Skip to content

Commit 4d06362

Browse files
liqiang-fit2cloudliqiang-fit2cloud
committed
security: fix SSRF in sandbox via env -i sendto and sendmsg.
1 parent 2d17b08 commit 4d06362

1 file changed

Lines changed: 38 additions & 10 deletions

File tree

installer/sandbox.c

Lines changed: 38 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -219,15 +219,11 @@ static int match_banned_ip(const char *ip_str, const char *rules) {
219219
free(list);
220220
return blocked;
221221
}
222-
223-
// ------------------ 网络拦截 ------------------
224-
int connect(int sockfd, const struct sockaddr *addr, socklen_t addrlen) {
225-
RESOLVE_REAL(connect);
226-
ensure_config_loaded();
227-
if (is_sandbox_user() && addr->sa_family == AF_UNIX) {
222+
static int match_banned_addr(const struct sockaddr *addr) {
223+
if (addr->sa_family == AF_UNIX) {
228224
struct sockaddr_un *un = (struct sockaddr_un *)addr;
229225
throw_permission_denied_err(false, "access unix socket: %s", un->sun_path[0] ? un->sun_path : "(abstract)");
230-
return -1;
226+
return 1;
231227
}
232228
char ip[INET6_ADDRSTRLEN] = {0};
233229
if (addr->sa_family == AF_INET) {
@@ -244,12 +240,13 @@ int connect(int sockfd, const struct sockaddr *addr, socklen_t addrlen) {
244240
inet_ntop(AF_INET6, &sin6->sin6_addr, ip, sizeof(ip));
245241
}
246242
}
247-
if (is_sandbox_user() && match_banned_ip(ip, banned_hosts)) {
243+
if (match_banned_ip(ip, banned_hosts)) {
248244
throw_permission_denied_err(false, "access %s", ip);
249-
return -1;
245+
return 1;
250246
}
251-
return real_connect(sockfd, addr, addrlen);
247+
return 0;
252248
}
249+
// ------------------ 网络拦截 ------------------
253250
int getaddrinfo(const char *node, const char *service,
254251
const struct addrinfo *hints,
255252
struct addrinfo **res) {
@@ -267,6 +264,34 @@ int getaddrinfo(const char *node, const char *service,
267264
}
268265
return real_getaddrinfo(node, service, hints, res);
269266
}
267+
int connect(int sockfd, const struct sockaddr *addr, socklen_t addrlen) {
268+
RESOLVE_REAL(connect);
269+
ensure_config_loaded();
270+
if (is_sandbox_user() && match_banned_addr(addr)) {
271+
return -1;
272+
}
273+
return real_connect(sockfd, addr, addrlen);
274+
}
275+
ssize_t sendto(int sockfd, const void *buf, size_t len, int flags,
276+
const struct sockaddr *addr, socklen_t addrlen) {
277+
RESOLVE_REAL(sendto);
278+
ensure_config_loaded();
279+
if (is_sandbox_user() && match_banned_addr(addr)) {
280+
return -1;
281+
}
282+
return real_sendto(sockfd, buf, len, flags, addr, addrlen);
283+
}
284+
ssize_t sendmsg(int sockfd, const struct msghdr *msg, int flags) {
285+
RESOLVE_REAL(sendmsg);
286+
ensure_config_loaded();
287+
if (msg && msg->msg_name) {
288+
const struct sockaddr *addr = (const struct sockaddr *)msg->msg_name;
289+
if (is_sandbox_user() && match_banned_addr(addr)) {
290+
return -1;
291+
}
292+
}
293+
return real_sendmsg(sockfd, msg, flags);
294+
}
270295
/**
271296
* 限制创建子进程
272297
*/
@@ -332,6 +357,9 @@ int __execlp(const char *file, const char *arg, ...) {
332357
int execle(const char *path, const char *arg, ...) {
333358
return not_supported("execle");
334359
}
360+
int sendmmsg(int sockfd, struct mmsghdr *msgvec, unsigned int vlen, int flags) {
361+
return not_supported("sendmmsg");
362+
}
335363
pid_t fork(void) {
336364
RESOLVE_REAL(fork);
337365
if (!allow_create_subprocess()) return throw_permission_denied_err(true, "create subprocess");

0 commit comments

Comments
 (0)