capabilities: Proper error handling when reading groups
authorTobias Brunner <tobias@strongswan.org>
Wed, 24 Jul 2013 06:43:10 +0000 (08:43 +0200)
committerTobias Brunner <tobias@strongswan.org>
Wed, 24 Jul 2013 08:54:26 +0000 (10:54 +0200)
src/libstrongswan/utils/capabilities.c

index 31a7291..c5e90b6 100644 (file)
@@ -90,12 +90,19 @@ static bool has_group(gid_t group)
                return TRUE;
        }
        ngroups = sysconf(_SC_NGROUPS_MAX);
                return TRUE;
        }
        ngroups = sysconf(_SC_NGROUPS_MAX);
-       groups = calloc(ngroups, sizeof(gid_t));
+       if (ngroups == -1)
+       {
+               DBG1(DBG_LIB, "getting groups for current process failed: %s",
+                        strerror(errno));
+               return FALSE;
+       }
+       groups = calloc(ngroups + 1, sizeof(gid_t));
        ngroups = getgroups(ngroups, groups);
        if (ngroups == -1)
        {
                DBG1(DBG_LIB, "getting groups for current process failed: %s",
                         strerror(errno));
        ngroups = getgroups(ngroups, groups);
        if (ngroups == -1)
        {
                DBG1(DBG_LIB, "getting groups for current process failed: %s",
                         strerror(errno));
+               free(groups);
                return FALSE;
        }
        for (i = 0; i < ngroups; i++)
                return FALSE;
        }
        for (i = 0; i < ngroups; i++)