Attachment #132779 for bug #164656

Lines 24-29 libsandbox_la_SOURCES = \ Link Here

(-)src/Makefile.am (+1 lines)
24	libsandbox.c \	24	libsandbox.c \
25	canonicalize.c \	25	canonicalize.c \
26	sandbox_utils.c \	26	sandbox_utils.c \
		27	mmalloc.c \
27	$(LOCAL_INCLUDES)	28	$(LOCAL_INCLUDES)
28		29
29	sandbox_CFLAGS = -DOUTSIDE_LIBSANDBOX	30	sandbox_CFLAGS = -DOUTSIDE_LIBSANDBOX




/* Minimal mmap-based malloc/free implementation to be used by libsandbox
 * internal routines, since we can't trust the current process to have a
 * malloc/free implementation that is sane and available at all times.
 */

#include <stdlib.h>   /* malloc()/free() prototypes */
#include <string.h>   /* mem*(), strdup() prototype */

#include <sys/mman.h> /* mmap() */
#include <errno.h>
#include <limits.h>

#include "sandbox.h"

#define check_dlsym(_name) \
{ \
	int old_errno = errno; \
	if (!true_ ## _name) \
		true_ ## _name = get_dlsym(#_name, NULL); \
	errno = old_errno; \
}

#define SB_MALLOC_TO_MMAP(ptr) ((void*)(((size_t*)ptr) - 1))
#define SB_MMAP_TO_MALLOC(ptr) ((void*)(((size_t*)ptr) + 1))
#define SB_MALLOC_TO_SIZE(ptr) (*((size_t*)SB_MALLOC_TO_MMAP(ptr)))

static void *(*true_malloc)(size_t size) = NULL;
void *malloc(size_t size)
{
	if (!getenv(ENV_SANDBOX_LOCAL_MALLOC)) {
		check_dlsym(malloc);
		return true_malloc(size);
	} else {
		size_t *ret;
		size += sizeof(size_t);
		ret = mmap(0, size, PROT_READ|PROT_WRITE,
				MAP_PRIVATE|MAP_ANONYMOUS, -1, 0);
		if (ret == MAP_FAILED)
			return NULL;
		*ret = size;
		return SB_MMAP_TO_MALLOC(ret);
	}
}

static void (*true_free)(void *ptr) = NULL;
void free(void *ptr)
{
	if (!getenv(ENV_SANDBOX_LOCAL_MALLOC)) {
		check_dlsym(free);
		true_free(ptr);
	} else {
		if (ptr == NULL)
			return;
		munmap(SB_MALLOC_TO_MMAP(ptr), SB_MALLOC_TO_SIZE(ptr));
	}
}

static void *(*true_calloc)(size_t nmemb, size_t size) = NULL;
void *calloc(size_t nmemb, size_t size)
{
	if (!getenv(ENV_SANDBOX_LOCAL_MALLOC)) {
		check_dlsym(calloc);
		return true_calloc(nmemb, size);
	} else {
		void *ret;
		size_t malloc_size = nmemb * size;
		ret = malloc(malloc_size); /* dont care about overflow */
		if (ret == NULL)
			return NULL;
		memset(ret, 0x00, malloc_size);
		return ret;
	}
}

static void *(*true_realloc)(void *ptr, size_t size) = NULL;
void *realloc(void *ptr, size_t size)
{
	if (!getenv(ENV_SANDBOX_LOCAL_MALLOC)) {
		check_dlsym(realloc);
		return true_realloc(ptr, size);
	} else {
		void *ret;
		size_t old_malloc_size;

		if (ptr == NULL)
			return malloc(size);
		if (size == 0) {
			free(ptr);
			return ptr;
		}

		old_malloc_size = SB_MALLOC_TO_SIZE(ptr);
		ret = malloc(size);
		if (ret == NULL)
			return NULL;
		memcpy(ret, ptr, (size < old_malloc_size ? size
					: old_malloc_size));
		free(ptr);
		return ret;
	}
}

static char *(*true_strdup)(const char *s) = NULL;
#ifdef strdup
#undef strdup
#endif
char *strdup(const char *s)
{
	if (!getenv(ENV_SANDBOX_LOCAL_MALLOC)) {
		check_dlsym(strdup);
		return true_strdup(s);
	} else {
		size_t len;
		char *ret;

		if (s == NULL)
			return NULL;
		len = strlen(s);
		ret = malloc(len + 1);
		if (ret == NULL)
			return NULL;
		memcpy(ret, s, len + 1);
		return ret;
	}
}

Lines 52-57 Link Here

(-)src/sandbox.h (+3 lines)
52	#define ENV_SANDBOX_ACTIVE "SANDBOX_ACTIVE"	52	#define ENV_SANDBOX_ACTIVE "SANDBOX_ACTIVE"
53	#define SANDBOX_ACTIVE "armedandready"	53	#define SANDBOX_ACTIVE "armedandready"
54		54
		55	#define ENV_SANDBOX_LOCAL_MALLOC "SANDBOX_LOCAL_MALLOC"
		56
55	#define DEFAULT_BEEP_COUNT 3	57	#define DEFAULT_BEEP_COUNT 3
56		58
57	#define SB_BUF_LEN 2048	59	#define SB_BUF_LEN 2048
Lines 110-115 char gbasename (const char path); Link Here
110	char erealpath(const char , char *);	110	char erealpath(const char , char *);
111	#ifndef OUTSIDE_LIBSANDBOX	111	#ifndef OUTSIDE_LIBSANDBOX
112	char egetcwd(char , size_t);	112	char egetcwd(char , size_t);
		113	void get_dlsym(const char , const char *);
113	#endif	114	#endif
114		115
115	#endif /* __SANDBOX_H__ */	116	#endif /* __SANDBOX_H__ */

Lines 121-127 static int sb_path_size_warning = 0; Link Here

(-)src/libsandbox.c (-2 / +1 lines)
121	void __attribute__ ((constructor)) libsb_init(void);	121	void __attribute__ ((constructor)) libsb_init(void);
122	void __attribute__ ((destructor)) libsb_fini(void);	122	void __attribute__ ((destructor)) libsb_fini(void);
123		123
124	static void get_dlsym(const char , const char *);
125	static int canonicalize(const char , char );	124	static int canonicalize(const char , char );
126	static char resolve_path(const char , int);	125	static char resolve_path(const char , int);
127	static int check_prefixes(char *, int, const char );	126	static int check_prefixes(char *, int, const char );
Lines 185-191 void __attribute__ ((constructor)) libsb Link Here
185	errno = old_errno;	184	errno = old_errno;
186	}	185	}
187		186
188	static void get_dlsym(const char symname, const char *symver)	187	void get_dlsym(const char symname, const char *symver)
189	{	188	{
190	void *symaddr = NULL;	189	void *symaddr = NULL;
191		190

Return to bug 164656

Line 0 Link Here

(-)src/mmalloc.c (+125 lines)
		1	/* Minimal mmap-based malloc/free implementation to be used by libsandbox
		2	* internal routines, since we can't trust the current process to have a
		3	* malloc/free implementation that is sane and available at all times.
		4	*/
		5
		6	#include <stdlib.h> /* malloc()/free() prototypes */
		7	#include <string.h> /* mem(), strdup() prototype /
		8
		9	#include <sys/mman.h> /* mmap() */
		10	#include <errno.h>
		11	#include <limits.h>
		12
		13	#include "sandbox.h"
		14
		15	#define check_dlsym(_name) \
		16	{ \
		17	int old_errno = errno; \
		18	if (!true_ ## _name) \
		19	true_ ## _name = get_dlsym(#_name, NULL); \
		20	errno = old_errno; \
		21	}
		22
		23	#define SB_MALLOC_TO_MMAP(ptr) ((void)(((size_t)ptr) - 1))
		24	#define SB_MMAP_TO_MALLOC(ptr) ((void)(((size_t)ptr) + 1))
		25	#define SB_MALLOC_TO_SIZE(ptr) (((size_t)SB_MALLOC_TO_MMAP(ptr)))
		26
		27	static void (true_malloc)(size_t size) = NULL;
		28	void *malloc(size_t size)
		29	{
		30	if (!getenv(ENV_SANDBOX_LOCAL_MALLOC)) {
		31	check_dlsym(malloc);
		32	return true_malloc(size);
		33	} else {
		34	size_t *ret;
		35	size += sizeof(size_t);
		36	ret = mmap(0, size, PROT_READ\|PROT_WRITE,
		37	MAP_PRIVATE\|MAP_ANONYMOUS, -1, 0);
		38	if (ret == MAP_FAILED)
		39	return NULL;
		40	*ret = size;
		41	return SB_MMAP_TO_MALLOC(ret);
		42	}
		43	}
		44
		45	static void (true_free)(void ptr) = NULL;
		46	void free(void *ptr)
		47	{
		48	if (!getenv(ENV_SANDBOX_LOCAL_MALLOC)) {
		49	check_dlsym(free);
		50	true_free(ptr);
		51	} else {
		52	if (ptr == NULL)
		53	return;
		54	munmap(SB_MALLOC_TO_MMAP(ptr), SB_MALLOC_TO_SIZE(ptr));
		55	}
		56	}
		57
		58	static void (true_calloc)(size_t nmemb, size_t size) = NULL;
		59	void *calloc(size_t nmemb, size_t size)
		60	{
		61	if (!getenv(ENV_SANDBOX_LOCAL_MALLOC)) {
		62	check_dlsym(calloc);
		63	return true_calloc(nmemb, size);
		64	} else {
65	void *ret;
66	size_t malloc_size = nmemb * size;
67	ret = malloc(malloc_size); /* dont care about overflow */
68	if (ret == NULL)
69	return NULL;
70	memset(ret, 0x00, malloc_size);
71	return ret;
72	}
73	}
74
75	static void (true_realloc)(void *ptr, size_t size) = NULL;
76	void realloc(void ptr, size_t size)
77	{
78	if (!getenv(ENV_SANDBOX_LOCAL_MALLOC)) {
79	check_dlsym(realloc);
80	return true_realloc(ptr, size);
81	} else {
82	void *ret;
83	size_t old_malloc_size;
84
85	if (ptr == NULL)
86	return malloc(size);
87	if (size == 0) {
88	free(ptr);
89	return ptr;
90	}
91
92	old_malloc_size = SB_MALLOC_TO_SIZE(ptr);
93	ret = malloc(size);
94	if (ret == NULL)
95	return NULL;
96	memcpy(ret, ptr, (size < old_malloc_size ? size
97	: old_malloc_size));
98	free(ptr);
99	return ret;
100	}
101	}
102
103	static char (true_strdup)(const char *s) = NULL;
104	#ifdef strdup
105	#undef strdup
106	#endif
107	char strdup(const char s)
108	{
109	if (!getenv(ENV_SANDBOX_LOCAL_MALLOC)) {
110	check_dlsym(strdup);
111	return true_strdup(s);
112	} else {
113	size_t len;
114	char *ret;
115
116	if (s == NULL)
117	return NULL;
118	len = strlen(s);
119	ret = malloc(len + 1);
120	if (ret == NULL)
121	return NULL;
122	memcpy(ret, s, len + 1);
123	return ret;
124	}
125	}