From b29288b8b000730bbd416b0e1f4f4c694e346e20 Mon Sep 17 00:00:00 2001 From: Alice Frosi Date: Wed, 10 May 2023 14:20:01 +0200 Subject: ops: check for SECCOMP_DATA Add check if offset type is SECCOMP_DATA and the seccomp request is set. --- common/gluten.h | 3 +++ operations.c | 6 +++--- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/common/gluten.h b/common/gluten.h index 078c6fa..8d74819 100644 --- a/common/gluten.h +++ b/common/gluten.h @@ -244,6 +244,9 @@ static inline const void *gluten_ptr(const struct seccomp_data *s, if (!is_offset_valid(x)) return NULL; + if(x.type == OFFSET_SECCOMP_DATA && s == NULL) + return NULL; + switch (x.type) { case OFFSET_DATA: return g->data + x.offset; diff --git a/operations.c b/operations.c index 382474c..d6a9245 100644 --- a/operations.c +++ b/operations.c @@ -304,9 +304,9 @@ static int do_inject(const struct seccomp_notif *req, int notifier, resp.newfd_flags = 0; resp.id = req->id; - if(gluten_read(NULL, g, &resp.newfd, op->new_fd, sizeof(resp.newfd)) == -1) + if(gluten_read(&req->data, g, &resp.newfd, op->new_fd, sizeof(resp.newfd)) == -1) return -1; - if(gluten_read(NULL, g, &resp.srcfd, op->old_fd, sizeof(resp.srcfd)) == -1) + if(gluten_read(&req->data, g, &resp.srcfd, op->old_fd, sizeof(resp.srcfd)) == -1) return -1; if (atomic) @@ -366,7 +366,7 @@ int op_resolve_fd(const struct seccomp_notif *req, int notifier, if(gluten_read(NULL, g, &path, op->path, sizeof(op->path_size)) == -1) return -1; - if(gluten_read(NULL, g, &fd, op->fd, sizeof(fd)) == -1) + if(gluten_read(&req->data, g, &fd, op->fd, sizeof(fd)) == -1) return -1; snprintf(fdpath, PATH_MAX, "/proc/%d/fd/%d", req->pid, fd); -- cgit v1.2.3