int parse_ip(struct parser *p, uint64_t *ip, enum pt_ip_compression *ipc,
char *payload)
{
int errcode;
char *endptr;
if (bug_on(!ip))
return -err_internal;
if (bug_on(!ipc))
return -err_internal;
*ipc = pt_ipc_suppressed;
*ip = 0;
payload = strtok(payload, " :");
if (!payload || *payload == '\0')
return -err_parse_no_args;
*ipc = (enum pt_ip_compression) strtol(payload, &endptr, 0);
if (payload == endptr || *endptr != '\0')
return -err_parse_ipc;
/* is ipc valid? */
errcode = check_ipc(*ipc);
if (errcode < 0)
return errcode;
payload = strtok(NULL, " :");
if (!payload)
return -err_parse_ip_missing;
/* can be resolved to a label? */
if (*payload == '%') {
int errcode;
if (!p)
return -err_internal;
errcode = yasm_lookup_label(p->y, ip, payload + 1);
if (errcode < 0)
return errcode;
} else {
/* can be parsed as address? */
int errcode;
errcode = str_to_uint64(payload, ip);
if (errcode < 0)
return errcode;
}
/* no more tokens left. */
payload = strtok(NULL, " ");
if (payload)
return -err_parse_trailing_tokens;
return 0;
}
/*
* Check access.
*
* This method check a file or recursively scan directories and verify
* the file access modes are enforced.
*/
void
check_access (char *pathname, uid_t uid, gid_t gid)
{
int count = 0;
int i = 0;
int rc = 0;
char entry[MAXPATHLEN];
struct dirent **entries;
struct stat statbuf;
/* Start with clean buffers */
memset (&statbuf, '\0', sizeof (statbuf));
/* Test System V Message Queue - IPC */
if ((strcmp (pathname, "ipc_obj")) == 0)
{
printf ("Testing IPC objects\n");
if (check_ipc (uid, gid) == -1)
{
printf ("\nERROR: %s. Could not obtain ipc "
"status. errno = %d\n", pathname, errno);
goto EXIT;
}
goto EXIT;
}
/* Get file stat info. */
if ((rc = lstat (pathname, &statbuf)) == -1)
{
printf ("\nERROR: %s. Could not obtain file status. errno = %d\n",
pathname, errno);
goto EXIT;
}
/* If link, skip it. */
if (S_ISLNK (statbuf.st_mode))
{
printf ("Link: skipping %s\n", entry);
goto EXIT;
}
/* If not a directory, check it and leave. */
if (!(S_ISDIR (statbuf.st_mode)))
{
testall (&statbuf, pathname, uid, gid);
goto EXIT;
}
/*
*If directory, recurse through all subdirectories,
* checking all files.
*/
if ((count = scandir (pathname, &entries, file_select, alphasort)) == -1)
{
printf ("\nERROR: %s. Could not scandir. errno = %d\n",
pathname, errno);
goto EXIT;
}
for (i = 0; i < count; i++)
{
sprintf (entry, "%s/%s", pathname, entries[i]->d_name);
/*
* If link, skip it
* Else if directory, call check_access() recursively
*/
if (entries[i]->d_type == DT_LNK)
{
printf ("Link: skipping %s\n", entry);
continue;
}
else if (entries[i]->d_type == DT_DIR)
{
check_access (entry, uid, gid);
continue;
}
/* Clean the buffer */
memset (&statbuf, '\0', sizeof (statbuf));
/* Get file stat info. */
if ((rc = lstat (entry, &statbuf)) == -1)
{
printf ("\nERROR: %s. Could not obtain file status. errno = %d\n",
pathname, errno);
continue;
}
/* The directory entry doesn't always seem to have the
* right info. So we check again after the stat().
*
* If link, skip it
* Else if directory, call check_access() recursively
* Else check access
*/
if (S_ISLNK (statbuf.st_mode))
{
printf ("Link: (2) skipping %s\n", entry);
continue;
}
else if (S_ISDIR (statbuf.st_mode))
{
check_access (entry, uid, gid);
continue;
}
else
{
testall (&statbuf, entry, uid, gid);
continue;
}
}
EXIT:
return;
}
int cr_check(void)
{
struct ns_id ns = { .type = NS_CRIU, .ns_pid = PROC_SELF, .nd = &mnt_ns_desc };
int ret = 0;
if (!is_root_user())
return -1;
root_item = alloc_pstree_item();
if (root_item == NULL)
return -1;
root_item->pid.real = getpid();
if (collect_pstree_ids())
return -1;
ns.id = root_item->ids->mnt_ns_id;
mntinfo = collect_mntinfo(&ns, false);
if (mntinfo == NULL)
return -1;
if (chk_feature) {
ret = chk_feature();
goto out;
}
ret |= check_map_files();
ret |= check_sock_diag();
ret |= check_ns_last_pid();
ret |= check_sock_peek_off();
ret |= check_kcmp();
ret |= check_prctl();
ret |= check_fcntl();
ret |= check_proc_stat();
ret |= check_tcp();
ret |= check_fdinfo_ext();
ret |= check_unaligned_vmsplice();
ret |= check_tty();
ret |= check_so_gets();
ret |= check_ipc();
ret |= check_sigqueuinfo();
ret |= check_ptrace_peeksiginfo();
ret |= check_ptrace_suspend_seccomp();
ret |= check_ptrace_dump_seccomp_filters();
ret |= check_mem_dirty_track();
ret |= check_posix_timers();
ret |= check_tun_cr(0);
ret |= check_timerfd();
ret |= check_mnt_id();
ret |= check_aio_remap();
ret |= check_fdinfo_lock();
ret |= check_clone_parent_vs_pid();
out:
if (!ret)
print_on_level(DEFAULT_LOGLEVEL, "Looks good.\n");
return ret;
}