sarah
/
tor
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge branch 'maint-0.2.8' into release-0.2.8

This commit is contained in:
Nick Mathewson 2016-07-17 13:54:58 -04:00
parent 449c61f452 fbae15a856
commit fe53f9c17d
4 changed files with 30 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
changes/bug19660 Normal file
View File

@ -0,0 +1,8 @@
o Minor bugfixes (sandboxing):
- If we did not find a non-private IPaddress by iterating over
interfaces, we would try to get one via
get_interface_address6_via_udp_socket_hack(). This opens a
datagram socket with IPPROTO_UDP. Previously all our datagram
sockets (via libevent) used IPPROTO_IP, so we did not have that
in the sandboxing whitelist. Add (SOCK_DGRAM, IPPROTO_UDP)
sockets to the sandboxing whitelist. Fixes bug 19660.

3
changes/bug19682 Normal file
View File

@ -0,0 +1,3 @@
o Minor bugfixes (compilation):
- Fix compilation warning in the unit tests on systems where
char is signed. Fixes bug 19682; bugfix on 0.2.8.1-alpha.

30
src/common/sandbox.c
View File

@ -589,7 +589,7 @@ static int
sb_socket(scmp_filter_ctx ctx, sandbox_cfg_t *filter) sb_socket(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
{ {
int rc = 0; int rc = 0;
int i; int i, j;
(void) filter; (void) filter;
#ifdef __i386__ #ifdef __i386__
@ -606,20 +606,20 @@ sb_socket(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
for (i = 0; i < 2; ++i) { for (i = 0; i < 2; ++i) {
const int pf = i ? PF_INET : PF_INET6; const int pf = i ? PF_INET : PF_INET6;
for (j=0; j < 3; ++j) {
rc = seccomp_rule_add_3(ctx, SCMP_ACT_ALLOW, SCMP_SYS(socket), const int type = (j == 0) ? SOCK_STREAM :
SCMP_CMP(0, SCMP_CMP_EQ, pf), (j == 1) ? SOCK_DGRAM :
SCMP_CMP_MASKED(1, SOCK_CLOEXEC|SOCK_NONBLOCK, SOCK_STREAM), SOCK_DGRAM;
SCMP_CMP(2, SCMP_CMP_EQ, IPPROTO_TCP)); const int protocol = (j == 0) ? IPPROTO_TCP :
if (rc) (j == 1) ? IPPROTO_IP :
return rc; IPPROTO_UDP;
rc = seccomp_rule_add_3(ctx, SCMP_ACT_ALLOW, SCMP_SYS(socket),
rc = seccomp_rule_add_3(ctx, SCMP_ACT_ALLOW, SCMP_SYS(socket), SCMP_CMP(0, SCMP_CMP_EQ, pf),
SCMP_CMP(0, SCMP_CMP_EQ, pf), SCMP_CMP_MASKED(1, SOCK_CLOEXEC|SOCK_NONBLOCK, type),
SCMP_CMP_MASKED(1, SOCK_CLOEXEC|SOCK_NONBLOCK, SOCK_DGRAM), SCMP_CMP(2, SCMP_CMP_EQ, protocol));
SCMP_CMP(2, SCMP_CMP_EQ, IPPROTO_IP)); if (rc)
if (rc) return rc;
return rc; }
} }
rc = seccomp_rule_add_3(ctx, SCMP_ACT_ALLOW, SCMP_SYS(socket), rc = seccomp_rule_add_3(ctx, SCMP_ACT_ALLOW, SCMP_SYS(socket),

8
src/test/test_util_format.c
View File

@ -106,10 +106,10 @@ test_util_format_base64_encode(void *ignored)
for (i = 0;i<50;i++) { for (i = 0;i<50;i++) {
src[i] = 0; src[i] = 0;
} }
src[50] = 255; src[50] = (char)255;
src[51] = 255; src[51] = (char)255;
src[52] = 255; src[52] = (char)255;
src[53] = 255; src[53] = (char)255;
res = base64_encode(dst, 1000, src, 54, BASE64_ENCODE_MULTILINE); res = base64_encode(dst, 1000, src, 54, BASE64_ENCODE_MULTILINE);
tt_int_op(res, OP_EQ, 74); tt_int_op(res, OP_EQ, 74);