daxi20/smartdns
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

smartdns: fix setcap crash issue.

Browse Source
This commit is contained in:
Nick Peng
2022-11-15 22:39:36 +08:00
parent 85d011eae8
commit 42a4fdebfd
1 changed files with 9 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
src/smartdns.c
View File

@@ -99,7 +99,7 @@ out:
static int drop_root_privilege(void) static int drop_root_privilege(void)
{ {
struct __user_cap_data_struct cap; struct __user_cap_data_struct cap[2];
struct __user_cap_header_struct header; struct __user_cap_header_struct header;
#ifdef _LINUX_CAPABILITY_VERSION_3 #ifdef _LINUX_CAPABILITY_VERSION_3
header.version = _LINUX_CAPABILITY_VERSION_3; header.version = _LINUX_CAPABILITY_VERSION_3;
@@ -115,16 +115,20 @@ static int drop_root_privilege(void)
return -1; return -1;
} }
if (capget(&header, &cap) < 0) { memset(cap, 0, sizeof(cap));
if (capget(&header, cap) < 0) {
return -1; return -1;
} }
prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0); prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0);
cap.effective |= (1 << CAP_NET_RAW | 1 << CAP_NET_ADMIN); for (int i = 0; i < 2; i++) {
cap.permitted |= (1 << CAP_NET_RAW | 1 << CAP_NET_ADMIN); cap[i].effective = (1 << CAP_NET_RAW | 1 << CAP_NET_ADMIN | 1 << CAP_NET_BIND_SERVICE);
cap[i].permitted = (1 << CAP_NET_RAW | 1 << CAP_NET_ADMIN | 1 << CAP_NET_BIND_SERVICE);
}
unused = setgid(gid); unused = setgid(gid);
unused = setuid(uid); unused = setuid(uid);
if (capset(&header, &cap) < 0) { if (capset(&header, cap) < 0) {
return -1; return -1;
} }