From 36b06be73862d6f3206d0e2a6fe17af06f8b7c88 Mon Sep 17 00:00:00 2001 From: Peter Palfrader Date: Mon, 11 Jul 2016 09:37:01 +0200 Subject: [PATCH 1/2] Add (SOCK_DGRAM, IPPROTO_UDP) sockets to the sandboxing whitelist If we did not find a non-private IPaddress by iterating over interfaces, we would try to get one via get_interface_address6_via_udp_socket_hack(). This opens a datagram socket with IPPROTO_UDP. Previously all our datagram sockets (via libevent) used IPPROTO_IP, so we did not have that in the sandboxing whitelist. Add (SOCK_DGRAM, IPPROTO_UDP) sockets to the sandboxing whitelist. Fixes bug 19660. --- changes/bug19660 | 8 ++++++++ src/common/sandbox.c | 30 +++++++++++++++--------------- 2 files changed, 23 insertions(+), 15 deletions(-) create mode 100644 changes/bug19660 diff --git a/changes/bug19660 b/changes/bug19660 new file mode 100644 index 000000000..72d32c8fe --- /dev/null +++ b/changes/bug19660 @@ -0,0 +1,8 @@ + o Minor bugfixes (sandboxing): + - If we did not find a non-private IPaddress by iterating over + interfaces, we would try to get one via + get_interface_address6_via_udp_socket_hack(). This opens a + datagram socket with IPPROTO_UDP. Previously all our datagram + sockets (via libevent) used IPPROTO_IP, so we did not have that + in the sandboxing whitelist. Add (SOCK_DGRAM, IPPROTO_UDP) + sockets to the sandboxing whitelist. Fixes bug 19660. diff --git a/src/common/sandbox.c b/src/common/sandbox.c index 70c5bbd07..54c1267c5 100644 --- a/src/common/sandbox.c +++ b/src/common/sandbox.c @@ -585,7 +585,7 @@ static int sb_socket(scmp_filter_ctx ctx, sandbox_cfg_t *filter) { int rc = 0; - int i; + int i, j; (void) filter; #ifdef __i386__ @@ -602,20 +602,20 @@ sb_socket(scmp_filter_ctx ctx, sandbox_cfg_t *filter) for (i = 0; i < 2; ++i) { const int pf = i ? PF_INET : PF_INET6; - - rc = seccomp_rule_add_3(ctx, SCMP_ACT_ALLOW, SCMP_SYS(socket), - SCMP_CMP(0, SCMP_CMP_EQ, pf), - SCMP_CMP_MASKED(1, SOCK_CLOEXEC|SOCK_NONBLOCK, SOCK_STREAM), - SCMP_CMP(2, SCMP_CMP_EQ, IPPROTO_TCP)); - if (rc) - return rc; - - rc = seccomp_rule_add_3(ctx, SCMP_ACT_ALLOW, SCMP_SYS(socket), - SCMP_CMP(0, SCMP_CMP_EQ, pf), - SCMP_CMP_MASKED(1, SOCK_CLOEXEC|SOCK_NONBLOCK, SOCK_DGRAM), - SCMP_CMP(2, SCMP_CMP_EQ, IPPROTO_IP)); - if (rc) - return rc; + for (j=0; j < 3; ++j) { + const int type = (j == 0) ? SOCK_STREAM : + (j == 1) ? SOCK_DGRAM : + SOCK_DGRAM; + const int protocol = (j == 0) ? IPPROTO_TCP : + (j == 1) ? IPPROTO_IP : + IPPROTO_UDP; + rc = seccomp_rule_add_3(ctx, SCMP_ACT_ALLOW, SCMP_SYS(socket), + SCMP_CMP(0, SCMP_CMP_EQ, pf), + SCMP_CMP_MASKED(1, SOCK_CLOEXEC|SOCK_NONBLOCK, type), + SCMP_CMP(2, SCMP_CMP_EQ, protocol)); + if (rc) + return rc; + } } rc = seccomp_rule_add_3(ctx, SCMP_ACT_ALLOW, SCMP_SYS(socket), From bec4e41f4b48c288613a13021da9a29d5fb1ecac Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Sun, 17 Jul 2016 13:51:45 -0400 Subject: [PATCH 2/2] Fix warnings in test_util_formats. Storing 255 into a char gives a warning when char is signed. Fixes bug 19682; bugfix on 0.2.8.1-alpha, where these tests were added. --- changes/bug19682 | 3 +++ src/test/test_util_format.c | 8 ++++---- 2 files changed, 7 insertions(+), 4 deletions(-) create mode 100644 changes/bug19682 diff --git a/changes/bug19682 b/changes/bug19682 new file mode 100644 index 000000000..c799c417a --- /dev/null +++ b/changes/bug19682 @@ -0,0 +1,3 @@ + o Minor bugfixes (compilation): + - Fix compilation warning in the unit tests on systems where + char is signed. Fixes bug 19682; bugfix on 0.2.8.1-alpha. diff --git a/src/test/test_util_format.c b/src/test/test_util_format.c index a25054cd0..3d0293098 100644 --- a/src/test/test_util_format.c +++ b/src/test/test_util_format.c @@ -106,10 +106,10 @@ test_util_format_base64_encode(void *ignored) for (i = 0;i<50;i++) { src[i] = 0; } - src[50] = 255; - src[51] = 255; - src[52] = 255; - src[53] = 255; + src[50] = (char)255; + src[51] = (char)255; + src[52] = (char)255; + src[53] = (char)255; res = base64_encode(dst, 1000, src, 54, BASE64_ENCODE_MULTILINE); tt_int_op(res, OP_EQ, 74);