capability: fix loops for cap_last_cap()

cap_last_cap() returns the last valid cap (instead of the number of
valid caps). to iterate through all known caps we hence need to use a <=
check, and not a < check like for all other cases. We got this right
usually, but in three cases we did not.

diff --git a/src/basic/cap-list.c b/src/basic/cap-list.c
index 29a17d9..2c0b741 100644 (file)
--- a/src/basic/cap-list.c
+++ b/src/basic/cap-list.c
@@ -62,7 +62,7 @@ int capability_set_to_string_alloc(uint64_t set, char **s) {
 
         assert(s);
 
-        for (i = 0; i < cap_last_cap(); i++)
+        for (i = 0; i <= cap_last_cap(); i++)
                 if (set & (UINT64_C(1) << i)) {
                         const char *p;
                         size_t add;

diff --git a/src/basic/capability-util.c b/src/basic/capability-util.c
index 2a9c3b8..e3ed14f 100644 (file)
--- a/src/basic/capability-util.c
+++ b/src/basic/capability-util.c
@@ -90,7 +90,7 @@ int capability_update_inherited_set(cap_t caps, uint64_t set) {
         /* Add capabilities in the set to the inherited caps. Do not apply
          * them yet. */
 
-        for (i = 0; i < cap_last_cap(); i++) {
+        for (i = 0; i <= cap_last_cap(); i++) {
 
                 if (set & (UINT64_C(1) << i)) {
                         cap_value_t v;
@@ -126,7 +126,7 @@ int capability_ambient_set_apply(uint64_t set, bool also_inherit) {
                         return -errno;
         }
 
-        for (i = 0; i < cap_last_cap(); i++) {
+        for (i = 0; i <= cap_last_cap(); i++) {
 
                 if (set & (UINT64_C(1) << i)) {