[tor-commits] [tor/master] Add sandbox_is_active() check to dump_desc()

nickm at torproject.org nickm at torproject.org
Thu Jun 30 15:18:32 UTC 2016


commit dc37546cff2f025613ef142e74ad4db1c7d99ade
Author: Andrea Shepard <andrea at torproject.org>
Date:   Wed Jun 29 22:47:41 2016 +0000

    Add sandbox_is_active() check to dump_desc()
---
 src/or/routerparse.c | 55 +++++++++++++++++++++++++++++++++-------------------
 1 file changed, 35 insertions(+), 20 deletions(-)

diff --git a/src/or/routerparse.c b/src/or/routerparse.c
index afdfcbd..93b90cc 100644
--- a/src/or/routerparse.c
+++ b/src/or/routerparse.c
@@ -28,6 +28,7 @@
 #include "routerparse.h"
 #include "entrynodes.h"
 #include "torcert.h"
+#include "sandbox.h"
 
 #undef log
 #include <math.h>
@@ -768,35 +769,49 @@ dump_desc(const char *desc, const char *type)
   tor_asprintf(&debugfile_base, "unparseable-desc.%s", digest_sha256_hex);
   debugfile = get_datadir_fname(debugfile_base);
 
-  if (len <= get_options()->MaxUnparseableDescSizeToLog) {
-    if (!dump_desc_fifo_bump_hash(digest_sha256)) {
-      /* Write it, and tell the main log about it */
-      write_str_to_file(debugfile, desc, 1);
-      log_info(LD_DIR,
-               "Unable to parse descriptor of type %s with hash %s and "
-               "length %lu. See file %s in data directory for details.",
-               type, digest_sha256_hex, (unsigned long)len, debugfile_base);
-
-      dump_desc_fifo_add_and_clean(debugfile, digest_sha256, len);
-      /* Since we handed ownership over, don't free debugfile later */
-      debugfile = NULL;
+  if (!sandbox_is_active()) {
+    if (len <= get_options()->MaxUnparseableDescSizeToLog) {
+      if (!dump_desc_fifo_bump_hash(digest_sha256)) {
+        /* Write it, and tell the main log about it */
+        write_str_to_file(debugfile, desc, 1);
+        log_info(LD_DIR,
+                 "Unable to parse descriptor of type %s with hash %s and "
+                 "length %lu. See file %s in data directory for details.",
+                 type, digest_sha256_hex, (unsigned long)len,
+                 debugfile_base);
+        dump_desc_fifo_add_and_clean(debugfile, digest_sha256, len);
+        /* Since we handed ownership over, don't free debugfile later */
+        debugfile = NULL;
+      } else {
+        /* We already had one with this hash dumped */
+        log_info(LD_DIR,
+                 "Unable to parse descriptor of type %s with hash %s and "
+                 "length %lu. Descriptor not dumped because one with that "
+                 "hash has already been dumped.",
+                 type, digest_sha256_hex, (unsigned long)len);
+        /* We do have to free debugfile in this case */
+      }
     } else {
-      /* We already had one with this hash dumped */
+      /* Just log that it happened without dumping */
       log_info(LD_DIR,
                "Unable to parse descriptor of type %s with hash %s and "
-               "length %lu. Descriptor not dumped because one with that hash "
-               "has already been dumped.",
+               "length %lu. Descriptor not dumped because it exceeds maximum"
+               " log size all by itself.",
                type, digest_sha256_hex, (unsigned long)len);
       /* We do have to free debugfile in this case */
     }
   } else {
-    /* Just log that it happened without dumping */
+    /*
+     * Not logging because the sandbox is active and seccomp2 apparently
+     * doesn't have a sensible way to allow filenames according to a pattern
+     * match.  (If we ever figure out how to say "allow writes to /regex/",
+     * remove this checK).
+     */
     log_info(LD_DIR,
-             "Unable to parse descriptor of type %s with hash %s and length "
-             "%lu. Descriptor not dumped because it exceeds maximum log size "
-             "all by itself.",
+             "Unable to parse descriptor of type %s with hash %s and "
+             "length %lu. Descriptor not dumped because the sandbox is "
+             "active",
              type, digest_sha256_hex, (unsigned long)len);
-    /* We do have to free debugfile in this case */
   }
 
   tor_free(debugfile_base);





More information about the tor-commits mailing list