Merge branch 'maint-0.2.8' into release-0.2.8
This commit is contained in:
commit
fe53f9c17d
|
@ -0,0 +1,8 @@
|
|||
o Minor bugfixes (sandboxing):
|
||||
- If we did not find a non-private IPaddress by iterating over
|
||||
interfaces, we would try to get one via
|
||||
get_interface_address6_via_udp_socket_hack(). This opens a
|
||||
datagram socket with IPPROTO_UDP. Previously all our datagram
|
||||
sockets (via libevent) used IPPROTO_IP, so we did not have that
|
||||
in the sandboxing whitelist. Add (SOCK_DGRAM, IPPROTO_UDP)
|
||||
sockets to the sandboxing whitelist. Fixes bug 19660.
|
|
@ -0,0 +1,3 @@
|
|||
o Minor bugfixes (compilation):
|
||||
- Fix compilation warning in the unit tests on systems where
|
||||
char is signed. Fixes bug 19682; bugfix on 0.2.8.1-alpha.
|
|
@ -589,7 +589,7 @@ static int
|
|||
sb_socket(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
|
||||
{
|
||||
int rc = 0;
|
||||
int i;
|
||||
int i, j;
|
||||
(void) filter;
|
||||
|
||||
#ifdef __i386__
|
||||
|
@ -606,20 +606,20 @@ sb_socket(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
|
|||
|
||||
for (i = 0; i < 2; ++i) {
|
||||
const int pf = i ? PF_INET : PF_INET6;
|
||||
|
||||
rc = seccomp_rule_add_3(ctx, SCMP_ACT_ALLOW, SCMP_SYS(socket),
|
||||
SCMP_CMP(0, SCMP_CMP_EQ, pf),
|
||||
SCMP_CMP_MASKED(1, SOCK_CLOEXEC|SOCK_NONBLOCK, SOCK_STREAM),
|
||||
SCMP_CMP(2, SCMP_CMP_EQ, IPPROTO_TCP));
|
||||
if (rc)
|
||||
return rc;
|
||||
|
||||
rc = seccomp_rule_add_3(ctx, SCMP_ACT_ALLOW, SCMP_SYS(socket),
|
||||
SCMP_CMP(0, SCMP_CMP_EQ, pf),
|
||||
SCMP_CMP_MASKED(1, SOCK_CLOEXEC|SOCK_NONBLOCK, SOCK_DGRAM),
|
||||
SCMP_CMP(2, SCMP_CMP_EQ, IPPROTO_IP));
|
||||
if (rc)
|
||||
return rc;
|
||||
for (j=0; j < 3; ++j) {
|
||||
const int type = (j == 0) ? SOCK_STREAM :
|
||||
(j == 1) ? SOCK_DGRAM :
|
||||
SOCK_DGRAM;
|
||||
const int protocol = (j == 0) ? IPPROTO_TCP :
|
||||
(j == 1) ? IPPROTO_IP :
|
||||
IPPROTO_UDP;
|
||||
rc = seccomp_rule_add_3(ctx, SCMP_ACT_ALLOW, SCMP_SYS(socket),
|
||||
SCMP_CMP(0, SCMP_CMP_EQ, pf),
|
||||
SCMP_CMP_MASKED(1, SOCK_CLOEXEC|SOCK_NONBLOCK, type),
|
||||
SCMP_CMP(2, SCMP_CMP_EQ, protocol));
|
||||
if (rc)
|
||||
return rc;
|
||||
}
|
||||
}
|
||||
|
||||
rc = seccomp_rule_add_3(ctx, SCMP_ACT_ALLOW, SCMP_SYS(socket),
|
||||
|
|
|
@ -106,10 +106,10 @@ test_util_format_base64_encode(void *ignored)
|
|||
for (i = 0;i<50;i++) {
|
||||
src[i] = 0;
|
||||
}
|
||||
src[50] = 255;
|
||||
src[51] = 255;
|
||||
src[52] = 255;
|
||||
src[53] = 255;
|
||||
src[50] = (char)255;
|
||||
src[51] = (char)255;
|
||||
src[52] = (char)255;
|
||||
src[53] = (char)255;
|
||||
|
||||
res = base64_encode(dst, 1000, src, 54, BASE64_ENCODE_MULTILINE);
|
||||
tt_int_op(res, OP_EQ, 74);
|
||||
|
|
Loading…
Reference in New Issue