Merge remote-tracking branch 'weasel/bug19660' into maint-0.2.8

author: Nick Mathewson <nickm@torproject.org> 2016-07-17 13:54:40 -0400
committer: Nick Mathewson <nickm@torproject.org> 2016-07-17 13:54:40 -0400
commit: fbae15a856fccdecfb19ff80229b584026ae2def (patch)
tree: 87e18701ea2919589207cd70e39df4083981b5c6 /src/common
parent: bec4e41f4b48c288613a13021da9a29d5fb1ecac (diff)
parent: 36b06be73862d6f3206d0e2a6fe17af06f8b7c88 (diff)
download: tor-fbae15a856fccdecfb19ff80229b584026ae2def.tar.gz
tor-fbae15a856fccdecfb19ff80229b584026ae2def.zip
1 files changed, 15 insertions, 15 deletions
diff --git a/src/common/sandbox.c b/src/common/sandbox.c
index c0b994b3e8..56a1cff6d3 100644
--- a/src/common/sandbox.c
+++ b/src/common/sandbox.c
@@ -589,7 +589,7 @@ static int
 sb_socket(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
 {
   int rc = 0;
-  int i;
+  int i, j;
   (void) filter;
 
 #ifdef __i386__
@@ -606,20 +606,20 @@ sb_socket(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
 
   for (i = 0; i < 2; ++i) {
     const int pf = i ? PF_INET : PF_INET6;
-
-    rc = seccomp_rule_add_3(ctx, SCMP_ACT_ALLOW, SCMP_SYS(socket),
-      SCMP_CMP(0, SCMP_CMP_EQ, pf),
-      SCMP_CMP_MASKED(1, SOCK_CLOEXEC|SOCK_NONBLOCK, SOCK_STREAM),
-      SCMP_CMP(2, SCMP_CMP_EQ, IPPROTO_TCP));
-    if (rc)
-      return rc;
-
-    rc = seccomp_rule_add_3(ctx, SCMP_ACT_ALLOW, SCMP_SYS(socket),
-      SCMP_CMP(0, SCMP_CMP_EQ, pf),
-      SCMP_CMP_MASKED(1, SOCK_CLOEXEC|SOCK_NONBLOCK, SOCK_DGRAM),
-      SCMP_CMP(2, SCMP_CMP_EQ, IPPROTO_IP));
-    if (rc)
-      return rc;
+    for (j=0; j < 3; ++j) {
+      const int type     = (j == 0) ? SOCK_STREAM :
+                           (j == 1) ? SOCK_DGRAM :
+                                      SOCK_DGRAM;
+      const int protocol = (j == 0) ? IPPROTO_TCP :
+                           (j == 1) ? IPPROTO_IP :
+                                      IPPROTO_UDP;
+      rc = seccomp_rule_add_3(ctx, SCMP_ACT_ALLOW, SCMP_SYS(socket),
+        SCMP_CMP(0, SCMP_CMP_EQ, pf),
+        SCMP_CMP_MASKED(1, SOCK_CLOEXEC|SOCK_NONBLOCK, type),
+        SCMP_CMP(2, SCMP_CMP_EQ, protocol));
+      if (rc)
+        return rc;
+    }
   }
 
   rc = seccomp_rule_add_3(ctx, SCMP_ACT_ALLOW, SCMP_SYS(socket),
author	Nick Mathewson <nickm@torproject.org>	2016-07-17 13:54:40 -0400
committer	Nick Mathewson <nickm@torproject.org>	2016-07-17 13:54:40 -0400
commit	fbae15a856fccdecfb19ff80229b584026ae2def (patch)
tree	87e18701ea2919589207cd70e39df4083981b5c6 /src/common
parent	bec4e41f4b48c288613a13021da9a29d5fb1ecac (diff)
parent	36b06be73862d6f3206d0e2a6fe17af06f8b7c88 (diff)
download	tor-fbae15a856fccdecfb19ff80229b584026ae2def.tar.gz tor-fbae15a856fccdecfb19ff80229b584026ae2def.zip