sandbox: revamp sandbox_getaddrinfo cacheing

The old cache had problems:
     * It needed to be manually preloaded. (It didn't remember any
       address you didn't tell it to remember)
     * It was AF_INET only.
     * It looked at its cache even if the sandbox wasn't turned on.
     * It couldn't remember errors.
     * It had some memory management problems. (You can't use memcpy
       to copy an addrinfo safely; it has pointers in.)

This patch fixes those issues, and moves to a hash table.

Fixes bug 11970; bugfix on 0.2.5.1-alpha.

1 files changed, 5 insertions, 15 deletions

diff --git a/src/common/sandbox.h b/src/common/sandbox.h
index b57215285e..77635700ef 100644
--- a/src/common/sandbox.h
+++ b/src/common/sandbox.h
@@ -91,21 +91,6 @@ struct sandbox_cfg_elem {
   struct sandbox_cfg_elem *next;
 };
 
-/**
- * Structure used for keeping a linked list of getaddrinfo pre-recorded
- * results.
- */
-struct sb_addr_info_el {
-  /** Name of the address info result. */
-  char *name;
-  /** Pre-recorded getaddrinfo result. */
-  struct addrinfo *info;
-  /** Next element in the list. */
-  struct sb_addr_info_el *next;
-};
-/** Typedef to structure used to manage an addrinfo list. */
-typedef struct sb_addr_info_el sb_addr_info_t;
-
 /** Function pointer defining the prototype of a filter function.*/
 typedef int (*sandbox_filter_func_t)(scmp_filter_ctx ctx,
     sandbox_cfg_t *filter);
@@ -146,11 +131,16 @@ struct addrinfo;
 int sandbox_getaddrinfo(const char *name, const char *servname,
                         const struct addrinfo *hints,
                         struct addrinfo **res);
+#define sandbox_freeaddrinfo(addrinfo) ((void)0)
+void sandbox_free_getaddrinfo_cache(void);
 #else
 #define sandbox_getaddrinfo(name, servname, hints, res)  \
   getaddrinfo((name),(servname), (hints),(res))
 #define sandbox_add_addrinfo(name) \
   ((void)(name))
+#define sandbox_freeaddrinfo(addrinfo) \
+  freeaddrinfo((addrinfo))
+#define sandbox_free_getaddrinfo_cache()
 #endif
 
 #ifdef USE_LIBSECCOMP