[tor-commits] [tor/master] changed how sb getaddrinfo works such that it supports storing multiple results

nickm at torproject.org nickm at torproject.org
Fri Sep 13 16:31:56 UTC 2013 

commit 1ef0b2e1a37878ebbc29b03fefb214b7501656a6
Author: Cristian Toader <cristian.matei.toader at gmail.com>
Date:   Mon Sep 2 11:44:04 2013 +0300

    changed how sb getaddrinfo works such that it supports storing multiple results
---
 src/common/sandbox.c |   62 ++++++++++++++++++++++++++------------------------
 src/common/sandbox.h |   18 +++++++++++++++
 src/or/main.c        |   11 +++++++++
 3 files changed, 61 insertions(+), 30 deletions(-)

diff --git a/src/common/sandbox.c b/src/common/sandbox.c
index 748141c..41c3b44 100644
--- a/src/common/sandbox.c
+++ b/src/common/sandbox.c
@@ -54,8 +54,7 @@
 #include <poll.h>
 
 static sandbox_cfg_t *filter_dynamic = NULL;
-
-static struct addrinfo *sb_addr_info= NULL;
+static sb_addr_info_t *sb_addr_info = NULL;
 
 /** Variable used for storing all syscall numbers that will be allowed with the
  * stage 1 general Tor sandbox.
@@ -914,54 +913,57 @@ sandbox_cfg_allow_execve_array(sandbox_cfg_t **cfg, ...)
 int
 sandbox_getaddrinfo(const char *name, struct addrinfo **res)
 {
-  char hname[256];
+  sb_addr_info_t *el;
 
-  if (!res) {
-    return -2;
-  }
   *res = NULL;
-  *res = (struct addrinfo *)malloc(sizeof(struct addrinfo));
-  if (*res == NULL) {
-    return -2;
-  }
 
-  if (gethostname(hname, sizeof(hname)) < 0) {
-    return -1;
-  }
+  for (el = sb_addr_info; el; el = el->next) {
+    if(!strcmp(el->name, name)) {
+      *res = (struct addrinfo *)malloc(sizeof(struct addrinfo));
+      if (!res) {
+        return -2;
+      }
 
-  if (strcmp(name, hname) || sb_addr_info == NULL) {
-    log_err(LD_BUG,"(Sandbox) failed for hname %s!", name);
-    return -1;
+      memcpy(*res, el->info, sizeof(struct addrinfo));
+
+      return 0;
+    }
   }
 
-  memcpy(*res, sb_addr_info, sizeof(struct addrinfo));
-  return 0;
+  return -1;
 }
 
-static int
-init_addrinfo(void)
+int
+sandbox_add_addrinfo(const char* name)
 {
   int ret;
   struct addrinfo hints;
-  char hname[256];
+  sb_addr_info_t *el = NULL;
 
-  sb_addr_info = NULL;
-
-  if (gethostname(hname, sizeof(hname)) < 0) {
-    return -1;
+  el = (sb_addr_info_t*) malloc(sizeof(sb_addr_info_t));
+  if(!el) {
+    log_err(LD_BUG,"(Sandbox) failed to allocate addr info!");
+    ret = -2;
+    goto out;
   }
 
   memset(&hints, 0, sizeof(hints));
   hints.ai_family = AF_INET;
   hints.ai_socktype = SOCK_STREAM;
 
-  ret = getaddrinfo(hname, NULL, &hints, &sb_addr_info);
+  ret = getaddrinfo(name, NULL, &hints, &(el->info));
   if (ret) {
-    sb_addr_info = NULL;
-    return -2;
+    log_err(LD_BUG,"(Sandbox) failed to getaddrinfo");
+    ret = -2;
+    goto out;
   }
 
-  return 0;
+  el->name = strdup(name);
+  el->next = sb_addr_info;
+  sb_addr_info = el;
+
+ out:
+  return ret;
 }
 
 static int
@@ -1151,7 +1153,7 @@ initialise_libseccomp_sandbox(sandbox_cfg_t* cfg)
   if (install_sigsys_debugging())
     return -1;
 
-  if (init_addrinfo() || prot_strings(cfg)) {
+  if (prot_strings(cfg)) {
     return -4;
   }
 
diff --git a/src/common/sandbox.h b/src/common/sandbox.h
index 51449ca..9a61749 100644
--- a/src/common/sandbox.h
+++ b/src/common/sandbox.h
@@ -62,6 +62,21 @@ struct pfd_elem {
 /** Typedef to structure used to manage a sandbox configuration. */
 typedef struct pfd_elem sandbox_cfg_t;
 
+/**
+ * Structure used for keeping a linked list of getaddrinfo pre-recorded
+ * results.
+ */
+struct sb_addr_info_el {
+  /** Name of the address info result. */
+  char *name;
+  /** Pre-recorded getaddrinfo result. */
+  struct addrinfo *info;
+  /** Next element in the list. */
+  struct sb_addr_info_el *next;
+};
+/** Typedef to structure used to manage an addrinfo list. */
+typedef struct sb_addr_info_el sb_addr_info_t;
+
 /** Function pointer defining the prototype of a filter function.*/
 typedef int (*sandbox_filter_func_t)(scmp_filter_ctx ctx,
     sandbox_cfg_t *filter);
@@ -93,6 +108,9 @@ typedef struct {
 
 #endif // __linux__
 
+/** Pre-calls getaddrinfo in order to pre-record result. */
+int sandbox_add_addrinfo(const char *addr);
+
 /** Replacement for getaddrinfo(), using pre-recorded results. */
 int sandbox_getaddrinfo(const char *name, struct addrinfo **res);
 
diff --git a/src/or/main.c b/src/or/main.c
index 861f586..af05f0b 100644
--- a/src/or/main.c
+++ b/src/or/main.c
@@ -2639,6 +2639,15 @@ find_flashcard_path(PWCHAR path, size_t size)
 }
 #endif
 
+static void
+init_addrinfo(void) {
+  char hname[256];
+
+  // host name to sandbox
+  gethostname(hname, sizeof(hname));
+  sandbox_add_addrinfo(hname);
+}
+
 static sandbox_cfg_t*
 sandbox_init_filter()
 {
@@ -2713,6 +2722,8 @@ sandbox_init_filter()
 
   sandbox_cfg_allow_execve(&cfg, "/usr/local/bin/tor");
 
+  init_addrinfo();
+
   return cfg;
 }

More information about the tor-commits mailing list