Attachment #88797 for bug #135745

Lines 82-87 Link Here

(-)src/libsandbox.c.orig (+39 lines)
82	#define FUNCTION_SANDBOX_SAFE_ACCESS(_func, _path, _flags) \	82	#define FUNCTION_SANDBOX_SAFE_ACCESS(_func, _path, _flags) \
83	((0 == is_sandbox_on()) \|\| (1 == before_syscall_access(_func, _path, _flags)))	83	((0 == is_sandbox_on()) \|\| (1 == before_syscall_access(_func, _path, _flags)))
84		84
		85	#define FUNCTION_SANDBOX_FAIL_OPEN_INT(_func, _path, _flags) \
		86	((0 == is_sandbox_on()) \|\| (1 == before_syscall_open_int(_func, _path, _flags)))
		87
85	#define FUNCTION_SANDBOX_SAFE_OPEN_INT(_func, _path, _flags) \	88	#define FUNCTION_SANDBOX_SAFE_OPEN_INT(_func, _path, _flags) \
86	((0 == is_sandbox_on()) \|\| (1 == before_syscall_open_int(_func, _path, _flags)))	89	((0 == is_sandbox_on()) \|\| (1 == before_syscall_open_int(_func, _path, _flags)))
87		90
Lines 390-395 Link Here
390	FILE _name(const char pathname, const char *mode) \	393	FILE _name(const char pathname, const char *mode) \
391	{ \	394	{ \
392	FILE *result = NULL; \	395	FILE *result = NULL; \
		396	int my_errno = errno; \
		397	struct stat st; \
		398	\
		399	if (mode!=NULL && mode[0]=='r') { \
		400	/* If we're trying to read, fail normally if file does not stat */\
		401	if (-1 == stat(pathname, &st)) { \
		402	return NULL; \
		403	} \
		404	} \
		405	errno = my_errno; \
393	\	406	\
394	if FUNCTION_SANDBOX_SAFE_OPEN_CHAR("fopen", pathname, mode) { \	407	if FUNCTION_SANDBOX_SAFE_OPEN_CHAR("fopen", pathname, mode) { \
395	check_dlsym(_name); \	408	check_dlsym(_name); \
Lines 563-574 Link Here
563	va_list ap; \	576	va_list ap; \
564	int mode = 0; \	577	int mode = 0; \
565	int result = -1; \	578	int result = -1; \
		579	int my_errno = errno; \
		580	struct stat st; \
566	\	581	\
567	if (flags & O_CREAT) { \	582	if (flags & O_CREAT) { \
568	va_start(ap, flags); \	583	va_start(ap, flags); \
569	mode = va_arg(ap, int); \	584	mode = va_arg(ap, int); \
570	va_end(ap); \	585	va_end(ap); \
		586	} else { \
		587	/* If we're not trying to create, fail normally if file does not stat */\
		588	if (-1 == stat(pathname, &st)) { \
		589	return -1; \
		590	} \
571	} \	591	} \
		592	errno = my_errno; \
572	\	593	\
573	if FUNCTION_SANDBOX_SAFE_OPEN_INT("open", pathname, flags) { \	594	if FUNCTION_SANDBOX_SAFE_OPEN_INT("open", pathname, flags) { \
574	check_dlsym(_name); \	595	check_dlsym(_name); \
Lines 728-733 Link Here
728	FILE _name(const char pathname, const char *mode) \	749	FILE _name(const char pathname, const char *mode) \
729	{ \	750	{ \
730	FILE *result = NULL; \	751	FILE *result = NULL; \
		752	int my_errno = errno; \
		753	struct stat64 st; \
		754	\
		755	if (mode!=NULL && mode[0]=='r') { \
		756	/* If we're trying to read, fail normally if file does not stat */\
		757	if (-1 == stat64(pathname, &st)) { \
		758	return NULL; \
		759	} \
		760	} \
		761	errno = my_errno; \
731	\	762	\
732	if FUNCTION_SANDBOX_SAFE_OPEN_CHAR("fopen64", pathname, mode) { \	763	if FUNCTION_SANDBOX_SAFE_OPEN_CHAR("fopen64", pathname, mode) { \
733	check_dlsym(_name); \	764	check_dlsym(_name); \
Lines 748-759 Link Here
748	va_list ap; \	779	va_list ap; \
749	int mode = 0; \	780	int mode = 0; \
750	int result = -1; \	781	int result = -1; \
		782	int my_errno = errno; \
		783	struct stat64 st; \
751	\	784	\
752	if (flags & O_CREAT) { \	785	if (flags & O_CREAT) { \
753	va_start(ap, flags); \	786	va_start(ap, flags); \
754	mode = va_arg(ap, int); \	787	mode = va_arg(ap, int); \
755	va_end(ap); \	788	va_end(ap); \
		789	} else { \
		790	/* If we're not trying to create, fail normally if file does not stat */\
		791	if (-1 == stat64(pathname, &st)) { \
		792	return -1; \
		793	} \
756	} \	794	} \
		795	errno = my_errno; \
757	\	796	\
758	if FUNCTION_SANDBOX_SAFE_OPEN_INT("open64", pathname, flags) { \	797	if FUNCTION_SANDBOX_SAFE_OPEN_INT("open64", pathname, flags) { \
759	check_dlsym(_name); \	798	check_dlsym(_name); \

Return to bug 135745