dynamic parameter filter bug fixes

diff --git a/src/common/sandbox.c b/src/common/sandbox.c
index 2657cbaaf2e1b0c3ad14a124377c5d05f5aaa60e..1a842f9ed8a3aab15ef087d56ce0b3c801eaf7ce 100644 (file)
--- a/src/common/sandbox.c
+++ b/src/common/sandbox.c
@@ -192,6 +192,7 @@ char*
 get_prot_param(char *param)
 {
   int i, filter_size;
+  ParFilterDynamic *elem;
 
   if (param == NULL)
     return NULL;
@@ -209,6 +210,13 @@ get_prot_param(char *param)
     }
   }
 
+  for (elem = filter_dynamic; elem != NULL; elem = elem->next) {
+    if (elem->prot  && elem->ptype == PARAM_PTR
+        && !strncmp(param, (char*)(elem->param), MAX_PARAM_LEN)) {
+      return (char*)(elem->param);
+    }
+  }
+
   log_warn(LD_BUG, "(Sandbox) Parameter %s not found", param);
   return param;
 }
@@ -272,6 +280,13 @@ add_dynamic_param_filter(char *syscall, char ptype, char pindex, intptr_t val)
     break;
   }
 
+  // TODO: and so on ..?
+  if (!strcmp(syscall, "open")) {
+    (*elem)->syscall = SCMP_SYS(open);
+  } else if (!strcmp(syscall, "rt_sigaction")) {
+    (*elem)->syscall = SCMP_SYS(rt_sigaction);
+  }
+
   return 0;
 }
 

diff --git a/src/common/sandbox.h b/src/common/sandbox.h
index b75161d93b4624f5c8210b82f1d12a3d54fdcd41..dc765c758e700ed0d26d9459c02a45fbec78bc57 100644 (file)
--- a/src/common/sandbox.h
+++ b/src/common/sandbox.h
@@ -81,6 +81,8 @@ typedef struct pfd_elem ParFilterDynamic;
 void sandbox_set_debugging_fd(int fd);
 int tor_global_sandbox(void);
 char* get_prot_param(char *param);
+int add_dynamic_param_filter(char *syscall, char ptype, char pindex,
+    intptr_t val);
 
 #endif /* SANDBOX_H_ */