crtxcr/exile.h
1
0
Forkuj 0
Kod Zgłoszenia 14 Oczekujące zmiany 1 Wydania Wiki Aktywność

Porównaj commity

baza: crtxcr:60776be4160fe7e2178b3790cd43a76d412843b6
Gałęzie Tagi
crtxcr:master crtxcr:next crtxcr:WIP/enosys crtxcr:WIP/cpp
...
porównaj: crtxcr:dbdb35db371b79bb6a35cfbb9ef3815cdd5beff6
Gałęzie Tagi
crtxcr:master crtxcr:next crtxcr:WIP/enosys crtxcr:WIP/cpp

2 Commity
60776be416 ... dbdb35db37

Autor SHA1 Wiadomość Data
Albert S
dbdb35db37 Remove wrong static keywords from some qssb_*_policy functions 2020-04-13 23:00:33 +02:00
Albert S
0a851790b8 change chroot_target_path from pointer to array 
Fixes memory leak.

Breaks existing API.
 2020-04-13 22:50:30 +02:00
1 zmienionych plików z 5 dodań i 7 usunięć
Expand all files Collapse all files

12
qssb.h
Wyświetl plik

@@ -102,7 +102,7 @@ struct qssb_policy
int syscall_default_policy; int syscall_default_policy;
int *blacklisted_syscalls; int *blacklisted_syscalls;
int *allowed_syscalls; int *allowed_syscalls;
const char *chroot_target_path; char chroot_target_path[PATH_MAX];
const char *chdir_path; const char *chdir_path;
struct qssb_path_policy *path_policies; struct qssb_path_policy *path_policies;
}; };
@@ -120,7 +120,7 @@ struct qssb_policy *qssb_init_policy()
result->no_new_privs = 1; result->no_new_privs = 1;
result->namespace_options = QSSB_UNSHARE_MOUNT | QSSB_UNSHARE_USER; result->namespace_options = QSSB_UNSHARE_MOUNT | QSSB_UNSHARE_USER;
result->chdir_path = NULL; result->chdir_path = NULL;
result->chroot_target_path = NULL; result->chroot_target_path[0] = '\0';
result->path_policies = NULL; result->path_policies = NULL;
return result; return result;
} }
@@ -298,7 +298,7 @@ static int mount_to_chroot(const char *chroot_target_path, struct qssb_path_poli
/* Ends the policy as best as possible. */ /* Ends the policy as best as possible. */
/* TODO: can this function do actually anything useful?*/ /* TODO: can this function do actually anything useful?*/
static int qssb_end_policy(struct qssb_policy *ctxt) int qssb_end_policy(struct qssb_policy *ctxt)
{ {
return 0; return 0;
} }
@@ -306,7 +306,7 @@ static int qssb_end_policy(struct qssb_policy *ctxt)
/* /*
* Frees the memory taken by a qssb_policy object * Frees the memory taken by a qssb_policy object
*/ */
static void qssb_free_policy(struct qssb_policy *ctxt) void qssb_free_policy(struct qssb_policy *ctxt)
{ {
free(ctxt); free(ctxt);
} }
@@ -491,11 +491,10 @@ int qssb_enable_policy(struct qssb_policy *policy)
{ {
if(policy->chroot_target_path == NULL) if(policy->chroot_target_path == NULL)
{ {
char *target_dir = (char *) calloc(1, PATH_MAX * sizeof(char));
char random_str[17]; char random_str[17];
if(random_string(random_str, sizeof(random_str)) == 16) if(random_string(random_str, sizeof(random_str)) == 16)
{ {
int res = snprintf(target_dir, PATH_MAX, "%s/.sandbox_%" PRIdMAX "_%s", QSSB_TEMP_DIR, (intmax_t)getpid(), random_str); int res = snprintf(policy->chroot_target_path, sizeof(policy->chroot_target_path), "%s/.sandbox_%" PRIdMAX "_%s", QSSB_TEMP_DIR, (intmax_t)getpid(), random_str);
if(res < 0) if(res < 0)
{ {
QSSB_LOG_ERROR("qssb: qssb_enable_policy: error during path concatination\n"); QSSB_LOG_ERROR("qssb: qssb_enable_policy: error during path concatination\n");
@@ -506,7 +505,6 @@ int qssb_enable_policy(struct qssb_policy *policy)
QSSB_LOG_ERROR("qssb: qssb_enable_policy: path concatination truncated\n"); QSSB_LOG_ERROR("qssb: qssb_enable_policy: path concatination truncated\n");
return -EINVAL; return -EINVAL;
} }
policy->chroot_target_path = target_dir;
} }
else else
{ {