From 6c5fff017ea460ecda9915654b4d2883fea04ba7 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Mon, 20 Feb 2023 11:30:56 +0100 Subject: [PATCH] cap-list: make sure never to accidentally return more than 63 caps MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The rest of our codebase stores caps masks in a uint64_t, and also assumes UINT64_MAX was a suitable value for "unset mask". Hence refuse any caps outside of 0…62. (right now the kernel knows 40 caps, hence 22 more to go before we have to reconsider our life's choices.) --- src/basic/cap-list.c | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/src/basic/cap-list.c b/src/basic/cap-list.c index 3b506ed5960..811adb02421 100644 --- a/src/basic/cap-list.c +++ b/src/basic/cap-list.c @@ -20,7 +20,7 @@ static const struct capability_name* lookup_capability(register const char *str, const char *capability_to_name(int id) { if (id < 0) return NULL; - if ((size_t) id >= ELEMENTSOF(capability_names)) + if (id >= capability_list_length()) return NULL; return capability_names[id]; @@ -65,11 +65,13 @@ int capability_from_name(const char *name) { return sc->id; } -/* This is the number of capability names we are *compiled* with. - * For the max capability number of the currently-running kernel, - * use cap_last_cap(). */ +/* This is the number of capability names we are *compiled* with. For the max capability number of the + * currently-running kernel, use cap_last_cap(). Note that this one returns the size of the array, i.e. one + * value larger than the last known capability. This is different from cap_last_cap() which returns the + * highest supported capability. Hence with everyone agreeing on the same capabilities list, this function + * will return one higher than cap_last_cap(). */ int capability_list_length(void) { - return (int) ELEMENTSOF(capability_names); + return (int) MIN(ELEMENTSOF(capability_names), 63U); } int capability_set_to_string(uint64_t set, char **ret) {