packages/libcap
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!8 Fix segmentation fault in 2.32

Browse Source 
Merge pull request !8 from robertosassu/2.32-segfault-fix
This commit is contained in:
openeuler-ci-bot 2020-09-08 21:34:35 +08:00 committed by Gitee
commit 37f46db5ce
2 changed files with 63 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

58
Avoid-segfaulting-when-the-kernel-is-ahead-of-libcap.patch Normal file
View File

@ -0,0 +1,58 @@
From 2f72ffb7c9f28fbd143010dd68730b73ad1596f4 Mon Sep 17 00:00:00 2001
From: "Andrew G. Morgan" <morgan@kernel.org>
Date: Sat, 2 May 2020 17:10:25 -0700
Subject: [PATCH] Avoid segfaulting when the kernel is ahead of libcap.
Fixes bug report from Heiner Kallweit:
https://bugzilla.kernel.org/show_bug.cgi?id=207549
This bug was triggered when the kernel being run knows about
more capabilities than the running build of libcap does. The
issue is that in two places libcap assumed that _cap_names[]
was long enough to name cap_max_bits() worth of capabilities.
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
---
libcap/cap_text.c | 14 +++++++++-----
1 file changed, 9 insertions(+), 5 deletions(-)
diff --git a/libcap/cap_text.c b/libcap/cap_text.c
index 00fbbc6..8ea4b05 100644
--- a/libcap/cap_text.c
+++ b/libcap/cap_text.c
@@ -57,8 +57,9 @@ static char const *namcmp(char const *str, char const *nam)
}
/*
- * forceall forces all of the named capabilities to be assigned the
- * masked value, and zeroed otherwise.
+ * forceall forces all of the kernel named capabilities to be assigned
+ * the masked value, and zeroed otherwise. Note, if the kernel is ahead
+ * of libcap, the upper bits will be referred to by number.
*/
static void forceall(__u32 *flat, __u32 value, unsigned blks)
{
@@ -112,13 +113,16 @@ static int lookupname(char const **strp)
}
#else /* ie., ndef GPERF_DOWNCASE */
char const *s;
- unsigned n;
-
- for (n = cap_max_bits(); n--; )
+ unsigned n = cap_max_bits();
+ if (n > __CAP_BITS) {
+ n = __CAP_BITS;
+ }
+ while (n--) {
if (_cap_names[n] && (s = namcmp(str.constp, _cap_names[n]))) {
*strp = s;
return n;
}
+ }
#endif /* def GPERF_DOWNCASE */
return -1; /* No definition available */
--
2.27.GIT

6
libcap.spec
View File

@ -1,12 +1,13 @@
Name: libcap Name: libcap
Version: 2.32 Version: 2.32
Release: 1 Release: 2
Summary: A library for getting and setting POSIX.1e draft 15 capabilities Summary: A library for getting and setting POSIX.1e draft 15 capabilities
License: GPLv2 License: GPLv2
URL: https://sites.google.com/site/fullycapable URL: https://sites.google.com/site/fullycapable
Source0: https://www.kernel.org/pub/linux/libs/security/linux-privs/libcap2/%{name}-%{version}.tar.gz Source0: https://www.kernel.org/pub/linux/libs/security/linux-privs/libcap2/%{name}-%{version}.tar.gz
Patch0: libcap-buildflags.patch Patch0: libcap-buildflags.patch
Patch1: Avoid-segfaulting-when-the-kernel-is-ahead-of-libcap.patch
BuildRequires: libattr-devel pam-devel perl-interpreter gcc BuildRequires: libattr-devel pam-devel perl-interpreter gcc
@ -67,6 +68,9 @@ chmod +x %{buildroot}/%{_libdir}/*.so.*
%{_mandir}/man8/*.gz %{_mandir}/man8/*.gz
%changelog %changelog
* Mon Sep 07 2020 Roberto Sassu <roberto.sassu@huawei.com> - 2.27-2
- add Avoid-segfaulting-when-the-kernel-is-ahead-of-libcap.patch
* Thu Apr 16 2020 zhangchenfeng<zhangchenfeng1@huawei.com> - 2.32-1 * Thu Apr 16 2020 zhangchenfeng<zhangchenfeng1@huawei.com> - 2.32-1
- Type:enhancement - Type:enhancement
- ID:NA - ID:NA