Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 448140 Details for
Bug 553092
sys-apps/sandbox: paths over 8k (ENAMETOOLONG) should not trigger aborts
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch to fix opendir
0001-libsandbox-do-not-abort-with-a-long-name-to-opendir.patch (text/plain), 3.22 KB, created by
Mart Raudsepp
on 2016-09-27 18:00:19 UTC
(
hide
)
Description:
Patch to fix opendir
Filename:
MIME Type:
Creator:
Mart Raudsepp
Created:
2016-09-27 18:00:19 UTC
Size:
3.22 KB
patch
obsolete
>From c8b990b00c9b9a08b272d01a3a89d1457aae80be Mon Sep 17 00:00:00 2001 >From: Mart Raudsepp <leio@gentoo.org> >Date: Tue, 27 Sep 2016 20:44:56 +0300 >Subject: [PATCH] libsandbox: do not abort with a long name to opendir > >Add a pre-check for opendir that catches too long name arguments >given to opendir, as it would get messed up and abort before it >even gets to the open*() syscall (which would handle it correctly), >due to opendir going through before_syscall/check_syscall, even >though it isn't a true syscall and it getting cut to SB_PATH_MAX >inbetween and getting confused somewhere. > >URL: https://bugs.gentoo.org/553092 >Signed-off-by: Mart Raudsepp <leio@gentoo.org> >--- > libsandbox/wrapper-funcs/opendir.c | 2 ++ > libsandbox/wrapper-funcs/opendir_pre_check.c | 26 ++++++++++++++++++++++++++ > libsandbox/wrappers.h | 1 + > 3 files changed, 29 insertions(+) > create mode 100644 libsandbox/wrapper-funcs/opendir_pre_check.c > >diff --git a/libsandbox/wrapper-funcs/opendir.c b/libsandbox/wrapper-funcs/opendir.c >index 7670775..70c2692 100644 >--- a/libsandbox/wrapper-funcs/opendir.c >+++ b/libsandbox/wrapper-funcs/opendir.c >@@ -10,4 +10,6 @@ > #define WRAPPER_SAFE() SB_SAFE(name) > #define WRAPPER_RET_TYPE DIR * > #define WRAPPER_RET_DEFAULT NULL >+#define WRAPPER_PRE_CHECKS() sb_opendir_pre_check(STRING_NAME, name) >+ > #include "__wrapper_simple.c" >diff --git a/libsandbox/wrapper-funcs/opendir_pre_check.c b/libsandbox/wrapper-funcs/opendir_pre_check.c >new file mode 100644 >index 0000000..da6d8a6 >--- /dev/null >+++ b/libsandbox/wrapper-funcs/opendir_pre_check.c >@@ -0,0 +1,26 @@ >+/* >+ * opendir() pre-check. >+ * >+ * Copyright 1999-2016 Gentoo Foundation >+ * Licensed under the GPL-2 >+ */ >+ >+bool sb_opendir_pre_check(const char *func, const char *name) >+{ >+ /* If length of name is larger than PATH_MAX, we would mess it up >+ * before it reaches the open syscall, which would cleanly error out >+ * via sandbox as well (actually with much smaller lengths than even >+ * PATH_MAX). >+ * So error out early in this case, in order to avoid an abort in >+ * check_syscall later on, which gets ran for opendir, despite it not >+ * being a syscall. >+ */ >+ if (strlen(name) > PATH_MAX) { >+ errno = ENAMETOOLONG; >+ sb_debug_dyn("EARLY FAIL: %s(%s): %s\n", >+ func, name, strerror(errno)); >+ return false; >+ } >+ >+ return true; >+} >diff --git a/libsandbox/wrappers.h b/libsandbox/wrappers.h >index 0aa58bb..bf5bf64 100644 >--- a/libsandbox/wrappers.h >+++ b/libsandbox/wrappers.h >@@ -27,6 +27,7 @@ attribute_hidden bool sb_fopen64_pre_check (const char *func, const char *pathn > attribute_hidden bool sb_mkdirat_pre_check (const char *func, const char *pathname, int dirfd); > attribute_hidden bool sb_openat_pre_check (const char *func, const char *pathname, int dirfd, int flags); > attribute_hidden bool sb_openat64_pre_check (const char *func, const char *pathname, int dirfd, int flags); >+attribute_hidden bool sb_opendir_pre_check (const char *func, const char *name); > attribute_hidden bool sb_unlinkat_pre_check (const char *func, const char *pathname, int dirfd); > attribute_hidden bool sb_common_at_pre_check(const char *func, const char **pathname, int dirfd, > char *dirfd_path, size_t dirfd_path_len); >-- >2.9.0 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 553092
:
405602
|
405616
|
429244
| 448140 |
452968