From: Lennart Poettering Date: Fri, 8 Mar 2019 16:31:12 +0000 (+0100) Subject: capability: let's protect against the kernel eventually doing more than 64 caps X-Git-Tag: v242-rc1~99^2~6 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=5211445eaea69b5826417c7e754b65bd652cdfaa;p=thirdparty%2Fsystemd.git capability: let's protect against the kernel eventually doing more than 64 caps Everyone will be in trouble then (as quite widely caps are store in 64bit fields). But let's protect ourselves at least to the point that we ignore all higher caps for now. --- diff --git a/src/basic/capability-util.c b/src/basic/capability-util.c index e700edf2608..45fadb9faa9 100644 --- a/src/basic/capability-util.c +++ b/src/basic/capability-util.c @@ -47,6 +47,13 @@ unsigned long cap_last_cap(void) { if (r >= 0) { r = safe_atolu(content, &p); if (r >= 0) { + + if (p > 63) /* Safety for the future: if one day the kernel learns more than 64 caps, + * then we are in trouble (since we, as much userspace and kernel space + * store capability masks in uint64_t types. Let's hence protect + * ourselves against that and always cap at 63 for now. */ + p = 63; + saved = p; valid = true; return p; @@ -58,17 +65,15 @@ unsigned long cap_last_cap(void) { if (prctl(PR_CAPBSET_READ, p) < 0) { - /* Hmm, look downwards, until we find one that - * works */ + /* Hmm, look downwards, until we find one that works */ for (p--; p > 0; p --) if (prctl(PR_CAPBSET_READ, p) >= 0) break; } else { - /* Hmm, look upwards, until we find one that doesn't - * work */ - for (;; p++) + /* Hmm, look upwards, until we find one that doesn't work */ + for (; p < 63; p++) if (prctl(PR_CAPBSET_READ, p+1) < 0) break; }