Lines 93-98
Link Here
|
93 |
errno=old_errno; \ |
93 |
errno=old_errno; \ |
94 |
} |
94 |
} |
95 |
|
95 |
|
|
|
96 |
#define canonicalize(path, resolved_path) \ |
97 |
{ \ |
98 |
if (0 != _canonicalize(path, resolved_path)) \ |
99 |
return -1; \ |
100 |
} |
101 |
|
102 |
#define canonicalize_ptr(path, resolved_path) \ |
103 |
{ \ |
104 |
if (0 != _canonicalize(path, resolved_path)) \ |
105 |
return NULL; \ |
106 |
} |
107 |
|
96 |
static char sandbox_lib[255]; |
108 |
static char sandbox_lib[255]; |
97 |
|
109 |
|
98 |
typedef struct { |
110 |
typedef struct { |
Lines 114-120
Link Here
|
114 |
|
126 |
|
115 |
static void init_wrappers(void); |
127 |
static void init_wrappers(void); |
116 |
static void *get_dlsym(const char *); |
128 |
static void *get_dlsym(const char *); |
117 |
static void canonicalize(const char *, char *); |
129 |
static int _canonicalize(const char *, char *); |
118 |
static int check_access(sbcontext_t *, const char *, const char *); |
130 |
static int check_access(sbcontext_t *, const char *, const char *); |
119 |
static int check_syscall(sbcontext_t *, const char *, const char *); |
131 |
static int check_syscall(sbcontext_t *, const char *, const char *); |
120 |
static int before_syscall(const char *, const char *); |
132 |
static int before_syscall(const char *, const char *); |
Lines 239-263
Link Here
|
239 |
errno = old_errno; |
251 |
errno = old_errno; |
240 |
} |
252 |
} |
241 |
|
253 |
|
242 |
static void canonicalize(const char *path, char *resolved_path) |
254 |
static int _canonicalize(const char *path, char *resolved_path) |
243 |
{ |
255 |
{ |
244 |
int old_errno = errno; |
256 |
int old_errno = errno; |
|
|
257 |
char *retval; |
245 |
|
258 |
|
246 |
/* If path == NULL, return or we get a segfault */ |
259 |
/* If path == NULL, return or we get a segfault */ |
247 |
if (NULL == path) return; |
260 |
if (NULL == path) { |
|
|
261 |
errno = EINVAL; |
262 |
return -1; |
263 |
} |
264 |
|
265 |
retval = erealpath(path, resolved_path); |
248 |
|
266 |
|
249 |
if(!erealpath(path, resolved_path) && (path[0] != '/')) { |
267 |
if((!retval) && (path[0] != '/')) { |
250 |
/* The path could not be canonicalized, append it |
268 |
/* The path could not be canonicalized, append it |
251 |
* to the current working directory if it was not |
269 |
* to the current working directory if it was not |
252 |
* an absolute path |
270 |
* an absolute path |
253 |
*/ |
271 |
*/ |
254 |
getcwd(resolved_path, MAXPATHLEN - 2); |
272 |
if (errno == ENAMETOOLONG) |
|
|
273 |
return -1; |
274 |
|
275 |
getcwd(resolved_path, SB_PATH_MAX - 2); |
255 |
strcat(resolved_path, "/"); |
276 |
strcat(resolved_path, "/"); |
256 |
strncat(resolved_path, path, MAXPATHLEN - 1); |
277 |
strncat(resolved_path, path, SB_PATH_MAX - 1); |
257 |
erealpath(resolved_path, resolved_path); |
278 |
|
|
|
279 |
if (!erealpath(resolved_path, resolved_path)) { |
280 |
if (errno == ENAMETOOLONG) { |
281 |
/* The resolved path is too long for the buffer to hold */ |
282 |
return -1; |
283 |
} else { |
284 |
/* Whatever it resolved, is not a valid path */ |
285 |
errno = ENOENT; |
286 |
return -1; |
287 |
} |
288 |
} |
289 |
|
290 |
} else if ((!retval) && (path[0] == '/')) { |
291 |
/* Whatever it resolved, is not a valid path */ |
292 |
errno = ENOENT; |
293 |
return -1; |
258 |
} |
294 |
} |
259 |
|
295 |
|
260 |
errno = old_errno; |
296 |
errno = old_errno; |
|
|
297 |
return 0; |
261 |
} |
298 |
} |
262 |
|
299 |
|
263 |
static void *get_dlsym(const char *symname) |
300 |
static void *get_dlsym(const char *symname) |
Lines 291-297
Link Here
|
291 |
int chmod(const char *path, mode_t mode) |
328 |
int chmod(const char *path, mode_t mode) |
292 |
{ |
329 |
{ |
293 |
int result = -1; |
330 |
int result = -1; |
294 |
char canonic[MAXPATHLEN]; |
331 |
char canonic[SB_PATH_MAX]; |
295 |
|
332 |
|
296 |
canonicalize(path, canonic); |
333 |
canonicalize(path, canonic); |
297 |
|
334 |
|
Lines 306-312
Link Here
|
306 |
int chown(const char *path, uid_t owner, gid_t group) |
343 |
int chown(const char *path, uid_t owner, gid_t group) |
307 |
{ |
344 |
{ |
308 |
int result = -1; |
345 |
int result = -1; |
309 |
char canonic[MAXPATHLEN]; |
346 |
char canonic[SB_PATH_MAX]; |
310 |
|
347 |
|
311 |
canonicalize(path, canonic); |
348 |
canonicalize(path, canonic); |
312 |
|
349 |
|
Lines 322-328
Link Here
|
322 |
{ |
359 |
{ |
323 |
/* Is it a system call? */ |
360 |
/* Is it a system call? */ |
324 |
int result = -1; |
361 |
int result = -1; |
325 |
char canonic[MAXPATHLEN]; |
362 |
char canonic[SB_PATH_MAX]; |
326 |
|
363 |
|
327 |
canonicalize(pathname, canonic); |
364 |
canonicalize(pathname, canonic); |
328 |
|
365 |
|
Lines 337-345
Link Here
|
337 |
FILE *fopen(const char *pathname, const char *mode) |
374 |
FILE *fopen(const char *pathname, const char *mode) |
338 |
{ |
375 |
{ |
339 |
FILE *result = NULL; |
376 |
FILE *result = NULL; |
340 |
char canonic[MAXPATHLEN]; |
377 |
char canonic[SB_PATH_MAX]; |
341 |
|
378 |
|
342 |
canonicalize(pathname, canonic); |
379 |
canonicalize_ptr(pathname, canonic); |
343 |
|
380 |
|
344 |
if FUNCTION_SANDBOX_SAFE_CHAR("fopen", canonic, mode) { |
381 |
if FUNCTION_SANDBOX_SAFE_CHAR("fopen", canonic, mode) { |
345 |
check_dlsym(fopen); |
382 |
check_dlsym(fopen); |
Lines 353-359
Link Here
|
353 |
{ |
390 |
{ |
354 |
/* Linux specific? */ |
391 |
/* Linux specific? */ |
355 |
int result = -1; |
392 |
int result = -1; |
356 |
char canonic[MAXPATHLEN]; |
393 |
char canonic[SB_PATH_MAX]; |
357 |
|
394 |
|
358 |
canonicalize(path, canonic); |
395 |
canonicalize(path, canonic); |
359 |
|
396 |
|
Lines 368-374
Link Here
|
368 |
int link(const char *oldpath, const char *newpath) |
405 |
int link(const char *oldpath, const char *newpath) |
369 |
{ |
406 |
{ |
370 |
int result = -1; |
407 |
int result = -1; |
371 |
char old_canonic[MAXPATHLEN], new_canonic[MAXPATHLEN]; |
408 |
char old_canonic[SB_PATH_MAX], new_canonic[SB_PATH_MAX]; |
372 |
|
409 |
|
373 |
canonicalize(oldpath, old_canonic); |
410 |
canonicalize(oldpath, old_canonic); |
374 |
canonicalize(newpath, new_canonic); |
411 |
canonicalize(newpath, new_canonic); |
Lines 384-390
Link Here
|
384 |
int mkdir(const char *pathname, mode_t mode) |
421 |
int mkdir(const char *pathname, mode_t mode) |
385 |
{ |
422 |
{ |
386 |
int result = -1; |
423 |
int result = -1; |
387 |
char canonic[MAXPATHLEN]; |
424 |
char canonic[SB_PATH_MAX]; |
388 |
|
425 |
|
389 |
canonicalize(pathname, canonic); |
426 |
canonicalize(pathname, canonic); |
390 |
|
427 |
|
Lines 399-407
Link Here
|
399 |
DIR *opendir(const char *name) |
436 |
DIR *opendir(const char *name) |
400 |
{ |
437 |
{ |
401 |
DIR *result = NULL; |
438 |
DIR *result = NULL; |
402 |
char canonic[MAXPATHLEN]; |
439 |
char canonic[SB_PATH_MAX]; |
403 |
|
440 |
|
404 |
canonicalize(name, canonic); |
441 |
canonicalize_ptr(name, canonic); |
405 |
|
442 |
|
406 |
if FUNCTION_SANDBOX_SAFE("opendir", canonic) { |
443 |
if FUNCTION_SANDBOX_SAFE("opendir", canonic) { |
407 |
check_dlsym(opendir); |
444 |
check_dlsym(opendir); |
Lines 416-422
Link Here
|
416 |
int __xmknod(const char *pathname, mode_t mode, dev_t dev) |
453 |
int __xmknod(const char *pathname, mode_t mode, dev_t dev) |
417 |
{ |
454 |
{ |
418 |
int result = -1; |
455 |
int result = -1; |
419 |
char canonic[MAXPATHLEN]; |
456 |
char canonic[SB_PATH_MAX]; |
420 |
|
457 |
|
421 |
canonicalize(pathname, canonic); |
458 |
canonicalize(pathname, canonic); |
422 |
|
459 |
|
Lines 436-442
Link Here
|
436 |
va_list ap; |
473 |
va_list ap; |
437 |
mode_t mode = 0; |
474 |
mode_t mode = 0; |
438 |
int result = -1; |
475 |
int result = -1; |
439 |
char canonic[MAXPATHLEN]; |
476 |
char canonic[SB_PATH_MAX]; |
440 |
|
477 |
|
441 |
if (flags & O_CREAT) { |
478 |
if (flags & O_CREAT) { |
442 |
va_start(ap, flags); |
479 |
va_start(ap, flags); |
Lines 460-466
Link Here
|
460 |
int rename(const char *oldpath, const char *newpath) |
497 |
int rename(const char *oldpath, const char *newpath) |
461 |
{ |
498 |
{ |
462 |
int result = -1; |
499 |
int result = -1; |
463 |
char old_canonic[MAXPATHLEN], new_canonic[MAXPATHLEN]; |
500 |
char old_canonic[SB_PATH_MAX], new_canonic[SB_PATH_MAX]; |
464 |
|
501 |
|
465 |
canonicalize(oldpath, old_canonic); |
502 |
canonicalize(oldpath, old_canonic); |
466 |
canonicalize(newpath, new_canonic); |
503 |
canonicalize(newpath, new_canonic); |
Lines 476-482
Link Here
|
476 |
int rmdir(const char *pathname) |
513 |
int rmdir(const char *pathname) |
477 |
{ |
514 |
{ |
478 |
int result = -1; |
515 |
int result = -1; |
479 |
char canonic[MAXPATHLEN]; |
516 |
char canonic[SB_PATH_MAX]; |
480 |
|
517 |
|
481 |
canonicalize(pathname, canonic); |
518 |
canonicalize(pathname, canonic); |
482 |
|
519 |
|
Lines 491-497
Link Here
|
491 |
int symlink(const char *oldpath, const char *newpath) |
528 |
int symlink(const char *oldpath, const char *newpath) |
492 |
{ |
529 |
{ |
493 |
int result = -1; |
530 |
int result = -1; |
494 |
char old_canonic[MAXPATHLEN], new_canonic[MAXPATHLEN]; |
531 |
char old_canonic[SB_PATH_MAX], new_canonic[SB_PATH_MAX]; |
495 |
|
532 |
|
496 |
canonicalize(oldpath, old_canonic); |
533 |
canonicalize(oldpath, old_canonic); |
497 |
canonicalize(newpath, new_canonic); |
534 |
canonicalize(newpath, new_canonic); |
Lines 507-513
Link Here
|
507 |
int truncate(const char *path, TRUNCATE_T length) |
544 |
int truncate(const char *path, TRUNCATE_T length) |
508 |
{ |
545 |
{ |
509 |
int result = -1; |
546 |
int result = -1; |
510 |
char canonic[MAXPATHLEN]; |
547 |
char canonic[SB_PATH_MAX]; |
511 |
|
548 |
|
512 |
canonicalize(path, canonic); |
549 |
canonicalize(path, canonic); |
513 |
|
550 |
|
Lines 522-528
Link Here
|
522 |
int unlink(const char *pathname) |
559 |
int unlink(const char *pathname) |
523 |
{ |
560 |
{ |
524 |
int result = -1; |
561 |
int result = -1; |
525 |
char canonic[MAXPATHLEN]; |
562 |
char canonic[SB_PATH_MAX]; |
526 |
|
563 |
|
527 |
canonicalize(pathname, canonic); |
564 |
canonicalize(pathname, canonic); |
528 |
|
565 |
|
Lines 540-546
Link Here
|
540 |
{ |
577 |
{ |
541 |
/* Is it a system call? */ |
578 |
/* Is it a system call? */ |
542 |
int result = -1; |
579 |
int result = -1; |
543 |
char canonic[MAXPATHLEN]; |
580 |
char canonic[SB_PATH_MAX]; |
544 |
|
581 |
|
545 |
canonicalize(pathname, canonic); |
582 |
canonicalize(pathname, canonic); |
546 |
|
583 |
|
Lines 555-563
Link Here
|
555 |
FILE *fopen64(const char *pathname, const char *mode) |
592 |
FILE *fopen64(const char *pathname, const char *mode) |
556 |
{ |
593 |
{ |
557 |
FILE *result = NULL; |
594 |
FILE *result = NULL; |
558 |
char canonic[MAXPATHLEN]; |
595 |
char canonic[SB_PATH_MAX]; |
559 |
|
596 |
|
560 |
canonicalize(pathname, canonic); |
597 |
canonicalize_ptr(pathname, canonic); |
561 |
|
598 |
|
562 |
if FUNCTION_SANDBOX_SAFE_CHAR("fopen64", canonic, mode) { |
599 |
if FUNCTION_SANDBOX_SAFE_CHAR("fopen64", canonic, mode) { |
563 |
check_dlsym(fopen64); |
600 |
check_dlsym(fopen64); |
Lines 573-579
Link Here
|
573 |
va_list ap; |
610 |
va_list ap; |
574 |
mode_t mode = 0; |
611 |
mode_t mode = 0; |
575 |
int result = -1; |
612 |
int result = -1; |
576 |
char canonic[MAXPATHLEN]; |
613 |
char canonic[SB_PATH_MAX]; |
577 |
|
614 |
|
578 |
if (flags & O_CREAT) { |
615 |
if (flags & O_CREAT) { |
579 |
va_start(ap, flags); |
616 |
va_start(ap, flags); |
Lines 594-600
Link Here
|
594 |
int truncate64(const char *path, __off64_t length) |
631 |
int truncate64(const char *path, __off64_t length) |
595 |
{ |
632 |
{ |
596 |
int result = -1; |
633 |
int result = -1; |
597 |
char canonic[MAXPATHLEN]; |
634 |
char canonic[SB_PATH_MAX]; |
598 |
|
635 |
|
599 |
canonicalize(path, canonic); |
636 |
canonicalize(path, canonic); |
600 |
|
637 |
|
Lines 617-623
Link Here
|
617 |
int old_errno = errno; |
654 |
int old_errno = errno; |
618 |
int result = -1; |
655 |
int result = -1; |
619 |
int count = 0; |
656 |
int count = 0; |
620 |
char canonic[MAXPATHLEN]; |
657 |
char canonic[SB_PATH_MAX]; |
621 |
char *old_envp = NULL; |
658 |
char *old_envp = NULL; |
622 |
char *new_envp = NULL; |
659 |
char *new_envp = NULL; |
623 |
|
660 |
|
Lines 843-851
Link Here
|
843 |
static char* filter_path(const char* path) |
880 |
static char* filter_path(const char* path) |
844 |
{ |
881 |
{ |
845 |
int old_errno = errno; |
882 |
int old_errno = errno; |
846 |
char* filtered_path = (char *)malloc(MAXPATHLEN * sizeof(char)); |
883 |
char* filtered_path = (char *)malloc(SB_PATH_MAX * sizeof(char)); |
847 |
|
884 |
|
848 |
canonicalize(path, filtered_path); |
885 |
canonicalize_ptr(path, filtered_path); |
849 |
|
886 |
|
850 |
errno = old_errno; |
887 |
errno = old_errno; |
851 |
|
888 |
|