From 7013ecd3a99a19392b8fde28dc4db859bdd1940a Mon Sep 17 00:00:00 2001
From: Michael Vogt <mvo@ubuntu.com>
Date: Thu, 31 Aug 2023 12:52:35 +0200
Subject: [PATCH] improve code

---
 main.c                  |  4 ++--
 seccomp.c               |  9 ++++++++-
 seccomp.h               |  5 +++++
 unit-tests/unit-tests.c | 22 ++++++++++++++++++++++
 4 files changed, 37 insertions(+), 3 deletions(-)

diff --git a/main.c b/main.c
index 98999c3..43e9fb4 100644
--- a/main.c
+++ b/main.c
@@ -13,7 +13,7 @@ int main(int argc, char **argv) {
 	const char *profile_path = argv[1];
 	FILE *file  = sc_must_read_and_validate_header_from_file(profile_path, &hdr);
 	sc_must_read_filter_from_file(file, hdr.len_filter, &prog_allow);
-
-
 	sc_apply_seccomp_filter(&prog_allow);
+        fclose(file);
+        fprintf(stderr, "filter loaded okay");
 }
diff --git a/seccomp.c b/seccomp.c
index 27c5971..e495423 100644
--- a/seccomp.c
+++ b/seccomp.c
@@ -41,13 +41,20 @@ FILE* sc_must_read_and_validate_header_from_file(const char *profile_path, struc
 	if (num_read < sizeof(struct sc_seccomp_file_header)) {
 		die("short read on seccomp header: %zu", num_read);
 	}
+	// check everything
+	if (hdr->header[0] != 'S' || hdr->header[1] != 'C') {
+		die("unexpected seccomp header: %x%x", hdr->header[0], hdr->header[1]);
+	}
+	if (hdr->len_filter > MAX_BPF_SIZE) {
+		die("allow filter size too big %u", hdr->len_filter);
+	}
 	return file;
 }
 
 void sc_must_read_filter_from_file(FILE *file, uint32_t len_bytes, struct sock_fprog *prog)
 {
 	prog->len = len_bytes / sizeof(struct sock_filter);
-	prog->filter = (struct sock_filter *)malloc(MAX_BPF_SIZE);
+	prog->filter = (struct sock_filter *)malloc(len_bytes);
 	if (prog->filter == NULL) {
 		die("cannot allocate %u bytes of memory for seccomp filter ", len_bytes);
 	}
diff --git a/seccomp.h b/seccomp.h
index d60ce6b..25a681c 100644
--- a/seccomp.h
+++ b/seccomp.h
@@ -7,9 +7,13 @@
 
 #include <linux/filter.h>
 
+
 struct sc_seccomp_file_header {
+	// must be 'S', 'C'
 	char header[2];
+	// must be 0x1
 	uint8_t version;
+	// only 0x0 or 0x1 support right now
 	uint8_t unrestricted;
 
 	uint32_t len_filter;
@@ -23,3 +27,4 @@ void sc_apply_seccomp_filter(struct sock_fprog *prog);
 void die(const char *fmt, ...);
 
 #endif
+
diff --git a/unit-tests/unit-tests.c b/unit-tests/unit-tests.c
index 571ca01..26cd7ab 100644
--- a/unit-tests/unit-tests.c
+++ b/unit-tests/unit-tests.c
@@ -27,10 +27,32 @@ static void test_must_read_and_validate_header_from_file__happy(void)
 	g_assert_true(file != NULL);
 }
 
+static void test_must_read_and_validate_header_from_file__missing_header(void)
+{
+	struct sc_seccomp_file_header hdr = {};
+
+	if (g_test_subprocess()) {
+		char *profile = NULL;
+		int fd = 0;
+		make_seccomp_profile(&hdr, &fd, &profile);
+		FILE *file = sc_must_read_and_validate_header_from_file(profile, &hdr);
+		g_assert_not_reached();
+		// check null
+		g_assert_null(file);
+	}
+
+	g_test_trap_subprocess(NULL, 0, 0);
+	g_test_trap_assert_failed();
+	g_test_trap_assert_stderr("unexpected seccomp header: 00\n");
+}
+
 static void __attribute__((constructor)) init(void)
 {
 	g_test_add_func("/seccomp/must_read_and_validate_header_from_file/happy",
 	     test_must_read_and_validate_header_from_file__happy);
+	g_test_add_func("/seccomp/must_read_and_validate_header_from_file/missing_header",
+	     test_must_read_and_validate_header_from_file__missing_header);
+
 }
 
 int main(int argc, char **argv)