static void do_caps(capng_type_t type, const char *caps) { char *my_caps = xstrdup(caps); char *c; while ((c = strsep(&my_caps, ","))) { capng_act_t action; if (*c == '+') action = CAPNG_ADD; else if (*c == '-') action = CAPNG_DROP; else errx(EXIT_FAILURE, _("bad capability string")); if (!strcmp(c + 1, "all")) { int i; /* It would be really bad if -all didn't drop all * caps. It's better to just fail. */ if (real_cap_last_cap() > CAP_LAST_CAP) errx(SETPRIV_EXIT_PRIVERR, _("libcap-ng is too old for \"all\" caps")); for (i = 0; i <= CAP_LAST_CAP; i++) capng_update(action, type, i); } else { int cap = capng_name_to_capability(c + 1); if (0 <= cap) capng_update(action, type, cap); else errx(EXIT_FAILURE, _("unknown capability \"%s\""), c + 1); } } free(my_caps); }
int secure_capng_name_to_capability(const char *name) { if (name == nullptr) { std::ostringstream oss; oss<<"Error: " << "invalid input" << " in " << __func__ << " (name was null)."; throw capmodpp_error(oss.str()); } auto len = size_t { std::strlen(name) }; if ( (len<=0) || (len > max_expected_cap_name_length)) { std::ostringstream oss; oss<<"Error: " << "invalid input" << " in " << __func__ << "(name had invalid length len="<<len<<")."; throw capmodpp_error(oss.str()); } auto ret = int { capng_name_to_capability(name) }; bool fail = (ret==-1); bool badval = ! ( (ret>=0) && safe_less_eq_than(ret , get_last_cap_nr()) ); if (fail||badval) { std::ostringstream oss; oss<<"Error: " << (fail ? "FAILED":"") << " " << (badval ? "BAD-VALUE":"") << " (ret="<<ret<<") in " << __func__ << " for name="<<name<<"."; // WARNING: output only values that are valid enough throw capmodpp_error(oss.str()); } return ret; }