Skip to content

Commit

Permalink
cptbox: format code according to clang-format rule
Browse files Browse the repository at this point in the history
  • Loading branch information
@quantum5
quantum5 committed Sep 22, 2021
1 parent 6c02376 commit bb1a827
Show file tree
Hide file tree
Showing 11 changed files with 251 additions and 247 deletions.
2 changes: 1 addition & 1 deletion dmoj/cptbox/ext_freebsd.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ inline long ptrace_traceme() {

// Debian GNU/kFreeBSD neglected to define this in their libc.
#if defined(__FreeBSD_kernel__) && !defined(PT_FOLLOW_FORK)
# define PT_FOLLOW_FORK 23
#define PT_FOLLOW_FORK 23
#endif

// Constant for wait4
Expand Down
80 changes: 43 additions & 37 deletions dmoj/cptbox/helper.cpp
View file
Original file line number Diff line number Diff line change
@@ -1,34 +1,34 @@
#include "ptbox.h"
#include "helper.h"
#include "ptbox.h"

#include <dirent.h>
#include <errno.h>
#include <fcntl.h>
#include <signal.h>
#include <stdio.h>
#include <string.h>
#include <unistd.h>
#include <stdlib.h>
#include <string.h>
#include <sys/mman.h>
#include <sys/resource.h>
#include <sys/types.h>
#include <sys/mman.h>
#include <unistd.h>

#ifdef __FreeBSD__
# include <sys/param.h>
# include <sys/queue.h>
# include <sys/socket.h>
# include <sys/sysctl.h>
# include <libprocstat.h>
#include <libprocstat.h>
#include <sys/param.h>
#include <sys/queue.h>
#include <sys/socket.h>
#include <sys/sysctl.h>
#else
// No ASLR on FreeBSD... not as of 11.0, anyway
# include <sys/personality.h>
# include <sys/prctl.h>
#include <sys/personality.h>
#include <sys/prctl.h>
#endif

#if defined(__FreeBSD__) || (defined(__APPLE__) && defined(__MACH__))
# define FD_DIR "/dev/fd"
#define FD_DIR "/dev/fd"
#else
# define FD_DIR "/proc/self/fd"
#define FD_DIR "/proc/self/fd"
#endif

inline void setrlimit2(int resource, rlim_t cur, rlim_t max) {
Expand Down Expand Up @@ -60,9 +60,12 @@ int cptbox_child_run(const struct child_config *config) {
#endif
#endif

if (config->stdin_ >= 0) dup2(config->stdin_, 0);
if (config->stdout_ >= 0) dup2(config->stdout_, 1);
if (config->stderr_ >= 0) dup2(config->stderr_, 2);
if (config->stdin_ >= 0)
dup2(config->stdin_, 0);
if (config->stdout_ >= 0)
dup2(config->stdout_, 1);
if (config->stderr_ >= 0)
dup2(config->stderr_, 2);
cptbox_closefrom(3);

if (ptrace_traceme()) {
Expand Down Expand Up @@ -99,8 +102,7 @@ int cptbox_child_run(const struct child_config *config) {
}
} else if (handler > 0) {
if ((rc = seccomp_rule_add(ctx, SCMP_ACT_ERRNO(handler), syscall, 0))) {
fprintf(stderr, "seccomp_rule_add(..., SCMP_ACT_ERRNO(%d), %d): %s\n",
handler, syscall, strerror(-rc));
fprintf(stderr, "seccomp_rule_add(..., SCMP_ACT_ERRNO(%d), %d): %s\n", handler, syscall, strerror(-rc));
// This failure is not fatal, it'll just cause the syscall to trap anyway.
}
}
Expand Down Expand Up @@ -154,17 +156,19 @@ static int pos_int_from_ascii(char *name) {
++name;
}
if (*name)
return -1; /* Non digit found, not a number. */
return -1; /* Non digit found, not a number. */
return num;
}

static inline void cptbox_close_fd(int fd) {
while (close(fd) < 0 && errno == EINTR);
while (close(fd) < 0 && errno == EINTR)
;
}

static void cptbox_closefrom_brute(int lowfd) {
int max_fd = sysconf(_SC_OPEN_MAX);
if (max_fd < 0) max_fd = 16384;
if (max_fd < 0)
max_fd = 16384;
for (; lowfd <= max_fd; ++lowfd)
cptbox_close_fd(lowfd);
}
Expand All @@ -178,13 +182,16 @@ static inline void cptbox_closefrom_dirent(int lowfd) {
errno = 0;
while ((dir = readdir(d))) {
int fd = pos_int_from_ascii(dir->d_name);
if (fd < lowfd || fd == fd_dirent) continue;
if (fd < lowfd || fd == fd_dirent)
continue;
cptbox_close_fd(fd);
errno = 0;
}
if (errno) cptbox_closefrom_brute(lowfd);
if (errno)
cptbox_closefrom_brute(lowfd);
closedir(d);
} else cptbox_closefrom_brute(lowfd);
} else
cptbox_closefrom_brute(lowfd);
}

// Borrowing some SYS_getdents64 magic from python's _posixsubprocess.
Expand All @@ -193,9 +200,9 @@ static inline void cptbox_closefrom_dirent(int lowfd) {
// possibly be exec'd before we close the fd. If it is, we have
// bigger problems than leaking the directory fd.
#ifdef __linux__
#include <sys/syscall.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <sys/stat.h>
#include <sys/syscall.h>

struct linux_dirent64 {
unsigned long long d_ino;
Expand All @@ -212,16 +219,14 @@ static inline void cptbox_closefrom_getdents(int lowfd) {
} else {
char buffer[sizeof(struct linux_dirent64)];
int bytes;
while ((bytes = syscall(SYS_getdents64, fd_dir,
(struct linux_dirent64 *)buffer,
sizeof(buffer))) > 0) {
while ((bytes = syscall(SYS_getdents64, fd_dir, (struct linux_dirent64 *) buffer, sizeof(buffer))) > 0) {
struct linux_dirent64 *entry;
int offset;
for (offset = 0; offset < bytes; offset += entry->d_reclen) {
int fd;
entry = (struct linux_dirent64 *)(buffer + offset);
entry = (struct linux_dirent64 *) (buffer + offset);
if ((fd = pos_int_from_ascii(entry->d_name)) < 0)
continue; /* Not a number. */
continue; /* Not a number. */
if (fd != fd_dir && fd >= lowfd)
cptbox_close_fd(fd);
}
Expand Down Expand Up @@ -258,20 +263,21 @@ char *bsd_get_proc_fd(pid_t pid, int fdflags, int fdno) {
if (kp) {
head = procstat_getfiles(procstat, kp, 0);
if (head) {
err = EPERM; // Most likely you have no access
err = EPERM; // Most likely you have no access
STAILQ_FOREACH(fst, head, next) {
if ((fdflags && fst->fs_uflags & fdflags) ||
(!fdflags && fst->fs_fd == fdno)) {
buf = (char*) malloc(strlen(fst->fs_path) + 1);
if ((fdflags && fst->fs_uflags & fdflags) || (!fdflags && fst->fs_fd == fdno)) {
buf = (char *) malloc(strlen(fst->fs_path) + 1);
if (buf)
strcpy(buf, fst->fs_path);
err = buf ? 0 : ENOMEM;
break;
}
}
} else err = errno;
} else
err = errno;
procstat_freeprocs(procstat, kp);
} else err = errno;
} else
err = errno;
procstat_close(procstat);
errno = err;
}
Expand Down
10 changes: 6 additions & 4 deletions dmoj/cptbox/helper.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,10 +2,12 @@
#ifndef idABBEC9C1_3EF3_4A45_B187B10060CB9F85
#define idABBEC9C1_3EF3_4A45_B187B10060CB9F85

#define PTBOX_SPAWN_FAIL_NO_NEW_PRIVS 202
#define PTBOX_SPAWN_FAIL_SECCOMP 203
#define PTBOX_SPAWN_FAIL_TRACEME 204
#define PTBOX_SPAWN_FAIL_EXECVE 205
#include <sys/types.h>

#define PTBOX_SPAWN_FAIL_NO_NEW_PRIVS 202
#define PTBOX_SPAWN_FAIL_SECCOMP 203
#define PTBOX_SPAWN_FAIL_TRACEME 204
#define PTBOX_SPAWN_FAIL_EXECVE 205

struct child_config {
unsigned long memory;
Expand Down
83 changes: 42 additions & 41 deletions dmoj/cptbox/ptbox.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,46 +2,46 @@
#ifndef idA6398CB6_D711_4634_9D89FF6B1D215169
#define idA6398CB6_D711_4634_9D89FF6B1D215169

#include <stddef.h>
#include <inttypes.h>
#include <sys/resource.h>
#include <sys/types.h>
#include <sys/time.h>
#include <stddef.h>
#include <sys/param.h>
#include <sys/ptrace.h>
#include <sys/resource.h>
#include <sys/time.h>
#include <sys/types.h>

#include <map>

#if defined(__FreeBSD__) || defined(__FreeBSD_kernel__)
# define PTBOX_FREEBSD 1
#define PTBOX_FREEBSD 1
#else
# define PTBOX_FREEBSD 0
#define PTBOX_FREEBSD 0
#endif

#if PTBOX_FREEBSD
#include "ext_freebsd.h"
#else
#include <seccomp.h>
#include "ext_linux.h"
#include <seccomp.h>
#endif

#define MAX_SYSCALL 568
#define PTBOX_HANDLER_DENY 0
#define PTBOX_HANDLER_ALLOW 1
#define PTBOX_HANDLER_CALLBACK 2
#define MAX_SYSCALL 568
#define PTBOX_HANDLER_DENY 0
#define PTBOX_HANDLER_ALLOW 1
#define PTBOX_HANDLER_CALLBACK 2
#define PTBOX_HANDLER_STDOUTERR 3

#define PTBOX_EVENT_ATTACH 0
#define PTBOX_EVENT_EXITING 1
#define PTBOX_EVENT_EXITED 2
#define PTBOX_EVENT_SIGNAL 3
#define PTBOX_EVENT_PROTECTION 4
#define PTBOX_EVENT_ATTACH 0
#define PTBOX_EVENT_EXITING 1
#define PTBOX_EVENT_EXITED 2
#define PTBOX_EVENT_SIGNAL 3
#define PTBOX_EVENT_PROTECTION 4
#define PTBOX_EVENT_PTRACE_ERROR 5
#define PTBOX_EVENT_UPDATE_FAIL 6
#define PTBOX_EVENT_UPDATE_FAIL 6

#define PTBOX_EXIT_NORMAL 0
#define PTBOX_EXIT_NORMAL 0
#define PTBOX_EXIT_PROTECTION 1
#define PTBOX_EXIT_SEGFAULT 2
#define PTBOX_EXIT_SEGFAULT 2

enum {
PTBOX_ABI_X86 = 0,
Expand All @@ -55,38 +55,36 @@ enum {
};

#if PTBOX_FREEBSD && defined(__amd64__)
# include "ptdebug_freebsd_x64.h"
#include "ptdebug_freebsd_x64.h"
#elif !PTBOX_FREEBSD && defined(__amd64__)
# include "ptdebug_x64.h"
#include "ptdebug_x64.h"
#elif !PTBOX_FREEBSD && defined(__i386__)
# include "ptdebug_x86.h"
#include "ptdebug_x86.h"
#elif !PTBOX_FREEBSD && defined(__arm__)
# include "ptdebug_arm.h"
#include "ptdebug_arm.h"
#elif !PTBOX_FREEBSD && (defined(__arm64__) || defined(__aarch64__))
# include "ptdebug_arm64.h"
#include "ptdebug_arm64.h"
#endif

inline void timespec_add(struct timespec *a, struct timespec *b, struct timespec *result) {
result->tv_sec = a->tv_sec + b->tv_sec ;
result->tv_nsec = a->tv_nsec + b->tv_nsec ;
result->tv_sec = a->tv_sec + b->tv_sec;
result->tv_nsec = a->tv_nsec + b->tv_nsec;
if (result->tv_nsec >= 1000000000L) {
result->tv_sec++;
result->tv_nsec = result->tv_nsec - 1000000000L ;
result->tv_nsec = result->tv_nsec - 1000000000L;
}
}

inline void timespec_sub(struct timespec *a, struct timespec *b, struct timespec *result) {
if ((a->tv_sec < b->tv_sec) ||
((a->tv_sec == b->tv_sec) &&
(a->tv_nsec <= b->tv_nsec))) { /* a <= b? */
result->tv_sec = result->tv_nsec = 0 ;
if ((a->tv_sec < b->tv_sec) || ((a->tv_sec == b->tv_sec) && (a->tv_nsec <= b->tv_nsec))) { /* a <= b? */
result->tv_sec = result->tv_nsec = 0;
} else { /* a > b */
result->tv_sec = a->tv_sec - b->tv_sec;
if (a->tv_nsec < b->tv_nsec) {
result->tv_nsec = a->tv_nsec + 1000000000L - b->tv_nsec ;
result->tv_nsec = a->tv_nsec + 1000000000L - b->tv_nsec;
result->tv_sec--; /* Borrow a second-> */
} else {
result->tv_nsec = a->tv_nsec - b->tv_nsec ;
result->tv_nsec = a->tv_nsec - b->tv_nsec;
}
}
}
Expand All @@ -99,7 +97,7 @@ typedef int (*pt_fork_handler)(void *context);
typedef int (*pt_event_callback)(void *context, int event, unsigned long param);

class pt_process {
public:
public:
pt_process(pt_debugger *debugger);
void set_callback(pt_handler_callback, void *context);
void set_event_proc(pt_event_callback, void *context);
Expand All @@ -113,10 +111,12 @@ class pt_process {
double wall_clock_time();
const rusage *getrusage() { return &_rusage; }
bool was_initialized() { return _initialized; }
protected:

protected:
int dispatch(int event, unsigned long param);
int protection_fault(int syscall, int type = PTBOX_EVENT_PROTECTION);
private:

private:
pid_t pid;
int handler[PTBOX_ABI_COUNT][MAX_SYSCALL];
pt_handler_callback callback;
Expand All @@ -131,14 +131,14 @@ class pt_process {
};

class pt_debugger {
public:
public:
pt_debugger();

int syscall();
int syscall(int);
long result();
void result(long);
long error(); // would name this errno, but it conflicts with the errno macro
long error(); // would name this errno, but it conflicts with the errno macro
void error(long);
long arg0();
long arg1();
Expand All @@ -162,7 +162,7 @@ class pt_debugger {
bool readbytes(unsigned long addr, char *buffer, size_t size);

pid_t gettid() { return tid; }
pid_t tid; // TODO maybe call super instead
pid_t tid; // TODO maybe call super instead
pid_t getpid() { return process->getpid(); }

#if PTBOX_FREEBSD
Expand All @@ -187,9 +187,10 @@ class pt_debugger {
void on_return(pt_syscall_return_callback callback, void *context) {
on_return_[tid] = std::make_pair(callback, context);
}
private:

private:
pt_process *process;
std::map<pid_t, std::pair<pt_syscall_return_callback, void*>> on_return_;
std::map<pid_t, std::pair<pt_syscall_return_callback, void *>> on_return_;
int execve_id;
int abi_;
int abi_from_reg_size(size_t);
Expand Down
Loading

0 comments on commit bb1a827

Please sign in to comment.