diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/common/sandbox.c | 62 | ||||
| -rw-r--r-- | src/common/sandbox.h | 18 | ||||
| -rw-r--r-- | src/or/main.c | 11 |
3 files changed, 61 insertions, 30 deletions
diff --git a/src/common/sandbox.c b/src/common/sandbox.c index 748141cda3..41c3b44d78 100644 --- a/src/common/sandbox.c +++ b/src/common/sandbox.c @@ -54,8 +54,7 @@ #include <poll.h> static sandbox_cfg_t *filter_dynamic = NULL; - -static struct addrinfo *sb_addr_info= NULL; +static sb_addr_info_t *sb_addr_info = NULL; /** Variable used for storing all syscall numbers that will be allowed with the * stage 1 general Tor sandbox. @@ -914,54 +913,57 @@ sandbox_cfg_allow_execve_array(sandbox_cfg_t **cfg, ...) int sandbox_getaddrinfo(const char *name, struct addrinfo **res) { - char hname[256]; + sb_addr_info_t *el; - if (!res) { - return -2; - } *res = NULL; - *res = (struct addrinfo *)malloc(sizeof(struct addrinfo)); - if (*res == NULL) { - return -2; - } - if (gethostname(hname, sizeof(hname)) < 0) { - return -1; - } + for (el = sb_addr_info; el; el = el->next) { + if(!strcmp(el->name, name)) { + *res = (struct addrinfo *)malloc(sizeof(struct addrinfo)); + if (!res) { + return -2; + } - if (strcmp(name, hname) || sb_addr_info == NULL) { - log_err(LD_BUG,"(Sandbox) failed for hname %s!", name); - return -1; + memcpy(*res, el->info, sizeof(struct addrinfo)); + + return 0; + } } - memcpy(*res, sb_addr_info, sizeof(struct addrinfo)); - return 0; + return -1; } -static int -init_addrinfo(void) +int +sandbox_add_addrinfo(const char* name) { int ret; struct addrinfo hints; - char hname[256]; + sb_addr_info_t *el = NULL; - sb_addr_info = NULL; - - if (gethostname(hname, sizeof(hname)) < 0) { - return -1; + el = (sb_addr_info_t*) malloc(sizeof(sb_addr_info_t)); + if(!el) { + log_err(LD_BUG,"(Sandbox) failed to allocate addr info!"); + ret = -2; + goto out; } memset(&hints, 0, sizeof(hints)); hints.ai_family = AF_INET; hints.ai_socktype = SOCK_STREAM; - ret = getaddrinfo(hname, NULL, &hints, &sb_addr_info); + ret = getaddrinfo(name, NULL, &hints, &(el->info)); if (ret) { - sb_addr_info = NULL; - return -2; + log_err(LD_BUG,"(Sandbox) failed to getaddrinfo"); + ret = -2; + goto out; } - return 0; + el->name = strdup(name); + el->next = sb_addr_info; + sb_addr_info = el; + + out: + return ret; } static int @@ -1151,7 +1153,7 @@ initialise_libseccomp_sandbox(sandbox_cfg_t* cfg) if (install_sigsys_debugging()) return -1; - if (init_addrinfo() || prot_strings(cfg)) { + if (prot_strings(cfg)) { return -4; } diff --git a/src/common/sandbox.h b/src/common/sandbox.h index 51449ca415..9a61749a3f 100644 --- a/src/common/sandbox.h +++ b/src/common/sandbox.h @@ -62,6 +62,21 @@ struct pfd_elem { /** Typedef to structure used to manage a sandbox configuration. */ typedef struct pfd_elem sandbox_cfg_t; +/** + * Structure used for keeping a linked list of getaddrinfo pre-recorded + * results. + */ +struct sb_addr_info_el { + /** Name of the address info result. */ + char *name; + /** Pre-recorded getaddrinfo result. */ + struct addrinfo *info; + /** Next element in the list. */ + struct sb_addr_info_el *next; +}; +/** Typedef to structure used to manage an addrinfo list. */ +typedef struct sb_addr_info_el sb_addr_info_t; + /** Function pointer defining the prototype of a filter function.*/ typedef int (*sandbox_filter_func_t)(scmp_filter_ctx ctx, sandbox_cfg_t *filter); @@ -93,6 +108,9 @@ typedef struct { #endif // __linux__ +/** Pre-calls getaddrinfo in order to pre-record result. */ +int sandbox_add_addrinfo(const char *addr); + /** Replacement for getaddrinfo(), using pre-recorded results. */ int sandbox_getaddrinfo(const char *name, struct addrinfo **res); diff --git a/src/or/main.c b/src/or/main.c index 861f586c90..af05f0b71a 100644 --- a/src/or/main.c +++ b/src/or/main.c @@ -2639,6 +2639,15 @@ find_flashcard_path(PWCHAR path, size_t size) } #endif +static void +init_addrinfo(void) { + char hname[256]; + + // host name to sandbox + gethostname(hname, sizeof(hname)); + sandbox_add_addrinfo(hname); +} + static sandbox_cfg_t* sandbox_init_filter() { @@ -2713,6 +2722,8 @@ sandbox_init_filter() sandbox_cfg_allow_execve(&cfg, "/usr/local/bin/tor"); + init_addrinfo(); + return cfg; } |