[mesos] branch master updated: Added support of `null` values for syscall `args` in Seccomp.

Wed, 17 Jun 2020 02:46:21 -0700 

This is an automated email from the ASF dual-hosted git repository.

abudnik pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/mesos.git


The following commit(s) were added to refs/heads/master by this push:
     new a679eb4  Added support of `null` values for syscall `args` in Seccomp.
a679eb4 is described below

commit a679eb4bc35bd2d7c4cffdd9440ab301d8fc8986
Author: Andrei Budnik <abud...@apache.org>
AuthorDate: Wed Jun 10 17:39:05 2020 +0200

    Added support of `null` values for syscall `args` in Seccomp.
    
    This patch adds support for `null` values of syscall arguments.
    If the value is `null`, then syscall arguments are ignored.
    
    Review: https://reviews.apache.org/r/72596
---
 src/linux/seccomp/seccomp_parser.cpp | 21 ++++++++++++---------
 1 file changed, 12 insertions(+), 9 deletions(-)

diff --git a/src/linux/seccomp/seccomp_parser.cpp 
b/src/linux/seccomp/seccomp_parser.cpp
index 3dcfcd6..8242bd5 100644
--- a/src/linux/seccomp/seccomp_parser.cpp
+++ b/src/linux/seccomp/seccomp_parser.cpp
@@ -435,23 +435,26 @@ Try<Nothing> parseSyscalls(
 
     // Parse `args` section which contains seccomp filtering rules for syscall
     // arguments.
-    const auto args = item.as<JSON::Object>().at<JSON::Array>("args");
+    const auto args = item.as<JSON::Object>().find<JSON::Value>("args");
     if (!args.isSome()) {
       return Error(
           "Cannot determine 'args' field for 'syscalls' item: " +
           (args.isError() ? args.error() : "Not found"));
     }
 
-    foreach (const JSON::Value& argsItem, args->values) {
-      if (!argsItem.is<JSON::Object>()) {
-        return Error("'names' contains a non-object item");
-      }
+    // `args` can be either `null` or an array.
+    if (args->is<JSON::Array>()) {
+      foreach (const JSON::Value& argsItem, args->as<JSON::Array>().values) {
+        if (!argsItem.is<JSON::Object>()) {
+          return Error("'args' contains a non-object item");
+        }
 
-      Try<Nothing> arg =
-        parseSyscallArgument(argsItem.as<JSON::Object>(), syscall.add_args());
+        Try<Nothing> arg =
+          parseSyscallArgument(argsItem.as<JSON::Object>(), 
syscall.add_args());
 
-      if (arg.isError()) {
-        return Error(arg.error());
+        if (arg.isError()) {
+          return Error(arg.error());
+        }
       }
     }

Reply via email to