Attachment #134085 for bug #164656

Lines 24-29 libsandbox_la_SOURCES = \ Link Here

(-)src/Makefile.am (+1 lines)
24	libsandbox.c \	24	libsandbox.c \
25	canonicalize.c \	25	canonicalize.c \
26	sandbox_utils.c \	26	sandbox_utils.c \
		27	mmalloc.c \
27	$(LOCAL_INCLUDES)	28	$(LOCAL_INCLUDES)
28		29
29	sandbox_CFLAGS = -DOUTSIDE_LIBSANDBOX	30	sandbox_CFLAGS = -DOUTSIDE_LIBSANDBOX




/* Minimal mmap-based malloc/free implementation to be used by libsandbox
 * internal routines, since we can't trust the current process to have a
 * malloc/free implementation that is sane and available at all times.
 */

#include <stdlib.h>   /* malloc()/free() prototypes */
#include <string.h>   /* mem*(), strdup() prototype */

#include <sys/mman.h> /* mmap() */
#include <errno.h>
#include <limits.h>

#include "sandbox.h"

static int checked_env = 0;
static int env_sandbox_local_malloc = 0;

#define check_dlsym(_name) \
{ \
	int old_errno = errno; \
	if (!true_ ## _name) \
		true_ ## _name = get_dlsym(#_name, NULL); \
	errno = old_errno; \
}

#define SB_MALLOC_TO_MMAP(ptr) ((void*)(((size_t*)ptr) - 1))
#define SB_MMAP_TO_MALLOC(ptr) ((void*)(((size_t*)ptr) + 1))
#define SB_MALLOC_TO_SIZE(ptr) (*((size_t*)SB_MALLOC_TO_MMAP(ptr)))

static void *(*true_malloc)(size_t size) = NULL;
void *malloc(size_t size)
{
	if (!checked_env) {
		env_sandbox_local_malloc = (getenv(ENV_SANDBOX_LOCAL_MALLOC) != NULL);
		checked_env = 1;
	}
	if (!env_sandbox_local_malloc) {
		check_dlsym(malloc);
		return true_malloc(size);
	} else {
		size_t *ret;
		size += sizeof(size_t);
		ret = mmap(0, size, PROT_READ|PROT_WRITE,
				MAP_PRIVATE|MAP_ANONYMOUS, -1, 0);
		if (ret == MAP_FAILED)
			return NULL;
		*ret = size;
		return SB_MMAP_TO_MALLOC(ret);
	}
}

static void (*true_free)(void *ptr) = NULL;
void free(void *ptr)
{
	if (!checked_env) {
		env_sandbox_local_malloc = (getenv(ENV_SANDBOX_LOCAL_MALLOC) != NULL);
		checked_env = 1;
	}
	if (!env_sandbox_local_malloc) {
		check_dlsym(free);
		true_free(ptr);
	} else {
		if (ptr == NULL)
			return;
		munmap(SB_MALLOC_TO_MMAP(ptr), SB_MALLOC_TO_SIZE(ptr));
	}
}

static void *(*true_calloc)(size_t nmemb, size_t size) = NULL;
void *calloc(size_t nmemb, size_t size)
{
	if (!checked_env) {
		env_sandbox_local_malloc = (getenv(ENV_SANDBOX_LOCAL_MALLOC) != NULL);
		checked_env = 1;
	}
	if (!env_sandbox_local_malloc) {
		check_dlsym(calloc);
		return true_calloc(nmemb, size);
	} else {
		void *ret;
		size_t malloc_size = nmemb * size;
		ret = malloc(malloc_size); /* dont care about overflow */
		if (ret == NULL)
			return NULL;
		memset(ret, 0x00, malloc_size);
		return ret;
	}
}

static void *(*true_realloc)(void *ptr, size_t size) = NULL;
void *realloc(void *ptr, size_t size)
{
	if (!checked_env) {
		env_sandbox_local_malloc = (getenv(ENV_SANDBOX_LOCAL_MALLOC) != NULL);
		checked_env = 1;
	}
	if (!env_sandbox_local_malloc) {
		check_dlsym(realloc);
		return true_realloc(ptr, size);
	} else {
		void *ret;
		size_t old_malloc_size;

		if (ptr == NULL)
			return malloc(size);
		if (size == 0) {
			free(ptr);
			return ptr;
		}

		old_malloc_size = SB_MALLOC_TO_SIZE(ptr);
		ret = malloc(size);
		if (ret == NULL)
			return NULL;
		memcpy(ret, ptr, (size < old_malloc_size ? size
					: old_malloc_size));
		free(ptr);
		return ret;
	}
}

static char *(*true_strdup)(const char *s) = NULL;
#ifdef strdup
#undef strdup
#endif
char *strdup(const char *s)
{
	if (!checked_env) {
		env_sandbox_local_malloc = (getenv(ENV_SANDBOX_LOCAL_MALLOC) != NULL);
		checked_env = 1;
	}
	if (!env_sandbox_local_malloc) {
		check_dlsym(strdup);
		return true_strdup(s);
	} else {
		size_t len;
		char *ret;

		if (s == NULL)
			return NULL;
		len = strlen(s);
		ret = malloc(len + 1);
		if (ret == NULL)
			return NULL;
		return memcpy(ret, s, len + 1);
	}
}

Lines 52-57 Link Here

(-)src/sandbox.h (+3 lines)
52	#define ENV_SANDBOX_ACTIVE "SANDBOX_ACTIVE"	52	#define ENV_SANDBOX_ACTIVE "SANDBOX_ACTIVE"
53	#define SANDBOX_ACTIVE "armedandready"	53	#define SANDBOX_ACTIVE "armedandready"
54		54
		55	#define ENV_SANDBOX_LOCAL_MALLOC "SANDBOX_LOCAL_MALLOC"
		56
55	#define DEFAULT_BEEP_COUNT 3	57	#define DEFAULT_BEEP_COUNT 3
56		58
57	#define SB_BUF_LEN 2048	59	#define SB_BUF_LEN 2048
Lines 110-115 char gbasename (const char path); Link Here
110	char erealpath(const char , char *);	110	char erealpath(const char , char *);
111	#ifndef OUTSIDE_LIBSANDBOX	111	#ifndef OUTSIDE_LIBSANDBOX
112	char egetcwd(char , size_t);	112	char egetcwd(char , size_t);
		113	void get_dlsym(const char , const char *);
113	#endif	114	#endif
114		115
115	#endif /* __SANDBOX_H__ */	116	#endif /* __SANDBOX_H__ */

Lines 121-127 static int sb_path_size_warning = 0; Link Here

(-)src/libsandbox.c (-2 / +1 lines)
121	void __attribute__ ((constructor)) libsb_init(void);	121	void __attribute__ ((constructor)) libsb_init(void);
122	void __attribute__ ((destructor)) libsb_fini(void);	122	void __attribute__ ((destructor)) libsb_fini(void);
123		123
124	static void get_dlsym(const char , const char *);
125	static int canonicalize(const char , char );	124	static int canonicalize(const char , char );
126	static char resolve_path(const char , int);	125	static char resolve_path(const char , int);
127	static int check_prefixes(char *, int, const char );	126	static int check_prefixes(char *, int, const char );
Lines 185-191 void __attribute__ ((constructor)) libsb Link Here
185	errno = old_errno;	184	errno = old_errno;
186	}	185	}
187		186
188	static void get_dlsym(const char symname, const char *symver)	187	void get_dlsym(const char symname, const char *symver)
189	{	188	{
190	void *symaddr = NULL;	189	void *symaddr = NULL;
191		190

Return to bug 164656

Line 0 Link Here

(-)src/mmalloc.c (+147 lines)
		1	/* Minimal mmap-based malloc/free implementation to be used by libsandbox
		2	* internal routines, since we can't trust the current process to have a
		3	* malloc/free implementation that is sane and available at all times.
		4	*/
		5
		6	#include <stdlib.h> /* malloc()/free() prototypes */
		7	#include <string.h> /* mem(), strdup() prototype /
		8
		9	#include <sys/mman.h> /* mmap() */
		10	#include <errno.h>
		11	#include <limits.h>
		12
		13	#include "sandbox.h"
		14
		15	static int checked_env = 0;
		16	static int env_sandbox_local_malloc = 0;
		17
		18	#define check_dlsym(_name) \
		19	{ \
		20	int old_errno = errno; \
		21	if (!true_ ## _name) \
		22	true_ ## _name = get_dlsym(#_name, NULL); \
		23	errno = old_errno; \
		24	}
		25
		26	#define SB_MALLOC_TO_MMAP(ptr) ((void)(((size_t)ptr) - 1))
		27	#define SB_MMAP_TO_MALLOC(ptr) ((void)(((size_t)ptr) + 1))
		28	#define SB_MALLOC_TO_SIZE(ptr) (((size_t)SB_MALLOC_TO_MMAP(ptr)))
		29
		30	static void (true_malloc)(size_t size) = NULL;
		31	void *malloc(size_t size)
		32	{
		33	if (!checked_env) {
		34	env_sandbox_local_malloc = (getenv(ENV_SANDBOX_LOCAL_MALLOC) != NULL);
		35	checked_env = 1;
		36	}
		37	if (!env_sandbox_local_malloc) {
		38	check_dlsym(malloc);
		39	return true_malloc(size);
		40	} else {
		41	size_t *ret;
		42	size += sizeof(size_t);
		43	ret = mmap(0, size, PROT_READ\|PROT_WRITE,
		44	MAP_PRIVATE\|MAP_ANONYMOUS, -1, 0);
		45	if (ret == MAP_FAILED)
		46	return NULL;
		47	*ret = size;
		48	return SB_MMAP_TO_MALLOC(ret);
		49	}
		50	}
		51
		52	static void (true_free)(void ptr) = NULL;
		53	void free(void *ptr)
		54	{
		55	if (!checked_env) {
		56	env_sandbox_local_malloc = (getenv(ENV_SANDBOX_LOCAL_MALLOC) != NULL);
		57	checked_env = 1;
		58	}
		59	if (!env_sandbox_local_malloc) {
		60	check_dlsym(free);
		61	true_free(ptr);
		62	} else {
		63	if (ptr == NULL)
		64	return;
65	munmap(SB_MALLOC_TO_MMAP(ptr), SB_MALLOC_TO_SIZE(ptr));
66	}
67	}
68
69	static void (true_calloc)(size_t nmemb, size_t size) = NULL;
70	void *calloc(size_t nmemb, size_t size)
71	{
72	if (!checked_env) {
73	env_sandbox_local_malloc = (getenv(ENV_SANDBOX_LOCAL_MALLOC) != NULL);
74	checked_env = 1;
75	}
76	if (!env_sandbox_local_malloc) {
77	check_dlsym(calloc);
78	return true_calloc(nmemb, size);
79	} else {
80	void *ret;
81	size_t malloc_size = nmemb * size;
82	ret = malloc(malloc_size); /* dont care about overflow */
83	if (ret == NULL)
84	return NULL;
85	memset(ret, 0x00, malloc_size);
86	return ret;
87	}
88	}
89
90	static void (true_realloc)(void *ptr, size_t size) = NULL;
91	void realloc(void ptr, size_t size)
92	{
93	if (!checked_env) {
94	env_sandbox_local_malloc = (getenv(ENV_SANDBOX_LOCAL_MALLOC) != NULL);
95	checked_env = 1;
96	}
97	if (!env_sandbox_local_malloc) {
98	check_dlsym(realloc);
99	return true_realloc(ptr, size);
100	} else {
101	void *ret;
102	size_t old_malloc_size;
103
104	if (ptr == NULL)
105	return malloc(size);
106	if (size == 0) {
107	free(ptr);
108	return ptr;
109	}
110
111	old_malloc_size = SB_MALLOC_TO_SIZE(ptr);
112	ret = malloc(size);
113	if (ret == NULL)
114	return NULL;
115	memcpy(ret, ptr, (size < old_malloc_size ? size
116	: old_malloc_size));
117	free(ptr);
118	return ret;
119	}
120	}
121
122	static char (true_strdup)(const char *s) = NULL;
123	#ifdef strdup
124	#undef strdup
125	#endif
126	char strdup(const char s)
127	{
128	if (!checked_env) {
129	env_sandbox_local_malloc = (getenv(ENV_SANDBOX_LOCAL_MALLOC) != NULL);
130	checked_env = 1;
131	}
132	if (!env_sandbox_local_malloc) {
133	check_dlsym(strdup);
134	return true_strdup(s);
135	} else {
136	size_t len;
137	char *ret;
138
139	if (s == NULL)
140	return NULL;
141	len = strlen(s);
142	ret = malloc(len + 1);
143	if (ret == NULL)
144	return NULL;
145	return memcpy(ret, s, len + 1);
146	}
147	}