On 2014-08-11 18:08:50, Seth Arnold wrote: > On Mon, Aug 11, 2014 at 03:08:11PM -0500, Tyler Hicks wrote: > > Signed-off-by: Tyler Hicks <[email protected]> > > Acked-by: Seth Arnold <[email protected]>
Hey Seth - Thanks for all of the quick reviews.
>
> .. though the design doesn't allow for giving a unix socket abstract name
> with an embedded 0x00 byte in the middle of the name; having an embedded
> NUL in the middle of the name sounds like a case that's liable to be buggy
> somewhere in the stack, so it'd be nice to have those names be easily
> testable.
Good point! I'll commit this as-is so that we will be closer to having
some tests, but will figure out how best to use arbitrary bytes (it
looks like the kernel will accept any bytes) and add that in later.
> (The aa-encode and aa-decode scripts may be handy for writing the
> shell-script side of things.)
I'll check those scripts out. The first thing that came to my mind using
the coreutils base64 program for encoding from the shell script and
embedding a base64 decoder into unix_socket.c and unix_socket_client.c.
Tyler
>
> Thanks
>
> > ---
> > tests/regression/apparmor/unix_socket.c | 22 ++++++++++++++++++----
> > tests/regression/apparmor/unix_socket_client.c | 19 ++++++++++++++++---
> > 2 files changed, 34 insertions(+), 7 deletions(-)
> >
> > diff --git a/tests/regression/apparmor/unix_socket.c
> > b/tests/regression/apparmor/unix_socket.c
> > index 76a4eb8..b6dc0dd 100644
> > --- a/tests/regression/apparmor/unix_socket.c
> > +++ b/tests/regression/apparmor/unix_socket.c
> > @@ -87,17 +87,33 @@ int main (int argc, char *argv[])
> > struct pollfd pfd;
> > char msg_buf[MSG_BUF_MAX];
> > size_t msg_buf_len;
> > + const char *sun_path;
> > + size_t sun_path_len;
> > pid_t pid;
> > int sock, type, rc;
> >
> > if (argc != 5) {
> > fprintf(stderr,
> > "Usage: %s <socket> <type> <message> <client>\n\n"
> > + " socket\t\ta path for a bound socket or a name
> > prepended with '@' for an abstract socket\n"
> > " type\t\tstream, dgram, or seqpacket\n",
> > argv[0]);
> > exit(1);
> > }
> >
> > + addr.sun_family = AF_UNIX;
> > + memset(addr.sun_path, 0, sizeof(addr.sun_path));
> > +
> > + sun_path = argv[1];
> > + sun_path_len = strlen(sun_path);
> > + if (sun_path[0] == '@') {
> > + memcpy(addr.sun_path, sun_path, sun_path_len);
> > + addr.sun_path[0] = '\0';
> > + sun_path_len = sizeof(addr.sun_path);
> > + } else {
> > + memcpy(addr.sun_path, sun_path, sun_path_len + 1);
> > + }
> > +
> > if (!strcmp(argv[2], "stream")) {
> > type = SOCK_STREAM;
> > } else if (!strcmp(argv[2], "dgram")) {
> > @@ -122,10 +138,8 @@ int main (int argc, char *argv[])
> > exit(1);
> > }
> >
> > - addr.sun_family = AF_UNIX;
> > - strcpy(addr.sun_path, argv[1]);
> > rc = bind(sock, (struct sockaddr *)&addr,
> > - strlen(addr.sun_path) + sizeof(addr.sun_family));
> > + sun_path_len + sizeof(addr.sun_family));
> > if (rc < 0) {
> > perror("FAIL - bind");
> > exit(1);
> > @@ -144,7 +158,7 @@ int main (int argc, char *argv[])
> > perror("FAIL - fork");
> > exit(1);
> > } else if (!pid) {
> > - execl(argv[4], argv[4], argv[1], argv[2], NULL);
> > + execl(argv[4], argv[4], sun_path, argv[2], NULL);
> > exit(0);
> > }
> >
> > diff --git a/tests/regression/apparmor/unix_socket_client.c
> > b/tests/regression/apparmor/unix_socket_client.c
> > index 73aa8ba..ac53ecd 100644
> > --- a/tests/regression/apparmor/unix_socket_client.c
> > +++ b/tests/regression/apparmor/unix_socket_client.c
> > @@ -81,6 +81,8 @@ static int connectionless_messaging(int sock)
> > int main(int argc, char *argv[])
> > {
> > struct sockaddr_un peer_addr;
> > + const char *sun_path;
> > + size_t sun_path_len;
> > int sock, type, rc;
> >
> > if (argc != 3) {
> > @@ -90,6 +92,19 @@ int main(int argc, char *argv[])
> > exit(1);
> > }
> >
> > + peer_addr.sun_family = AF_UNIX;
> > + memset(peer_addr.sun_path, 0, sizeof(peer_addr.sun_path));
> > +
> > + sun_path = argv[1];
> > + sun_path_len = strlen(sun_path);
> > + if (sun_path[0] == '@') {
> > + memcpy(peer_addr.sun_path, sun_path, sun_path_len);
> > + peer_addr.sun_path[0] = '\0';
> > + sun_path_len = sizeof(peer_addr.sun_path);
> > + } else {
> > + memcpy(peer_addr.sun_path, sun_path, sun_path_len + 1);
> > + }
> > +
> > if (!strcmp(argv[2], "stream")) {
> > type = SOCK_STREAM;
> > } else if (!strcmp(argv[2], "dgram")) {
> > @@ -107,10 +122,8 @@ int main(int argc, char *argv[])
> > exit(1);
> > }
> >
> > - peer_addr.sun_family = AF_UNIX;
> > - strcpy(peer_addr.sun_path, argv[1]);
> > rc = connect(sock, (struct sockaddr *)&peer_addr,
> > - strlen(peer_addr.sun_path) + sizeof(peer_addr.sun_family));
> > + sun_path_len + sizeof(peer_addr.sun_family));
> > if (rc < 0) {
> > perror("FAIL CLIENT - connect");
> > exit(1);
> > --
> > 2.1.0.rc1
> >
> >
> > --
> > AppArmor mailing list
> > [email protected]
> > Modify settings or unsubscribe at:
> > https://lists.ubuntu.com/mailman/listinfo/apparmor
> >
> --
> AppArmor mailing list
> [email protected]
> Modify settings or unsubscribe at:
> https://lists.ubuntu.com/mailman/listinfo/apparmor
signature.asc
Description: Digital signature
-- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
