Fix sandbox protection for rename

author Nick Mathewson <nickm@torproject.org>

Wed, 16 Apr 2014 16:50:24 +0000 (12:50 -0400)

committer Nick Mathewson <nickm@torproject.org>

Thu, 17 Apr 2014 02:03:09 +0000 (22:03 -0400)
author Nick Mathewson <nickm@torproject.org>
Wed, 16 Apr 2014 16:50:24 +0000 (12:50 -0400)
committer Nick Mathewson <nickm@torproject.org>
Thu, 17 Apr 2014 02:03:09 +0000 (22:03 -0400)
diff --git a/src/common/sandbox.c b/src/common/sandbox.c

index 73966de6e2f54cfc3bf98659ee9aedc4856c5151..d50e07494de4748201778599cfa659e561c02ce4 100644 (file)
--- a/src/common/sandbox.c
+++ b/src/common/sandbox.c
@@ -377,13 +377,10 @@ sb_rename(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
      if (param != NULL && param->prot == 1 &&
          param->syscall == SCMP_SYS(rename)) {
  
-      intptr_t value2 = (intptr_t)(void*)sandbox_intern_string(
-                                              (char*)param->value2);
-
        rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW,
-            SCMP_SYS(rename), 1,
+            SCMP_SYS(rename), 2,
              SCMP_CMP(0, SCMP_CMP_EQ, param->value),
-            SCMP_CMP(1, SCMP_CMP_EQ, value2));
+            SCMP_CMP(1, SCMP_CMP_EQ, param->value2));
        if (rc != 0) {
          log_err(LD_BUG,"(Sandbox) failed to add rename syscall, received "
              "libseccomp error %d", rc);
@@ -1152,15 +1149,6 @@ sandbox_cfg_allow_rename(sandbox_cfg_t **cfg, char *file1, char *file2)
    elem->next = *cfg;
    *cfg = elem;
  
-  /* For interning */
-  elem = new_element(-1, (intptr_t)(void*)tor_strdup(file2));
-  if (!elem) {
-    log_err(LD_BUG,"(Sandbox) failed to register parameter!");
-    return -1;
-  }
-  elem->next = *cfg;
-  *cfg = elem;
-
    return 0;
  }
author	Nick Mathewson <nickm@torproject.org>
	Wed, 16 Apr 2014 16:50:24 +0000 (12:50 -0400)
committer	Nick Mathewson <nickm@torproject.org>
	Thu, 17 Apr 2014 02:03:09 +0000 (22:03 -0400)