From 2878f461e18869d7a63a6994a2e43fce05338c1b Mon Sep 17 00:00:00 2001
From: Alice Frosi <afrosi@redhat.com>
Date: Fri, 14 Jul 2023 12:48:37 +0200
Subject: common, ops: add error print and return if desc is empty

---
 common/gluten.h | 7 ++++++-
 operations.c    | 8 +++++---
 2 files changed, 11 insertions(+), 4 deletions(-)

diff --git a/common/gluten.h b/common/gluten.h
index 83cfbc3..fe62827 100644
--- a/common/gluten.h
+++ b/common/gluten.h
@@ -341,8 +341,10 @@ static inline const void *gluten_ptr(const struct seccomp_data *s,
 				     struct gluten *g,
 				     const struct gluten_offset x)
 {
-	if (!is_offset_valid(x))
+	if (!is_offset_valid(x)) {
+		err("  offset limits are invalid");
 		return NULL;
+	}
 
 	if (x.type == OFFSET_SECCOMP_DATA && s == NULL)
 		return NULL;
@@ -364,6 +366,7 @@ static inline const void *gluten_ptr(const struct seccomp_data *s,
 static inline bool check_gluten_limits(struct gluten_offset v, size_t size)
 {
 	struct gluten_offset off = { v.type, v.offset + size };
+
 	if (v.type == OFFSET_SECCOMP_DATA || is_offset_valid(off))
 		return true;
 
@@ -388,8 +391,10 @@ static inline int gluten_read(const struct seccomp_data *s, struct gluten *g,
 			      size_t size)
 {
 	const void *p = gluten_ptr(s, g, src);
+
 	if (p == NULL || !check_gluten_limits(src, size))
 		return -1;
+
 	memcpy(dst, p, size);
 
 	return 0;
diff --git a/operations.c b/operations.c
index c8af0ad..b5e536a 100644
--- a/operations.c
+++ b/operations.c
@@ -93,7 +93,6 @@ static int prepare_arg_clone(const struct seccomp_notif *req, struct gluten *g,
 	c->err = 0;
 	c->ret = -1;
 	c->nr = s->nr;
-
 	for (i = 0; i < s->arg_count; i++) {
 		/* If arg is a pointer then need to calculate the absolute
 		 * address and the value of arg is the relative offset of the actual
@@ -237,8 +236,8 @@ static int execute_syscall(void *args)
 	c->ret = syscall(c->nr, c->args[0], c->args[1], c->args[2], c->args[3],
 			 c->args[4], c->args[5]);
 	c->err = errno;
-	debug("  execute syscall: ret=%ld errno=%d%s%s", c->ret, c->err,
-	      *c->cwd ? " cwd=" : "", *c->cwd ? c->cwd : "");
+	debug("  execute syscall %ld: ret=%ld errno=%d%s%s", c->nr, c->ret,
+	      c->err, *c->cwd ? " cwd=" : "", *c->cwd ? c->cwd : "");
 	if (c->ret < 0) {
 		perror("  syscall");
 		exit(EXIT_FAILURE);
@@ -380,6 +379,9 @@ int op_return(const struct seccomp_notif *req, int notifier, struct gluten *g,
 	const struct return_desc *desc = gluten_ptr(&req->data, g, op->desc);
 	struct seccomp_notif_resp resp;
 
+	if(desc == NULL)
+		ret_err(-1, "empty description for return value");
+
 	resp.id = req->id;
 	if (desc->cont) {
 		resp.flags = SECCOMP_USER_NOTIF_FLAG_CONTINUE;
-- 
cgit v1.2.3