diff options
| author |  netblue30 <netblue30@yahoo.com> | 2016-11-27 10:36:49 -0500 |
|---|---|---|
| committer | netblue30 <netblue30@yahoo.com> | 2016-11-27 10:36:49 -0500 |
| commit | a4fd0e433ace4bbdafe808a56550d55431b882d2 (patch) | |
| tree | aaa1d2c0b3a45bd8c53411e628de7215f5ad34cb /src/fseccomp | |
| parent | Merge pull request #941 from Fred-Barclay/text_editors (diff) | |
| download | firejail-a4fd0e433ace4bbdafe808a56550d55431b882d2.tar.gz firejail-a4fd0e433ace4bbdafe808a56550d55431b882d2.tar.zst firejail-a4fd0e433ace4bbdafe808a56550d55431b882d2.zip | |
fixes
Diffstat (limited to 'src/fseccomp')
| -rw-r--r-- | src/fseccomp/seccomp_print.c | 48 |
1 files changed, 27 insertions, 21 deletions
diff --git a/src/fseccomp/seccomp_print.c b/src/fseccomp/seccomp_print.c index 7dc983b12..af240307c 100644 --- a/src/fseccomp/seccomp_print.c +++ b/src/fseccomp/seccomp_print.c | |||
| @@ -26,35 +26,41 @@ static int filter_cnt = 0; | |||
| 26 | 26 | ||
| 27 | static void load_seccomp(const char *fname) { | 27 | static void load_seccomp(const char *fname) { |
| 28 | assert(fname); | 28 | assert(fname); |
| 29 | |||
| 30 | // open filter file | ||
| 31 | int fd = open(fname, O_RDONLY); | ||
| 32 | if (fd == -1) | ||
| 33 | goto errexit; | ||
| 29 | 34 | ||
| 30 | // check file | 35 | // calculate the number of entries |
| 31 | struct stat s; | 36 | int size = lseek(fd, 0, SEEK_END); |
| 32 | if (stat(fname, &s) == -1) { | 37 | if (size == -1) |
| 33 | fprintf(stderr, "Error fseccomp: cannot read protocol filter file\n"); | 38 | goto errexit; |
| 34 | exit(1); | 39 | if (lseek(fd, 0 , SEEK_SET) == -1) |
| 35 | } | 40 | goto errexit; |
| 36 | int size = s.st_size; | ||
| 37 | unsigned short entries = (unsigned short) size / (unsigned short) sizeof(struct sock_filter); | 41 | unsigned short entries = (unsigned short) size / (unsigned short) sizeof(struct sock_filter); |
| 38 | filter_cnt = entries; | 42 | filter_cnt = entries; |
| 39 | //printf("size %d, entries %d\n", s.st_size, entries); | 43 | |
| 40 | |||
| 41 | filter = malloc(sizeof(struct sock_filter) * entries); | ||
| 42 | if (!filter) | ||
| 43 | errExit("malloc"); | ||
| 44 | |||
| 45 | // read filter | 44 | // read filter |
| 46 | memset(filter, 0, sizeof(struct sock_filter) * entries); | 45 | filter = malloc(size); |
| 47 | int src = open(fname, O_RDONLY); | 46 | if (filter == NULL) |
| 47 | goto errexit; | ||
| 48 | memset(&filter[0], 0, sizeof(filter)); | ||
| 48 | int rd = 0; | 49 | int rd = 0; |
| 49 | while (rd < size) { | 50 | while (rd < size) { |
| 50 | int rv = read(src, (unsigned char *) filter + rd, size - rd); | 51 | int rv = read(fd, (unsigned char *) filter + rd, size - rd); |
| 51 | if (rv == -1) { | 52 | if (rv == -1) |
| 52 | fprintf(stderr, "Error fseccomp: cannot read %s file\n", fname); | 53 | goto errexit; |
| 53 | exit(1); | ||
| 54 | } | ||
| 55 | rd += rv; | 54 | rd += rv; |
| 56 | } | 55 | } |
| 57 | close(src); | 56 | |
| 57 | // close file | ||
| 58 | close(fd); | ||
| 59 | return; | ||
| 60 | |||
| 61 | errexit: | ||
| 62 | fprintf(stderr, "Error fseccomp: cannot read %s\n", fname); | ||
| 63 | exit(1); | ||
| 58 | } | 64 | } |
| 59 | 65 | ||
| 60 | // debug filter | 66 | // debug filter |