diff options
| author | Alice Frosi <afrosi@redhat.com> | 2023-05-10 11:06:12 +0200 |
|---|---|---|
| committer | Alice Frosi <afrosi@redhat.com> | 2023-05-10 12:18:57 +0200 |
| commit | 92afac2a0ca640f19d39da6e7e82e1acb93e2024 (patch) | |
| tree | 52e0acb81db84833b76d36128800b26dab86effa /operations.c | |
| parent | 0977f0876af186975d3861c53b8431a80a27fa83 (diff) | |
| download | seitan-92afac2a0ca640f19d39da6e7e82e1acb93e2024.tar seitan-92afac2a0ca640f19d39da6e7e82e1acb93e2024.tar.gz seitan-92afac2a0ca640f19d39da6e7e82e1acb93e2024.tar.bz2 seitan-92afac2a0ca640f19d39da6e7e82e1acb93e2024.tar.lz seitan-92afac2a0ca640f19d39da6e7e82e1acb93e2024.tar.xz seitan-92afac2a0ca640f19d39da6e7e82e1acb93e2024.tar.zst seitan-92afac2a0ca640f19d39da6e7e82e1acb93e2024.zip | |
Refactoring of gluten_read/write
Refactor includes:
- use static inline instead of macro
- return -1 if there is an error and don't exit
- eval return 0 or -1
- adjust code and tests
Diffstat (limited to 'operations.c')
| -rw-r--r-- | operations.c | 28 |
1 files changed, 18 insertions, 10 deletions
diff --git a/operations.c b/operations.c index bf03ab8..af86568 100644 --- a/operations.c +++ b/operations.c @@ -177,7 +177,10 @@ int op_load(const struct seccomp_notif *req, int notifier, struct gluten *g, ret = -1; goto out; } - check_gluten_limits(&g, load->dst, load->size); + if (!check_gluten_limits(load->dst, load->size)) { + ret = -1; + goto out; + } if (pread(fd, gluten_write_ptr(g, load->dst), load->size, *src) < 0) { perror("pread"); return -1; @@ -233,7 +236,7 @@ int op_call(const struct seccomp_notif *req, int notifier, struct gluten *g, * reference */ if (op->has_ret) - gluten_write(g, op->ret, c.ret); + return gluten_write(g, op->ret, &c.ret, sizeof(c.ret)); return 0; } @@ -264,7 +267,8 @@ int op_return(const struct seccomp_notif *req, int notifier, struct gluten *g, resp.flags = 0; resp.error = 0; - gluten_read(NULL, g, resp.val, op->val, sizeof(resp.val)); + if (gluten_read(&req->data, g, &resp.val, op->val, sizeof(resp.val)) == -1) + return -1; if (send_target(&resp, notifier) == -1) return -1; @@ -300,8 +304,10 @@ static int do_inject(const struct seccomp_notif *req, int notifier, resp.newfd_flags = 0; resp.id = req->id; - gluten_read(NULL, g, resp.newfd, op->new_fd, sizeof(resp.newfd)); - gluten_read(NULL, g, resp.srcfd, op->old_fd, sizeof(resp.srcfd)); + if(gluten_read(NULL, g, &resp.newfd, op->new_fd, sizeof(resp.newfd)) == -1) + return -1; + if(gluten_read(NULL, g, &resp.srcfd, op->old_fd, sizeof(resp.srcfd)) == -1) + return -1; if (atomic) resp.flags |= SECCOMP_ADDFD_FLAG_SEND; @@ -351,8 +357,10 @@ int op_resolve_fd(const struct seccomp_notif *req, int notifier, (void)notifier; - gluten_read(NULL, g, path, op->path, sizeof(op->path_size)); - gluten_read(NULL, g, fd, op->fd, sizeof(fd)); + if(gluten_read(NULL, g, &path, op->path, sizeof(op->path_size)) == -1) + return -1; + if(gluten_read(NULL, g, &fd, op->fd, sizeof(fd)) == -1) + return -1; snprintf(fdpath, PATH_MAX, "/proc/%d/fd/%d", req->pid, fd); if ((nbytes = readlink(fdpath, buf, op->path_size)) < 0) { @@ -366,12 +374,12 @@ int op_resolve_fd(const struct seccomp_notif *req, int notifier, return 0; } -void eval(struct gluten *g, struct op *ops, const struct seccomp_notif *req, +int eval(struct gluten *g, struct op *ops, const struct seccomp_notif *req, int notifier) { struct op *op = ops; - while (op->type != OP_END && op != NULL) { + while (op->type != OP_END) { switch (op->type) { HANDLE_OP(OP_CALL, op_call, call); HANDLE_OP(OP_BLOCK, op_block, block); @@ -384,7 +392,7 @@ void eval(struct gluten *g, struct op *ops, const struct seccomp_notif *req, HANDLE_OP(OP_RESOLVEDFD, op_resolve_fd, resfd); default: fprintf(stderr, "unknown operation %d \n", op->type); - return; } } + return 0; } |