basic/cap-list: report empty capability set as ""

keszybz · keszybz · commit 6088cefb2171 · 2017-09-25T11:11:20.000+02:00
$ systemctl show systemd-journald -p CapabilityBoundingSet,AmbientCapabilities CapabilityBoundingSet=cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_setgid ... AmbientCapabilities=(null) ↓ $ systemctl show systemd-journald -p CapabilityBoundingSet,AmbientCapabilities CapabilityBoundingSet=cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_setgid ... AmbientCapabilities= Partially fixes systemd#6511. Add some basic tests for the printing function.
diff --git a/src/basic/cap-list.c b/src/basic/cap-list.c
@@ -86,15 +86,17 @@ int capability_set_to_string_alloc(uint64_t set, char **s) {
 
                         add = strlen(p);
 
-                        if (!GREEDY_REALLOC0(str, allocated, n + add + 2))
+                        if (!GREEDY_REALLOC(str, allocated, n + add + 2))
                                 return -ENOMEM;
 
                         strcpy(mempcpy(str + n, p, add), " ");
                         n += add + 1;
                 }
 
-        if (n != 0)
-                str[n - 1] = '\0';
+        if (!GREEDY_REALLOC(str, allocated, n + 1))
+                return -ENOMEM;
+
+        str[n > 0 ? n - 1 : 0] = '\0'; /* truncate the last space, if it's there */
 
         *s = str;
         str = NULL;
diff --git a/src/test/test-cap-list.c b/src/test/test-cap-list.c
@@ -24,6 +24,7 @@
 #include "capability-util.h"
 #include "fileio.h"
 #include "parse-util.h"
+#include "string-util.h"
 #include "util.h"
 
 /* verify the capability parser */
@@ -102,10 +103,24 @@ static void test_last_cap_probe(void) {
         assert_se(p == cap_last_cap());
 }
 
+static void test_capability_set_to_string_alloc(void) {
+        _cleanup_free_ char *t1 = NULL, *t2 = NULL, *t3 = NULL;
+
+        assert_se(capability_set_to_string_alloc(0u, &t1) == 0);
+        assert_se(streq(t1, ""));
+
+        assert_se(capability_set_to_string_alloc(1u<<CAP_DAC_OVERRIDE, &t2) == 0);
+        assert_se(streq(t2, "cap_dac_override"));
+
+        assert_se(capability_set_to_string_alloc(UINT64_C(1)<<CAP_CHOWN | UINT64_C(1)<<CAP_DAC_OVERRIDE | UINT64_C(1)<<CAP_DAC_READ_SEARCH | UINT64_C(1)<<CAP_FOWNER | UINT64_C(1)<<CAP_SETGID | UINT64_C(1)<<CAP_SETUID | UINT64_C(1)<<CAP_SYS_PTRACE | UINT64_C(1)<<CAP_SYS_ADMIN | UINT64_C(1)<<CAP_AUDIT_CONTROL | UINT64_C(1)<<CAP_MAC_OVERRIDE | UINT64_C(1)<<CAP_SYSLOG, &t3) == 0);
+        assert_se(streq(t3, "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_setgid cap_setuid cap_sys_ptrace cap_sys_admin cap_audit_control cap_mac_override cap_syslog"));
+}
+
 int main(int argc, char *argv[]) {
         test_cap_list();
         test_last_cap_file();
         test_last_cap_probe();
+        test_capability_set_to_string_alloc();
 
         return 0;
 }
