Browse Source

Do not store filter steps in dynamic memory

Linux Socket Filtering does not allow a filter to comprise more
than 256 steps, so we won't allow to wait for more than 251
processes (we need 5 steps for the base filter).
develop
Damien Goutte-Gattat 8 years ago
parent
commit
797252d80f
  1. 14
      src/wait4pid.c

14
src/wait4pid.c

@ -142,11 +142,16 @@ static int
set_filter(int sock, pid_t *pids, size_t len)
{
struct sock_fprog flt;
struct sock_filter filter[256]; /* Max steps in a filter program. */
int i, j = 0;
flt.len = 5 + len;
if ( (flt.filter = calloc(sizeof(struct sock_filter), flt.len)) == NULL )
if ( len > 251 ) {
errno = EINVAL;
return -1;
}
flt.len = 5 + len;
flt.filter = filter;
/* Block the packet if proc_event.what != PROC_EVENT_EXIT */
flt.filter[j].code = BPF_LD+BPF_W+BPF_ABS;
@ -178,10 +183,7 @@ set_filter(int sock, pid_t *pids, size_t len)
flt.filter[j].code = BPF_RET+BPF_K;
flt.filter[j++].k = (uint)-1;
i = setsockopt(sock, SOL_SOCKET, SO_ATTACH_FILTER, &flt, sizeof(flt));
free(flt.filter);
return i;
return setsockopt(sock, SOL_SOCKET, SO_ATTACH_FILTER, &flt, sizeof(flt));
}
#endif

Loading…
Cancel
Save