nihilist/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-11-10 21:23:58 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix most of the --enable-gcc-warnings warnings in the sandbox code

Browse Source
This commit is contained in:
Nick Mathewson 2013-09-09 15:14:50 -04:00
parent 42e6ab0e14
commit cc35d8be84
2 changed files with 29 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
src/common/sandbox.c
View File

@ -142,12 +142,14 @@ static int filter_nopar_gen[] = {
static int
sb_rt_sigaction(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
{
int i, rc;
unsigned i;
int rc;
int param[] = { SIGINT, SIGTERM, SIGPIPE, SIGUSR1, SIGUSR2, SIGHUP, SIGCHLD,
#ifdef SIGXFSZ
SIGXFSZ
#endif
};
(void) filter;
for (i = 0; i < ARRAY_LENGTH(param); i++) {
rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(rt_sigaction), 1,
@ -195,6 +197,7 @@ sb_execve(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
static int
sb_time(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
{
(void) filter;
return seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(time), 1,
SCMP_CMP(0, SCMP_CMP_EQ, 0));
}
@ -207,6 +210,7 @@ static int
sb_accept4(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
{
int rc = 0;
(void)filter;
#ifdef __i386__
rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(socketcall), 1,
@ -365,6 +369,7 @@ static int
sb_socket(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
{
int rc = 0;
(void) filter;
#ifdef __i386__
rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(socket), 0);
@ -411,6 +416,7 @@ static int
sb_socketpair(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
{
int rc = 0;
(void) filter;
#ifdef __i386__
rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(socketpair), 0);
@ -435,6 +441,7 @@ static int
sb_setsockopt(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
{
int rc = 0;
(void) filter;
#ifdef __i386__
rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(setsockopt), 0);
@ -459,6 +466,7 @@ static int
sb_getsockopt(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
{
int rc = 0;
(void) filter;
#ifdef __i386__
rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(getsockopt), 0);
@ -521,6 +529,7 @@ static int
sb_epoll_ctl(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
{
int rc = 0;
(void) filter;
rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(epoll_ctl), 1,
SCMP_CMP(1, SCMP_CMP_EQ, EPOLL_CTL_ADD));
@ -551,6 +560,7 @@ static int
sb_prctl(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
{
int rc = 0;
(void) filter;
rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(prctl), 1,
SCMP_CMP(0, SCMP_CMP_EQ, PR_SET_DUMPABLE));
@ -571,6 +581,7 @@ static int
sb_mprotect(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
{
int rc = 0;
(void) filter;
rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(mprotect), 1,
SCMP_CMP(2, SCMP_CMP_EQ, PROT_READ));
@ -598,6 +609,7 @@ static int
sb_rt_sigprocmask(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
{
int rc = 0;
(void) filter;
rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(rt_sigprocmask), 1,
SCMP_CMP(0, SCMP_CMP_EQ, SIG_UNBLOCK));
@ -622,6 +634,7 @@ static int
sb_flock(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
{
int rc = 0;
(void) filter;
rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(flock), 1,
SCMP_CMP(1, SCMP_CMP_EQ, LOCK_EX|LOCK_NB));
@ -644,6 +657,7 @@ static int
sb_futex(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
{
int rc = 0;
(void) filter;
// can remove
rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(futex), 1,
@ -675,6 +689,7 @@ static int
sb_mremap(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
{
int rc = 0;
(void) filter;
rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(mremap), 1,
SCMP_CMP(3, SCMP_CMP_EQ, MREMAP_MAYMOVE));
@ -692,6 +707,7 @@ static int
sb_poll(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
{
int rc = 0;
(void) filter;
rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(poll), 2,
SCMP_CMP(1, SCMP_CMP_EQ, 1),
@ -825,13 +841,13 @@ prot_strings(sandbox_cfg_t* cfg)
char *param_val = (char*)((smp_param_t *)el->param)->value;
size_t param_size = strlen(param_val) + 1;
if (pr_mem_left - param_size >= 0) {
if (pr_mem_left >= param_size) {
// copy to protected
memcpy(pr_mem_next, param_val, param_size);
// re-point el parameter to protected
{
void *old_val = ((smp_param_t*)el->param)->value;
void *old_val = (void *) ((smp_param_t*)el->param)->value;
tor_free(old_val);
}
((smp_param_t*)el->param)->value = (intptr_t) pr_mem_next;
@ -900,7 +916,7 @@ sandbox_cfg_allow_stat_filename(sandbox_cfg_t **cfg, char *file, int fr)
{
sandbox_cfg_t *elem = NULL;
elem = new_element(SCMP_stat, 0, (intptr_t) tor_strdup(file));
elem = new_element(SCMP_stat, 0, (intptr_t)(void*) tor_strdup(file));
if (!elem) {
log_err(LD_BUG,"(Sandbox) failed to register parameter!");
return -1;
@ -942,7 +958,7 @@ sandbox_cfg_allow_open_filename(sandbox_cfg_t **cfg, char *file, int fr)
{
sandbox_cfg_t *elem = NULL;
elem = new_element(SCMP_SYS(open), 0, (intptr_t) tor_strdup(file));
elem = new_element(SCMP_SYS(open), 0, (intptr_t)(void *)tor_strdup(file));
if (!elem) {
log_err(LD_BUG,"(Sandbox) failed to register parameter!");
return -1;
@ -985,7 +1001,7 @@ sandbox_cfg_allow_openat_filename(sandbox_cfg_t **cfg, char *file, int fr)
{
sandbox_cfg_t *elem = NULL;
elem = new_element(SCMP_SYS(openat), 1, (intptr_t) tor_strdup(file));
elem = new_element(SCMP_SYS(openat), 1, (intptr_t)(void *)tor_strdup(file));
if (!elem) {
log_err(LD_BUG,"(Sandbox) failed to register parameter!");
return -1;
@ -1024,11 +1040,11 @@ sandbox_cfg_allow_openat_filename_array(sandbox_cfg_t **cfg, ...)
}
int
sandbox_cfg_allow_execve(sandbox_cfg_t **cfg, char *com)
sandbox_cfg_allow_execve(sandbox_cfg_t **cfg, const char *com)
{
sandbox_cfg_t *elem = NULL;
elem = new_element(SCMP_SYS(execve), 1, (intptr_t) tor_strdup(com));
elem = new_element(SCMP_SYS(execve), 1, (intptr_t)(void *)tor_strdup(com));
if (!elem) {
log_err(LD_BUG,"(Sandbox) failed to register parameter!");
return -1;
@ -1141,7 +1157,8 @@ sandbox_add_addrinfo(const char* name)
static int
add_param_filter(scmp_filter_ctx ctx, sandbox_cfg_t* cfg)
{
int i, rc = 0;
unsigned i;
int rc = 0;
// function pointer
for (i = 0; i < ARRAY_LENGTH(filter_func); i++) {
@ -1162,7 +1179,8 @@ add_param_filter(scmp_filter_ctx ctx, sandbox_cfg_t* cfg)
static int
add_noparam_filter(scmp_filter_ctx ctx)
{
int i, rc = 0;
unsigned i;
int rc = 0;
// add general filters
for (i = 0; i < ARRAY_LENGTH(filter_nopar_gen); i++) {

2
src/common/sandbox.h
View File

@ -191,7 +191,7 @@ int sandbox_cfg_allow_openat_filename_array(sandbox_cfg_t **cfg, ...);
* function that the char* needs to be free-ed, 0 means the pointer does not
* need to be free-ed.
*/
int sandbox_cfg_allow_execve(sandbox_cfg_t **cfg, char *com);
int sandbox_cfg_allow_execve(sandbox_cfg_t **cfg, const char *com);
/** Function used to add a series of execve allowed filenames to a supplied
* configuration.