ops: check for SECCOMP_DATA

Add check if offset type is SECCOMP_DATA and the seccomp request is set.

2 files changed, 6 insertions, 3 deletions

diff --git a/common/gluten.h b/common/gluten.h
index 078c6fa..8d74819 100644
--- a/common/gluten.h
+++ b/common/gluten.h
@@ -244,6 +244,9 @@ static inline const void *gluten_ptr(const struct seccomp_data *s,
 	if (!is_offset_valid(x))
 		return NULL;
 
+	if(x.type == OFFSET_SECCOMP_DATA && s == NULL)
+		return NULL;
+
 	switch (x.type) {
 	case OFFSET_DATA:
 		return g->data + x.offset;
diff --git a/operations.c b/operations.c
index 382474c..d6a9245 100644
--- a/operations.c
+++ b/operations.c
@@ -304,9 +304,9 @@ static int do_inject(const struct seccomp_notif *req, int notifier,
 	resp.newfd_flags = 0;
 	resp.id = req->id;
 
-	if(gluten_read(NULL, g, &resp.newfd, op->new_fd, sizeof(resp.newfd)) == -1)
+	if(gluten_read(&req->data, g, &resp.newfd, op->new_fd, sizeof(resp.newfd)) == -1)
 		return -1;
-	if(gluten_read(NULL, g, &resp.srcfd, op->old_fd, sizeof(resp.srcfd)) == -1)
+	if(gluten_read(&req->data, g, &resp.srcfd, op->old_fd, sizeof(resp.srcfd)) == -1)
 		return -1;
 
 	if (atomic)
@@ -366,7 +366,7 @@ int op_resolve_fd(const struct seccomp_notif *req, int notifier,
 
 	if(gluten_read(NULL, g, &path, op->path, sizeof(op->path_size)) == -1)
 		return -1;
-	if(gluten_read(NULL, g, &fd, op->fd, sizeof(fd)) == -1)
+	if(gluten_read(&req->data, g, &fd, op->fd, sizeof(fd)) == -1)
 		return -1;
 
 	snprintf(fdpath, PATH_MAX, "/proc/%d/fd/%d", req->pid, fd);