Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMike Frysinger <vapier@gentoo.org>2010-11-23 07:11:47 -0500
committerMike Frysinger <vapier@gentoo.org>2010-11-23 07:11:47 -0500
commit4a383c33005f7ffad6edeed01f78d8e2cca5203d (patch)
tree392d927cd6b10f1bc0a2c9d643658aabb8be7c0d
parenttests: add another unlinkat test for long paths (diff)
downloadsandbox-4a383c33005f7ffad6edeed01f78d8e2cca5203d.tar.gz
sandbox-4a383c33005f7ffad6edeed01f78d8e2cca5203d.tar.bz2
sandbox-4a383c33005f7ffad6edeed01f78d8e2cca5203d.zip
libsandbox: fix bug in previous dirfd unificationv2.4
The previous commit (libsandbox: handle dirfd in mkdir/open/unlink *at prechecks) left a sizeof() in place but unfortunately no longer held the same meaning. In previous code, the function had access to the buffer decl and so could get the byte count. In the new code, the function has access to the pointer only. So sizeof() now wrongly returns the size of pointers rather than the length of the buffer. Extend the new helper function to take the length of the buffer it is given to fix this issue. Signed-off-by: Mike Frysinger <vapier@gentoo.org>
Diffstat
-rw-r--r--libsandbox/libsandbox.c7
-rw-r--r--libsandbox/libsandbox.h2
-rw-r--r--libsandbox/wrapper-funcs/mkdirat_pre_check.c2
-rw-r--r--libsandbox/wrapper-funcs/openat_pre_check.c2
-rw-r--r--libsandbox/wrapper-funcs/unlinkat_pre_check.c2
5 files changed, 8 insertions, 7 deletions
diff --git a/libsandbox/libsandbox.c b/libsandbox/libsandbox.c
index 7c97c52..908a150 100644
--- a/libsandbox/libsandbox.c
+++ b/libsandbox/libsandbox.c
@@ -144,7 +144,8 @@ static const char *sb_get_cmdline(pid_t pid)
* 1 - path is in @path (no resolution necessary)
* 2 - errno issues -- ignore this path
*/
-int resolve_dirfd_path(int dirfd, const char *path, char *resolved_path)
+int resolve_dirfd_path(int dirfd, const char *path, char *resolved_path,
+ size_t resolved_path_len)
{
/* The *at style functions have the following semantics:
* - dirfd = AT_FDCWD: same as non-at func: file is based on CWD
@@ -158,7 +159,7 @@ int resolve_dirfd_path(int dirfd, const char *path, char *resolved_path)
save_errno();
- size_t at_len = sizeof(resolved_path) - 1 - 1 - (path ? strlen(path) : 0);
+ size_t at_len = resolved_path_len - 1 - 1 - (path ? strlen(path) : 0);
sprintf(resolved_path, "/proc/%i/fd/%i", trace_pid ? : getpid(), dirfd);
ssize_t ret = readlink(resolved_path, resolved_path, at_len);
if (ret == -1) {
@@ -1059,7 +1060,7 @@ bool before_syscall(int dirfd, int sb_nr, const char *func, const char *file, in
}
}
- switch (resolve_dirfd_path(dirfd, file, at_file_buf)) {
+ switch (resolve_dirfd_path(dirfd, file, at_file_buf, sizeof(at_file_buf))) {
case -1: return false;
case 0: file = at_file_buf; break;
case 2: return true;
diff --git a/libsandbox/libsandbox.h b/libsandbox/libsandbox.h
index 3ef7c71..0324b5b 100644
--- a/libsandbox/libsandbox.h
+++ b/libsandbox/libsandbox.h
@@ -71,7 +71,7 @@ __attribute__((noreturn)) void sb_abort(void);
char *erealpath(const char *, char *);
char *egetcwd(char *, size_t);
int canonicalize(const char *, char *);
-int resolve_dirfd_path(int, const char *, char *);
+int resolve_dirfd_path(int, const char *, char *, size_t);
/* most linux systems use ENAMETOOLONG, but some (ia64) use ERANGE, as do some BSDs */
#define errno_is_too_long() (errno == ENAMETOOLONG || errno == ERANGE)
diff --git a/libsandbox/wrapper-funcs/mkdirat_pre_check.c b/libsandbox/wrapper-funcs/mkdirat_pre_check.c
index d037546..4fef14c 100644
--- a/libsandbox/wrapper-funcs/mkdirat_pre_check.c
+++ b/libsandbox/wrapper-funcs/mkdirat_pre_check.c
@@ -13,7 +13,7 @@ bool sb_mkdirat_pre_check(const char *func, const char *pathname, int dirfd)
save_errno();
/* Expand the dirfd path first */
- switch (resolve_dirfd_path(dirfd, pathname, dirfd_path)) {
+ switch (resolve_dirfd_path(dirfd, pathname, dirfd_path, sizeof(dirfd_path))) {
case -1:
if (is_env_on(ENV_SANDBOX_DEBUG))
SB_EINFO("EARLY FAIL", " %s(%s) @ resolve_dirfd_path: %s\n",
diff --git a/libsandbox/wrapper-funcs/openat_pre_check.c b/libsandbox/wrapper-funcs/openat_pre_check.c
index 4a63413..23149dc 100644
--- a/libsandbox/wrapper-funcs/openat_pre_check.c
+++ b/libsandbox/wrapper-funcs/openat_pre_check.c
@@ -17,7 +17,7 @@ bool sb_openat_pre_check(const char *func, const char *pathname, int dirfd, int
/* Expand the dirfd path first */
char dirfd_path[SB_PATH_MAX];
- switch (resolve_dirfd_path(dirfd, pathname, dirfd_path)) {
+ switch (resolve_dirfd_path(dirfd, pathname, dirfd_path, sizeof(dirfd_path))) {
case -1:
if (is_env_on(ENV_SANDBOX_DEBUG))
SB_EINFO("EARLY FAIL", " %s(%s) @ resolve_dirfd_path: %s\n",
diff --git a/libsandbox/wrapper-funcs/unlinkat_pre_check.c b/libsandbox/wrapper-funcs/unlinkat_pre_check.c
index 4e4a38d..1c4f7e3 100644
--- a/libsandbox/wrapper-funcs/unlinkat_pre_check.c
+++ b/libsandbox/wrapper-funcs/unlinkat_pre_check.c
@@ -13,7 +13,7 @@ bool sb_unlinkat_pre_check(const char *func, const char *pathname, int dirfd)
save_errno();
/* Expand the dirfd path first */
- switch (resolve_dirfd_path(dirfd, pathname, dirfd_path)) {
+ switch (resolve_dirfd_path(dirfd, pathname, dirfd_path, sizeof(dirfd_path))) {
case -1:
if (is_env_on(ENV_SANDBOX_DEBUG))
SB_EINFO("EARLY FAIL", " %s(%s) @ resolve_dirfd_path: %s\n",