diff options
| author | Cristian Toader <cristian.matei.toader@gmail.com> | 2013-08-10 18:04:48 +0300 |
|---|---|---|
| committer | Cristian Toader <cristian.matei.toader@gmail.com> | 2013-08-10 18:04:48 +0300 |
| commit | 44a4464cf6d4dac88c46b8ffdb6ad002d03ade62 (patch) | |
| tree | c61028a22f9c2d4a35e54824948f7ce70a67420c /src/common | |
| parent | 89b39db003922f5b05f9e4e2fc7658b225a2f70a (diff) | |
| download | tor-44a4464cf6d4dac88c46b8ffdb6ad002d03ade62.tar.gz tor-44a4464cf6d4dac88c46b8ffdb6ad002d03ade62.zip | |
fixed memory leak, added array filter support
Diffstat (limited to 'src/common')
| -rw-r--r-- | src/common/sandbox.c | 81 | ||||
| -rw-r--r-- | src/common/sandbox.h | 13 |
2 files changed, 90 insertions, 4 deletions
diff --git a/src/common/sandbox.c b/src/common/sandbox.c index 2ba1432cf7..f2ead21e0f 100644 --- a/src/common/sandbox.c +++ b/src/common/sandbox.c @@ -37,6 +37,7 @@ #include <linux/futex.h> #include <bits/signum.h> +#include <stdarg.h> #include <seccomp.h> #include <signal.h> #include <unistd.h> @@ -616,7 +617,7 @@ prot_strdup(char* str) } int -sandbox_cfg_allow_open_filename(sandbox_cfg_t **cfg, char *file) +sandbox_cfg_allow_open_filename(sandbox_cfg_t **cfg, char *file, char fr) { sandbox_cfg_t *elem = NULL; @@ -630,11 +631,37 @@ sandbox_cfg_allow_open_filename(sandbox_cfg_t **cfg, char *file) elem->next = *cfg; *cfg = elem; + if (fr) tor_free_(file); + + return 0; +} + +int +sandbox_cfg_allow_open_filename_array(sandbox_cfg_t **cfg, int num, ...) +{ + int rc = 0, i; + + va_list ap; + va_start(ap, num); + + for (i = 0; i < num; i++) { + char *fn = va_arg(ap, char*); + char fr = (char) va_arg(ap, int); + + rc = sandbox_cfg_allow_open_filename(cfg, fn, fr); + if(rc) { + log_err(LD_BUG,"(Sandbox) failed on par %d", i); + goto end; + } + } + + end: + va_end(ap); return 0; } int -sandbox_cfg_allow_openat_filename(sandbox_cfg_t **cfg, char *file) +sandbox_cfg_allow_openat_filename(sandbox_cfg_t **cfg, char *file, char fr) { sandbox_cfg_t *elem = NULL; @@ -648,6 +675,32 @@ sandbox_cfg_allow_openat_filename(sandbox_cfg_t **cfg, char *file) elem->next = *cfg; *cfg = elem; + if (fr) tor_free_(file); + + return 0; +} + +int +sandbox_cfg_allow_openat_filename_array(sandbox_cfg_t **cfg, int num, ...) +{ + int rc = 0, i; + + va_list ap; + va_start(ap, num); + + for (i = 0; i < num; i++) { + char *fn = va_arg(ap, char*); + char fr = (char) va_arg(ap, int); + + rc = sandbox_cfg_allow_openat_filename(cfg, fn, fr); + if(rc) { + log_err(LD_BUG,"(Sandbox) failed on par %d", i); + goto end; + } + } + + end: + va_end(ap); return 0; } @@ -669,6 +722,30 @@ sandbox_cfg_allow_execve(sandbox_cfg_t **cfg, char *com) return 0; } +int +sandbox_cfg_allow_execve_array(sandbox_cfg_t **cfg, int num, ...) +{ + int rc = 0, i; + + va_list ap; + va_start(ap, num); + + for (i = 0; i < num; i++) { + char *fn = va_arg(ap, char*); + + rc = sandbox_cfg_allow_execve(cfg, fn); + + if(rc) { + log_err(LD_BUG,"(Sandbox) failed on par %d", i); + goto end; + } + } + + end: + va_end(ap); + return 0; +} + static int add_param_filter(scmp_filter_ctx ctx, sandbox_cfg_t* cfg) { diff --git a/src/common/sandbox.h b/src/common/sandbox.h index 2b265443f8..33668d964f 100644 --- a/src/common/sandbox.h +++ b/src/common/sandbox.h @@ -98,9 +98,18 @@ int tor_global_sandbox(void); const char* sandbox_intern_string(const char *param); sandbox_cfg_t * sandbox_cfg_new(); -int sandbox_cfg_allow_open_filename(sandbox_cfg_t **cfg, char *file); -int sandbox_cfg_allow_openat_filename(sandbox_cfg_t **cfg, char *file); + +int sandbox_cfg_allow_open_filename(sandbox_cfg_t **cfg, char *file, + char fr); +int sandbox_cfg_allow_open_filename_array(sandbox_cfg_t **cfg, int num, ...); + +int sandbox_cfg_allow_openat_filename(sandbox_cfg_t **cfg, char *file, + char fr); +int sandbox_cfg_allow_openat_filename_array(sandbox_cfg_t **cfg, int num, ...); + int sandbox_cfg_allow_execve(sandbox_cfg_t **cfg, char *com); +int sandbox_cfg_allow_execve_array(sandbox_cfg_t **cfg, int num, ...); + int sandbox_init(sandbox_cfg_t* cfg); #endif /* SANDBOX_H_ */ |