commit 1b04343a0d1766d94af03a35bb53ca0181a728cb
Author: Nils Goroll <nils.goroll@uplex.de>
Date: Fri May 29 17:41:56 2020 +0200
jail enum assertions
diff --git a/bin/varnishd/mgt/mgt.h b/bin/varnishd/mgt/mgt.h
index a2b3a3d56..4973abb4d 100644
--- a/bin/varnishd/mgt/mgt.h
+++ b/bin/varnishd/mgt/mgt.h
@@ -110,6 +110,11 @@ enum jail_master_e {
JAIL_MASTER_KILL,
};
+#define ASSERT_JAIL_MASTER(x) do { \
+ assert(x >= JAIL_MASTER_LOW); \
+ assert(x <= JAIL_MASTER_KILL); \
+ } while (0)
+
enum jail_subproc_e {
JAIL_SUBPROC_VCC = JAIL_MASTER_KILL + 1,
JAIL_SUBPROC_CC,
@@ -117,6 +122,11 @@ enum jail_subproc_e {
JAIL_SUBPROC_WORKER,
};
+#define ASSERT_JAIL_SUBPROC(x) do { \
+ assert(x >= JAIL_SUBPROC_VCC); \
+ assert(x <= JAIL_SUBPROC_WORKER); \
+ } while (0)
+
#define JAIL_LIMIT (JAIL_SUBPROC_WORKER + 1)
enum jail_fixfd_e {
diff --git a/bin/varnishd/mgt/mgt_jail_unix.c b/bin/varnishd/mgt/mgt_jail_unix.c
index b34fc04e8..15aed013a 100644
--- a/bin/varnishd/mgt/mgt_jail_unix.c
+++ b/bin/varnishd/mgt/mgt_jail_unix.c
@@ -188,6 +188,7 @@ vju_init(char **args)
static void v_matchproto_(jail_master_f)
vju_master(enum jail_master_e jme)
{
+ ASSERT_JAIL_MASTER(jme);
if (jme == JAIL_MASTER_LOW) {
AZ(setegid(vju_gid));
AZ(seteuid(vju_uid));
@@ -203,6 +204,7 @@ vju_subproc(enum jail_subproc_e jse)
int i;
gid_t gid_list[NGID];
+ ASSERT_JAIL_SUBPROC(jse);
AZ(seteuid(0));
if (vju_wrkuser != NULL &&
(jse == JAIL_SUBPROC_VCLLOAD || jse == JAIL_SUBPROC_WORKER)) {
_______________________________________________
varnish-commit mailing list
varnish-commit@varnish-cache.org
https://www.varnish-cache.org/lists/mailman/listinfo/varnish-commit
Author: Nils Goroll <nils.goroll@uplex.de>
Date: Fri May 29 17:41:56 2020 +0200
jail enum assertions
diff --git a/bin/varnishd/mgt/mgt.h b/bin/varnishd/mgt/mgt.h
index a2b3a3d56..4973abb4d 100644
--- a/bin/varnishd/mgt/mgt.h
+++ b/bin/varnishd/mgt/mgt.h
@@ -110,6 +110,11 @@ enum jail_master_e {
JAIL_MASTER_KILL,
};
+#define ASSERT_JAIL_MASTER(x) do { \
+ assert(x >= JAIL_MASTER_LOW); \
+ assert(x <= JAIL_MASTER_KILL); \
+ } while (0)
+
enum jail_subproc_e {
JAIL_SUBPROC_VCC = JAIL_MASTER_KILL + 1,
JAIL_SUBPROC_CC,
@@ -117,6 +122,11 @@ enum jail_subproc_e {
JAIL_SUBPROC_WORKER,
};
+#define ASSERT_JAIL_SUBPROC(x) do { \
+ assert(x >= JAIL_SUBPROC_VCC); \
+ assert(x <= JAIL_SUBPROC_WORKER); \
+ } while (0)
+
#define JAIL_LIMIT (JAIL_SUBPROC_WORKER + 1)
enum jail_fixfd_e {
diff --git a/bin/varnishd/mgt/mgt_jail_unix.c b/bin/varnishd/mgt/mgt_jail_unix.c
index b34fc04e8..15aed013a 100644
--- a/bin/varnishd/mgt/mgt_jail_unix.c
+++ b/bin/varnishd/mgt/mgt_jail_unix.c
@@ -188,6 +188,7 @@ vju_init(char **args)
static void v_matchproto_(jail_master_f)
vju_master(enum jail_master_e jme)
{
+ ASSERT_JAIL_MASTER(jme);
if (jme == JAIL_MASTER_LOW) {
AZ(setegid(vju_gid));
AZ(seteuid(vju_uid));
@@ -203,6 +204,7 @@ vju_subproc(enum jail_subproc_e jse)
int i;
gid_t gid_list[NGID];
+ ASSERT_JAIL_SUBPROC(jse);
AZ(seteuid(0));
if (vju_wrkuser != NULL &&
(jse == JAIL_SUBPROC_VCLLOAD || jse == JAIL_SUBPROC_WORKER)) {
_______________________________________________
varnish-commit mailing list
varnish-commit@varnish-cache.org
https://www.varnish-cache.org/lists/mailman/listinfo/varnish-commit
