
 	{
 		DBG1(DBG_LIB, "getting groups for current process failed: %s",
 			 strerror(errno));
+		free(groups);
 		return FALSE;
 	}
 	for (i = 0; i < ngroups; i++)
-- 
2.47.2