From c96b3f5b5db60e27d16606121f60e3299dfad3a4 Mon Sep 17 00:00:00 2001 From: Michal Privoznik Date: Mon, 11 Sep 2023 10:34:43 +0200 Subject: [PATCH] virutil: Check retval of capng_apply() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Inside of virSetUIDGIDWithCaps() there's a naked call to capng_apply(), i.e. without any retval check. This is potentially dangerous as capng_apply() may fail. Do the check and report an error. This also fixes the build on bleeding edge distros - like Fedora rawhide - where the function is declared with 'warn unused result' [1]. 1: https://github.com/stevegrubb/libcap-ng/commit/a0743c335c9a16a2fda9b25120a5523742119e47 Signed-off-by: Michal Privoznik Reviewed-by: Ján Tomko Reviewed-by: Martin Kletzander --- src/util/virutil.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/src/util/virutil.c b/src/util/virutil.c index b5b65fb415..c90d0be836 100644 --- a/src/util/virutil.c +++ b/src/util/virutil.c @@ -1200,8 +1200,12 @@ virSetUIDGIDWithCaps(uid_t uid, gid_t gid, gid_t *groups, int ngroups, * do this if we failed to get the capability above, so ignore the * return value. */ - if (!need_setpcap) - capng_apply(CAPNG_SELECT_BOUNDS); + if (!need_setpcap && + (capng_ret = capng_apply(CAPNG_SELECT_BOUNDS)) < 0) { + virReportError(VIR_ERR_INTERNAL_ERROR, + _("cannot apply process capabilities: %1$d"), capng_ret); + return -1; + } /* Drop the caps that allow setuid/gid (unless they were requested) */ if (need_setgid)