import libcap-2.48-4.el8
This commit is contained in:
CentOS Sources
Stepan Oksanichenko
parent
b45a5f117e
commit
b465e811b7
54
SOURCES/libcap-check-allocation.patch
Normal file
54
SOURCES/libcap-check-allocation.patch
Normal file
@ -0,0 +1,54 @@
|
||||
--- a/libcap/cap_alloc.c 2021-02-05 06:52:17.000000000 +0100
|
||||
+++ b/libcap/cap_alloc.c 2022-05-17 20:06:53.570560396 +0200
|
||||
@@ -123,6 +123,10 @@
|
||||
|
||||
cap_iab_t cap_iab_init(void) {
|
||||
__u32 *base = calloc(1, sizeof(__u32) + sizeof(struct cap_iab_s));
|
||||
+ if (base == NULL) {
|
||||
+ _cap_debug("out of memory");
|
||||
+ return NULL;
|
||||
+ }
|
||||
*(base++) = CAP_IAB_MAGIC;
|
||||
return (cap_iab_t) base;
|
||||
}
|
||||
@@ -138,6 +142,10 @@
|
||||
const char * const *envp)
|
||||
{
|
||||
__u32 *data = calloc(1, sizeof(__u32) + sizeof(struct cap_launch_s));
|
||||
+ if (data == NULL) {
|
||||
+ _cap_debug("out of memory");
|
||||
+ return NULL;
|
||||
+ }
|
||||
*(data++) = CAP_LAUNCH_MAGIC;
|
||||
struct cap_launch_s *attr = (struct cap_launch_s *) data;
|
||||
attr->arg0 = arg0;
|
||||
--- a/libcap/cap_proc.c 2022-05-17 20:07:36.301803359 +0200
|
||||
+++ b/libcap/cap_proc.c 2022-05-17 20:06:59.238592623 +0200
|
||||
@@ -677,9 +677,25 @@
|
||||
*/
|
||||
cap_iab_t cap_iab_get_proc(void)
|
||||
{
|
||||
- cap_iab_t iab = cap_iab_init();
|
||||
- cap_t current = cap_get_proc();
|
||||
+ cap_iab_t iab;
|
||||
+ cap_t current;
|
||||
+
|
||||
+ iab = cap_iab_init();
|
||||
+ if (iab == NULL) {
|
||||
+ _cap_debug("no memory for IAB tuple");
|
||||
+ return NULL;
|
||||
+ }
|
||||
+
|
||||
+ current = cap_get_proc();
|
||||
+ if (current == NULL) {
|
||||
+ _cap_debug("no memory for cap_t");
|
||||
+ cap_free(iab);
|
||||
+ return NULL;
|
||||
+ }
|
||||
+
|
||||
cap_iab_fill(iab, CAP_IAB_INH, current, CAP_INHERITABLE);
|
||||
+ cap_free(current);
|
||||
+
|
||||
cap_value_t c;
|
||||
for (c = cap_max_bits(); c; ) {
|
||||
--c;
|
||||
128
SOURCES/libcap-fix-prctl-usage.patch
Normal file
128
SOURCES/libcap-fix-prctl-usage.patch
Normal file
@ -0,0 +1,128 @@
|
||||
diff --git a/libcap/cap_proc.c b/libcap/cap_proc.c
|
||||
--- a/libcap/cap_proc.c
|
||||
+++ b/libcap/cap_proc.c
|
||||
@@ -135,7 +135,13 @@ static int _libcap_wprctl3(struct syscaller_s *sc,
|
||||
long int pr_cmd, long int arg1, long int arg2)
|
||||
{
|
||||
if (_libcap_overrode_syscalls) {
|
||||
- return sc->three(SYS_prctl, pr_cmd, arg1, arg2);
|
||||
+ int result;
|
||||
+ result = sc->three(SYS_prctl, pr_cmd, arg1, arg2);
|
||||
+ if (result >= 0) {
|
||||
+ return result;
|
||||
+ }
|
||||
+ errno = -result;
|
||||
+ return -1;
|
||||
}
|
||||
return prctl(pr_cmd, arg1, arg2, 0, 0, 0);
|
||||
}
|
||||
@@ -145,7 +151,13 @@ static int _libcap_wprctl6(struct syscaller_s *sc,
|
||||
long int arg3, long int arg4, long int arg5)
|
||||
{
|
||||
if (_libcap_overrode_syscalls) {
|
||||
- return sc->six(SYS_prctl, pr_cmd, arg1, arg2, arg3, arg4, arg5);
|
||||
+ int result;
|
||||
+ result = sc->six(SYS_prctl, pr_cmd, arg1, arg2, arg3, arg4, arg5);
|
||||
+ if (result >= 0) {
|
||||
+ return result;
|
||||
+ }
|
||||
+ errno = -result;
|
||||
+ return -1;
|
||||
}
|
||||
return prctl(pr_cmd, arg1, arg2, arg3, arg4, arg5);
|
||||
}
|
||||
@@ -271,26 +283,12 @@ int capsetp(pid_t pid, cap_t cap_d)
|
||||
|
||||
int cap_get_bound(cap_value_t cap)
|
||||
{
|
||||
- int result;
|
||||
-
|
||||
- result = prctl(PR_CAPBSET_READ, pr_arg(cap), pr_arg(0));
|
||||
- if (result < 0) {
|
||||
- errno = -result;
|
||||
- return -1;
|
||||
- }
|
||||
- return result;
|
||||
+ return prctl(PR_CAPBSET_READ, pr_arg(cap), pr_arg(0));
|
||||
}
|
||||
|
||||
static int _cap_drop_bound(struct syscaller_s *sc, cap_value_t cap)
|
||||
{
|
||||
- int result;
|
||||
-
|
||||
- result = _libcap_wprctl3(sc, PR_CAPBSET_DROP, pr_arg(cap), pr_arg(0));
|
||||
- if (result < 0) {
|
||||
- errno = -result;
|
||||
- return -1;
|
||||
- }
|
||||
- return result;
|
||||
+ return _libcap_wprctl3(sc, PR_CAPBSET_DROP, pr_arg(cap), pr_arg(0));
|
||||
}
|
||||
|
||||
/* drop a capability from the bounding set */
|
||||
@@ -316,7 +314,7 @@ int cap_get_ambient(cap_value_t cap)
|
||||
static int _cap_set_ambient(struct syscaller_s *sc,
|
||||
cap_value_t cap, cap_flag_value_t set)
|
||||
{
|
||||
- int result, val;
|
||||
+ int val;
|
||||
switch (set) {
|
||||
case CAP_SET:
|
||||
val = PR_CAP_AMBIENT_RAISE;
|
||||
@@ -328,13 +326,8 @@ static int _cap_set_ambient(struct syscaller_s *sc,
|
||||
errno = EINVAL;
|
||||
return -1;
|
||||
}
|
||||
- result = _libcap_wprctl6(sc, PR_CAP_AMBIENT, pr_arg(val), pr_arg(cap),
|
||||
- pr_arg(0), pr_arg(0), pr_arg(0));
|
||||
- if (result < 0) {
|
||||
- errno = -result;
|
||||
- return -1;
|
||||
- }
|
||||
- return result;
|
||||
+ return _libcap_wprctl6(sc, PR_CAP_AMBIENT, pr_arg(val), pr_arg(cap),
|
||||
+ pr_arg(0), pr_arg(0), pr_arg(0));
|
||||
}
|
||||
|
||||
/*
|
||||
diff --git a/libcap/cap_test.c b/libcap/cap_test.c
|
||||
--- a/libcap/cap_test.c 2021-02-05 06:52:17.000000000 +0100
|
||||
+++ b/libcap/cap_test.c 2022-05-16 18:24:55.754193142 +0200
|
||||
@@ -29,11 +29,36 @@
|
||||
return failed;
|
||||
}
|
||||
|
||||
+static int test_prctl(void)
|
||||
+{
|
||||
+ int ret, retval=0;
|
||||
+ errno = 0;
|
||||
+ ret = cap_get_bound((cap_value_t) -1);
|
||||
+ if (ret != -1) {
|
||||
+ printf("cap_get_bound(-1) did not return error: %d\n", ret);
|
||||
+ retval = -1;
|
||||
+ } else if (errno != EINVAL) {
|
||||
+ perror("cap_get_bound(-1) errno != EINVAL");
|
||||
+ retval = -1;
|
||||
+ }
|
||||
+ return retval;
|
||||
+}
|
||||
+
|
||||
int main(int argc, char **argv) {
|
||||
int result = 0;
|
||||
+ printf("test_cap_bits: being called\n");
|
||||
+ fflush(stdout);
|
||||
result = test_cap_bits() | result;
|
||||
+ printf("test_prctl: being called\n");
|
||||
+ fflush(stdout);
|
||||
+ result = test_prctl() | result;
|
||||
+ printf("tested\n");
|
||||
+ fflush(stdout);
|
||||
+
|
||||
if (result) {
|
||||
- printf("test FAILED\n");
|
||||
+ printf("cap_test FAILED\n");
|
||||
exit(1);
|
||||
}
|
||||
+ printf("cap_test PASS\n");
|
||||
+ exit(0);
|
||||
}
|
||||
@ -1,6 +1,6 @@
|
||||
Name: libcap
|
||||
Version: 2.48
|
||||
Release: 2%{?dist}
|
||||
Release: 4%{?dist}
|
||||
Summary: Library for getting and setting POSIX.1e capabilities
|
||||
URL: https://sites.google.com/site/fullycapable/
|
||||
License: BSD or GPLv2
|
||||
@ -11,6 +11,8 @@ Patch0: %{name}-2.48-buildflags.patch
|
||||
Patch1: %{name}-abi-compatibility.patch
|
||||
Patch2: %{name}-static-analysis.patch
|
||||
Patch3: %{name}-fix-ambient-caps.patch
|
||||
Patch4: %{name}-fix-prctl-usage.patch
|
||||
Patch5: %{name}-check-allocation.patch
|
||||
|
||||
BuildRequires: libattr-devel pam-devel perl-interpreter
|
||||
BuildRequires: make
|
||||
@ -89,6 +91,14 @@ chmod +x %{buildroot}/%{_libdir}/*.so.*
|
||||
%{_libdir}/pkgconfig/libpsx.pc
|
||||
|
||||
%changelog
|
||||
* Tue May 17 2022 Anderson Toshiyuki Sasaki <ansasaki@redhat.com> - 2.48-4
|
||||
- check for successful memory allocation
|
||||
related: rhbz#2062648
|
||||
|
||||
* Mon May 16 2022 Anderson Toshiyuki Sasaki <ansasaki@redhat.com> - 2.48-3
|
||||
- avoid overwriting errno set by prctl
|
||||
resolves: rhbz#2062648
|
||||
|
||||
* Fri Jan 28 2022 Zoltan Fridrich <zfridric@redhat.com> - 2.48-2
|
||||
- rebase to 2.48
|
||||
resolves: rhbz#2032813
|
||||
|
||||
Loading…
Reference in New Issue
Block a user