commit a350f216b30c5841b8eb0303c9c3fd32a2b2245b
parent 42c6ebda1626371cc6b0fff0cc0710b841936bef
Author: Daniel Pinto <danielpinto52@gmail.com>
Date: Tue, 17 Apr 2018 01:31:49 +0100
Fix crash when calling openat with sandbox enabled #25440
The seccomp rule for the openat syscall checks for the AT_FDCWD
constant. Because this constant is usually a negative value, a
cast to unsigned int is necessary to make sure it does not get
converted to uint64_t used by seccomp.
More info on:
https://github.com/seccomp/libseccomp/issues/69#issuecomment-273805980
Diffstat:
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/common/sandbox.c b/src/common/sandbox.c
@@ -469,7 +469,7 @@ allow_file_open(scmp_filter_ctx ctx, int use_openat, const char *file)
{
if (use_openat) {
return seccomp_rule_add_2(ctx, SCMP_ACT_ALLOW, SCMP_SYS(openat),
- SCMP_CMP_STR(0, SCMP_CMP_EQ, AT_FDCWD),
+ SCMP_CMP(0, SCMP_CMP_EQ, (unsigned int)AT_FDCWD),
SCMP_CMP_STR(1, SCMP_CMP_EQ, file));
} else {
return seccomp_rule_add_1(ctx, SCMP_ACT_ALLOW, SCMP_SYS(open),
