diff options
Diffstat (limited to 'src/fseccomp/syscall.c')
-rw-r--r-- | src/fseccomp/syscall.c | 87 |
1 files changed, 63 insertions, 24 deletions
diff --git a/src/fseccomp/syscall.c b/src/fseccomp/syscall.c index e2052efde..6696f2b11 100644 --- a/src/fseccomp/syscall.c +++ b/src/fseccomp/syscall.c | |||
@@ -67,12 +67,52 @@ void syscall_print(void) { | |||
67 | printf("\n"); | 67 | printf("\n"); |
68 | } | 68 | } |
69 | 69 | ||
70 | // allowed input: | ||
71 | // - syscall | ||
72 | // - syscall(error) | ||
73 | static void syscall_process_name(const char *name, int *syscall_nr, int *error_nr) { | ||
74 | assert(name); | ||
75 | if (strlen(name) == 0) | ||
76 | goto error; | ||
77 | *error_nr = -1; | ||
78 | |||
79 | // syntax check | ||
80 | char *str = strdup(name); | ||
81 | if (!str) | ||
82 | errExit("strdup"); | ||
83 | |||
84 | char *syscall_name = str; | ||
85 | char *error_name = strchr(str, ':'); | ||
86 | if (error_name) { | ||
87 | *error_name = '\0'; | ||
88 | error_name++; | ||
89 | } | ||
90 | if (strlen(syscall_name) == 0) { | ||
91 | free(str); | ||
92 | goto error; | ||
93 | } | ||
94 | |||
95 | *syscall_nr = syscall_find_name(syscall_name); | ||
96 | if (error_name) { | ||
97 | *error_nr = errno_find_name(error_name); | ||
98 | if (*error_nr == -1) | ||
99 | *syscall_nr = -1; | ||
100 | } | ||
101 | |||
102 | free(str); | ||
103 | return; | ||
104 | |||
105 | error: | ||
106 | fprintf(stderr, "Error fseccomp: invalid syscall list entry %s\n", name); | ||
107 | exit(1); | ||
108 | } | ||
109 | |||
70 | // return 1 if error, 0 if OK | 110 | // return 1 if error, 0 if OK |
71 | int syscall_check_list(const char *slist, void (*callback)(int fd, int syscall, int arg), int fd, int arg) { | 111 | int syscall_check_list(const char *slist, void (*callback)(int fd, int syscall, int arg), int fd, int arg) { |
72 | // don't allow empty lists | 112 | // don't allow empty lists |
73 | if (slist == NULL || *slist == '\0') { | 113 | if (slist == NULL || *slist == '\0') { |
74 | fprintf(stderr, "Error: empty syscall lists are not allowed\n"); | 114 | fprintf(stderr, "Error fseccomp: empty syscall lists are not allowed\n"); |
75 | return -1; | 115 | exit(1); |
76 | } | 116 | } |
77 | 117 | ||
78 | // work on a copy of the string | 118 | // work on a copy of the string |
@@ -80,29 +120,28 @@ int syscall_check_list(const char *slist, void (*callback)(int fd, int syscall, | |||
80 | if (!str) | 120 | if (!str) |
81 | errExit("strdup"); | 121 | errExit("strdup"); |
82 | 122 | ||
83 | char *ptr = str; | 123 | char *ptr =strtok(str, ","); |
84 | char *start = str; | 124 | if (ptr == NULL) { |
85 | while (*ptr != '\0') { | 125 | fprintf(stderr, "Error fseccomp: empty syscall lists are not allowed\n"); |
86 | if (islower(*ptr) || isdigit(*ptr) || *ptr == '_') | 126 | exit(1); |
87 | ; | ||
88 | else if (*ptr == ',') { | ||
89 | *ptr = '\0'; | ||
90 | int nr = syscall_find_name(start); | ||
91 | if (nr == -1) | ||
92 | fprintf(stderr, "Warning: syscall %s not found\n", start); | ||
93 | else if (callback != NULL) | ||
94 | callback(fd, nr, arg); | ||
95 | |||
96 | start = ptr + 1; | ||
97 | } | ||
98 | ptr++; | ||
99 | } | 127 | } |
100 | if (*start != '\0') { | 128 | |
101 | int nr = syscall_find_name(start); | 129 | while (ptr) { |
102 | if (nr == -1) | 130 | printf("ptr %s\n", ptr); |
103 | fprintf(stderr, "Warning: syscall %s not found\n", start); | 131 | |
104 | else if (callback != NULL) | 132 | int syscall_nr; |
105 | callback(fd, nr, arg); | 133 | int error_nr; |
134 | syscall_process_name(ptr, &syscall_nr, &error_nr); | ||
135 | printf("%d, %d\n", syscall_nr, error_nr); | ||
136 | if (syscall_nr == -1) | ||
137 | fprintf(stderr, "Warning fseccomp: syscall %s not found\n", ptr); | ||
138 | else if (callback != NULL) { | ||
139 | if (error_nr != -1) | ||
140 | filter_add_errno(fd, syscall_nr, error_nr); | ||
141 | else | ||
142 | callback(fd, syscall_nr, arg); | ||
143 | } | ||
144 | ptr = strtok(NULL, ","); | ||
106 | } | 145 | } |
107 | 146 | ||
108 | free(str); | 147 | free(str); |