diff options
| author | bptato <nincsnevem662@gmail.com> | 2024-04-19 18:19:09 +0200 |
|---|---|---|
| committer | bptato <nincsnevem662@gmail.com> | 2024-04-19 18:25:39 +0200 |
| commit | d4d34ea8b5257d6f0ddd40807a9b6b684df24811 (patch) | |
| tree | 3d8f8d2fa482f962115927e35673465f18aa14c5 /adapter/protocol | |
| parent | cce00d49b0c2962a2e39c31f6b09863c1231c7d6 (diff) | |
| download | chawan-d4d34ea8b5257d6f0ddd40807a9b6b684df24811.tar.gz | |
http: fix sandbox violation in readFromStdin
glibc apparently calls fstat from fread, and we didn't allow it in seccomp. So: * allow fstat in the sandbox; no reason not to, and it seems too big of a footgun to assume we never call fread * use read(2) in http; no need for buffered i/o here
Diffstat (limited to 'adapter/protocol')
| -rw-r--r-- | adapter/protocol/http.nim | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/adapter/protocol/http.nim b/adapter/protocol/http.nim index ec56b6f4..e2e53f22 100644 --- a/adapter/protocol/http.nim +++ b/adapter/protocol/http.nim @@ -64,14 +64,14 @@ proc curlWriteHeader(p: cstring, size, nitems: csize_t, userdata: pointer): return nitems # From the documentation: size is always 1. -proc curlWriteBody(p: cstring, size, nmemb: csize_t, userdata: pointer): +proc curlWriteBody(p: cstring; size, nmemb: csize_t; userdata: pointer): csize_t {.cdecl.} = return csize_t(write(stdout.getFileHandle(), p, int(nmemb))) # From the documentation: size is always 1. -proc readFromStdin(buffer: cstring, size, nitems: csize_t, userdata: pointer): +proc readFromStdin(p: pointer; size, nitems: csize_t; userdata: pointer): csize_t {.cdecl.} = - return csize_t(stdin.readBuffer(buffer, nitems)) + return csize_t(read(0, p, int(nitems))) proc curlPreRequest(clientp: pointer, conn_primary_ip, conn_local_ip: cstring, conn_primary_port, conn_local_port: cint): cint {.cdecl.} = |