mir/lxc
2
0
Fork 0
mirror of git://github.com/lxc/lxc synced 2025-08-29 16:39:49 +00:00
Code Issues Releases Wiki Activity

seccomp: fix integer comparisons

Browse Source 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
This commit is contained in:
Christian Brauner 2021-09-03 12:50:28 +02:00
parent 360df02a57
commit 14551c8c82
No known key found for this signature in database
GPG Key ID: 8EB056D53EECB12D
1 changed files with 11 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
src/lxc/seccomp.c
View File

@ -93,9 +93,9 @@ static const char *get_action_name(uint32_t action)
return "invalid action"; return "invalid action";
} }
static uint32_t get_v2_default_action(char *line) static int32_t get_v2_default_action(char *line)
{ {
uint32_t ret_action = -1; int32_t ret_action = -1;
while (*line == ' ') while (*line == ' ')
line++; line++;
@ -129,7 +129,7 @@ static uint32_t get_v2_default_action(char *line)
return ret_action; return ret_action;
} }
static uint32_t get_v2_action(char *line, uint32_t def_action) static int32_t get_v2_action(char *line, uint32_t def_action)
{ {
char *p; char *p;
uint32_t ret; uint32_t ret;
@ -264,13 +264,14 @@ static int parse_v2_rules(char *line, uint32_t def_action,
return -1; return -1;
/* read optional action which follows the syscall */ /* read optional action which follows the syscall */
rules->action = get_v2_action(tmp, def_action); ret = get_v2_action(tmp, def_action);
if (rules->action == -1) { if (ret == -1) {
ERROR("Failed to interpret action"); ERROR("Failed to interpret action");
ret = -1;
goto on_error; goto on_error;
} }
rules->action = ret;
ret = 0; ret = 0;
rules->args_num = 0; rules->args_num = 0;
if (!strchr(tmp, '[')) if (!strchr(tmp, '['))
@ -496,7 +497,7 @@ enum lxc_seccomp_rule_status_t {
static enum lxc_seccomp_rule_status_t do_resolve_add_rule(uint32_t arch, char *line, scmp_filter_ctx ctx, static enum lxc_seccomp_rule_status_t do_resolve_add_rule(uint32_t arch, char *line, scmp_filter_ctx ctx,
struct seccomp_v2_rule *rule) struct seccomp_v2_rule *rule)
{ {
int i, nr, ret; int nr, ret;
struct scmp_arg_cmp arg_cmp[6]; struct scmp_arg_cmp arg_cmp[6];
ret = seccomp_arch_exist(ctx, arch); ret = seccomp_arch_exist(ctx, arch);
@ -543,8 +544,8 @@ static enum lxc_seccomp_rule_status_t do_resolve_add_rule(uint32_t arch, char *l
} }
memset(&arg_cmp, 0, sizeof(arg_cmp)); memset(&arg_cmp, 0, sizeof(arg_cmp));
for (i = 0; i < rule->args_num; i++) { for (size_t i = 0; i < rule->args_num; i++) {
INFO("arg_cmp[%d]: SCMP_CMP(%u, %llu, %llu, %llu)", i, INFO("arg_cmp[%zu]: SCMP_CMP(%u, %llu, %llu, %llu)", i,
rule->args_value[i].index, rule->args_value[i].index,
(long long unsigned int)rule->args_value[i].op, (long long unsigned int)rule->args_value[i].op,
(long long unsigned int)rule->args_value[i].mask, (long long unsigned int)rule->args_value[i].mask,
@ -618,7 +619,7 @@ static int parse_config_v2(FILE *f, char *line, size_t *line_bufsz, struct lxc_c
char *p; char *p;
enum lxc_hostarch_t cur_rule_arch, native_arch; enum lxc_hostarch_t cur_rule_arch, native_arch;
bool denylist = false; bool denylist = false;
uint32_t default_policy_action = -1, default_rule_action = -1; int32_t default_policy_action = -1, default_rule_action = -1;
struct seccomp_v2_rule rule; struct seccomp_v2_rule rule;
struct scmp_ctx_info { struct scmp_ctx_info {
uint32_t architectures[3]; uint32_t architectures[3];