memset(&hints, 0, sizeof(hints));
hints.ai_family = family;
hints.ai_socktype = SOCK_STREAM;
- err = sandbox_getaddrinfo(name, &res);
+ err = sandbox_getaddrinfo(name, hints, &res);
if (!err) {
best = NULL;
for (res_p = res; res_p; res_p = res_p->ai_next) {
#include <time.h>
#include <poll.h>
+static int sandbox_active = 0;
static sandbox_cfg_t *filter_dynamic = NULL;
static sb_addr_info_t *sb_addr_info = NULL;
}
int
-sandbox_getaddrinfo(const char *name, struct addrinfo **res)
+sandbox_getaddrinfo(const char *name, struct addrinfo hints,
+ struct addrinfo **res)
{
sb_addr_info_t *el;
for (el = sb_addr_info; el; el = el->next) {
if (!strcmp(el->name, name)) {
- *res = (struct addrinfo *)malloc(sizeof(struct addrinfo));
+ *res = (struct addrinfo *) malloc(sizeof(struct addrinfo));
if (!res) {
return -2;
}
memcpy(*res, el->info, sizeof(struct addrinfo));
-
return 0;
}
}
+ if (!sandbox_active) {
+ if (getaddrinfo(name, NULL, &hints, res)) {
+ log_err(LD_BUG,"(Sandbox) getaddrinfo failed!");
+ return -1;
+ }
+
+ return 0;
+ }
+
+ // getting here means something went wrong
log_err(LD_BUG,"(Sandbox) failed to get address %s!", name);
+ if (*res) {
+ free(*res);
+ res = NULL;
+ }
return -1;
}
goto end;
}
- rc = seccomp_load(ctx);
+ // loading the seccomp2 filter
+ if((rc = seccomp_load(ctx))) {
+ log_err(LD_BUG, "(Sandbox) failed to load!");
+ goto end;
+ }
+
+ // marking the sandbox as active
+ sandbox_active = 1;
end:
seccomp_release(ctx);
int sandbox_add_addrinfo(const char *addr);
/** Replacement for getaddrinfo(), using pre-recorded results. */
-int sandbox_getaddrinfo(const char *name, struct addrinfo **res);
+int sandbox_getaddrinfo(const char *name, struct addrinfo hints,
+ struct addrinfo **res);
/** Use <b>fd</b> to log non-survivable sandbox violations. */
void sandbox_set_debugging_fd(int fd);
projects / thirdparty / tor.git / commitdiff
