diff options
-rw-r--r-- | src/core/load-fragment.c | 28 | ||||
-rw-r--r-- | src/test/test-unit-file.c | 7 |
2 files changed, 25 insertions, 10 deletions
diff --git a/src/core/load-fragment.c b/src/core/load-fragment.c index 333fca46c4..a30cd0967d 100644 --- a/src/core/load-fragment.c +++ b/src/core/load-fragment.c @@ -983,10 +983,10 @@ int config_parse_bounding_set(const char *unit, uint64_t *capability_bounding_set_drop = data; uint64_t capability_bounding_set; - const char *word, *state; - size_t l; bool invert = false; uint64_t sum = 0; + const char *prev; + const char *cur; assert(filename); assert(lvalue); @@ -1003,24 +1003,32 @@ int config_parse_bounding_set(const char *unit, * non-inverted everywhere to have a fully normalized * interface. */ - FOREACH_WORD_QUOTED(word, l, rvalue, state) { - _cleanup_free_ char *t = NULL; + prev = cur = rvalue; + for (;;) { + _cleanup_free_ char *word = NULL; int cap; + int r; - t = strndup(word, l); - if (!t) + r = extract_first_word(&cur, &word, NULL, EXTRACT_QUOTES); + if (r == 0) + break; + if (r == -ENOMEM) return log_oom(); + if (r < 0) { + log_syntax(unit, LOG_ERR, filename, line, r, "Trailing garbage in bounding set, ignoring: %s", prev); + break; + } - cap = capability_from_name(t); + cap = capability_from_name(word); if (cap < 0) { - log_syntax(unit, LOG_ERR, filename, line, 0, "Failed to parse capability in bounding set, ignoring: %s", t); + log_syntax(unit, LOG_ERR, filename, line, 0, "Failed to parse capability in bounding set, ignoring: %s", word); + prev = cur; continue; } sum |= ((uint64_t) 1ULL) << (uint64_t) cap; + prev = cur; } - if (!isempty(state)) - log_syntax(unit, LOG_ERR, filename, line, 0, "Trailing garbage, ignoring."); capability_bounding_set = invert ? ~sum : sum; if (*capability_bounding_set_drop && capability_bounding_set) diff --git a/src/test/test-unit-file.c b/src/test/test-unit-file.c index a2ca391e1a..f9107e0d0d 100644 --- a/src/test/test-unit-file.c +++ b/src/test/test-unit-file.c @@ -672,6 +672,13 @@ static void test_config_parse_bounding_set(void) { &capability_bounding_set_drop, NULL); assert_se(r >= 0); assert_se(capability_bounding_set_drop == (uint64_t) 0ULL); + + capability_bounding_set_drop = 0; + r = config_parse_bounding_set(NULL, "fake", 1, "section", 1, + "CapabilityBoundingSet", 0, " 'CAP_NET_RAW' WAT_CAP??? CAP_NET_ADMIN CAP'_trailing_garbage", + &capability_bounding_set_drop, NULL); + assert_se(r >= 0); + assert_se(capability_bounding_set_drop == ~(make_cap(CAP_NET_RAW) | make_cap(CAP_NET_ADMIN))); } int main(int argc, char *argv[]) { |