commit:     9038c4e783b2cc7dc1ab479974d0523502af429f
Author:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Sun Feb 23 19:54:55 2025 +0000
Commit:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Sun Feb 23 19:59:47 2025 +0000
URL:        https://gitweb.gentoo.org/proj/sandbox.git/commit/?id=9038c4e7

check_syscall: allocate absolute_path and resolved_path on the heap

The stack might be too small in programs that play with clone().

Bug: https://bugs.gentoo.org/950191
Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>

 libsandbox/libsandbox.c | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

diff --git a/libsandbox/libsandbox.c b/libsandbox/libsandbox.c
index b46b1ba..e9dc816 100644
--- a/libsandbox/libsandbox.c
+++ b/libsandbox/libsandbox.c
@@ -565,6 +565,14 @@ static int get_pid_fd(pid_t pid, int dirfd)
        return r;
 }
 
+static void cleanup_free(void *vp)
+{
+       void **vpp = vp;
+       free(*vpp);
+}
+
+#define _cleanup_free_ __attribute__((cleanup(cleanup_free)))
+
 /* Return values:
  *  0: failure, caller should abort
  *  1: things worked out fine
@@ -573,11 +581,11 @@ static int get_pid_fd(pid_t pid, int dirfd)
 static int check_syscall(sbcontext_t *sbcontext, int sb_nr, const char *func,
                          int dirfd, const char *file, int flags)
 {
-       char absolute_path[SB_PATH_MAX];
-       char resolved_path[SB_PATH_MAX];
        int old_errno = errno;
        int result;
        bool access, debug, verbose, set;
+       _cleanup_free_ char *absolute_path = xmalloc(SB_PATH_MAX);
+       _cleanup_free_ char *resolved_path = xmalloc(SB_PATH_MAX);
 
        int trace_dirfd = -1;
        if (trace_pid && (file == NULL || file[0] != '/')) {
@@ -596,12 +604,12 @@ static int check_syscall(sbcontext_t *sbcontext, int 
sb_nr, const char *func,
        if (is_symlink_func(sb_nr))
                flags |= AT_SYMLINK_NOFOLLOW;
 
-       if (!sb_abspathat(dirfd, file, absolute_path, sizeof(absolute_path)))
+       if (!sb_abspathat(dirfd, file, absolute_path, SB_PATH_MAX))
                return 1;
 
        sb_debug_dyn("absolute_path: %s\n", absolute_path);
 
-       if (!sb_realpathat(dirfd, file, resolved_path, sizeof(resolved_path),
+       if (!sb_realpathat(dirfd, file, resolved_path, SB_PATH_MAX,
                                flags, is_create(sb_nr)))
                return 1;
 

Reply via email to