|
|
803fb7 |
From 044455df76969ad26dfdcfa186e5ce81beb5b527 Mon Sep 17 00:00:00 2001
|
|
|
803fb7 |
From: Lennart Poettering <lennart@poettering.net>
|
|
|
803fb7 |
Date: Tue, 10 Nov 2015 16:08:03 +0100
|
|
|
803fb7 |
Subject: [PATCH] core: simplify parsing of capability bounding set settings
|
|
|
803fb7 |
|
|
|
803fb7 |
Let's generate a simple error, and that's it. Let's not try to be smart
|
|
|
803fb7 |
and record the last word that failed.
|
|
|
803fb7 |
|
|
|
803fb7 |
Also, let's make sure we don't compare numeric values with 0 by relying
|
|
|
803fb7 |
on C's downgrade-to-bool feature, as suggested in CODING_STYLE.
|
|
|
803fb7 |
|
|
|
803fb7 |
Cherry-picked from: 65dce26488030eff078c498673d5d93e3c87b6a1
|
|
|
803fb7 |
Resolves: #1387398
|
|
|
803fb7 |
---
|
|
|
de8967 |
src/core/load-fragment.c | 42 ++++++++++++++++++----------------------
|
|
|
803fb7 |
1 file changed, 19 insertions(+), 23 deletions(-)
|
|
|
803fb7 |
|
|
|
803fb7 |
diff --git a/src/core/load-fragment.c b/src/core/load-fragment.c
|
|
|
803fb7 |
index 4830d7ad6..ab3b0c2e9 100644
|
|
|
803fb7 |
--- a/src/core/load-fragment.c
|
|
|
803fb7 |
+++ b/src/core/load-fragment.c
|
|
|
803fb7 |
@@ -1015,23 +1015,22 @@ int config_parse_exec_secure_bits(const char *unit,
|
|
|
803fb7 |
return 0;
|
|
|
803fb7 |
}
|
|
|
803fb7 |
|
|
|
803fb7 |
-int config_parse_bounding_set(const char *unit,
|
|
|
803fb7 |
- const char *filename,
|
|
|
803fb7 |
- unsigned line,
|
|
|
803fb7 |
- const char *section,
|
|
|
803fb7 |
- unsigned section_line,
|
|
|
803fb7 |
- const char *lvalue,
|
|
|
803fb7 |
- int ltype,
|
|
|
803fb7 |
- const char *rvalue,
|
|
|
803fb7 |
- void *data,
|
|
|
803fb7 |
- void *userdata) {
|
|
|
803fb7 |
+int config_parse_bounding_set(
|
|
|
803fb7 |
+ const char *unit,
|
|
|
803fb7 |
+ const char *filename,
|
|
|
803fb7 |
+ unsigned line,
|
|
|
803fb7 |
+ const char *section,
|
|
|
803fb7 |
+ unsigned section_line,
|
|
|
803fb7 |
+ const char *lvalue,
|
|
|
803fb7 |
+ int ltype,
|
|
|
803fb7 |
+ const char *rvalue,
|
|
|
803fb7 |
+ void *data,
|
|
|
803fb7 |
+ void *userdata) {
|
|
|
803fb7 |
|
|
|
803fb7 |
uint64_t *capability_bounding_set_drop = data;
|
|
|
803fb7 |
- uint64_t capability_bounding_set;
|
|
|
803fb7 |
+ uint64_t capability_bounding_set, sum = 0;
|
|
|
803fb7 |
bool invert = false;
|
|
|
803fb7 |
- uint64_t sum = 0;
|
|
|
803fb7 |
- const char *prev;
|
|
|
803fb7 |
- const char *cur;
|
|
|
803fb7 |
+ const char *p;
|
|
|
803fb7 |
|
|
|
803fb7 |
assert(filename);
|
|
|
803fb7 |
assert(lvalue);
|
|
|
803fb7 |
@@ -1048,35 +1047,32 @@ int config_parse_bounding_set(const char *unit,
|
|
|
803fb7 |
* non-inverted everywhere to have a fully normalized
|
|
|
803fb7 |
* interface. */
|
|
|
803fb7 |
|
|
|
803fb7 |
- prev = cur = rvalue;
|
|
|
803fb7 |
+ p = rvalue;
|
|
|
803fb7 |
for (;;) {
|
|
|
803fb7 |
_cleanup_free_ char *word = NULL;
|
|
|
803fb7 |
- int cap;
|
|
|
803fb7 |
- int r;
|
|
|
803fb7 |
+ int cap, r;
|
|
|
803fb7 |
|
|
|
803fb7 |
- r = extract_first_word(&cur, &word, NULL, EXTRACT_QUOTES);
|
|
|
803fb7 |
+ r = extract_first_word(&p, &word, NULL, EXTRACT_QUOTES);
|
|
|
803fb7 |
if (r == 0)
|
|
|
803fb7 |
break;
|
|
|
803fb7 |
if (r == -ENOMEM)
|
|
|
803fb7 |
return log_oom();
|
|
|
803fb7 |
if (r < 0) {
|
|
|
803fb7 |
- log_syntax(unit, LOG_ERR, filename, line, r, "Trailing garbage in bounding set, ignoring: %s", prev);
|
|
|
803fb7 |
+ log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse word, ignoring: %s", rvalue);
|
|
|
803fb7 |
break;
|
|
|
803fb7 |
}
|
|
|
803fb7 |
|
|
|
803fb7 |
cap = capability_from_name(word);
|
|
|
803fb7 |
if (cap < 0) {
|
|
|
803fb7 |
log_syntax(unit, LOG_ERR, filename, line, 0, "Failed to parse capability in bounding set, ignoring: %s", word);
|
|
|
803fb7 |
- prev = cur;
|
|
|
803fb7 |
continue;
|
|
|
803fb7 |
}
|
|
|
803fb7 |
|
|
|
803fb7 |
- sum |= ((uint64_t) 1ULL) << (uint64_t) cap;
|
|
|
803fb7 |
- prev = cur;
|
|
|
803fb7 |
+ sum |= ((uint64_t) UINT64_C(1)) << (uint64_t) cap;
|
|
|
803fb7 |
}
|
|
|
803fb7 |
|
|
|
803fb7 |
capability_bounding_set = invert ? ~sum : sum;
|
|
|
803fb7 |
- if (*capability_bounding_set_drop && capability_bounding_set)
|
|
|
803fb7 |
+ if (*capability_bounding_set_drop != 0 && capability_bounding_set != 0)
|
|
|
803fb7 |
*capability_bounding_set_drop = ~(~*capability_bounding_set_drop | capability_bounding_set);
|
|
|
803fb7 |
else
|
|
|
803fb7 |
*capability_bounding_set_drop = ~capability_bounding_set;
|