Attachment #13694 for bug #21766




# Copyright 2002 Gentoo Technologies, Inc.; Distributed under the GPL v2
# $Header: /home/cvsroot/gentoo-src/portage/src/sandbox-1.1/ChangeLog,v 1.15 2003/04/06 09:06:48 azarah Exp $

  22 Jun 2003; Martin Schlemmer <azarah@gentoo.org> libsandbox.c, canonicalize.c
  create-localdecls :
  When checking path names of files accessed, we need to canonicalize it, else
  it may be a symlink in a 'write allowed' directory pointing to a file in a
  directory we should not have write access to.

  With something like coreutils-5.0, we have two problems:
  1)  One of the tests checks if getcwd() can return a path longer than
      PATH_MAX.  This test then tries to create a dir which even while
      created local (mkdir("conftest2")), it ends up being resolved with
      a name that is much larger than PATH_MAX.  The problem now is that
      canonicalize() have undefined behaviour when the path was too long
      (returned wrongly truncated paths, etc), and pass the wrong path to
      before_syscall() (causing the bogus sandbox violations).
  2)  The ecanonicalize() function we used, along with the canonicalize()
      function did not support longer than PATH_MAX.  This is partly a
      cause for 1), but the error checking (rather lack of it) of calls
      to erealpath() in canonicalize() was the prime reason for 1).

  As we do not use this canonicalized name to call the function, we resolve this
  by fixing canonicalize() to do better error checking, and ecanonicalize() as
  well as all functions in libsandbox.c to use a PATH_MAX of 'PATH_MAX * 2'.
  While they will resolve paths properly now, and can check if a write/read is
  allowed, the functions called from the sandboxed environment will still work
  as expected.

  This should resolve bug #21766.

  06 Apr 2003; Martin Schlemmer <azarah@gentoo.org> libsandbox.c :
  For some reason sandbox fails with a 'open_wr' if you run 'locale -a' under
  it (bug #16298).

Lines 37-43 Link Here

(-)sandbox-1.1/Makefile (-1 / +1 lines)
37	libsandbox.o: libsandbox.c localdecls.h	37	libsandbox.o: libsandbox.c localdecls.h
38	$(CC) $(CFLAGS) -Wall -c $(OBJ_DEFINES) libsandbox.c	38	$(CC) $(CFLAGS) -Wall -c $(OBJ_DEFINES) libsandbox.c
39		39
40	canonicalize.o: canonicalize.c	40	canonicalize.o: canonicalize.c localdecls.h
41	$(CC) $(CFLAGS) -Wall -c $(OBJ_DEFINES) canonicalize.c	41	$(CC) $(CFLAGS) -Wall -c $(OBJ_DEFINES) canonicalize.c
42		42
43	localdecls.h: create-localdecls libctest.c	43	localdecls.h: create-localdecls libctest.c

Lines 29-34 Link Here

(-)sandbox-1.1/canonicalize.c (-4 / +6 lines)
29	#include <sys/stat.h>	29	#include <sys/stat.h>
30	#include <errno.h>	30	#include <errno.h>
31	#include <stddef.h>	31	#include <stddef.h>
		32
		33	#include "localdecls.h"
32		34
33	#ifndef __set_errno	35	#ifndef __set_errno
34	# define __set_errno(val) errno = (val)	36	# define __set_errno(val) errno = (val)
Lines 38-45 Link Here
38	does not contain any `.', `..' components nor any repeated path	40	does not contain any `.', `..' components nor any repeated path
39	separators ('/') or symlinks. All path components must exist. If	41	separators ('/') or symlinks. All path components must exist. If
40	RESOLVED is null, the result is malloc'd; otherwise, if the	42	RESOLVED is null, the result is malloc'd; otherwise, if the
41	canonical name is PATH_MAX chars or more, returns null with `errno'	43	canonical name is SB_PATH_MAX chars or more, returns null with `errno'
42	set to ENAMETOOLONG; if the name fits in fewer than PATH_MAX chars,	44	set to ENAMETOOLONG; if the name fits in fewer than SB_PATH_MAX chars,
43	returns the name in RESOLVED. If the name cannot be resolved and	45	returns the name in RESOLVED. If the name cannot be resolved and
44	RESOLVED is non-NULL, it contains the path of the first component	46	RESOLVED is non-NULL, it contains the path of the first component
45	that cannot be resolved. If the path can be resolved, RESOLVED	47	that cannot be resolved. If the path can be resolved, RESOLVED
Lines 78-85 Link Here
78	return NULL;	80	return NULL;
79	}	81	}
80		82
81	#ifdef PATH_MAX	83	#ifdef SB_PATH_MAX
82	path_max = PATH_MAX;	84	path_max = SB_PATH_MAX;
83	#else	85	#else
84	path_max = pathconf (name, _PC_PATH_MAX);	86	path_max = pathconf (name, _PC_PATH_MAX);
85	if (path_max <= 0)	87	if (path_max <= 0)




	esac
fi

echo '
#ifdef PATH_MAX
# define SB_PATH_MAX PATH_MAX * 2
# if (SB_PATH_MAX >= INT_MAX)
#  undef SB_PATH_MAX
#  define SB_PATH_MAX PATH_MAX + 25
#  if (SB_PATH_MAX >= INT_MAX)
#   error PATH_MAX too big!
#  endif
# endif
#else
# error PATH_MAX not defined!
#endif' >> $OUTFILE

echo >> $OUTFILE
echo '#endif' >> $OUTFILE
echo




  errno=old_errno; \
}

#define canonicalize(path, resolved_path) \
{ \
  if (0 != _canonicalize(path, resolved_path)) \
    return -1; \
}

#define canonicalize_ptr(path, resolved_path) \
{ \
  if (0 != _canonicalize(path, resolved_path)) \
    return NULL; \
}

static char sandbox_lib[255];

typedef struct {


static void init_wrappers(void);
static void *get_dlsym(const char *);
static int _canonicalize(const char *, char *);
static int check_access(sbcontext_t *, const char *, const char *);
static int check_syscall(sbcontext_t *, const char *, const char *);
static int before_syscall(const char *, const char *);

  errno = old_errno;
}

static int _canonicalize(const char *path, char *resolved_path)
{
  int old_errno = errno;
  char *retval;

  /* If path == NULL, return or we get a segfault */
  if (NULL == path) {
    errno = EINVAL;
    return -1;
  }

  retval = erealpath(path, resolved_path);
  
  if((!retval) && (path[0] != '/')) {
    /* The path could not be canonicalized, append it
     * to the current working directory if it was not
     * an absolute path
     */
    if (errno == ENAMETOOLONG)
      return -1;
    
    getcwd(resolved_path, SB_PATH_MAX - 2);
    strcat(resolved_path, "/");
    strncat(resolved_path, path, SB_PATH_MAX - 1);
    
    if (!erealpath(resolved_path, resolved_path)) {
      if (errno == ENAMETOOLONG) {
        /* The resolved path is too long for the buffer to hold */
        return -1;
      } else {
        /* Whatever it resolved, is not a valid path */
        errno = ENOENT;
        return -1;
      }
    }
    
  } else if ((!retval) && (path[0] == '/')) {
    /* Whatever it resolved, is not a valid path */
    errno = ENOENT;
    return -1;
  }

  errno = old_errno;
  return 0;
}

static void *get_dlsym(const char *symname)

int chmod(const char *path, mode_t mode)
{
  int result = -1;
  char canonic[SB_PATH_MAX];

  canonicalize(path, canonic);


int chown(const char *path, uid_t owner, gid_t group)
{
  int result = -1;
  char canonic[SB_PATH_MAX];

  canonicalize(path, canonic);


{
/* Is it a system call? */
  int result = -1;
  char canonic[SB_PATH_MAX];

  canonicalize(pathname, canonic);


FILE *fopen(const char *pathname, const char *mode)
{
  FILE *result = NULL;
  char canonic[SB_PATH_MAX];

  canonicalize_ptr(pathname, canonic);

  if FUNCTION_SANDBOX_SAFE_CHAR("fopen", canonic, mode) {
    check_dlsym(fopen);

{
/* Linux specific? */
  int result = -1;
  char canonic[SB_PATH_MAX];

  canonicalize(path, canonic);


int link(const char *oldpath, const char *newpath)
{
  int result = -1;
  char old_canonic[SB_PATH_MAX], new_canonic[SB_PATH_MAX];

  canonicalize(oldpath, old_canonic);
  canonicalize(newpath, new_canonic);

int mkdir(const char *pathname, mode_t mode)
{
  int result = -1;
  char canonic[SB_PATH_MAX];

  canonicalize(pathname, canonic);


DIR *opendir(const char *name)
{
  DIR *result = NULL;
  char canonic[SB_PATH_MAX];

  canonicalize_ptr(name, canonic);

  if FUNCTION_SANDBOX_SAFE("opendir", canonic) {
    check_dlsym(opendir);

int __xmknod(const char *pathname, mode_t mode, dev_t dev)
{
  int result = -1;
  char canonic[SB_PATH_MAX];

  canonicalize(pathname, canonic);


  va_list ap;
  mode_t mode = 0;
  int result = -1;
  char canonic[SB_PATH_MAX];

  if (flags & O_CREAT) {
    va_start(ap, flags);

int rename(const char *oldpath, const char *newpath)
{
  int result = -1;
  char old_canonic[SB_PATH_MAX], new_canonic[SB_PATH_MAX];

  canonicalize(oldpath, old_canonic);
  canonicalize(newpath, new_canonic);

int rmdir(const char *pathname)
{
  int result = -1;
  char canonic[SB_PATH_MAX];

  canonicalize(pathname, canonic);


int symlink(const char *oldpath, const char *newpath)
{
  int result = -1;
  char old_canonic[SB_PATH_MAX], new_canonic[SB_PATH_MAX];

  canonicalize(oldpath, old_canonic);
  canonicalize(newpath, new_canonic);

int truncate(const char *path, TRUNCATE_T length)
{
  int result = -1;
  char canonic[SB_PATH_MAX];

  canonicalize(path, canonic);


int unlink(const char *pathname)
{
  int result = -1;
  char canonic[SB_PATH_MAX];

  canonicalize(pathname, canonic);


{
/* Is it a system call? */
  int result = -1;
  char canonic[SB_PATH_MAX];

  canonicalize(pathname, canonic);


FILE *fopen64(const char *pathname, const char *mode)
{
  FILE *result = NULL;
  char canonic[SB_PATH_MAX];

  canonicalize_ptr(pathname, canonic);

  if FUNCTION_SANDBOX_SAFE_CHAR("fopen64", canonic, mode) {
    check_dlsym(fopen64);

  va_list ap;
  mode_t mode = 0;
  int result = -1;
  char canonic[SB_PATH_MAX];

  if (flags & O_CREAT) {
    va_start(ap, flags);

int truncate64(const char *path, __off64_t length)
{
  int result = -1;
  char canonic[SB_PATH_MAX];

  canonicalize(path, canonic);


  int old_errno = errno;
  int result = -1;
  int count = 0;
  char canonic[SB_PATH_MAX];
  char *old_envp = NULL;
  char *new_envp = NULL;


static char* filter_path(const char* path)
{
  int old_errno = errno;
  char* filtered_path = (char *)malloc(SB_PATH_MAX * sizeof(char));

  canonicalize_ptr(path, filtered_path);

  errno = old_errno;


Return to bug 21766

Lines 2-7 Link Here

(-)sandbox-1.1/ChangeLog (+28 lines)
2	# Copyright 2002 Gentoo Technologies, Inc.; Distributed under the GPL v2	2	# Copyright 2002 Gentoo Technologies, Inc.; Distributed under the GPL v2
3	# $Header: /home/cvsroot/gentoo-src/portage/src/sandbox-1.1/ChangeLog,v 1.15 2003/04/06 09:06:48 azarah Exp $	3	# $Header: /home/cvsroot/gentoo-src/portage/src/sandbox-1.1/ChangeLog,v 1.15 2003/04/06 09:06:48 azarah Exp $
4		4
		5	22 Jun 2003; Martin Schlemmer <azarah@gentoo.org> libsandbox.c, canonicalize.c
		6	create-localdecls :
		7	When checking path names of files accessed, we need to canonicalize it, else
		8	it may be a symlink in a 'write allowed' directory pointing to a file in a
		9	directory we should not have write access to.
		10
		11	With something like coreutils-5.0, we have two problems:
		12	1) One of the tests checks if getcwd() can return a path longer than
		13	PATH_MAX. This test then tries to create a dir which even while
		14	created local (mkdir("conftest2")), it ends up being resolved with
		15	a name that is much larger than PATH_MAX. The problem now is that
		16	canonicalize() have undefined behaviour when the path was too long
		17	(returned wrongly truncated paths, etc), and pass the wrong path to
		18	before_syscall() (causing the bogus sandbox violations).
		19	2) The ecanonicalize() function we used, along with the canonicalize()
		20	function did not support longer than PATH_MAX. This is partly a
		21	cause for 1), but the error checking (rather lack of it) of calls
		22	to erealpath() in canonicalize() was the prime reason for 1).
		23
		24	As we do not use this canonicalized name to call the function, we resolve this
		25	by fixing canonicalize() to do better error checking, and ecanonicalize() as
		26	well as all functions in libsandbox.c to use a PATH_MAX of 'PATH_MAX * 2'.
		27	While they will resolve paths properly now, and can check if a write/read is
		28	allowed, the functions called from the sandboxed environment will still work
		29	as expected.
		30
		31	This should resolve bug #21766.
		32
5	06 Apr 2003; Martin Schlemmer <azarah@gentoo.org> libsandbox.c :	33	06 Apr 2003; Martin Schlemmer <azarah@gentoo.org> libsandbox.c :
6	For some reason sandbox fails with a 'open_wr' if you run 'locale -a' under	34	For some reason sandbox fails with a 'open_wr' if you run 'locale -a' under
7	it (bug #16298).	35	it (bug #16298).

Lines 92-97 Link Here

(-)sandbox-1.1/create-localdecls (+14 lines)
92	esac	92	esac
93	fi	93	fi
94		94
		95	echo '
		96	#ifdef PATH_MAX
		97	# define SB_PATH_MAX PATH_MAX * 2
		98	# if (SB_PATH_MAX >= INT_MAX)
		99	# undef SB_PATH_MAX
		100	# define SB_PATH_MAX PATH_MAX + 25
		101	# if (SB_PATH_MAX >= INT_MAX)
		102	# error PATH_MAX too big!
		103	# endif
		104	# endif
		105	#else
		106	# error PATH_MAX not defined!
		107	#endif' >> $OUTFILE
		108
95	echo >> $OUTFILE	109	echo >> $OUTFILE
96	echo '#endif' >> $OUTFILE	110	echo '#endif' >> $OUTFILE
97	echo	111	echo

Lines 93-98 Link Here

(-)sandbox-1.1/libsandbox.c (-32 / +69 lines)
93	errno=old_errno; \	93	errno=old_errno; \
94	}	94	}
95		95
		96	#define canonicalize(path, resolved_path) \
		97	{ \
		98	if (0 != _canonicalize(path, resolved_path)) \
		99	return -1; \
		100	}
		101
		102	#define canonicalize_ptr(path, resolved_path) \
		103	{ \
		104	if (0 != _canonicalize(path, resolved_path)) \
		105	return NULL; \
		106	}
		107
96	static char sandbox_lib[255];	108	static char sandbox_lib[255];
97		109
98	typedef struct {	110	typedef struct {
Lines 114-120 Link Here
114		126
115	static void init_wrappers(void);	127	static void init_wrappers(void);
116	static void get_dlsym(const char );	128	static void get_dlsym(const char );
117	static void canonicalize(const char , char );	129	static int _canonicalize(const char , char );
118	static int check_access(sbcontext_t , const char , const char *);	130	static int check_access(sbcontext_t , const char , const char *);
119	static int check_syscall(sbcontext_t , const char , const char *);	131	static int check_syscall(sbcontext_t , const char , const char *);
120	static int before_syscall(const char , const char );	132	static int before_syscall(const char , const char );
Lines 239-263 Link Here
239	errno = old_errno;	251	errno = old_errno;
240	}	252	}
241		253
242	static void canonicalize(const char path, char resolved_path)	254	static int _canonicalize(const char path, char resolved_path)
243	{	255	{
244	int old_errno = errno;	256	int old_errno = errno;
		257	char *retval;
245		258
246	/* If path == NULL, return or we get a segfault */	259	/* If path == NULL, return or we get a segfault */
247	if (NULL == path) return;	260	if (NULL == path) {
		261	errno = EINVAL;
		262	return -1;
		263	}
		264
		265	retval = erealpath(path, resolved_path);
248		266
249	if(!erealpath(path, resolved_path) && (path[0] != '/')) {	267	if((!retval) && (path[0] != '/')) {
250	/* The path could not be canonicalized, append it	268	/* The path could not be canonicalized, append it
251	* to the current working directory if it was not	269	* to the current working directory if it was not
252	* an absolute path	270	* an absolute path
253	*/	271	*/
254	getcwd(resolved_path, MAXPATHLEN - 2);	272	if (errno == ENAMETOOLONG)
		273	return -1;
		274
		275	getcwd(resolved_path, SB_PATH_MAX - 2);
255	strcat(resolved_path, "/");	276	strcat(resolved_path, "/");
256	strncat(resolved_path, path, MAXPATHLEN - 1);	277	strncat(resolved_path, path, SB_PATH_MAX - 1);
257	erealpath(resolved_path, resolved_path);	278
		279	if (!erealpath(resolved_path, resolved_path)) {
		280	if (errno == ENAMETOOLONG) {
		281	/* The resolved path is too long for the buffer to hold */
		282	return -1;
		283	} else {
		284	/* Whatever it resolved, is not a valid path */
		285	errno = ENOENT;
		286	return -1;
		287	}
		288	}
		289
		290	} else if ((!retval) && (path[0] == '/')) {
		291	/* Whatever it resolved, is not a valid path */
		292	errno = ENOENT;
		293	return -1;
258	}	294	}
259		295
260	errno = old_errno;	296	errno = old_errno;
		297	return 0;
261	}	298	}
262		299
263	static void get_dlsym(const char symname)	300	static void get_dlsym(const char symname)
Lines 291-297 Link Here
291	int chmod(const char *path, mode_t mode)	328	int chmod(const char *path, mode_t mode)
292	{	329	{
293	int result = -1;	330	int result = -1;
294	char canonic[MAXPATHLEN];	331	char canonic[SB_PATH_MAX];
295		332
296	canonicalize(path, canonic);	333	canonicalize(path, canonic);
297		334
Lines 306-312 Link Here
306	int chown(const char *path, uid_t owner, gid_t group)	343	int chown(const char *path, uid_t owner, gid_t group)
307	{	344	{
308	int result = -1;	345	int result = -1;
309	char canonic[MAXPATHLEN];	346	char canonic[SB_PATH_MAX];
310		347
311	canonicalize(path, canonic);	348	canonicalize(path, canonic);
312		349
Lines 322-328 Link Here
322	{	359	{
323	/* Is it a system call? */	360	/* Is it a system call? */
324	int result = -1;	361	int result = -1;
325	char canonic[MAXPATHLEN];	362	char canonic[SB_PATH_MAX];
326		363
327	canonicalize(pathname, canonic);	364	canonicalize(pathname, canonic);
328		365
Lines 337-345 Link Here
337	FILE fopen(const char pathname, const char *mode)	374	FILE fopen(const char pathname, const char *mode)
338	{	375	{
339	FILE *result = NULL;	376	FILE *result = NULL;
340	char canonic[MAXPATHLEN];	377	char canonic[SB_PATH_MAX];
341		378
342	canonicalize(pathname, canonic);	379	canonicalize_ptr(pathname, canonic);
343		380
344	if FUNCTION_SANDBOX_SAFE_CHAR("fopen", canonic, mode) {	381	if FUNCTION_SANDBOX_SAFE_CHAR("fopen", canonic, mode) {
345	check_dlsym(fopen);	382	check_dlsym(fopen);
Lines 353-359 Link Here
353	{	390	{
354	/* Linux specific? */	391	/* Linux specific? */
355	int result = -1;	392	int result = -1;
356	char canonic[MAXPATHLEN];	393	char canonic[SB_PATH_MAX];
357		394
358	canonicalize(path, canonic);	395	canonicalize(path, canonic);
359		396
Lines 368-374 Link Here
368	int link(const char oldpath, const char newpath)	405	int link(const char oldpath, const char newpath)
369	{	406	{
370	int result = -1;	407	int result = -1;
371	char old_canonic[MAXPATHLEN], new_canonic[MAXPATHLEN];	408	char old_canonic[SB_PATH_MAX], new_canonic[SB_PATH_MAX];
372		409
373	canonicalize(oldpath, old_canonic);	410	canonicalize(oldpath, old_canonic);
374	canonicalize(newpath, new_canonic);	411	canonicalize(newpath, new_canonic);
Lines 384-390 Link Here
384	int mkdir(const char *pathname, mode_t mode)	421	int mkdir(const char *pathname, mode_t mode)
385	{	422	{
386	int result = -1;	423	int result = -1;
387	char canonic[MAXPATHLEN];	424	char canonic[SB_PATH_MAX];
388		425
389	canonicalize(pathname, canonic);	426	canonicalize(pathname, canonic);
390		427
Lines 399-407 Link Here
399	DIR opendir(const char name)	436	DIR opendir(const char name)
400	{	437	{
401	DIR *result = NULL;	438	DIR *result = NULL;
402	char canonic[MAXPATHLEN];	439	char canonic[SB_PATH_MAX];
403		440
404	canonicalize(name, canonic);	441	canonicalize_ptr(name, canonic);
405		442
406	if FUNCTION_SANDBOX_SAFE("opendir", canonic) {	443	if FUNCTION_SANDBOX_SAFE("opendir", canonic) {
407	check_dlsym(opendir);	444	check_dlsym(opendir);
Lines 416-422 Link Here
416	int __xmknod(const char *pathname, mode_t mode, dev_t dev)	453	int __xmknod(const char *pathname, mode_t mode, dev_t dev)
417	{	454	{
418	int result = -1;	455	int result = -1;
419	char canonic[MAXPATHLEN];	456	char canonic[SB_PATH_MAX];
420		457
421	canonicalize(pathname, canonic);	458	canonicalize(pathname, canonic);
422		459
Lines 436-442 Link Here
436	va_list ap;	473	va_list ap;
437	mode_t mode = 0;	474	mode_t mode = 0;
438	int result = -1;	475	int result = -1;
439	char canonic[MAXPATHLEN];	476	char canonic[SB_PATH_MAX];
440		477
441	if (flags & O_CREAT) {	478	if (flags & O_CREAT) {
442	va_start(ap, flags);	479	va_start(ap, flags);
Lines 460-466 Link Here
460	int rename(const char oldpath, const char newpath)	497	int rename(const char oldpath, const char newpath)
461	{	498	{
462	int result = -1;	499	int result = -1;
463	char old_canonic[MAXPATHLEN], new_canonic[MAXPATHLEN];	500	char old_canonic[SB_PATH_MAX], new_canonic[SB_PATH_MAX];
464		501
465	canonicalize(oldpath, old_canonic);	502	canonicalize(oldpath, old_canonic);
466	canonicalize(newpath, new_canonic);	503	canonicalize(newpath, new_canonic);
Lines 476-482 Link Here
476	int rmdir(const char *pathname)	513	int rmdir(const char *pathname)
477	{	514	{
478	int result = -1;	515	int result = -1;
479	char canonic[MAXPATHLEN];	516	char canonic[SB_PATH_MAX];
480		517
481	canonicalize(pathname, canonic);	518	canonicalize(pathname, canonic);
482		519
Lines 491-497 Link Here
491	int symlink(const char oldpath, const char newpath)	528	int symlink(const char oldpath, const char newpath)
492	{	529	{
493	int result = -1;	530	int result = -1;
494	char old_canonic[MAXPATHLEN], new_canonic[MAXPATHLEN];	531	char old_canonic[SB_PATH_MAX], new_canonic[SB_PATH_MAX];
495		532
496	canonicalize(oldpath, old_canonic);	533	canonicalize(oldpath, old_canonic);
497	canonicalize(newpath, new_canonic);	534	canonicalize(newpath, new_canonic);
Lines 507-513 Link Here
507	int truncate(const char *path, TRUNCATE_T length)	544	int truncate(const char *path, TRUNCATE_T length)
508	{	545	{
509	int result = -1;	546	int result = -1;
510	char canonic[MAXPATHLEN];	547	char canonic[SB_PATH_MAX];
511		548
512	canonicalize(path, canonic);	549	canonicalize(path, canonic);
513		550
Lines 522-528 Link Here
522	int unlink(const char *pathname)	559	int unlink(const char *pathname)
523	{	560	{
524	int result = -1;	561	int result = -1;
525	char canonic[MAXPATHLEN];	562	char canonic[SB_PATH_MAX];
526		563
527	canonicalize(pathname, canonic);	564	canonicalize(pathname, canonic);
528		565
Lines 540-546 Link Here
540	{	577	{
541	/* Is it a system call? */	578	/* Is it a system call? */
542	int result = -1;	579	int result = -1;
543	char canonic[MAXPATHLEN];	580	char canonic[SB_PATH_MAX];
544		581
545	canonicalize(pathname, canonic);	582	canonicalize(pathname, canonic);
546		583
Lines 555-563 Link Here
555	FILE fopen64(const char pathname, const char *mode)	592	FILE fopen64(const char pathname, const char *mode)
556	{	593	{
557	FILE *result = NULL;	594	FILE *result = NULL;
558	char canonic[MAXPATHLEN];	595	char canonic[SB_PATH_MAX];
559		596
560	canonicalize(pathname, canonic);	597	canonicalize_ptr(pathname, canonic);
561		598
562	if FUNCTION_SANDBOX_SAFE_CHAR("fopen64", canonic, mode) {	599	if FUNCTION_SANDBOX_SAFE_CHAR("fopen64", canonic, mode) {
563	check_dlsym(fopen64);	600	check_dlsym(fopen64);
Lines 573-579 Link Here
573	va_list ap;	610	va_list ap;
574	mode_t mode = 0;	611	mode_t mode = 0;
575	int result = -1;	612	int result = -1;
576	char canonic[MAXPATHLEN];	613	char canonic[SB_PATH_MAX];
577		614
578	if (flags & O_CREAT) {	615	if (flags & O_CREAT) {
579	va_start(ap, flags);	616	va_start(ap, flags);
Lines 594-600 Link Here
594	int truncate64(const char *path, __off64_t length)	631	int truncate64(const char *path, __off64_t length)
595	{	632	{
596	int result = -1;	633	int result = -1;
597	char canonic[MAXPATHLEN];	634	char canonic[SB_PATH_MAX];
598		635
599	canonicalize(path, canonic);	636	canonicalize(path, canonic);
600		637
Lines 617-623 Link Here
617	int old_errno = errno;	654	int old_errno = errno;
618	int result = -1;	655	int result = -1;
619	int count = 0;	656	int count = 0;
620	char canonic[MAXPATHLEN];	657	char canonic[SB_PATH_MAX];
621	char *old_envp = NULL;	658	char *old_envp = NULL;
622	char *new_envp = NULL;	659	char *new_envp = NULL;
623		660
Lines 843-851 Link Here
843	static char* filter_path(const char* path)	880	static char* filter_path(const char* path)
844	{	881	{
845	int old_errno = errno;	882	int old_errno = errno;
846	char* filtered_path = (char )malloc(MAXPATHLEN sizeof(char));	883	char* filtered_path = (char )malloc(SB_PATH_MAX sizeof(char));
847		884
848	canonicalize(path, filtered_path);	885	canonicalize_ptr(path, filtered_path);
849		886
850	errno = old_errno;	887	errno = old_errno;
851		888