diff options
| -rw-r--r-- | sys/openbsd/dev_pf.txt | 3 | ||||
| -rw-r--r-- | sys/openbsd/dev_pf_amd64.const | 1 | ||||
| -rw-r--r-- | sys/openbsd/init.go | 10 | ||||
| -rw-r--r-- | sys/openbsd/init_test.go | 6 |
4 files changed, 15 insertions, 5 deletions
diff --git a/sys/openbsd/dev_pf.txt b/sys/openbsd/dev_pf.txt index 4dfd44aec..93ce99b06 100644 --- a/sys/openbsd/dev_pf.txt +++ b/sys/openbsd/dev_pf.txt @@ -9,7 +9,8 @@ include <net/if.h> include <net/pfvar.h> -# This ioctl is restricted in SanitizeCall(), see init.go. +# The following ioctl commands are restricted in neutralize(), see init.go. +_ = DIOCCLRSTATES _ = DIOCKILLSTATES resource fd_pf[fd] diff --git a/sys/openbsd/dev_pf_amd64.const b/sys/openbsd/dev_pf_amd64.const index f5a32c62a..1a68d3d6e 100644 --- a/sys/openbsd/dev_pf_amd64.const +++ b/sys/openbsd/dev_pf_amd64.const @@ -1,4 +1,5 @@ # AUTOGENERATED FILE AT_FDCWD = 18446744073709551516 +DIOCCLRSTATES = 3235922962 DIOCKILLSTATES = 3235922985 SYS_openat = 321 diff --git a/sys/openbsd/init.go b/sys/openbsd/init.go index 6948139aa..f24f06273 100644 --- a/sys/openbsd/init.go +++ b/sys/openbsd/init.go @@ -15,6 +15,7 @@ func InitTarget(target *prog.Target) { arch := &arch{ unix: targets.MakeUnixNeutralizer(target), DIOCKILLSTATES: target.GetConst("DIOCKILLSTATES"), + DIOCCLRSTATES: target.GetConst("DIOCCLRSTATES"), S_IFMT: target.GetConst("S_IFMT"), S_IFCHR: target.GetConst("S_IFCHR"), } @@ -26,6 +27,7 @@ func InitTarget(target *prog.Target) { type arch struct { unix *targets.UnixNeutralizer + DIOCCLRSTATES uint64 DIOCKILLSTATES uint64 S_IFMT uint64 S_IFCHR uint64 @@ -94,11 +96,11 @@ func (arch *arch) neutralize(c *prog.Call) { flags.Val &= ^f } case "ioctl": - // Performing the following ioctl on a /dev/pf file descriptor - // causes the ssh VM connection to die. For now, just rewire it - // to an invalid command. + // Performing the following ioctl commands on a /dev/pf file + // descriptor causes the ssh VM connection to die. For now, just + // rewire them to an invalid command. request := c.Args[1].(*prog.ConstArg) - if request.Val == arch.DIOCKILLSTATES { + if request.Val == arch.DIOCCLRSTATES || request.Val == arch.DIOCKILLSTATES { request.Val = 0 } case "mknodat": diff --git a/sys/openbsd/init_test.go b/sys/openbsd/init_test.go index 8ca641f16..c4ec0c0bb 100644 --- a/sys/openbsd/init_test.go +++ b/sys/openbsd/init_test.go @@ -20,11 +20,17 @@ func TestNeutralize(t *testing.T) { In: `fchflags(0x0, 0x60004)`, Out: `fchflags(0x0, 0x0)`, }, + // Note, a random ioctl description used since only the command + // is of importance. { In: `ioctl$BIOCSDIRFILT(0x0, 0xc0e04429, 0x0)`, Out: `ioctl$BIOCSDIRFILT(0x0, 0x0, 0x0)`, }, { + In: `ioctl$BIOCSDIRFILT(0x0, 0xc0e04412, 0x0)`, + Out: `ioctl$BIOCSDIRFILT(0x0, 0x0, 0x0)`, + }, + { // major=22, minor=232 In: `mknodat(0x0, 0x0, 0x0, 0x16e8)`, Out: `mknodat(0x0, 0x0, 0x0, 0x202)`, |