Attachment #865353 for bug #908809

View | Details | Raw Unified | Return to bug 908809
Collapse All | Expand All




				if (lstat64(rpath, &st))
					break;
				if (S_ISLNK(st.st_mode)) {
					/*   avoid undefined behaviour resulting from passing rpath
					 *   as source and destination buffer to readlink:
					 *   warning: passing argument 2 to 'restrict'-qualified
					 *   parameter aliases with argument 1 [-Wrestrict]
					 */
				        char buffer[path_max];
					ssize_t cnt = readlink(rpath, buffer, sizeof(buffer));
					if (cnt == -1)
						break;
					buffer[cnt] = '\0';
					strcpy(rpath,buffer);
					if (p) {
						size_t bytes_left = strlen(p);
						if (bytes_left >= path_max)

Lines 131-137 int resolve_dirfd_path(int dirfd, const char path, char resolved_path, Link Here

(-)a/libsandbox/libsandbox.c (-7 / +30 lines)
131		131
132	save_errno();	132	save_errno();
133		133
134	size_t at_len = resolved_path_len - 1 - 1 - (path ? strlen(path) : 0);	134	/unused: size_t at_len = resolved_path_len - 1 - 1 - (path ? strlen(path) : 0);/
135	if (trace_pid) {	135	if (trace_pid) {
136	sprintf(resolved_path, "/proc/%i/fd/%i", trace_pid, dirfd);	136	sprintf(resolved_path, "/proc/%i/fd/%i", trace_pid, dirfd);
137	} else {	137	} else {
Lines 141-147 int resolve_dirfd_path(int dirfd, const char path, char resolved_path, Link Here
141	*/	141	*/
142	sprintf(resolved_path, "%s/%i", sb_get_fd_dir(), dirfd);	142	sprintf(resolved_path, "%s/%i", sb_get_fd_dir(), dirfd);
143	}	143	}
144	ssize_t ret = readlink(resolved_path, resolved_path, at_len);	144
		145
		146	/* avoid undefined behaviour resulting from passing resolved_path
		147	* as source and destination buffer to readlink:
		148	* C99 warning: passing argument 2 to 'restrict'-qualified
		149	* parameter aliases with argument 1 [-Wrestrict]
		150	*/
		151	char buffer[resolved_path_len];
		152
		153	ssize_t ret = readlink(resolved_path, buffer, sizeof(buffer));
145	if (ret == -1) {	154	if (ret == -1) {
146	/* see comments at end of check_syscall() */	155	/* see comments at end of check_syscall() */
147	if (errno_is_too_long()) {	156	if (errno_is_too_long()) {
Lines 153-163 int resolve_dirfd_path(int dirfd, const char path, char resolved_path, Link Here
153	if (errno == ENOENT)	162	if (errno == ENOENT)
154	errno = EBADF;	163	errno = EBADF;
155	return -1;	164	return -1;
156	}	165	} else if (ret + 1 >= sizeof(buffer)) {
157	resolved_path[ret] = '/';	166	errno = ENOMEM;
158	resolved_path[ret + 1] = '\0';	167	sb_debug_dyn("AT_FD LOOKUP: unsufficient buffer space for resolved_path; max len is %ld; %s\n", sizeof(buffer), strerror(errno));
159	if (path)	168	return -1;
160	strcat(resolved_path, path);	169	}
		170
		171	buffer[ret] = '/';
		172	buffer[ret + 1] = '\0';
		173	if (path) {
		174	if ( strlen(buffer) + strlen(path) + 1 < sizeof(buffer) ) {
		175	strcat(buffer, path);
		176	} else {
		177	errno = ENOMEM;
		178	sb_debug_dyn("AT_FD LOOKUP: unsufficient buffer space for resolved_path+path; max len is %ld; %s\n", sizeof(buffer), strerror(errno));
		179	return -1;
		180	}
		181	}
		182
		183	strcpy(resolved_path,buffer);
161		184
162	restore_errno();	185	restore_errno();
163	return 0;	186	return 0;

Lines 208-214 static int setup_cfg_vars(struct sandbox_info_t *sandbox_info) Link Here

(-)a/src/environ.c (-1 / +1 lines)
208	if (-1 == setup_access_var(ENV_SANDBOX_WRITE))	208	if (-1 == setup_access_var(ENV_SANDBOX_WRITE))
209	return -1;	209	return -1;
210	if ((NULL == getenv(ENV_SANDBOX_WRITE)) &&	210	if ((NULL == getenv(ENV_SANDBOX_WRITE)) &&
211	(NULL != sandbox_info->work_dir))	211	strlen(sandbox_info->work_dir))
212	setenv(ENV_SANDBOX_WRITE, sandbox_info->work_dir, 1);	212	setenv(ENV_SANDBOX_WRITE, sandbox_info->work_dir, 1);
213		213
214	if (-1 == setup_access_var(ENV_SANDBOX_PREDICT))	214	if (-1 == setup_access_var(ENV_SANDBOX_PREDICT))

Lines 34-43 const char sbio_fallback_path[] = "/dev/stderr"; Link Here

(-)a/src/sandbox.c (-5 / +7 lines)
34		34
35	static int setup_sandbox(struct sandbox_info_t *sandbox_info, bool interactive)	35	static int setup_sandbox(struct sandbox_info_t *sandbox_info, bool interactive)
36	{	36	{
37	if (NULL != getenv(ENV_PORTAGE_TMPDIR)) {	37	/* avoid using uninitialized fields */
38	/* Portage handle setting SANDBOX_WRITE itself. */	38	memset(sandbox_info,0,sizeof(*sandbox_info));
39	sandbox_info->work_dir[0] = '\0';	39
40	} else {	40
		41	if (NULL == getenv(ENV_PORTAGE_TMPDIR)) {
		42	/* Portage does not handle setting SANDBOX_WRITE itself. */
41	if (NULL == getcwd(sandbox_info->work_dir, SB_PATH_MAX)) {	43	if (NULL == getcwd(sandbox_info->work_dir, SB_PATH_MAX)) {
42	sb_pwarn("failed to get current directory");	44	sb_pwarn("failed to get current directory");
43	return -1;	45	return -1;
Lines 249-255 int main(int argc, char **argv) Link Here
249	dputs("Setting up the required environment variables.");	251	dputs("Setting up the required environment variables.");
250		252
251	/* If not in portage, cd into it work directory */	253	/* If not in portage, cd into it work directory */
252	if ('\0' != sandbox_info.work_dir[0])	254	if (strlen(sandbox_info.work_dir))
253	if (chdir(sandbox_info.work_dir))	255	if (chdir(sandbox_info.work_dir))
254	sb_perr("chdir(%s) failed", sandbox_info.work_dir);	256	sb_perr("chdir(%s) failed", sandbox_info.work_dir);
255		257

Return to bug 908809

Lines 110-119 erealpath(const char name, char resolved) Link Here

(-)a/libsandbox/canonicalize.c (-2 / +9 lines)
110	if (lstat64(rpath, &st))	110	if (lstat64(rpath, &st))
111	break;	111	break;
112	if (S_ISLNK(st.st_mode)) {	112	if (S_ISLNK(st.st_mode)) {
113	ssize_t cnt = readlink(rpath, rpath, path_max);	113	/* avoid undefined behaviour resulting from passing rpath
		114	* as source and destination buffer to readlink:
		115	* warning: passing argument 2 to 'restrict'-qualified
		116	* parameter aliases with argument 1 [-Wrestrict]
		117	*/
		118	char buffer[path_max];
		119	ssize_t cnt = readlink(rpath, buffer, sizeof(buffer));
114	if (cnt == -1)	120	if (cnt == -1)
115	break;	121	break;
116	rpath[cnt] = '\0';	122	buffer[cnt] = '\0';
		123	strcpy(rpath,buffer);
117	if (p) {	124	if (p) {
118	size_t bytes_left = strlen(p);	125	size_t bytes_left = strlen(p);
119	if (bytes_left >= path_max)	126	if (bytes_left >= path_max)