diff options
Diffstat (limited to 'src/common')
-rw-r--r-- | src/common/sandbox.c | 49 | ||||
-rw-r--r-- | src/common/sandbox.h | 16 | ||||
-rw-r--r-- | src/common/tortls.c | 5 |
3 files changed, 51 insertions, 19 deletions
diff --git a/src/common/sandbox.c b/src/common/sandbox.c index a387f371c..9581fac51 100644 --- a/src/common/sandbox.c +++ b/src/common/sandbox.c @@ -69,6 +69,28 @@ #include <execinfo.h> #endif +/** + * Linux 32 bit definitions + */ +#if defined(__i386__) + +#define REG_SYSCALL REG_EAX +#define M_SYSCALL gregs[REG_SYSCALL] + +/** + * Linux 64 bit definitions + */ +#elif defined(__x86_64__) + +#define REG_SYSCALL REG_RAX +#define M_SYSCALL gregs[REG_SYSCALL] + +#elif defined(__arm__) + +#define M_SYSCALL arm_r7 + +#endif + /**Determines if at least one sandbox is active.*/ static int sandbox_active = 0; /** Holds the parameter list configuration for the sandbox.*/ @@ -113,7 +135,9 @@ static int filter_nopar_gen[] = { #ifdef __NR_getgid32 SCMP_SYS(getgid32), #endif +#ifdef __NR_getrlimit SCMP_SYS(getrlimit), +#endif SCMP_SYS(gettimeofday), SCMP_SYS(gettid), SCMP_SYS(getuid), @@ -126,7 +150,10 @@ static int filter_nopar_gen[] = { #endif SCMP_SYS(mkdir), SCMP_SYS(mlockall), +#ifdef __NR_mmap + /* XXXX restrict this in the same ways as mmap2 */ SCMP_SYS(mmap), +#endif SCMP_SYS(munmap), SCMP_SYS(read), SCMP_SYS(rt_sigreturn), @@ -159,6 +186,7 @@ static int filter_nopar_gen[] = { // socket syscalls SCMP_SYS(bind), + SCMP_SYS(listen), SCMP_SYS(connect), SCMP_SYS(getsockname), SCMP_SYS(recvmsg), @@ -245,8 +273,12 @@ static int sb_time(scmp_filter_ctx ctx, sandbox_cfg_t *filter) { (void) filter; +#ifdef __NR_time return seccomp_rule_add_1(ctx, SCMP_ACT_ALLOW, SCMP_SYS(time), SCMP_CMP(0, SCMP_CMP_EQ, 0)); +#else + return 0; +#endif } /** @@ -555,6 +587,18 @@ sb_setsockopt(scmp_filter_ctx ctx, sandbox_cfg_t *filter) if (rc) return rc; + rc = seccomp_rule_add_2(ctx, SCMP_ACT_ALLOW, SCMP_SYS(setsockopt), + SCMP_CMP(1, SCMP_CMP_EQ, SOL_SOCKET), + SCMP_CMP(2, SCMP_CMP_EQ, SO_SNDBUF)); + if (rc) + return rc; + + rc = seccomp_rule_add_2(ctx, SCMP_ACT_ALLOW, SCMP_SYS(setsockopt), + SCMP_CMP(1, SCMP_CMP_EQ, SOL_SOCKET), + SCMP_CMP(2, SCMP_CMP_EQ, SO_RCVBUF)); + if (rc) + return rc; + #ifdef IP_TRANSPARENT rc = seccomp_rule_add_2(ctx, SCMP_ACT_ALLOW, SCMP_SYS(setsockopt), SCMP_CMP(1, SCMP_CMP_EQ, SOL_IP), @@ -1519,7 +1563,8 @@ install_syscall_filter(sandbox_cfg_t* cfg) // loading the seccomp2 filter if ((rc = seccomp_load(ctx))) { - log_err(LD_BUG, "(Sandbox) failed to load!"); + log_err(LD_BUG, "(Sandbox) failed to load: %d (%s)!", rc, + strerror(-rc)); goto end; } @@ -1579,7 +1624,7 @@ sigsys_debugging(int nr, siginfo_t *info, void *void_context) if (!ctx) return; - syscall = (int) ctx->uc_mcontext.gregs[REG_SYSCALL]; + syscall = (int) ctx->uc_mcontext.M_SYSCALL; #ifdef USE_BACKTRACE depth = backtrace(syscall_cb_buf, MAX_DEPTH); diff --git a/src/common/sandbox.h b/src/common/sandbox.h index 77635700e..20d5d5080 100644 --- a/src/common/sandbox.h +++ b/src/common/sandbox.h @@ -104,22 +104,6 @@ typedef struct { sandbox_cfg_t *filter_dynamic; } sandbox_t; -/** - * Linux 32 bit definitions - */ -#if defined(__i386__) - -#define REG_SYSCALL REG_EAX - -/** - * Linux 64 bit definitions - */ -#elif defined(__x86_64__) - -#define REG_SYSCALL REG_RAX - -#endif - #endif // USE_LIBSECCOMP #ifdef USE_LIBSECCOMP diff --git a/src/common/tortls.c b/src/common/tortls.c index a6444b818..ea0f21cb2 100644 --- a/src/common/tortls.c +++ b/src/common/tortls.c @@ -1477,10 +1477,13 @@ prune_v2_cipher_list(void) inp = outp = v2_cipher_list; while (*inp) { - unsigned char cipherid[2]; + unsigned char cipherid[3]; const SSL_CIPHER *cipher; /* Is there no better way to do this? */ set_uint16(cipherid, htons(*inp)); + cipherid[2] = 0; /* If ssl23_get_cipher_by_char finds no cipher starting + * with a two-byte 'cipherid', it may look for a v2 + * cipher with the appropriate 3 bytes. */ cipher = m->get_cipher_by_char(cipherid); if (cipher) { tor_assert((cipher->id & 0xffff) == *inp); |