From: Lennart Poettering <lennart@poettering.net>
Date: Thu, 20 Jun 2019 12:44:47 +0000 (+0200)
Subject: capability: fix loops for cap_last_cap()
X-Git-Tag: v243-rc1~257^2~1
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=4a33a02e994c8002a7eac75c02494becb1a4d4f8;p=thirdparty%2Fsystemd.git

capability: fix loops for cap_last_cap()

cap_last_cap() returns the last valid cap (instead of the number of
valid caps). to iterate through all known caps we hence need to use a <=
check, and not a < check like for all other cases. We got this right
usually, but in three cases we did not.
---

diff --git a/src/basic/cap-list.c b/src/basic/cap-list.c
index 29a17d9320e..2c0b7416a4d 100644
--- a/src/basic/cap-list.c
+++ b/src/basic/cap-list.c
@@ -62,7 +62,7 @@ int capability_set_to_string_alloc(uint64_t set, char **s) {
 
         assert(s);
 
-        for (i = 0; i < cap_last_cap(); i++)
+        for (i = 0; i <= cap_last_cap(); i++)
                 if (set & (UINT64_C(1) << i)) {
                         const char *p;
                         size_t add;
diff --git a/src/basic/capability-util.c b/src/basic/capability-util.c
index 2a9c3b80f81..e3ed14f806c 100644
--- a/src/basic/capability-util.c
+++ b/src/basic/capability-util.c
@@ -90,7 +90,7 @@ int capability_update_inherited_set(cap_t caps, uint64_t set) {
         /* Add capabilities in the set to the inherited caps. Do not apply
          * them yet. */
 
-        for (i = 0; i < cap_last_cap(); i++) {
+        for (i = 0; i <= cap_last_cap(); i++) {
 
                 if (set & (UINT64_C(1) << i)) {
                         cap_value_t v;
@@ -126,7 +126,7 @@ int capability_ambient_set_apply(uint64_t set, bool also_inherit) {
                         return -errno;
         }
 
-        for (i = 0; i < cap_last_cap(); i++) {
+        for (i = 0; i <= cap_last_cap(); i++) {
 
                 if (set & (UINT64_C(1) << i)) {