summaryrefslogtreecommitdiff
path: root/src/common
diff options
context:
space:
mode:
authorNick Mathewson <nickm@torproject.org>2014-04-16 12:50:24 -0400
committerNick Mathewson <nickm@torproject.org>2014-04-16 22:03:09 -0400
commit12028c29e6ee8d0d9c02b32f1a52a35138e148e3 (patch)
treeb663ff2de8a4ed26af0c3fc18c70600ca54b1f6a /src/common
parent739a52592bdb771d7ba4e40b6c9df84ea539f7fd (diff)
downloadtor-12028c29e6ee8d0d9c02b32f1a52a35138e148e3.tar.gz
tor-12028c29e6ee8d0d9c02b32f1a52a35138e148e3.zip
Fix sandbox protection for rename
(We were only checking the first parameter of each rename call.)
Diffstat (limited to 'src/common')
-rw-r--r--src/common/sandbox.c16
1 files changed, 2 insertions, 14 deletions
diff --git a/src/common/sandbox.c b/src/common/sandbox.c
index 73966de6e2..d50e07494d 100644
--- a/src/common/sandbox.c
+++ b/src/common/sandbox.c
@@ -377,13 +377,10 @@ sb_rename(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
if (param != NULL && param->prot == 1 &&
param->syscall == SCMP_SYS(rename)) {
- intptr_t value2 = (intptr_t)(void*)sandbox_intern_string(
- (char*)param->value2);
-
rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW,
- SCMP_SYS(rename), 1,
+ SCMP_SYS(rename), 2,
SCMP_CMP(0, SCMP_CMP_EQ, param->value),
- SCMP_CMP(1, SCMP_CMP_EQ, value2));
+ SCMP_CMP(1, SCMP_CMP_EQ, param->value2));
if (rc != 0) {
log_err(LD_BUG,"(Sandbox) failed to add rename syscall, received "
"libseccomp error %d", rc);
@@ -1152,15 +1149,6 @@ sandbox_cfg_allow_rename(sandbox_cfg_t **cfg, char *file1, char *file2)
elem->next = *cfg;
*cfg = elem;
- /* For interning */
- elem = new_element(-1, (intptr_t)(void*)tor_strdup(file2));
- if (!elem) {
- log_err(LD_BUG,"(Sandbox) failed to register parameter!");
- return -1;
- }
- elem->next = *cfg;
- *cfg = elem;
-
return 0;
}