diff options
author | Nick Mathewson <nickm@torproject.org> | 2014-04-16 12:59:33 -0400 |
---|---|---|
committer | Nick Mathewson <nickm@torproject.org> | 2014-04-16 22:03:09 -0400 |
commit | 8dc6755f6d65d7ff847bd5e8cf681e6de7fabbc5 (patch) | |
tree | eed5e8d60a86ff4f7c679c44ddd1286afe7fd300 /src/common/compat.c | |
parent | 12028c29e6ee8d0d9c02b32f1a52a35138e148e3 (diff) | |
download | tor-8dc6755f6d65d7ff847bd5e8cf681e6de7fabbc5.tar.gz tor-8dc6755f6d65d7ff847bd5e8cf681e6de7fabbc5.zip |
Introduce arg-counting macros to wrap seccomp_rule_add()
The compiler doesn't warn about this code:
rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(openat), 1,
SCMP_CMP(0, SCMP_CMP_EQ, AT_FDCWD),
SCMP_CMP(1, SCMP_CMP_EQ, param->value),
SCMP_CMP(2, SCMP_CMP_EQ, O_RDONLY|...));
but note that the arg_cnt argument above is only 1. This means that
only the first filter (argument 0 == AT_FDCWD) is actually checked!
This patch also fixes the above error in the openat() filter.
Earlier I fixed corresponding errors in filters for rename() and
mprotect().
Diffstat (limited to 'src/common/compat.c')
0 files changed, 0 insertions, 0 deletions