diff options
| -rw-r--r-- | common/gluten.h | 7 | ||||
| -rw-r--r-- | operations.c | 8 |
2 files changed, 11 insertions, 4 deletions
diff --git a/common/gluten.h b/common/gluten.h index 83cfbc3..fe62827 100644 --- a/common/gluten.h +++ b/common/gluten.h @@ -341,8 +341,10 @@ static inline const void *gluten_ptr(const struct seccomp_data *s, struct gluten *g, const struct gluten_offset x) { - if (!is_offset_valid(x)) + if (!is_offset_valid(x)) { + err(" offset limits are invalid"); return NULL; + } if (x.type == OFFSET_SECCOMP_DATA && s == NULL) return NULL; @@ -364,6 +366,7 @@ static inline const void *gluten_ptr(const struct seccomp_data *s, static inline bool check_gluten_limits(struct gluten_offset v, size_t size) { struct gluten_offset off = { v.type, v.offset + size }; + if (v.type == OFFSET_SECCOMP_DATA || is_offset_valid(off)) return true; @@ -388,8 +391,10 @@ static inline int gluten_read(const struct seccomp_data *s, struct gluten *g, size_t size) { const void *p = gluten_ptr(s, g, src); + if (p == NULL || !check_gluten_limits(src, size)) return -1; + memcpy(dst, p, size); return 0; diff --git a/operations.c b/operations.c index c8af0ad..b5e536a 100644 --- a/operations.c +++ b/operations.c @@ -93,7 +93,6 @@ static int prepare_arg_clone(const struct seccomp_notif *req, struct gluten *g, c->err = 0; c->ret = -1; c->nr = s->nr; - for (i = 0; i < s->arg_count; i++) { /* If arg is a pointer then need to calculate the absolute * address and the value of arg is the relative offset of the actual @@ -237,8 +236,8 @@ static int execute_syscall(void *args) c->ret = syscall(c->nr, c->args[0], c->args[1], c->args[2], c->args[3], c->args[4], c->args[5]); c->err = errno; - debug(" execute syscall: ret=%ld errno=%d%s%s", c->ret, c->err, - *c->cwd ? " cwd=" : "", *c->cwd ? c->cwd : ""); + debug(" execute syscall %ld: ret=%ld errno=%d%s%s", c->nr, c->ret, + c->err, *c->cwd ? " cwd=" : "", *c->cwd ? c->cwd : ""); if (c->ret < 0) { perror(" syscall"); exit(EXIT_FAILURE); @@ -380,6 +379,9 @@ int op_return(const struct seccomp_notif *req, int notifier, struct gluten *g, const struct return_desc *desc = gluten_ptr(&req->data, g, op->desc); struct seccomp_notif_resp resp; + if(desc == NULL) + ret_err(-1, "empty description for return value"); + resp.id = req->id; if (desc->cont) { resp.flags = SECCOMP_USER_NOTIF_FLAG_CONTINUE; |