capability: introduce CAP_TO_MASK_CORRECTED() macro replacing CAP_TO_MASK()
linux/capability.h's CAP_TO_MASK potentially shifts a signed int "1" (i.e. 32bit wide) left by 31 which means it becomes negative. That's just weird, and ubsan complains about it. Let's introduce our own macro CAP_TO_MASK_CORRECTED which doesn't fall into this trap, and make use of it. Fixes: #10347
This commit is contained in:
parent
ca92fe36e0
commit
5f00c5684f
|
@ -39,3 +39,7 @@ static inline bool cap_test_all(uint64_t caps) {
|
|||
}
|
||||
|
||||
bool ambient_capabilities_supported(void);
|
||||
|
||||
/* Identical to linux/capability.h's CAP_TO_MASK(), but uses an unsigned 1U instead of a signed 1 for shifting left, in
|
||||
* order to avoid complaints about shifting a signed int left by 31 bits, which would make it negative. */
|
||||
#define CAP_TO_MASK_CORRECTED(x) (1U << ((x) & 31U))
|
||||
|
|
|
@ -661,7 +661,7 @@ static int has_cap(sd_bus_creds *c, unsigned offset, int capability) {
|
|||
|
||||
sz = DIV_ROUND_UP(cap_last_cap(), 32U);
|
||||
|
||||
return !!(c->capability[offset * sz + CAP_TO_INDEX(capability)] & CAP_TO_MASK(capability));
|
||||
return !!(c->capability[offset * sz + CAP_TO_INDEX((uint32_t) capability)] & CAP_TO_MASK_CORRECTED((uint32_t) capability));
|
||||
}
|
||||
|
||||
_public_ int sd_bus_creds_has_effective_cap(sd_bus_creds *c, int capability) {
|
||||
|
|
Loading…
Reference in New Issue