diff options
author | Nick Mathewson <nickm@torproject.org> | 2015-02-23 12:16:08 -0500 |
---|---|---|
committer | Nick Mathewson <nickm@torproject.org> | 2015-02-23 12:16:08 -0500 |
commit | f1fa85ea7325269fdb9f2d82257104d51f58b6a6 (patch) | |
tree | 3e4c59934336e2a891317103d12d2cb5aaa3d90c | |
parent | 7a1a0a4cd7d8ccdc5c9a327762f736a4e8d0d6a9 (diff) | |
download | tor-f1fa85ea7325269fdb9f2d82257104d51f58b6a6.tar.gz tor-f1fa85ea7325269fdb9f2d82257104d51f58b6a6.zip |
Fix running with the seccomp2 sandbox
We had a regression in 0.2.6.3-alpha when we stopped saying
IPPROTO_TCP to socket(). Fixes bug 14989, bugfix on 0.2.6.3-alpha.
-rw-r--r-- | changes/bug14989 | 4 | ||||
-rw-r--r-- | src/or/connection.c | 9 |
2 files changed, 9 insertions, 4 deletions
diff --git a/changes/bug14989 b/changes/bug14989 new file mode 100644 index 0000000000..f4432d468b --- /dev/null +++ b/changes/bug14989 @@ -0,0 +1,4 @@ + o Major bugfixes (Linux seccomp2 sandbox): + - Pass IPPROTO_TCP rather than 0 to socket(), so that the + Linux seccomp2 sandbox doesn't fail. Fixes bug 14989; + bugfix on 0.2.6.3-alpha. diff --git a/src/or/connection.c b/src/or/connection.c index 79ae178a56..7db0238b3d 100644 --- a/src/or/connection.c +++ b/src/or/connection.c @@ -1612,7 +1612,6 @@ connection_connect_sockaddr(connection_t *conn, tor_socket_t s; int inprogress = 0; const or_options_t *options = get_options(); - int protocol_family; tor_assert(conn); tor_assert(sa); @@ -1624,8 +1623,6 @@ connection_connect_sockaddr(connection_t *conn, return -1; } - protocol_family = sa->sa_family; - if (get_options()->DisableNetwork) { /* We should never even try to connect anyplace if DisableNetwork is set. * Warn if we do, and refuse to make the connection. */ @@ -1637,7 +1634,11 @@ connection_connect_sockaddr(connection_t *conn, return -1; } - s = tor_open_socket_nonblocking(protocol_family, SOCK_STREAM, 0); + const int protocol_family = sa->sa_family; + const int proto = (sa->sa_family == AF_INET6 || + sa->sa_family == AF_INET) ? IPPROTO_TCP : 0; + + s = tor_open_socket_nonblocking(protocol_family, SOCK_STREAM, proto); if (! SOCKET_OK(s)) { *socket_error = tor_socket_errno(-1); log_warn(LD_NET,"Error creating network socket: %s", |