commit 71612f00ae6df941861fbd9c67f0bbf15256b873 Author: Cristian Toader cristian.matei.toader@gmail.com Date: Tue Aug 20 13:10:07 2013 +0300

fixed openssl open syscall, fixed sandbox_getaddrinfo --- src/common/sandbox.c | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-)

diff --git a/src/common/sandbox.c b/src/common/sandbox.c index c71efb0..87c8946 100644 --- a/src/common/sandbox.c +++ b/src/common/sandbox.c @@ -264,13 +264,13 @@ sb_open(scmp_filter_ctx ctx, sandbox_cfg_t *filter) }

// problem: required by getaddrinfo -// rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(open), 1, -// SCMP_CMP(1, SCMP_CMP_EQ, O_RDONLY|O_CLOEXEC)); -// if (rc != 0) { -// log_err(LD_BUG,"(Sandbox) failed to add open syscall, received libseccomp " -// "error %d", rc); -// return rc; -// } + rc = seccomp_rule_add(ctx, SCMP_ACT_ERRNO(1), SCMP_SYS(open), 1, + SCMP_CMP(1, SCMP_CMP_EQ, O_RDONLY|O_CLOEXEC)); + if (rc != 0) { + log_err(LD_BUG,"(Sandbox) failed to add open syscall, received libseccomp " + "error %d", rc); + return rc; + }

return 0; } @@ -872,6 +872,10 @@ int sandbox_getaddrinfo(const char *name, struct addrinfo **res) return -2; } *res = NULL; + *res = (struct addrinfo *) malloc (sizeof(struct addrinfo)); + if (!res) { + return -2; + }

if (gethostname(hname, sizeof(hname)) < 0) { return -1; @@ -882,7 +886,7 @@ int sandbox_getaddrinfo(const char *name, struct addrinfo **res) return -1; }

- *res = sb_addr_info; + memcpy(*res, sb_addr_info, sizeof(struct addrinfo)); return 0; }