nihilist/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-11-28 06:13:31 +01:00
Code Issues Packages Projects Releases Wiki Activity

fixed bug where sandbox_getaddrinfo() would fail when -Sandbox is 0

Browse Source
This commit is contained in:
Cristian Toader 2013-09-03 16:37:12 +03:00
parent b4b0eddd29
commit 55d8b8e578
3 changed files with 29 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/common/address.c
View File

@ -235,7 +235,7 @@ tor_addr_lookup(const char *name, uint16_t family, tor_addr_t *addr)
memset(&hints, 0, sizeof(hints)); memset(&hints, 0, sizeof(hints));
hints.ai_family = family; hints.ai_family = family;
hints.ai_socktype = SOCK_STREAM; hints.ai_socktype = SOCK_STREAM;
err = sandbox_getaddrinfo(name, &res); err = sandbox_getaddrinfo(name, hints, &res);
if (!err) { if (!err) {
best = NULL; best = NULL;
for (res_p = res; res_p; res_p = res_p->ai_next) { for (res_p = res; res_p; res_p = res_p->ai_next) {

30
src/common/sandbox.c
View File

@ -54,6 +54,7 @@
#include <time.h> #include <time.h>
#include <poll.h> #include <poll.h>
static int sandbox_active = 0;
static sandbox_cfg_t *filter_dynamic = NULL; static sandbox_cfg_t *filter_dynamic = NULL;
static sb_addr_info_t *sb_addr_info = NULL; static sb_addr_info_t *sb_addr_info = NULL;
@ -948,7 +949,8 @@ sandbox_cfg_allow_execve_array(sandbox_cfg_t **cfg, ...)
} }
int int
sandbox_getaddrinfo(const char *name, struct addrinfo **res) sandbox_getaddrinfo(const char *name, struct addrinfo hints,
struct addrinfo **res)
{ {
sb_addr_info_t *el; sb_addr_info_t *el;
@ -956,18 +958,31 @@ sandbox_getaddrinfo(const char *name, struct addrinfo **res)
for (el = sb_addr_info; el; el = el->next) { for (el = sb_addr_info; el; el = el->next) {
if (!strcmp(el->name, name)) { if (!strcmp(el->name, name)) {
*res = (struct addrinfo *)malloc(sizeof(struct addrinfo)); *res = (struct addrinfo *) malloc(sizeof(struct addrinfo));
if (!res) { if (!res) {
return -2; return -2;
} }
memcpy(*res, el->info, sizeof(struct addrinfo)); memcpy(*res, el->info, sizeof(struct addrinfo));
return 0; return 0;
} }
} }
if (!sandbox_active) {
if (getaddrinfo(name, NULL, &hints, res)) {
log_err(LD_BUG,"(Sandbox) getaddrinfo failed!");
return -1;
}
return 0;
}
// getting here means something went wrong
log_err(LD_BUG,"(Sandbox) failed to get address %s!", name); log_err(LD_BUG,"(Sandbox) failed to get address %s!", name);
if (*res) {
free(*res);
res = NULL;
}
return -1; return -1;
} }
@ -1069,7 +1084,14 @@ install_syscall_filter(sandbox_cfg_t* cfg)
goto end; goto end;
} }
rc = seccomp_load(ctx); // loading the seccomp2 filter
if((rc = seccomp_load(ctx))) {
log_err(LD_BUG, "(Sandbox) failed to load!");
goto end;
}
// marking the sandbox as active
sandbox_active = 1;
end: end:
seccomp_release(ctx); seccomp_release(ctx);

3
src/common/sandbox.h
View File

@ -133,7 +133,8 @@ typedef struct {
int sandbox_add_addrinfo(const char *addr); int sandbox_add_addrinfo(const char *addr);
/** Replacement for getaddrinfo(), using pre-recorded results. */ /** Replacement for getaddrinfo(), using pre-recorded results. */
int sandbox_getaddrinfo(const char *name, struct addrinfo **res); int sandbox_getaddrinfo(const char *name, struct addrinfo hints,
struct addrinfo **res);
/** Use <b>fd</b> to log non-survivable sandbox violations. */ /** Use <b>fd</b> to log non-survivable sandbox violations. */
void sandbox_set_debugging_fd(int fd); void sandbox_set_debugging_fd(int fd);