#include "arch.h"
#include "db.h"
#include "system.h"
+#include "helper.h"
/* state values */
#define _DB_STA_VALID 0xA1B2C3D4
{
struct db_filter *db;
- db = malloc(sizeof(*db));
+ db = zmalloc(sizeof(*db));
if (db == NULL)
return NULL;
- /* clear the buffer for the first time and set the arch */
- memset(db, 0, sizeof(*db));
+ /* set the arch and reset the DB to a known state */
db->arch = arch;
-
- /* reset the DB to a known state */
_db_reset(db);
return db;
}
/* no existing syscall entry - create a phantom entry */
- s_new = malloc(sizeof(*s_new));
+ s_new = zmalloc(sizeof(*s_new));
if (s_new == NULL)
return -ENOMEM;
- memset(s_new, 0, sizeof(*s_new));
s_new->num = syscall;
s_new->priority = sys_pri;
s_new->valid = false;
{
struct db_filter_col *col;
- col = malloc(sizeof(*col));
+ col = zmalloc(sizeof(*col));
if (col == NULL)
return NULL;
- /* clear the buffer for the first time */
- memset(col, 0, sizeof(*col));
-
/* reset the DB to a known state */
if (db_col_reset(col, def_action) < 0)
goto init_failure;
struct db_arg_chain_tree *c_prev_hi = NULL, *c_prev_lo = NULL;
bool tf_flag;
- s_new = malloc(sizeof(*s_new));
+ s_new = zmalloc(sizeof(*s_new));
if (s_new == NULL)
return NULL;
- memset(s_new, 0, sizeof(*s_new));
s_new->num = syscall;
s_new->valid = true;
/* run through the argument chain */
!_db_arg_cmp_need_lo(&chain[iter]))
continue;
- c_iter_hi = malloc(sizeof(*c_iter_hi));
+ c_iter_hi = zmalloc(sizeof(*c_iter_hi));
if (c_iter_hi == NULL)
goto gen_64_failure;
- memset(c_iter_hi, 0, sizeof(*c_iter_hi));
c_iter_hi->refcnt = 1;
- c_iter_lo = malloc(sizeof(*c_iter_lo));
+ c_iter_lo = zmalloc(sizeof(*c_iter_lo));
if (c_iter_lo == NULL) {
free(c_iter_hi);
goto gen_64_failure;
}
- memset(c_iter_lo, 0, sizeof(*c_iter_lo));
c_iter_lo->refcnt = 1;
/* link this level to the previous level */
struct db_arg_chain_tree *c_iter = NULL, *c_prev = NULL;
bool tf_flag;
- s_new = malloc(sizeof(*s_new));
+ s_new = zmalloc(sizeof(*s_new));
if (s_new == NULL)
return NULL;
- memset(s_new, 0, sizeof(*s_new));
s_new->num = syscall;
s_new->valid = true;
/* run through the argument chain */
if (!_db_arg_cmp_need_lo(&chain[iter]))
continue;
- c_iter = malloc(sizeof(*c_iter));
+ c_iter = zmalloc(sizeof(*c_iter));
if (c_iter == NULL)
goto gen_32_failure;
- memset(c_iter, 0, sizeof(*c_iter));
c_iter->refcnt = 1;
c_iter->arg = chain[iter].arg;
c_iter->arg_offset = arch_arg_offset(arch, c_iter->arg);
/* collect the arguments for the filter rule */
chain_size = sizeof(*chain) * ARG_COUNT_MAX;
- chain = malloc(chain_size);
+ chain = zmalloc(chain_size);
if (chain == NULL)
return -ENOMEM;
- memset(chain, 0, chain_size);
for (iter = 0; iter < arg_cnt; iter++) {
arg_data = arg_array[iter];
arg_num = arg_data.arg;
struct db_api_rule_list *rule_o, *rule_s;
/* allocate the snapshot */
- snap = malloc(sizeof(*snap));
+ snap = zmalloc(sizeof(*snap));
if (snap == NULL)
return -ENOMEM;
- snap->filters = malloc(sizeof(struct db_filter *) * col->filter_cnt);
+ snap->filters = zmalloc(sizeof(struct db_filter *) * col->filter_cnt);
if (snap->filters == NULL) {
free(snap);
return -ENOMEM;
#include "db.h"
#include "hash.h"
#include "system.h"
+#include "helper.h"
/* allocation increments */
#define AINC_BLK 2
{
struct bpf_blk *blk;
- blk = malloc(sizeof(*blk));
+ blk = zmalloc(sizeof(*blk));
if (blk == NULL)
return NULL;
-
- memset(blk, 0, sizeof(*blk));
blk->flag_unique = true;
blk->acc_start = _ACC_STATE_UNDEF;
blk->acc_end = _ACC_STATE_UNDEF;
if (blk->flag_hash)
return 0;
- h_new = malloc(sizeof(*h_new));
+ h_new = zmalloc(sizeof(*h_new));
if (h_new == NULL)
return -ENOMEM;
- memset(h_new, 0, sizeof(*h_new));
/* generate the hash */
h_val = jhash(blk->blks, _BLK_MSZE(blk), 0);
memset(&state, 0, sizeof(state));
state.attr = &col->attr;
- state.bpf = malloc(sizeof(*(state.bpf)));
+ state.bpf = zmalloc(sizeof(*(state.bpf)));
if (state.bpf == NULL)
return NULL;
- memset(state.bpf, 0, sizeof(*(state.bpf)));
rc = _gen_bpf_build_bpf(&state, col);
if (rc < 0)
--- /dev/null
+/**
+ * Helper functions for libseccomp
+ *
+ * Copyright (c) 2017 Red Hat <pmoore@redhat.com>
+ * Author: Paul Moore <paul@paul-moore.com>
+ */
+
+/*
+ * This library is free software; you can redistribute it and/or modify it
+ * under the terms of version 2.1 of the GNU Lesser General Public License as
+ * published by the Free Software Foundation.
+ *
+ * This library is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License
+ * for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this library; if not, see <http://www.gnu.org/licenses>.
+ */
+
+#include <stdlib.h>
+#include <string.h>
+
+#include "helper.h"
+
+/**
+ * Allocate memory
+ * @param size the size of the buffer to allocate
+ *
+ * This function allocates a buffer of the given size, initializes it to zero,
+ * and returns a pointer to buffer on success. NULL is returned on failure.
+ *
+ */
+void *zmalloc(size_t size)
+{
+ void *ptr;
+
+ /* NOTE: unlike malloc() zero size allocations always return NULL */
+ if (size == 0)
+ return NULL;
+
+ ptr = malloc(size);
+ if (!ptr)
+ return NULL;
+ memset(ptr, 0, size);
+
+ return ptr;
+}
--- /dev/null
+/**
+ * Helper functions for libseccomp
+ *
+ * Copyright (c) 2017 Red Hat <pmoore@redhat.com>
+ * Author: Paul Moore <paul@paul-moore.com>
+ */
+
+/*
+ * This library is free software; you can redistribute it and/or modify it
+ * under the terms of version 2.1 of the GNU Lesser General Public License as
+ * published by the Free Software Foundation.
+ *
+ * This library is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License
+ * for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this library; if not, see <http://www.gnu.org/licenses>.
+ */
+
+#ifndef _FILTER_HELPER_H
+#define _FILTER_HELPER_H
+
+void *zmalloc(size_t size);
+
+#endif