[gentoo-commits] proj/sandbox:master commit in: libsandbox/

[Mike Gilbert]

commit:     dd10c529786ce74943e80876563945b994f08526
Author:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Sat Mar  8 20:02:25 2025 +0000
Commit:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Sat Mar  8 20:02:25 2025 +0000
URL:        https://gitweb.gentoo.org/proj/sandbox.git/commit/?id=dd10c529

libsandbox: add helpers to mmap exactly PATH_MAX

PATH_MAX is usually exactly one page in size. If we use malloc, we must
mmap 2 pages so we can store the size in the allocated region.

Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>

 libsandbox/libsandbox.c | 16 ++++++++--------
 libsandbox/libsandbox.h |  2 ++
 libsandbox/memory.c     | 11 +++++++++++
 3 files changed, 21 insertions(+), 8 deletions(-)

diff --git a/libsandbox/libsandbox.c b/libsandbox/libsandbox.c
index 18b168c..9233c6c 100644
--- a/libsandbox/libsandbox.c
+++ b/libsandbox/libsandbox.c
@@ -566,13 +566,13 @@ static int get_pid_fd(pid_t pid, int dirfd)
        return r;
 }
 
-static void cleanup_free(void *vp)
+static void cleanup_path(char **p)
 {
-       void **vpp = vp;
-       free(*vpp);
+       if (*p)
+               sb_unmap_path(*p);
 }
 
-#define _cleanup_free_ __attribute__((cleanup(cleanup_free)))
+#define _cleanup_path_ __attribute__((cleanup(cleanup_path)))
 
 /* Return values:
  *  0: failure, caller should abort
@@ -586,8 +586,8 @@ static int check_syscall(sbcontext_t *sbcontext, int sb_nr, 
const char *func,
        int result;
        bool access, debug, verbose, set;
        char *absolute_path, *resolved_path;
-       _cleanup_free_ char *abuf = NULL;
-       _cleanup_free_ char *rbuf = NULL;
+       _cleanup_path_ char *abuf = NULL;
+       _cleanup_path_ char *rbuf = NULL;
 
        int trace_dirfd = -1;
        if (trace_pid && (file == NULL || file[0] != '/')) {
@@ -606,7 +606,7 @@ static int check_syscall(sbcontext_t *sbcontext, int sb_nr, 
const char *func,
        if (is_symlink_func(sb_nr))
                flags |= AT_SYMLINK_NOFOLLOW;
 
-       absolute_path = abuf = malloc(PATH_MAX);
+       absolute_path = abuf = sb_map_path();
        if (!absolute_path)
                absolute_path = alloca(PATH_MAX);
 
@@ -615,7 +615,7 @@ static int check_syscall(sbcontext_t *sbcontext, int sb_nr, 
const char *func,
 
        sb_debug_dyn("absolute_path: %s\n", absolute_path);
 
-       resolved_path = rbuf = malloc(PATH_MAX);
+       resolved_path = rbuf = sb_map_path();
        if (!resolved_path)
                resolved_path = alloca(PATH_MAX);
 

diff --git a/libsandbox/libsandbox.h b/libsandbox/libsandbox.h
index 8902b41..591d85f 100644
--- a/libsandbox/libsandbox.h
+++ b/libsandbox/libsandbox.h
@@ -97,6 +97,8 @@ bool sb_realpathat(int dirfd, const char *restrict path, char 
*buf, size_t bufsi
 /* most linux systems use ENAMETOOLONG, but some (ia64) use ERANGE, as do some 
BSDs */
 #define errno_is_too_long() (errno == ENAMETOOLONG || errno == ERANGE)
 
+char *sb_map_path(void);
+int sb_unmap_path(char *path);
 size_t malloc_size(void *ptr);
 
 #include "sbutil.h"

diff --git a/libsandbox/memory.c b/libsandbox/memory.c
index c861fbc..bb2a7e5 100644
--- a/libsandbox/memory.c
+++ b/libsandbox/memory.c
@@ -49,6 +49,17 @@ static void *sb_mremap(void *old_address, size_t old_size, 
size_t new_size, int
 }
 #define mremap sb_mremap
 
+char *sb_map_path(void)
+{
+       void *p = mmap(NULL, PATH_MAX, PROT_READ|PROT_WRITE, 
MAP_PRIVATE|MAP_ANONYMOUS, -1, 0);
+       return p == MAP_FAILED ? NULL : p;
+}
+
+int sb_unmap_path(char *path)
+{
+       return munmap(path, PATH_MAX);
+}
+
 /* Ensure malloc returns aligned memory #565630 */
 #define ALIGN_FACTOR 2
 #define ALIGN_SIZE (ALIGN_FACTOR * sizeof(size_t))