diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/common/sandbox.c | 49 | ||||
-rw-r--r-- | src/common/sandbox.h | 9 | ||||
-rw-r--r-- | src/or/main.c | 20 |
3 files changed, 40 insertions, 38 deletions
diff --git a/src/common/sandbox.c b/src/common/sandbox.c index 0bfbd012fd..49c057c2aa 100644 --- a/src/common/sandbox.c +++ b/src/common/sandbox.c @@ -731,20 +731,20 @@ sandbox_cfg_allow_stat64_filename(sandbox_cfg_t **cfg, char *file, int fr) } int -sandbox_cfg_allow_stat64_filename_array(sandbox_cfg_t **cfg, int num, ...) +sandbox_cfg_allow_stat64_filename_array(sandbox_cfg_t **cfg, ...) { - int rc = 0, i; + int rc = 0; + char *fn = NULL; va_list ap; - va_start(ap, num); + va_start(ap, cfg); - for (i = 0; i < num; i++) { - char *fn = va_arg(ap, char*); + while((fn = va_arg(ap, char*)) != NULL) { int fr = va_arg(ap, int); rc = sandbox_cfg_allow_stat64_filename(cfg, fn, fr); if (rc) { - log_err(LD_BUG,"(Sandbox) failed on par %d", i); + log_err(LD_BUG,"(Sandbox) sandbox_cfg_allow_stat64_filename_array fail"); goto end; } } @@ -775,20 +775,20 @@ sandbox_cfg_allow_open_filename(sandbox_cfg_t **cfg, char *file, int fr) } int -sandbox_cfg_allow_open_filename_array(sandbox_cfg_t **cfg, int num, ...) +sandbox_cfg_allow_open_filename_array(sandbox_cfg_t **cfg, ...) { - int rc = 0, i; + int rc = 0; + char *fn = NULL; va_list ap; - va_start(ap, num); + va_start(ap, cfg); - for (i = 0; i < num; i++) { - char *fn = va_arg(ap, char*); + while((fn = va_arg(ap, char*)) != NULL) { int fr = va_arg(ap, int); rc = sandbox_cfg_allow_open_filename(cfg, fn, fr); if (rc) { - log_err(LD_BUG,"(Sandbox) failed on par %d", i); + log_err(LD_BUG,"(Sandbox) sandbox_cfg_allow_open_filename_array fail"); goto end; } } @@ -818,20 +818,20 @@ sandbox_cfg_allow_openat_filename(sandbox_cfg_t **cfg, char *file, int fr) } int -sandbox_cfg_allow_openat_filename_array(sandbox_cfg_t **cfg, int num, ...) +sandbox_cfg_allow_openat_filename_array(sandbox_cfg_t **cfg, ...) { - int rc = 0, i; + int rc = 0; + char *fn = NULL; va_list ap; - va_start(ap, num); + va_start(ap, cfg); - for (i = 0; i < num; i++) { - char *fn = va_arg(ap, char*); + while((fn = va_arg(ap, char*)) != NULL) { int fr = va_arg(ap, int); rc = sandbox_cfg_allow_openat_filename(cfg, fn, fr); if (rc) { - log_err(LD_BUG,"(Sandbox) failed on par %d", i); + log_err(LD_BUG,"(Sandbox) sandbox_cfg_allow_openat_filename_array fail"); goto end; } } @@ -859,20 +859,19 @@ sandbox_cfg_allow_execve(sandbox_cfg_t **cfg, char *com) } int -sandbox_cfg_allow_execve_array(sandbox_cfg_t **cfg, int num, ...) +sandbox_cfg_allow_execve_array(sandbox_cfg_t **cfg, ...) { - int rc = 0, i; + int rc = 0; + char *fn = NULL; va_list ap; - va_start(ap, num); + va_start(ap, cfg); - for (i = 0; i < num; i++) { - char *fn = va_arg(ap, char*); + while((fn = va_arg(ap, char*)) != NULL) { rc = sandbox_cfg_allow_execve(cfg, fn); - if (rc) { - log_err(LD_BUG,"(Sandbox) failed on par %d", i); + log_err(LD_BUG,"(Sandbox) sandbox_cfg_allow_execve_array failed"); goto end; } } diff --git a/src/common/sandbox.h b/src/common/sandbox.h index 4119d9289b..2c0eb30b8b 100644 --- a/src/common/sandbox.h +++ b/src/common/sandbox.h @@ -125,7 +125,7 @@ int sandbox_cfg_allow_open_filename(sandbox_cfg_t **cfg, char *file, * that the char* needs to be free-ed, 0 means the pointer does not need to * be free-ed. */ -int sandbox_cfg_allow_open_filename_array(sandbox_cfg_t **cfg, int num, ...); +int sandbox_cfg_allow_open_filename_array(sandbox_cfg_t **cfg, ...); /** * Function used to add a openat allowed filename to a supplied configuration. @@ -145,7 +145,7 @@ int sandbox_cfg_allow_openat_filename(sandbox_cfg_t **cfg, char *file, * that the char* needs to be free-ed, 0 means the pointer does not need to * be free-ed. */ -int sandbox_cfg_allow_openat_filename_array(sandbox_cfg_t **cfg, int num, ...); +int sandbox_cfg_allow_openat_filename_array(sandbox_cfg_t **cfg, ...); /** * Function used to add a execve allowed filename to a supplied configuration. @@ -164,7 +164,7 @@ int sandbox_cfg_allow_execve(sandbox_cfg_t **cfg, char *com); * that the char* needs to be free-ed, 0 means the pointer does not need to * be free-ed. */ -int sandbox_cfg_allow_execve_array(sandbox_cfg_t **cfg, int num, ...); +int sandbox_cfg_allow_execve_array(sandbox_cfg_t **cfg, ...); /** * Function used to add a stat64 allowed filename to a supplied configuration. @@ -184,8 +184,7 @@ int sandbox_cfg_allow_stat64_filename(sandbox_cfg_t **cfg, char *file, * that the char* needs to be free-ed, 0 means the pointer does not need to * be free-ed. */ -int sandbox_cfg_allow_stat64_filename_array(sandbox_cfg_t **cfg, - int num, ...); +int sandbox_cfg_allow_stat64_filename_array(sandbox_cfg_t **cfg, ...); /** Function used to initialise a sandbox configuration.*/ int sandbox_init(sandbox_cfg_t* cfg); diff --git a/src/or/main.c b/src/or/main.c index ca7e3b3e7c..861f586c90 100644 --- a/src/or/main.c +++ b/src/or/main.c @@ -2647,7 +2647,7 @@ sandbox_init_filter() sandbox_cfg_allow_openat_filename(&cfg, get_datadir_fname("cached-status"), 1); - sandbox_cfg_allow_open_filename_array(&cfg, 24, + sandbox_cfg_allow_open_filename_array(&cfg, get_datadir_fname("cached-certs"), 1, get_datadir_fname("cached-certs.tmp"), 1, get_datadir_fname("cached-consensus"), 1, @@ -2671,20 +2671,22 @@ sandbox_init_filter() get_datadir_fname("unparseable-desc"), 1, "/dev/srandom", 0, "/dev/urandom", 0, - "/dev/random", 0 + "/dev/random", 0, + NULL, 0 ); - sandbox_cfg_allow_stat64_filename_array(&cfg, 5, + sandbox_cfg_allow_stat64_filename_array(&cfg, get_datadir_fname(NULL), 1, get_datadir_fname("lock"), 1, get_datadir_fname("state"), 1, get_datadir_fname("router-stability"), 1, - get_datadir_fname("cached-extrainfo.new"), 1 + get_datadir_fname("cached-extrainfo.new"), 1, + NULL, 0 ); // orport if (server_mode(get_options())) { - sandbox_cfg_allow_open_filename_array(&cfg, 14, + sandbox_cfg_allow_open_filename_array(&cfg, get_datadir_fname2("keys", "secret_id_key"), 1, get_datadir_fname2("keys", "secret_onion_key"), 1, get_datadir_fname2("keys", "secret_onion_key_ntor"), 1, @@ -2698,12 +2700,14 @@ sandbox_init_filter() get_datadir_fname("fingerprint.tmp"), 1, get_datadir_fname("cached-consensus"), 1, get_datadir_fname("cached-consensus.tmp"), 1, - "/etc/resolv.conf", 0 + "/etc/resolv.conf", 0, + NULL, 0 ); - sandbox_cfg_allow_stat64_filename_array(&cfg, 2, + sandbox_cfg_allow_stat64_filename_array(&cfg, get_datadir_fname("keys"), 1, - get_datadir_fname("stats/dirreq-stats"), 1 + get_datadir_fname("stats/dirreq-stats"), 1, + NULL, 0 ); } |