Opened 4 years ago

Closed 4 years ago

#16215 closed defect (fixed)

missing return value check in sb_socket()

Reported by: weasel Owned by:
Priority: Medium Milestone: Tor: 0.2.7.x-final
Component: Core Tor/Tor Version: Tor: 0.2.6.7
Severity: Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

All the other seccomp_rule_add calls check their return values. One doesn't.

It probably should conform.

--- a/src/common/sandbox.c
+++ b/src/common/sandbox.c
@@ -547,6 +547,8 @@ sb_socket(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
       SCMP_CMP(0, SCMP_CMP_EQ, PF_UNIX),
       SCMP_CMP_MASKED(1, SOCK_CLOEXEC|SOCK_NONBLOCK, SOCK_STREAM),
       SCMP_CMP(2, SCMP_CMP_EQ, 0));
+  if (rc)
+    return rc;
 
   rc = seccomp_rule_add_3(ctx, SCMP_ACT_ALLOW, SCMP_SYS(socket),
       SCMP_CMP(0, SCMP_CMP_EQ, PF_NETLINK),

Child Tickets

Change History (2)

comment:1 Changed 4 years ago by weasel

Status: newneeds_review

comment:2 Changed 4 years ago by nickm

Milestone: Tor: 0.2.7.x-final
Resolution: fixed
Status: needs_reviewclosed

Whoops. Accidentally fixed this as part of applying your #16212 fix, before I'd seen this ticket. :)

Note: See TracTickets for help on using tickets.