diff options
author | Cristian Toader <cristian.matei.toader@gmail.com> | 2013-09-03 16:37:12 +0300 |
---|---|---|
committer | Cristian Toader <cristian.matei.toader@gmail.com> | 2013-09-03 16:37:12 +0300 |
commit | 55d8b8e578e17d8654f33f62fdc4a4419a6b92a7 (patch) | |
tree | 6c8b051089007275ded90a412d5b12168b28463b /src | |
parent | b4b0eddd29b0b2ad78e4cf61362283034677f42f (diff) | |
download | tor-55d8b8e578e17d8654f33f62fdc4a4419a6b92a7.tar.gz tor-55d8b8e578e17d8654f33f62fdc4a4419a6b92a7.zip |
fixed bug where sandbox_getaddrinfo() would fail when -Sandbox is 0
Diffstat (limited to 'src')
-rw-r--r-- | src/common/address.c | 2 | ||||
-rw-r--r-- | src/common/sandbox.c | 30 | ||||
-rw-r--r-- | src/common/sandbox.h | 3 |
3 files changed, 29 insertions, 6 deletions
diff --git a/src/common/address.c b/src/common/address.c index 5c8603ee20..a46aeb0d45 100644 --- a/src/common/address.c +++ b/src/common/address.c @@ -235,7 +235,7 @@ tor_addr_lookup(const char *name, uint16_t family, tor_addr_t *addr) memset(&hints, 0, sizeof(hints)); hints.ai_family = family; hints.ai_socktype = SOCK_STREAM; - err = sandbox_getaddrinfo(name, &res); + err = sandbox_getaddrinfo(name, hints, &res); if (!err) { best = NULL; for (res_p = res; res_p; res_p = res_p->ai_next) { diff --git a/src/common/sandbox.c b/src/common/sandbox.c index 1f0584cce1..19c28981ed 100644 --- a/src/common/sandbox.c +++ b/src/common/sandbox.c @@ -54,6 +54,7 @@ #include <time.h> #include <poll.h> +static int sandbox_active = 0; static sandbox_cfg_t *filter_dynamic = NULL; static sb_addr_info_t *sb_addr_info = NULL; @@ -948,7 +949,8 @@ sandbox_cfg_allow_execve_array(sandbox_cfg_t **cfg, ...) } int -sandbox_getaddrinfo(const char *name, struct addrinfo **res) +sandbox_getaddrinfo(const char *name, struct addrinfo hints, + struct addrinfo **res) { sb_addr_info_t *el; @@ -956,18 +958,31 @@ sandbox_getaddrinfo(const char *name, struct addrinfo **res) for (el = sb_addr_info; el; el = el->next) { if (!strcmp(el->name, name)) { - *res = (struct addrinfo *)malloc(sizeof(struct addrinfo)); + *res = (struct addrinfo *) malloc(sizeof(struct addrinfo)); if (!res) { return -2; } memcpy(*res, el->info, sizeof(struct addrinfo)); - return 0; } } + if (!sandbox_active) { + if (getaddrinfo(name, NULL, &hints, res)) { + log_err(LD_BUG,"(Sandbox) getaddrinfo failed!"); + return -1; + } + + return 0; + } + + // getting here means something went wrong log_err(LD_BUG,"(Sandbox) failed to get address %s!", name); + if (*res) { + free(*res); + res = NULL; + } return -1; } @@ -1069,7 +1084,14 @@ install_syscall_filter(sandbox_cfg_t* cfg) goto end; } - rc = seccomp_load(ctx); + // loading the seccomp2 filter + if((rc = seccomp_load(ctx))) { + log_err(LD_BUG, "(Sandbox) failed to load!"); + goto end; + } + + // marking the sandbox as active + sandbox_active = 1; end: seccomp_release(ctx); diff --git a/src/common/sandbox.h b/src/common/sandbox.h index 59474c4fe8..503bb70846 100644 --- a/src/common/sandbox.h +++ b/src/common/sandbox.h @@ -133,7 +133,8 @@ typedef struct { int sandbox_add_addrinfo(const char *addr); /** Replacement for getaddrinfo(), using pre-recorded results. */ -int sandbox_getaddrinfo(const char *name, struct addrinfo **res); +int sandbox_getaddrinfo(const char *name, struct addrinfo hints, + struct addrinfo **res); /** Use <b>fd</b> to log non-survivable sandbox violations. */ void sandbox_set_debugging_fd(int fd); |