pfc: fix PFC export hang on prioritized syscall with no rules (GH issue #117)

github user @varqox reported that generating PFC will hang if the libseccomp filter contains a syscalle with a priority but no rule set. The root cause is the while() loop in gen_pfc.c that walks through the filter's syscalls. It wasn't properly advancing through the list when p_iter was invalid. Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com> [PM: fix a comment in the test] Signed-off-by: Paul Moore <paul@paul-moore.com>
author: Tom Hromatka <tom.hromatka@oracle.com> 2018-05-15 07:56:56 -0600
committer: Paul Moore <paul@paul-moore.com> 2018-09-19 16:29:13 -0400
commit: 6646e21ed2734dca355c5b550cb45f0379330e02 (patch)
tree: 5b2a613f01a53c67485b6e967e91835dbc853216 /tests/38-basic-pfc_coverage.c
parent: 0f589d156617af715850537e5413ea516ec3e534 (diff)
download: libseccomp-6646e21ed2734dca355c5b550cb45f0379330e02.tar.gz
1 files changed, 5 insertions, 0 deletions
diff --git a/tests/38-basic-pfc_coverage.c b/tests/38-basic-pfc_coverage.c
index a12d06c..c17e2ff 100644
--- a/tests/38-basic-pfc_coverage.c
+++ b/tests/38-basic-pfc_coverage.c
@@ -81,6 +81,11 @@ int main(int argc, char *argv[])
 	if (rc < 0)
 		goto out;
 
+	/* verify the prioritized, but no-rule, syscall */
+	rc = seccomp_syscall_priority(ctx, SCMP_SYS(poll), 255);
+	if (rc < 0)
+		goto out;
+
 	rc = seccomp_export_pfc(ctx, fd);
 	if (rc < 0)
 		goto out;
author	Tom Hromatka <tom.hromatka@oracle.com>	2018-05-15 07:56:56 -0600
committer	Paul Moore <paul@paul-moore.com>	2018-09-19 16:29:13 -0400
commit	6646e21ed2734dca355c5b550cb45f0379330e02 (patch)
tree	5b2a613f01a53c67485b6e967e91835dbc853216 /tests/38-basic-pfc_coverage.c
parent	0f589d156617af715850537e5413ea516ec3e534 (diff)
download	libseccomp-6646e21ed2734dca355c5b550cb45f0379330e02.tar.gz