Fix missing \n in some error outputs

Use overflow-safe operator builtins
As a precaution as it does not hurt
2021-09-12 19:50:05 +02:00 · 2021-09-12 19:47:45 +02:00
1 changed files with 26 additions and 8 deletions
--- a/qssb.h
+++ b/qssb.h
@@ -250,8 +250,8 @@ static int qssb_entry_append(struct qssb_allocated_entry *entry, void *data, siz
 	if(remaining < bytes)
 	{
 		size_t expandval = QSSB_ENTRY_ALLOC_SIZE > bytes ? QSSB_ENTRY_ALLOC_SIZE : bytes;
-		size_t sizenew = entry->size + expandval;
+		size_t sizenew = 0;
-		if(sizenew < entry->size)
+		if(__builtin_add_overflow(entry->size, expandval, &sizenew))
 		{
 			QSSB_LOG_ERROR("overflow in qssb_entry_append\n");
 			return -EINVAL;
@@ -273,7 +273,13 @@ static int qssb_entry_append(struct qssb_allocated_entry *entry, void *data, siz
 static int qssb_append_syscall(struct qssb_allocated_entry *entry, long *syscalls, size_t n)
 {
-	return qssb_entry_append(entry, syscalls, n * sizeof(long));
+	size_t bytes = 0;
 	if(__builtin_mul_overflow(n, sizeof(long), &bytes))
 	{
 		QSSB_LOG_ERROR("Overflow while trying to add system calls\n");
 		return -EINVAL;
 	}
 	return qssb_entry_append(entry, syscalls, bytes);
 }
 static int is_valid_syscall_policy(unsigned int policy)
@@ -561,7 +567,7 @@ static int mount_to_chroot(const char *chroot_target_path, struct qssb_path_poli
 			ret = mount(NULL, path_inside_chroot, NULL, mount_flags | MS_REMOUNT, NULL);
 			if(ret < 0 )
 			{
-				QSSB_LOG_ERROR("Error: Failed to remount %s: %s", path_inside_chroot, strerror(errno));
+				QSSB_LOG_ERROR("Error: Failed to remount %s: %s\n", path_inside_chroot, strerror(errno));
 				return ret;
 			}
 		}
@@ -664,7 +670,7 @@ static int drop_caps()
 	if(res == -1 && errno != EINVAL)
 	{
-		QSSB_LOG_ERROR("Failed to drop the capability bounding set!");
+		QSSB_LOG_ERROR("Failed to drop the capability bounding set!\n");
 		return -errno;
 	}
@@ -743,12 +749,24 @@ static int qssb_enable_syscall_policy(struct qssb_policy *policy)
 	{
 		if(!is_valid_syscall_policy(current_policy->policy))
 		{
-			QSSB_LOG_ERROR("invalid syscall policy specified");
+			QSSB_LOG_ERROR("invalid syscall policy specified\n");
 			return -1;
 		}
 		long *syscalls = NULL;
 		size_t n = 0;
 		get_syscall_array(current_policy, &syscalls, &n);
 		unsigned short int newsize;
 		if(__builtin_add_overflow(current_filter_index, n, &newsize))
 		{
 			QSSB_LOG_ERROR("Overflow when trying to add new system calls\n");
 			return -EINVAL;
 		}
 		if(newsize > (sizeof(filter)/sizeof(filter[0]))-1)
 		{
 			QSSB_LOG_ERROR("Too many system calls added\n");
 			return -EINVAL;
 		}
 		append_syscalls_to_bpf(syscalls, n, current_policy->policy, filter, &current_filter_index);
 		current_policy = current_policy->next;
 	}
@@ -854,7 +872,7 @@ static int landlock_prepare_ruleset(struct qssb_path_policy *policies)
 	ruleset_fd = landlock_create_ruleset(&ruleset_attr, sizeof(ruleset_attr), 0);
 	if (ruleset_fd < 0)
 	{
-		QSSB_LOG_ERROR("Failed to create landlock ruleset");
+		QSSB_LOG_ERROR("Failed to create landlock ruleset\n");
 		return -1;
 	}
 	struct qssb_path_policy *policy = policies;
@@ -924,7 +942,7 @@ static int check_policy_sanity(struct qssb_policy *policy)
 		}
 		if(policy->no_fs == 1)
 		{
-			QSSB_LOG_ERROR("If path_policies are specified, no_fs cannot be set to 1");
+			QSSB_LOG_ERROR("If path_policies are specified, no_fs cannot be set to 1\n");
 			return -1;
 		}
 	}
Author	SHA1	Message	Date
Albert S	ebe043c08d	Fix missing \n in some error outputs	2021-09-12 19:50:05 +02:00
Albert S	8bc0d1e73a	Use overflow-safe operator builtins As a precaution as it does not hurt	2021-09-12 19:47:45 +02:00