static void do_caps(capng_type_t type, const char *caps)
{
char *my_caps = xstrdup(caps);
char *c;
while ((c = strsep(&my_caps, ","))) {
capng_act_t action;
if (*c == '+')
action = CAPNG_ADD;
else if (*c == '-')
action = CAPNG_DROP;
else
errx(EXIT_FAILURE, _("bad capability string"));
if (!strcmp(c + 1, "all")) {
int i;
/* It would be really bad if -all didn't drop all
* caps. It's better to just fail. */
if (real_cap_last_cap() > CAP_LAST_CAP)
errx(SETPRIV_EXIT_PRIVERR,
_("libcap-ng is too old for \"all\" caps"));
for (i = 0; i <= CAP_LAST_CAP; i++)
capng_update(action, type, i);
} else {
int cap = capng_name_to_capability(c + 1);
if (0 <= cap)
capng_update(action, type, cap);
else
errx(EXIT_FAILURE,
_("unknown capability \"%s\""), c + 1);
}
}
free(my_caps);
}
int secure_capng_name_to_capability(const char *name) {
if (name == nullptr) {
std::ostringstream oss; oss<<"Error: " << "invalid input" << " in " << __func__ << " (name was null).";
throw capmodpp_error(oss.str());
}
auto len = size_t { std::strlen(name) };
if ( (len<=0) || (len > max_expected_cap_name_length)) {
std::ostringstream oss; oss<<"Error: " << "invalid input" << " in " << __func__
<< "(name had invalid length len="<<len<<").";
throw capmodpp_error(oss.str());
}
auto ret = int { capng_name_to_capability(name) };
bool fail = (ret==-1);
bool badval = ! ( (ret>=0) && safe_less_eq_than(ret , get_last_cap_nr()) );
if (fail||badval) {
std::ostringstream oss; oss<<"Error: " << (fail ? "FAILED":"") << " " << (badval ? "BAD-VALUE":"")
<< " (ret="<<ret<<") in " << __func__
<< " for name="<<name<<"."; // WARNING: output only values that are valid enough
throw capmodpp_error(oss.str());
}
return ret;
}
