1 files changed, 177 insertions, 42 deletions

diff --git a/src/common/sandbox.c b/src/common/sandbox.c
index 8516c754f..05b91be7b 100644
--- a/src/common/sandbox.c
+++ b/src/common/sandbox.c
@@ -33,6 +33,8 @@
 #include "util.h"
 #include "tor_queue.h"
 
+#include "ht.h"
+
 #define DEBUGGING_CLOSE
 
 #if defined(USE_LIBSECCOMP)
@@ -67,12 +69,32 @@
 #include <execinfo.h>
 #endif
 
+/**
+ * Linux 32 bit definitions
+ */
+#if defined(__i386__)
+
+#define REG_SYSCALL REG_EAX
+#define M_SYSCALL gregs[REG_SYSCALL]
+
+/**
+ * Linux 64 bit definitions
+ */
+#elif defined(__x86_64__)
+
+#define REG_SYSCALL REG_RAX
+#define M_SYSCALL gregs[REG_SYSCALL]
+
+#elif defined(__arm__)
+
+#define M_SYSCALL arm_r7
+
+#endif
+
 /**Determines if at least one sandbox is active.*/
 static int sandbox_active = 0;
 /** Holds the parameter list configuration for the sandbox.*/
 static sandbox_cfg_t *filter_dynamic = NULL;
-/** Holds a list of pre-recorded results from getaddrinfo().*/
-static sb_addr_info_t *sb_addr_info = NULL;
 
 #undef SCMP_CMP
 #define SCMP_CMP(a,b,c) ((struct scmp_arg_cmp){(a),(b),(c),0})
@@ -113,8 +135,11 @@ static int filter_nopar_gen[] = {
 #ifdef __NR_getgid32
     SCMP_SYS(getgid32),
 #endif
+#ifdef __NR_getrlimit
     SCMP_SYS(getrlimit),
+#endif
     SCMP_SYS(gettimeofday),
+    SCMP_SYS(gettid),
     SCMP_SYS(getuid),
 #ifdef __NR_getuid32
     SCMP_SYS(getuid32),
@@ -125,10 +150,14 @@ static int filter_nopar_gen[] = {
 #endif
     SCMP_SYS(mkdir),
     SCMP_SYS(mlockall),
+#ifdef __NR_mmap
+    /* XXXX restrict this in the same ways as mmap2 */
     SCMP_SYS(mmap),
+#endif
     SCMP_SYS(munmap),
     SCMP_SYS(read),
     SCMP_SYS(rt_sigreturn),
+    SCMP_SYS(sched_getaffinity),
     SCMP_SYS(set_robust_list),
 #ifdef __NR_sigreturn
     SCMP_SYS(sigreturn),
@@ -157,6 +186,7 @@ static int filter_nopar_gen[] = {
 
     // socket syscalls
     SCMP_SYS(bind),
+    SCMP_SYS(listen),
     SCMP_SYS(connect),
     SCMP_SYS(getsockname),
     SCMP_SYS(recvmsg),
@@ -204,6 +234,7 @@ sb_rt_sigaction(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
   return rc;
 }
 
+#if 0
 /**
  * Function responsible for setting up the execve syscall for
  * the seccomp filter sandbox.
@@ -232,6 +263,7 @@ sb_execve(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
 
   return 0;
 }
+#endif
 
 /**
  * Function responsible for setting up the time syscall for
@@ -241,8 +273,12 @@ static int
 sb_time(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
 {
   (void) filter;
+#ifdef __NR_time
   return seccomp_rule_add_1(ctx, SCMP_ACT_ALLOW, SCMP_SYS(time),
        SCMP_CMP(0, SCMP_CMP_EQ, 0));
+#else
+  return 0;
+#endif
 }
 
 /**
@@ -551,6 +587,18 @@ sb_setsockopt(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
   if (rc)
     return rc;
 
+  rc = seccomp_rule_add_2(ctx, SCMP_ACT_ALLOW, SCMP_SYS(setsockopt),
+      SCMP_CMP(1, SCMP_CMP_EQ, SOL_SOCKET),
+      SCMP_CMP(2, SCMP_CMP_EQ, SO_SNDBUF));
+  if (rc)
+    return rc;
+
+  rc = seccomp_rule_add_2(ctx, SCMP_ACT_ALLOW, SCMP_SYS(setsockopt),
+      SCMP_CMP(1, SCMP_CMP_EQ, SOL_SOCKET),
+      SCMP_CMP(2, SCMP_CMP_EQ, SO_RCVBUF));
+  if (rc)
+    return rc;
+
 #ifdef IP_TRANSPARENT
   rc = seccomp_rule_add_2(ctx, SCMP_ACT_ALLOW, SCMP_SYS(setsockopt),
       SCMP_CMP(1, SCMP_CMP_EQ, SOL_IP),
@@ -856,7 +904,9 @@ sb_stat64(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
 static sandbox_filter_func_t filter_func[] = {
     sb_rt_sigaction,
     sb_rt_sigprocmask,
+#if 0
     sb_execve,
+#endif
     sb_time,
     sb_accept4,
 #ifdef __NR_mmap2
@@ -1240,6 +1290,7 @@ sandbox_cfg_allow_openat_filename_array(sandbox_cfg_t **cfg, ...)
   return 0;
 }
 
+#if 0
 int
 sandbox_cfg_allow_execve(sandbox_cfg_t **cfg, const char *com)
 {
@@ -1279,74 +1330,155 @@ sandbox_cfg_allow_execve_array(sandbox_cfg_t **cfg, ...)
   va_end(ap);
   return 0;
 }
+#endif
+
+/** Cache entry for getaddrinfo results; used when sandboxing is implemented
+ * so that we can consult the cache when the sandbox prevents us from doing
+ * getaddrinfo.
+ *
+ * We support only a limited range of getaddrinfo calls, where servname is null
+ * and hints contains only socktype=SOCK_STREAM, family in INET,INET6,UNSPEC.
+ */
+typedef struct cached_getaddrinfo_item_t {
+  HT_ENTRY(cached_getaddrinfo_item_t) node;
+  char *name;
+  int family;
+  /** set if no error; otherwise NULL */
+  struct addrinfo *res;
+  /** 0 for no error; otherwise an EAI_* value */
+  int err;
+} cached_getaddrinfo_item_t;
+
+static unsigned
+cached_getaddrinfo_item_hash(const cached_getaddrinfo_item_t *item)
+{
+  return (unsigned)siphash24g(item->name, strlen(item->name)) + item->family;
+}
+
+static unsigned
+cached_getaddrinfo_items_eq(const cached_getaddrinfo_item_t *a,
+                            const cached_getaddrinfo_item_t *b)
+{
+  return (a->family == b->family) && 0 == strcmp(a->name, b->name);
+}
+
+static void
+cached_getaddrinfo_item_free(cached_getaddrinfo_item_t *item)
+{
+  if (item == NULL)
+    return;
+
+  tor_free(item->name);
+  if (item->res)
+    freeaddrinfo(item->res);
+  tor_free(item);
+}
+
+static HT_HEAD(getaddrinfo_cache, cached_getaddrinfo_item_t)
+     getaddrinfo_cache = HT_INITIALIZER();
+
+HT_PROTOTYPE(getaddrinfo_cache, cached_getaddrinfo_item_t, node,
+             cached_getaddrinfo_item_hash,
+             cached_getaddrinfo_items_eq);
+HT_GENERATE(getaddrinfo_cache, cached_getaddrinfo_item_t, node,
+            cached_getaddrinfo_item_hash,
+            cached_getaddrinfo_items_eq,
+            0.6, tor_malloc_, tor_realloc_, tor_free_);
 
 int
 sandbox_getaddrinfo(const char *name, const char *servname,
                     const struct addrinfo *hints,
                     struct addrinfo **res)
 {
-  sb_addr_info_t *el;
+  int err;
+  struct cached_getaddrinfo_item_t search, *item;
 
-  if (servname != NULL)
-    return -1;
+  if (servname != NULL) {
+    log_warn(LD_BUG, "called with non-NULL servname");
+    return EAI_NONAME;
+  }
+  if (name == NULL) {
+    log_warn(LD_BUG, "called with NULL name");
+    return EAI_NONAME;
+  }
 
   *res = NULL;
 
-  for (el = sb_addr_info; el; el = el->next) {
-    if (!strcmp(el->name, name)) {
-      *res = tor_malloc(sizeof(struct addrinfo));
+  memset(&search, 0, sizeof(search));
+  search.name = (char *) name;
+  search.family = hints ? hints->ai_family : AF_UNSPEC;
+  item = HT_FIND(getaddrinfo_cache, &getaddrinfo_cache, &search);
 
-      memcpy(*res, el->info, sizeof(struct addrinfo));
-      /* XXXX What if there are multiple items in the list? */
-      return 0;
+  if (! sandbox_is_active()) {
+    /* If the sandbox is not turned on yet, then getaddrinfo and store the
+       result. */
+
+    err = getaddrinfo(name, NULL, hints, res);
+    log_info(LD_NET,"(Sandbox) getaddrinfo %s.", err ? "failed" : "succeeded");
+
+    if (! item) {
+      item = tor_malloc_zero(sizeof(*item));
+      item->name = tor_strdup(name);
+      item->family = hints ? hints->ai_family : AF_UNSPEC;
+      HT_INSERT(getaddrinfo_cache, &getaddrinfo_cache, item);
     }
-  }
 
-  if (!sandbox_active) {
-    if (getaddrinfo(name, NULL, hints, res)) {
-      log_err(LD_BUG,"(Sandbox) getaddrinfo failed!");
-      return -1;
+    if (item->res) {
+      freeaddrinfo(item->res);
+      item->res = NULL;
     }
+    item->res = *res;
+    item->err = err;
+    return err;
+  }
 
-    return 0;
+  /* Otherwise, the sanbox is on.  If we have an item, yield its cached
+     result. */
+  if (item) {
+    *res = item->res;
+    return item->err;
   }
 
-  // getting here means something went wrong
+  /* getting here means something went wrong */
   log_err(LD_BUG,"(Sandbox) failed to get address %s!", name);
-  if (*res) {
-    tor_free(*res);
-    res = NULL;
-  }
-  return -1;
+  return EAI_NONAME;
 }
 
 int
-sandbox_add_addrinfo(const char* name)
+sandbox_add_addrinfo(const char *name)
 {
-  int ret;
+  struct addrinfo *res;
   struct addrinfo hints;
-  sb_addr_info_t *el = NULL;
-
-  el = tor_malloc(sizeof(sb_addr_info_t));
+  int i;
+  static const int families[] = { AF_INET, AF_INET6, AF_UNSPEC };
 
   memset(&hints, 0, sizeof(hints));
-  hints.ai_family = AF_INET;
   hints.ai_socktype = SOCK_STREAM;
+  for (i = 0; i < 3; ++i) {
+    hints.ai_family = families[i];
 
-  ret = getaddrinfo(name, NULL, &hints, &(el->info));
-  if (ret) {
-    log_err(LD_BUG,"(Sandbox) failed to getaddrinfo");
-    ret = -2;
-    tor_free(el);
-    goto out;
+    res = NULL;
+    (void) sandbox_getaddrinfo(name, NULL, &hints, &res);
+    if (res)
+      sandbox_freeaddrinfo(res);
   }
 
-  el->name = tor_strdup(name);
-  el->next = sb_addr_info;
-  sb_addr_info = el;
+  return 0;
+}
 
- out:
-  return ret;
+void
+sandbox_free_getaddrinfo_cache(void)
+{
+  cached_getaddrinfo_item_t **next, **item;
+
+  for (item = HT_START(getaddrinfo_cache, &getaddrinfo_cache);
+       item;
+       item = next) {
+    next = HT_NEXT_RMV(getaddrinfo_cache, &getaddrinfo_cache, item);
+    cached_getaddrinfo_item_free(*item);
+  }
+
+  HT_CLEAR(getaddrinfo_cache, &getaddrinfo_cache);
 }
 
 /**
@@ -1431,7 +1563,8 @@ install_syscall_filter(sandbox_cfg_t* cfg)
 
   // loading the seccomp2 filter
   if ((rc = seccomp_load(ctx))) {
-    log_err(LD_BUG, "(Sandbox) failed to load!");
+    log_err(LD_BUG, "(Sandbox) failed to load: %d (%s)!", rc,
+            strerror(-rc));
     goto end;
   }
 
@@ -1491,7 +1624,7 @@ sigsys_debugging(int nr, siginfo_t *info, void *void_context)
   if (!ctx)
     return;
 
-  syscall = (int) ctx->uc_mcontext.gregs[REG_SYSCALL];
+  syscall = (int) ctx->uc_mcontext.M_SYSCALL;
 
 #ifdef USE_BACKTRACE
   depth = backtrace(syscall_cb_buf, MAX_DEPTH);
@@ -1659,6 +1792,7 @@ sandbox_cfg_allow_openat_filename_array(sandbox_cfg_t **cfg, ...)
   return 0;
 }
 
+#if 0
 int
 sandbox_cfg_allow_execve(sandbox_cfg_t **cfg, const char *com)
 {
@@ -1672,6 +1806,7 @@ sandbox_cfg_allow_execve_array(sandbox_cfg_t **cfg, ...)
   (void)cfg;
   return 0;
 }
+#endif
 
 int
 sandbox_cfg_allow_stat_filename(sandbox_cfg_t **cfg, char *file)