diff options
author | Tom Hromatka <tom.hromatka@oracle.com> | 2018-05-15 07:56:56 -0600 |
---|---|---|
committer | Paul Moore <paul@paul-moore.com> | 2018-09-19 16:29:13 -0400 |
commit | 6646e21ed2734dca355c5b550cb45f0379330e02 (patch) | |
tree | 5b2a613f01a53c67485b6e967e91835dbc853216 /tests/38-basic-pfc_coverage.c | |
parent | 0f589d156617af715850537e5413ea516ec3e534 (diff) | |
download | libseccomp-6646e21ed2734dca355c5b550cb45f0379330e02.tar.gz |
pfc: fix PFC export hang on prioritized syscall with no rules (GH issue #117)
github user @varqox reported that generating PFC will hang if the
libseccomp filter contains a syscalle with a priority but no rule
set. The root cause is the while() loop in gen_pfc.c that walks
through the filter's syscalls. It wasn't properly advancing
through the list when p_iter was invalid.
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
[PM: fix a comment in the test]
Signed-off-by: Paul Moore <paul@paul-moore.com>
Diffstat (limited to 'tests/38-basic-pfc_coverage.c')
-rw-r--r-- | tests/38-basic-pfc_coverage.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/tests/38-basic-pfc_coverage.c b/tests/38-basic-pfc_coverage.c index a12d06c..c17e2ff 100644 --- a/tests/38-basic-pfc_coverage.c +++ b/tests/38-basic-pfc_coverage.c @@ -81,6 +81,11 @@ int main(int argc, char *argv[]) if (rc < 0) goto out; + /* verify the prioritized, but no-rule, syscall */ + rc = seccomp_syscall_priority(ctx, SCMP_SYS(poll), 255); + if (rc < 0) + goto out; + rc = seccomp_export_pfc(ctx, fd); if (rc < 0) goto out; |