diff options
author | netblue30 <netblue30@yahoo.com> | 2016-11-27 10:36:49 -0500 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2016-11-27 10:36:49 -0500 |
commit | a4fd0e433ace4bbdafe808a56550d55431b882d2 (patch) | |
tree | aaa1d2c0b3a45bd8c53411e628de7215f5ad34cb /src/fseccomp/seccomp_print.c | |
parent | Merge pull request #941 from Fred-Barclay/text_editors (diff) | |
download | firejail-a4fd0e433ace4bbdafe808a56550d55431b882d2.tar.gz firejail-a4fd0e433ace4bbdafe808a56550d55431b882d2.tar.zst firejail-a4fd0e433ace4bbdafe808a56550d55431b882d2.zip |
fixes
Diffstat (limited to 'src/fseccomp/seccomp_print.c')
-rw-r--r-- | src/fseccomp/seccomp_print.c | 48 |
1 files changed, 27 insertions, 21 deletions
diff --git a/src/fseccomp/seccomp_print.c b/src/fseccomp/seccomp_print.c index 7dc983b12..af240307c 100644 --- a/src/fseccomp/seccomp_print.c +++ b/src/fseccomp/seccomp_print.c | |||
@@ -26,35 +26,41 @@ static int filter_cnt = 0; | |||
26 | 26 | ||
27 | static void load_seccomp(const char *fname) { | 27 | static void load_seccomp(const char *fname) { |
28 | assert(fname); | 28 | assert(fname); |
29 | |||
30 | // open filter file | ||
31 | int fd = open(fname, O_RDONLY); | ||
32 | if (fd == -1) | ||
33 | goto errexit; | ||
29 | 34 | ||
30 | // check file | 35 | // calculate the number of entries |
31 | struct stat s; | 36 | int size = lseek(fd, 0, SEEK_END); |
32 | if (stat(fname, &s) == -1) { | 37 | if (size == -1) |
33 | fprintf(stderr, "Error fseccomp: cannot read protocol filter file\n"); | 38 | goto errexit; |
34 | exit(1); | 39 | if (lseek(fd, 0 , SEEK_SET) == -1) |
35 | } | 40 | goto errexit; |
36 | int size = s.st_size; | ||
37 | unsigned short entries = (unsigned short) size / (unsigned short) sizeof(struct sock_filter); | 41 | unsigned short entries = (unsigned short) size / (unsigned short) sizeof(struct sock_filter); |
38 | filter_cnt = entries; | 42 | filter_cnt = entries; |
39 | //printf("size %d, entries %d\n", s.st_size, entries); | 43 | |
40 | |||
41 | filter = malloc(sizeof(struct sock_filter) * entries); | ||
42 | if (!filter) | ||
43 | errExit("malloc"); | ||
44 | |||
45 | // read filter | 44 | // read filter |
46 | memset(filter, 0, sizeof(struct sock_filter) * entries); | 45 | filter = malloc(size); |
47 | int src = open(fname, O_RDONLY); | 46 | if (filter == NULL) |
47 | goto errexit; | ||
48 | memset(&filter[0], 0, sizeof(filter)); | ||
48 | int rd = 0; | 49 | int rd = 0; |
49 | while (rd < size) { | 50 | while (rd < size) { |
50 | int rv = read(src, (unsigned char *) filter + rd, size - rd); | 51 | int rv = read(fd, (unsigned char *) filter + rd, size - rd); |
51 | if (rv == -1) { | 52 | if (rv == -1) |
52 | fprintf(stderr, "Error fseccomp: cannot read %s file\n", fname); | 53 | goto errexit; |
53 | exit(1); | ||
54 | } | ||
55 | rd += rv; | 54 | rd += rv; |
56 | } | 55 | } |
57 | close(src); | 56 | |
57 | // close file | ||
58 | close(fd); | ||
59 | return; | ||
60 | |||
61 | errexit: | ||
62 | fprintf(stderr, "Error fseccomp: cannot read %s\n", fname); | ||
63 | exit(1); | ||
58 | } | 64 | } |
59 | 65 | ||
60 | // debug filter | 66 | // debug filter |