|
|
0331fa |
diff --color -ru a/pam_cap/pam_cap.c b/pam_cap/pam_cap.c
|
|
|
0331fa |
--- a/pam_cap/pam_cap.c 2021-02-05 06:52:17.000000000 +0100
|
|
|
0331fa |
+++ b/pam_cap/pam_cap.c 2021-04-23 09:48:00.091122637 +0200
|
|
|
0331fa |
@@ -218,7 +218,7 @@
|
|
|
0331fa |
if (!cap_set_proc(cap_s)) {
|
|
|
0331fa |
ok = 1;
|
|
|
0331fa |
}
|
|
|
0331fa |
- goto cleanup_cap_s;
|
|
|
0331fa |
+ goto cleanup_conf;
|
|
|
0331fa |
}
|
|
|
0331fa |
|
|
|
0331fa |
iab = cap_iab_from_text(conf_caps);
|
|
|
0331fa |
@@ -238,10 +238,9 @@
|
|
|
0331fa |
_pam_drop(conf_caps);
|
|
|
0331fa |
|
|
|
0331fa |
cleanup_cap_s:
|
|
|
0331fa |
- if (cap_s) {
|
|
|
0331fa |
- cap_free(cap_s);
|
|
|
0331fa |
- cap_s = NULL;
|
|
|
0331fa |
- }
|
|
|
0331fa |
+ cap_free(cap_s);
|
|
|
0331fa |
+ cap_s = NULL;
|
|
|
0331fa |
+
|
|
|
0331fa |
return ok;
|
|
|
0331fa |
}
|
|
|
0331fa |
|
|
|
0331fa |
diff --color -ru a/progs/capsh.c b/progs/capsh.c
|
|
|
0331fa |
--- a/progs/capsh.c 2021-02-05 06:52:17.000000000 +0100
|
|
|
0331fa |
+++ b/progs/capsh.c 2021-04-23 09:48:00.095122691 +0200
|
|
|
0331fa |
@@ -336,8 +336,8 @@
|
|
|
0331fa |
*/
|
|
|
0331fa |
static char *find_self(const char *arg0)
|
|
|
0331fa |
{
|
|
|
0331fa |
- int i;
|
|
|
0331fa |
- char *parts, *dir, *scratch;
|
|
|
0331fa |
+ int i, status=1;
|
|
|
0331fa |
+ char *p = NULL, *parts, *dir, *scratch;
|
|
|
0331fa |
const char *path;
|
|
|
0331fa |
|
|
|
0331fa |
for (i = strlen(arg0)-1; i >= 0 && arg0[i] != '/'; i--);
|
|
|
0331fa |
@@ -352,21 +352,45 @@
|
|
|
0331fa |
}
|
|
|
0331fa |
|
|
|
0331fa |
parts = strdup(path);
|
|
|
0331fa |
+ if (parts == NULL) {
|
|
|
0331fa |
+ fprintf(stderr, "insufficient memory for parts of path\n");
|
|
|
0331fa |
+ exit(1);
|
|
|
0331fa |
+ }
|
|
|
0331fa |
+
|
|
|
0331fa |
scratch = malloc(2+strlen(path)+strlen(arg0));
|
|
|
0331fa |
- if (parts == NULL || scratch == NULL) {
|
|
|
0331fa |
+ if (scratch == NULL) {
|
|
|
0331fa |
fprintf(stderr, "insufficient memory for path building\n");
|
|
|
0331fa |
- exit(1);
|
|
|
0331fa |
+ goto free_parts;
|
|
|
0331fa |
}
|
|
|
0331fa |
|
|
|
0331fa |
- for (i=0; (dir = strtok(parts, ":")); parts = NULL) {
|
|
|
0331fa |
+ for (p = parts; (dir = strtok(p, ":")); p = NULL) {
|
|
|
0331fa |
sprintf(scratch, "%s/%s", dir, arg0);
|
|
|
0331fa |
if (access(scratch, X_OK) == 0) {
|
|
|
0331fa |
- return scratch;
|
|
|
0331fa |
+ status = 0;
|
|
|
0331fa |
+ break;
|
|
|
0331fa |
}
|
|
|
0331fa |
}
|
|
|
0331fa |
+ if (status) {
|
|
|
0331fa |
+ fprintf(stderr, "unable to find executable '%s' in PATH\n", arg0);
|
|
|
0331fa |
+ free(scratch);
|
|
|
0331fa |
+ }
|
|
|
0331fa |
+
|
|
|
0331fa |
+free_parts:
|
|
|
0331fa |
+ free(parts);
|
|
|
0331fa |
+ if (status) {
|
|
|
0331fa |
+ exit(status);
|
|
|
0331fa |
+ }
|
|
|
0331fa |
+ return scratch;
|
|
|
0331fa |
+}
|
|
|
0331fa |
|
|
|
0331fa |
- fprintf(stderr, "unable to find executable '%s' in PATH\n", arg0);
|
|
|
0331fa |
- exit(1);
|
|
|
0331fa |
+static long safe_sysconf(int name)
|
|
|
0331fa |
+{
|
|
|
0331fa |
+ long ans = sysconf(name);
|
|
|
0331fa |
+ if (ans <= 0) {
|
|
|
0331fa |
+ fprintf(stderr, "sysconf(%d) returned a non-positive number: %ld\n", name, ans);
|
|
|
0331fa |
+ exit(1);
|
|
|
0331fa |
+ }
|
|
|
0331fa |
+ return ans;
|
|
|
0331fa |
}
|
|
|
0331fa |
|
|
|
0331fa |
int main(int argc, char *argv[], char *envp[])
|
|
|
0331fa |
@@ -617,7 +641,9 @@
|
|
|
0331fa |
* Given we are now in a new directory tree, its good practice
|
|
|
0331fa |
* to start off in a sane location
|
|
|
0331fa |
*/
|
|
|
0331fa |
- status = chdir("/");
|
|
|
0331fa |
+ if (status == 0) {
|
|
|
0331fa |
+ status = chdir("/");
|
|
|
0331fa |
+ }
|
|
|
0331fa |
|
|
|
0331fa |
cap_free(orig);
|
|
|
0331fa |
|
|
|
0331fa |
@@ -718,14 +744,14 @@
|
|
|
0331fa |
gid_t *group_list;
|
|
|
0331fa |
int g_count;
|
|
|
0331fa |
|
|
|
0331fa |
- length = sysconf(_SC_GETGR_R_SIZE_MAX);
|
|
|
0331fa |
+ length = safe_sysconf(_SC_GETGR_R_SIZE_MAX);
|
|
|
0331fa |
buf = calloc(1, length);
|
|
|
0331fa |
if (NULL == buf) {
|
|
|
0331fa |
fprintf(stderr, "No memory for [%s] operation\n", argv[i]);
|
|
|
0331fa |
exit(1);
|
|
|
0331fa |
}
|
|
|
0331fa |
|
|
|
0331fa |
- max_groups = sysconf(_SC_NGROUPS_MAX);
|
|
|
0331fa |
+ max_groups = safe_sysconf(_SC_NGROUPS_MAX);
|
|
|
0331fa |
group_list = calloc(max_groups, sizeof(gid_t));
|
|
|
0331fa |
if (NULL == group_list) {
|
|
|
0331fa |
fprintf(stderr, "No memory for gid list\n");
|
|
|
0331fa |
@@ -741,8 +767,7 @@
|
|
|
0331fa |
}
|
|
|
0331fa |
if (!isdigit(*ptr)) {
|
|
|
0331fa |
struct group *g, grp;
|
|
|
0331fa |
- getgrnam_r(ptr, &grp, buf, length, &g);
|
|
|
0331fa |
- if (NULL == g) {
|
|
|
0331fa |
+ if (getgrnam_r(ptr, &grp, buf, length, &g) || NULL == g) {
|
|
|
0331fa |
fprintf(stderr, "Failed to identify gid for group [%s]\n", ptr);
|
|
|
0331fa |
exit(1);
|
|
|
0331fa |
}
|
|
|
0331fa |
@@ -835,6 +860,7 @@
|
|
|
0331fa |
argv[argc] = NULL;
|
|
|
0331fa |
execve(argv[i], argv+i, envp);
|
|
|
0331fa |
fprintf(stderr, "execve '%s' failed!\n", argv[i]);
|
|
|
0331fa |
+ free(argv[i]);
|
|
|
0331fa |
exit(1);
|
|
|
0331fa |
} else if (!strncmp("--shell=", argv[i], 8)) {
|
|
|
0331fa |
shell = argv[i]+8;
|
|
|
0331fa |
diff --color -ru a/psx/psx.c b/psx/psx.c
|
|
|
0331fa |
--- a/psx/psx.c 2021-02-05 06:52:17.000000000 +0100
|
|
|
0331fa |
+++ b/psx/psx.c 2021-04-23 09:48:00.095122691 +0200
|
|
|
0331fa |
@@ -454,6 +454,10 @@
|
|
|
0331fa |
int __wrap_pthread_create(pthread_t *thread, const pthread_attr_t *attr,
|
|
|
0331fa |
void *(*start_routine) (void *), void *arg) {
|
|
|
0331fa |
psx_starter_t *starter = calloc(1, sizeof(psx_starter_t));
|
|
|
0331fa |
+ if (starter == NULL) {
|
|
|
0331fa |
+ perror("failed at thread creation");
|
|
|
0331fa |
+ exit(1);
|
|
|
0331fa |
+ }
|
|
|
0331fa |
starter->fn = start_routine;
|
|
|
0331fa |
starter->arg = arg;
|
|
|
0331fa |
/*
|