aboutgitcodelistschat:MatrixIRC
diff options
context:
space:
mode:
authorAlice Frosi <afrosi@redhat.com>2023-05-10 14:20:01 +0200
committerAlice Frosi <afrosi@redhat.com>2023-05-10 14:20:01 +0200
commitb29288b8b000730bbd416b0e1f4f4c694e346e20 (patch)
tree06d6aaf5a1116134ef065e5848ce4af5e17ff954
parentb2aed1dc699adbac63bd35ffb5b014384a58fb94 (diff)
downloadseitan-b29288b8b000730bbd416b0e1f4f4c694e346e20.tar
seitan-b29288b8b000730bbd416b0e1f4f4c694e346e20.tar.gz
seitan-b29288b8b000730bbd416b0e1f4f4c694e346e20.tar.bz2
seitan-b29288b8b000730bbd416b0e1f4f4c694e346e20.tar.lz
seitan-b29288b8b000730bbd416b0e1f4f4c694e346e20.tar.xz
seitan-b29288b8b000730bbd416b0e1f4f4c694e346e20.tar.zst
seitan-b29288b8b000730bbd416b0e1f4f4c694e346e20.zip
ops: check for SECCOMP_DATA
Add check if offset type is SECCOMP_DATA and the seccomp request is set.
-rw-r--r--common/gluten.h3
-rw-r--r--operations.c6
2 files changed, 6 insertions, 3 deletions
diff --git a/common/gluten.h b/common/gluten.h
index 078c6fa..8d74819 100644
--- a/common/gluten.h
+++ b/common/gluten.h
@@ -244,6 +244,9 @@ static inline const void *gluten_ptr(const struct seccomp_data *s,
if (!is_offset_valid(x))
return NULL;
+ if(x.type == OFFSET_SECCOMP_DATA && s == NULL)
+ return NULL;
+
switch (x.type) {
case OFFSET_DATA:
return g->data + x.offset;
diff --git a/operations.c b/operations.c
index 382474c..d6a9245 100644
--- a/operations.c
+++ b/operations.c
@@ -304,9 +304,9 @@ static int do_inject(const struct seccomp_notif *req, int notifier,
resp.newfd_flags = 0;
resp.id = req->id;
- if(gluten_read(NULL, g, &resp.newfd, op->new_fd, sizeof(resp.newfd)) == -1)
+ if(gluten_read(&req->data, g, &resp.newfd, op->new_fd, sizeof(resp.newfd)) == -1)
return -1;
- if(gluten_read(NULL, g, &resp.srcfd, op->old_fd, sizeof(resp.srcfd)) == -1)
+ if(gluten_read(&req->data, g, &resp.srcfd, op->old_fd, sizeof(resp.srcfd)) == -1)
return -1;
if (atomic)
@@ -366,7 +366,7 @@ int op_resolve_fd(const struct seccomp_notif *req, int notifier,
if(gluten_read(NULL, g, &path, op->path, sizeof(op->path_size)) == -1)
return -1;
- if(gluten_read(NULL, g, &fd, op->fd, sizeof(fd)) == -1)
+ if(gluten_read(&req->data, g, &fd, op->fd, sizeof(fd)) == -1)
return -1;
snprintf(fdpath, PATH_MAX, "/proc/%d/fd/%d", req->pid, fd);