[tor-commits] [tor/master] fixed memory leak, added array filter support
nickm at torproject.org
nickm at torproject.org
Fri Sep 13 16:31:55 UTC 2013
commit 44a4464cf6d4dac88c46b8ffdb6ad002d03ade62
Author: Cristian Toader <cristian.matei.toader at gmail.com>
Date: Sat Aug 10 18:04:48 2013 +0300
fixed memory leak, added array filter support
---
src/common/sandbox.c | 81 +++++++++++++++++++++++++++++++++++++-
src/common/sandbox.h | 13 ++++++-
src/or/main.c | 106 ++++++++++++++++++++------------------------------
3 files changed, 132 insertions(+), 68 deletions(-)
diff --git a/src/common/sandbox.c b/src/common/sandbox.c
index 2ba1432..f2ead21 100644
--- a/src/common/sandbox.c
+++ b/src/common/sandbox.c
@@ -37,6 +37,7 @@
#include <linux/futex.h>
#include <bits/signum.h>
+#include <stdarg.h>
#include <seccomp.h>
#include <signal.h>
#include <unistd.h>
@@ -616,7 +617,7 @@ prot_strdup(char* str)
}
int
-sandbox_cfg_allow_open_filename(sandbox_cfg_t **cfg, char *file)
+sandbox_cfg_allow_open_filename(sandbox_cfg_t **cfg, char *file, char fr)
{
sandbox_cfg_t *elem = NULL;
@@ -630,11 +631,37 @@ sandbox_cfg_allow_open_filename(sandbox_cfg_t **cfg, char *file)
elem->next = *cfg;
*cfg = elem;
+ if (fr) tor_free_(file);
+
+ return 0;
+}
+
+int
+sandbox_cfg_allow_open_filename_array(sandbox_cfg_t **cfg, int num, ...)
+{
+ int rc = 0, i;
+
+ va_list ap;
+ va_start(ap, num);
+
+ for (i = 0; i < num; i++) {
+ char *fn = va_arg(ap, char*);
+ char fr = (char) va_arg(ap, int);
+
+ rc = sandbox_cfg_allow_open_filename(cfg, fn, fr);
+ if(rc) {
+ log_err(LD_BUG,"(Sandbox) failed on par %d", i);
+ goto end;
+ }
+ }
+
+ end:
+ va_end(ap);
return 0;
}
int
-sandbox_cfg_allow_openat_filename(sandbox_cfg_t **cfg, char *file)
+sandbox_cfg_allow_openat_filename(sandbox_cfg_t **cfg, char *file, char fr)
{
sandbox_cfg_t *elem = NULL;
@@ -648,6 +675,32 @@ sandbox_cfg_allow_openat_filename(sandbox_cfg_t **cfg, char *file)
elem->next = *cfg;
*cfg = elem;
+ if (fr) tor_free_(file);
+
+ return 0;
+}
+
+int
+sandbox_cfg_allow_openat_filename_array(sandbox_cfg_t **cfg, int num, ...)
+{
+ int rc = 0, i;
+
+ va_list ap;
+ va_start(ap, num);
+
+ for (i = 0; i < num; i++) {
+ char *fn = va_arg(ap, char*);
+ char fr = (char) va_arg(ap, int);
+
+ rc = sandbox_cfg_allow_openat_filename(cfg, fn, fr);
+ if(rc) {
+ log_err(LD_BUG,"(Sandbox) failed on par %d", i);
+ goto end;
+ }
+ }
+
+ end:
+ va_end(ap);
return 0;
}
@@ -669,6 +722,30 @@ sandbox_cfg_allow_execve(sandbox_cfg_t **cfg, char *com)
return 0;
}
+int
+sandbox_cfg_allow_execve_array(sandbox_cfg_t **cfg, int num, ...)
+{
+ int rc = 0, i;
+
+ va_list ap;
+ va_start(ap, num);
+
+ for (i = 0; i < num; i++) {
+ char *fn = va_arg(ap, char*);
+
+ rc = sandbox_cfg_allow_execve(cfg, fn);
+
+ if(rc) {
+ log_err(LD_BUG,"(Sandbox) failed on par %d", i);
+ goto end;
+ }
+ }
+
+ end:
+ va_end(ap);
+ return 0;
+}
+
static int
add_param_filter(scmp_filter_ctx ctx, sandbox_cfg_t* cfg)
{
diff --git a/src/common/sandbox.h b/src/common/sandbox.h
index 2b26544..33668d9 100644
--- a/src/common/sandbox.h
+++ b/src/common/sandbox.h
@@ -98,9 +98,18 @@ int tor_global_sandbox(void);
const char* sandbox_intern_string(const char *param);
sandbox_cfg_t * sandbox_cfg_new();
-int sandbox_cfg_allow_open_filename(sandbox_cfg_t **cfg, char *file);
-int sandbox_cfg_allow_openat_filename(sandbox_cfg_t **cfg, char *file);
+
+int sandbox_cfg_allow_open_filename(sandbox_cfg_t **cfg, char *file,
+ char fr);
+int sandbox_cfg_allow_open_filename_array(sandbox_cfg_t **cfg, int num, ...);
+
+int sandbox_cfg_allow_openat_filename(sandbox_cfg_t **cfg, char *file,
+ char fr);
+int sandbox_cfg_allow_openat_filename_array(sandbox_cfg_t **cfg, int num, ...);
+
int sandbox_cfg_allow_execve(sandbox_cfg_t **cfg, char *com);
+int sandbox_cfg_allow_execve_array(sandbox_cfg_t **cfg, int num, ...);
+
int sandbox_init(sandbox_cfg_t* cfg);
#endif /* SANDBOX_H_ */
diff --git a/src/or/main.c b/src/or/main.c
index 36acde4..c236e83 100644
--- a/src/or/main.c
+++ b/src/or/main.c
@@ -2644,73 +2644,51 @@ sandbox_init_filter()
{
sandbox_cfg_t *cfg = sandbox_cfg_new();
- // TODO: mem leak
- sandbox_cfg_allow_openat_filename(&cfg, get_datadir_fname("cached-status"));
-
- sandbox_cfg_allow_open_filename(&cfg, get_datadir_fname("cached-certs"));
- sandbox_cfg_allow_open_filename(&cfg, get_datadir_fname("cached-certs.tmp"));
- sandbox_cfg_allow_open_filename(&cfg, get_datadir_fname("cached-consensus"));
- sandbox_cfg_allow_open_filename(&cfg,
- get_datadir_fname("unverified-consensus"));
- sandbox_cfg_allow_open_filename(&cfg,
- get_datadir_fname("cached-microdesc-consensus"));
- sandbox_cfg_allow_open_filename(&cfg,
- get_datadir_fname("cached-microdesc-consensus.tmp"));
- sandbox_cfg_allow_open_filename(&cfg, get_datadir_fname("cached-microdescs"));
- sandbox_cfg_allow_open_filename(&cfg,
- get_datadir_fname("cached-microdescs.tmp"));
- sandbox_cfg_allow_open_filename(&cfg,
- get_datadir_fname("cached-microdescs.new"));
- sandbox_cfg_allow_open_filename(&cfg,
- get_datadir_fname("cached-microdescs.new.tmp"));
- sandbox_cfg_allow_open_filename(&cfg,
- get_datadir_fname("unverified-microdesc-consensus"));
- sandbox_cfg_allow_open_filename(&cfg,
- get_datadir_fname("cached-descriptors"));
- sandbox_cfg_allow_open_filename(&cfg,
- get_datadir_fname("cached-descriptors.new"));
- sandbox_cfg_allow_open_filename(&cfg,
- get_datadir_fname("cached-descriptors.tmp"));
- sandbox_cfg_allow_open_filename(&cfg,
- get_datadir_fname("cached-descriptors.new.tmp"));
- sandbox_cfg_allow_open_filename(&cfg,
- get_datadir_fname("cached-descriptors.tmp.tmp"));
- sandbox_cfg_allow_open_filename(&cfg, get_datadir_fname("cached-extrainfo"));
- sandbox_cfg_allow_open_filename(&cfg, get_datadir_fname("state.tmp"));
- sandbox_cfg_allow_open_filename(&cfg,
- get_datadir_fname("unparseable-desc.tmp"));
- sandbox_cfg_allow_open_filename(&cfg, get_datadir_fname("unparseable-desc"));
+ sandbox_cfg_allow_openat_filename(&cfg,
+ get_datadir_fname("cached-status"), 1);
+
+ sandbox_cfg_allow_open_filename_array(&cfg, 22,
+ get_datadir_fname("cached-certs"), 1,
+ get_datadir_fname("cached-certs.tmp"), 1,
+ get_datadir_fname("cached-consensus"), 1,
+ get_datadir_fname("unverified-consensus"), 1,
+ get_datadir_fname("cached-microdesc-consensus"), 1,
+ get_datadir_fname("cached-microdesc-consensus.tmp"), 1,
+ get_datadir_fname("cached-microdescs"), 1,
+ get_datadir_fname("cached-microdescs.tmp"), 1,
+ get_datadir_fname("cached-microdescs.new"), 1,
+ get_datadir_fname("cached-microdescs.new.tmp"), 1,
+ get_datadir_fname("unverified-microdesc-consensus"), 1,
+ get_datadir_fname("cached-descriptors"), 1,
+ get_datadir_fname("cached-descriptors.new"), 1,
+ get_datadir_fname("cached-descriptors.tmp"), 1,
+ get_datadir_fname("cached-descriptors.new.tmp"), 1,
+ get_datadir_fname("cached-descriptors.tmp.tmp"), 1,
+ get_datadir_fname("cached-extrainfo"), 1,
+ get_datadir_fname("state.tmp"), 1,
+ get_datadir_fname("unparseable-desc.tmp"), 1,
+ get_datadir_fname("unparseable-desc"), 1,
+ "/dev/srandom", 0,
+ "/dev/urandom", 0
+ );
// orport
if (server_mode(get_options())) {
- sandbox_cfg_allow_open_filename(&cfg,
- get_datadir_fname2("keys", "secret_id_key"));
- sandbox_cfg_allow_open_filename(&cfg,
- get_datadir_fname2("keys", "secret_onion_key"));
- sandbox_cfg_allow_open_filename(&cfg,
- get_datadir_fname2("keys", "secret_onion_key_ntor"));
- sandbox_cfg_allow_open_filename(&cfg,
- get_datadir_fname2("keys", "secret_onion_key_ntor.tmp"));
- sandbox_cfg_allow_open_filename(&cfg,
- get_datadir_fname2("keys", "secret_id_key.old"));
- sandbox_cfg_allow_open_filename(&cfg,
- get_datadir_fname2("keys", "secret_onion_key.old"));
- sandbox_cfg_allow_open_filename(&cfg,
- get_datadir_fname2("keys", "secret_onion_key_ntor.old"));
- sandbox_cfg_allow_open_filename(&cfg,
- get_datadir_fname2("keys", "secret_onion_key.tmp"));
-
- sandbox_cfg_allow_open_filename(&cfg, get_datadir_fname("fingerprint"));
- sandbox_cfg_allow_open_filename(&cfg,
- get_datadir_fname("cached-consensus.tmp"));
- sandbox_cfg_allow_open_filename(&cfg,
- get_datadir_fname("cached-consensus"));
-
- sandbox_cfg_allow_open_filename(&cfg, "/etc/resolv.conf");
- sandbox_cfg_allow_open_filename(&cfg, "/dev/srandom");
- sandbox_cfg_allow_open_filename(&cfg, "/dev/urandom");
- sandbox_cfg_allow_open_filename(&cfg, "/dev/random");
-
+ sandbox_cfg_allow_open_filename_array(&cfg, 13,
+ get_datadir_fname2("keys", "secret_id_key"), 1,
+ get_datadir_fname2("keys", "secret_onion_key"), 1,
+ get_datadir_fname2("keys", "secret_onion_key_ntor"), 1,
+ get_datadir_fname2("keys", "secret_onion_key_ntor.tmp"), 1,
+ get_datadir_fname2("keys", "secret_id_key.old"), 1,
+ get_datadir_fname2("keys", "secret_onion_key.old"), 1,
+ get_datadir_fname2("keys", "secret_onion_key_ntor.old"), 1,
+ get_datadir_fname2("keys", "secret_onion_key.tmp"), 1,
+ get_datadir_fname("fingerprint"), 1,
+ get_datadir_fname("cached-consensus"), 1,
+ get_datadir_fname("cached-consensus.tmp"), 1,
+ "/etc/resolv.conf", 0,
+ "/dev/random", 0
+ );
}
sandbox_cfg_allow_execve(&cfg, "/usr/local/bin/tor");
More information about the tor-commits
mailing list