summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorCristian Toader <cristian.matei.toader@gmail.com>2013-09-03 16:37:12 +0300
committerCristian Toader <cristian.matei.toader@gmail.com>2013-09-03 16:37:12 +0300
commit55d8b8e578e17d8654f33f62fdc4a4419a6b92a7 (patch)
tree6c8b051089007275ded90a412d5b12168b28463b /src
parentb4b0eddd29b0b2ad78e4cf61362283034677f42f (diff)
downloadtor-55d8b8e578e17d8654f33f62fdc4a4419a6b92a7.tar.gz
tor-55d8b8e578e17d8654f33f62fdc4a4419a6b92a7.zip
fixed bug where sandbox_getaddrinfo() would fail when -Sandbox is 0
Diffstat (limited to 'src')
-rw-r--r--src/common/address.c2
-rw-r--r--src/common/sandbox.c30
-rw-r--r--src/common/sandbox.h3
3 files changed, 29 insertions, 6 deletions
diff --git a/src/common/address.c b/src/common/address.c
index 5c8603ee20..a46aeb0d45 100644
--- a/src/common/address.c
+++ b/src/common/address.c
@@ -235,7 +235,7 @@ tor_addr_lookup(const char *name, uint16_t family, tor_addr_t *addr)
memset(&hints, 0, sizeof(hints));
hints.ai_family = family;
hints.ai_socktype = SOCK_STREAM;
- err = sandbox_getaddrinfo(name, &res);
+ err = sandbox_getaddrinfo(name, hints, &res);
if (!err) {
best = NULL;
for (res_p = res; res_p; res_p = res_p->ai_next) {
diff --git a/src/common/sandbox.c b/src/common/sandbox.c
index 1f0584cce1..19c28981ed 100644
--- a/src/common/sandbox.c
+++ b/src/common/sandbox.c
@@ -54,6 +54,7 @@
#include <time.h>
#include <poll.h>
+static int sandbox_active = 0;
static sandbox_cfg_t *filter_dynamic = NULL;
static sb_addr_info_t *sb_addr_info = NULL;
@@ -948,7 +949,8 @@ sandbox_cfg_allow_execve_array(sandbox_cfg_t **cfg, ...)
}
int
-sandbox_getaddrinfo(const char *name, struct addrinfo **res)
+sandbox_getaddrinfo(const char *name, struct addrinfo hints,
+ struct addrinfo **res)
{
sb_addr_info_t *el;
@@ -956,18 +958,31 @@ sandbox_getaddrinfo(const char *name, struct addrinfo **res)
for (el = sb_addr_info; el; el = el->next) {
if (!strcmp(el->name, name)) {
- *res = (struct addrinfo *)malloc(sizeof(struct addrinfo));
+ *res = (struct addrinfo *) malloc(sizeof(struct addrinfo));
if (!res) {
return -2;
}
memcpy(*res, el->info, sizeof(struct addrinfo));
-
return 0;
}
}
+ if (!sandbox_active) {
+ if (getaddrinfo(name, NULL, &hints, res)) {
+ log_err(LD_BUG,"(Sandbox) getaddrinfo failed!");
+ return -1;
+ }
+
+ return 0;
+ }
+
+ // getting here means something went wrong
log_err(LD_BUG,"(Sandbox) failed to get address %s!", name);
+ if (*res) {
+ free(*res);
+ res = NULL;
+ }
return -1;
}
@@ -1069,7 +1084,14 @@ install_syscall_filter(sandbox_cfg_t* cfg)
goto end;
}
- rc = seccomp_load(ctx);
+ // loading the seccomp2 filter
+ if((rc = seccomp_load(ctx))) {
+ log_err(LD_BUG, "(Sandbox) failed to load!");
+ goto end;
+ }
+
+ // marking the sandbox as active
+ sandbox_active = 1;
end:
seccomp_release(ctx);
diff --git a/src/common/sandbox.h b/src/common/sandbox.h
index 59474c4fe8..503bb70846 100644
--- a/src/common/sandbox.h
+++ b/src/common/sandbox.h
@@ -133,7 +133,8 @@ typedef struct {
int sandbox_add_addrinfo(const char *addr);
/** Replacement for getaddrinfo(), using pre-recorded results. */
-int sandbox_getaddrinfo(const char *name, struct addrinfo **res);
+int sandbox_getaddrinfo(const char *name, struct addrinfo hints,
+ struct addrinfo **res);
/** Use <b>fd</b> to log non-survivable sandbox violations. */
void sandbox_set_debugging_fd(int fd);