Attachment 448140 Details for Bug 553092 – Patch to fix opendir

[patch] Patch to fix opendir

0001-libsandbox-do-not-abort-with-a-long-name-to-opendir.patch (text/plain), 3.22 KB, created by Mart Raudsepp on 2016-09-27 18:00:19 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Mart Raudsepp

Created: 2016-09-27 18:00:19 UTC

Size: 3.22 KB

patch

obsolete

>From c8b990b00c9b9a08b272d01a3a89d1457aae80be Mon Sep 17 00:00:00 2001
>From: Mart Raudsepp <leio@gentoo.org>
>Date: Tue, 27 Sep 2016 20:44:56 +0300
>Subject: [PATCH] libsandbox: do not abort with a long name to opendir
>
>Add a pre-check for opendir that catches too long name arguments
>given to opendir, as it would get messed up and abort before it
>even gets to the open*() syscall (which would handle it correctly),
>due to opendir going through before_syscall/check_syscall, even
>though it isn't a true syscall and it getting cut to SB_PATH_MAX
>inbetween and getting confused somewhere.
>
>URL: https://bugs.gentoo.org/553092
>Signed-off-by: Mart Raudsepp <leio@gentoo.org>
>---
> libsandbox/wrapper-funcs/opendir.c           |  2 ++
> libsandbox/wrapper-funcs/opendir_pre_check.c | 26 ++++++++++++++++++++++++++
> libsandbox/wrappers.h                        |  1 +
> 3 files changed, 29 insertions(+)
> create mode 100644 libsandbox/wrapper-funcs/opendir_pre_check.c
>
>diff --git a/libsandbox/wrapper-funcs/opendir.c b/libsandbox/wrapper-funcs/opendir.c
>index 7670775..70c2692 100644
>--- a/libsandbox/wrapper-funcs/opendir.c
>+++ b/libsandbox/wrapper-funcs/opendir.c
>@@ -10,4 +10,6 @@
> #define WRAPPER_SAFE() SB_SAFE(name)
> #define WRAPPER_RET_TYPE DIR *
> #define WRAPPER_RET_DEFAULT NULL
>+#define WRAPPER_PRE_CHECKS() sb_opendir_pre_check(STRING_NAME, name)
>+
> #include "__wrapper_simple.c"
>diff --git a/libsandbox/wrapper-funcs/opendir_pre_check.c b/libsandbox/wrapper-funcs/opendir_pre_check.c
>new file mode 100644
>index 0000000..da6d8a6
>--- /dev/null
>+++ b/libsandbox/wrapper-funcs/opendir_pre_check.c
>@@ -0,0 +1,26 @@
>+/*
>+ * opendir() pre-check.
>+ *
>+ * Copyright 1999-2016 Gentoo Foundation
>+ * Licensed under the GPL-2
>+ */
>+
>+bool sb_opendir_pre_check(const char *func, const char *name)
>+{
>+	/* If length of name is larger than PATH_MAX, we would mess it up
>+	 * before it reaches the open syscall, which would cleanly error out
>+	 * via sandbox as well (actually with much smaller lengths than even
>+	 * PATH_MAX).
>+	 * So error out early in this case, in order to avoid an abort in
>+	 * check_syscall later on, which gets ran for opendir, despite it not
>+	 * being a syscall.
>+	 */
>+	if (strlen(name) > PATH_MAX) {
>+		errno = ENAMETOOLONG;
>+		sb_debug_dyn("EARLY FAIL: %s(%s): %s\n",
>+			func, name, strerror(errno));
>+		return false;
>+	}
>+
>+	return true;
>+}
>diff --git a/libsandbox/wrappers.h b/libsandbox/wrappers.h
>index 0aa58bb..bf5bf64 100644
>--- a/libsandbox/wrappers.h
>+++ b/libsandbox/wrappers.h
>@@ -27,6 +27,7 @@ attribute_hidden bool sb_fopen64_pre_check  (const char *func, const char *pathn
> attribute_hidden bool sb_mkdirat_pre_check  (const char *func, const char *pathname, int dirfd);
> attribute_hidden bool sb_openat_pre_check   (const char *func, const char *pathname, int dirfd, int flags);
> attribute_hidden bool sb_openat64_pre_check (const char *func, const char *pathname, int dirfd, int flags);
>+attribute_hidden bool sb_opendir_pre_check  (const char *func, const char *name);
> attribute_hidden bool sb_unlinkat_pre_check (const char *func, const char *pathname, int dirfd);
> attribute_hidden bool sb_common_at_pre_check(const char *func, const char **pathname, int dirfd,
>                                              char *dirfd_path, size_t dirfd_path_len);
>-- 
>2.9.0
>

Actions: View | Diff

Attachments on bug 553092: 405602 | 405616 | 429244 | 448140 | 452968