[gentoo-commits] proj/sandbox:master commit in: libsbutil/, /, libsandbox/, src/

[gentoo-commits] proj/sandbox:master commit in: libsbutil/, /, libsandbox/, src/

[Mike Gilbert]

commit:     e21aab299a512c29bdc3f77781858c7b7471b40e
Author:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Sat Mar  8 19:38:12 2025 +0000
Commit:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Sat Mar  8 19:38:12 2025 +0000
URL:        https://gitweb.gentoo.org/proj/sandbox.git/commit/?id=e21aab29

Replace SB_PATH_MAX with PATH_MAX

Most of the kernel interfaces we use are capped to PATH_MAX anyway.

Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>

 libsandbox/libsandbox.c         | 24 ++++++++++++------------
 libsandbox/libsandbox.h         |  2 +-
 libsandbox/pre_check_unlinkat.c |  2 +-
 libsandbox/realpath.c           |  2 +-
 libsbutil/get_sandbox_confd.c   |  2 +-
 libsbutil/get_sandbox_lib.c     |  2 +-
 libsbutil/get_sandbox_log.c     |  4 ++--
 libsbutil/get_sandbox_rc.c      |  4 ++--
 localdecls.h                    | 13 -------------
 src/environ.c                   |  2 +-
 src/sandbox.c                   |  2 +-
 src/sandbox.h                   | 14 +++++++-------
 12 files changed, 30 insertions(+), 43 deletions(-)

diff --git a/libsandbox/libsandbox.c b/libsandbox/libsandbox.c
index 402928a..18b168c 100644
--- a/libsandbox/libsandbox.c
+++ b/libsandbox/libsandbox.c
@@ -26,7 +26,7 @@
 #define LOG_FMT_RPATH			"FORMAT: R - Canonical Path\n"
 #define LOG_FMT_CMDLINE			"FORMAT: C - Command Line\n"
 
-char sandbox_lib[SB_PATH_MAX];
+char sandbox_lib[PATH_MAX];
 
 typedef struct {
 	bool show_access_violation, on, active, testing, verbose, debug;
@@ -43,9 +43,9 @@ typedef struct {
 static sbcontext_t sbcontext;
 
 static char *cached_env_vars[MAX_DYN_PREFIXES];
-static char log_path[SB_PATH_MAX];
-static char debug_log_path[SB_PATH_MAX];
-static char message_path[SB_PATH_MAX];
+static char log_path[PATH_MAX];
+static char debug_log_path[PATH_MAX];
+static char message_path[PATH_MAX];
 bool sandbox_on = true;
 static bool sb_init = false;
 static bool sb_env_init = false;
@@ -229,7 +229,7 @@ static void init_env_entries(char **prefixes, const char *env, const char *prefi
 	size_t offset = 0;
 
 	while (token && strlen(token) > 0) {
-		char buf[SB_PATH_MAX];
+		char buf[PATH_MAX];
 		if (sb_abspathat(AT_FDCWD, token, buf, sizeof(buf))) {
 			size_t prev_offset = offset;
 			offset = strv_append(prefixes, offset, buf);
@@ -446,7 +446,7 @@ static int check_access(sbcontext_t *sbcontext, int sb_nr, const char *func,
 		 * to be here as for each process, the '/proc/self' symlink
 		 * will differ ...
 		 */
-		char proc_self_fd[SB_PATH_MAX];
+		char proc_self_fd[PATH_MAX];
 		if (realpath(sb_get_fd_dir(), proc_self_fd) &&
 		    !strncmp(resolv_path, proc_self_fd, strlen(proc_self_fd)))
 		{
@@ -606,20 +606,20 @@ static int check_syscall(sbcontext_t *sbcontext, int sb_nr, const char *func,
 	if (is_symlink_func(sb_nr))
 		flags |= AT_SYMLINK_NOFOLLOW;
 
-	absolute_path = abuf = malloc(SB_PATH_MAX);
+	absolute_path = abuf = malloc(PATH_MAX);
 	if (!absolute_path)
-		absolute_path = alloca(SB_PATH_MAX);
+		absolute_path = alloca(PATH_MAX);
 
-	if (!sb_abspathat(dirfd, file, absolute_path, SB_PATH_MAX))
+	if (!sb_abspathat(dirfd, file, absolute_path, PATH_MAX))
 		return 1;
 
 	sb_debug_dyn("absolute_path: %s\n", absolute_path);
 
-	resolved_path = rbuf = malloc(SB_PATH_MAX);
+	resolved_path = rbuf = malloc(PATH_MAX);
 	if (!resolved_path)
-		resolved_path = alloca(SB_PATH_MAX);
+		resolved_path = alloca(PATH_MAX);
 
-	if (!sb_realpathat(dirfd, file, resolved_path, SB_PATH_MAX,
+	if (!sb_realpathat(dirfd, file, resolved_path, PATH_MAX,
 				flags, is_create(sb_nr)))
 		return 1;
 

diff --git a/libsandbox/libsandbox.h b/libsandbox/libsandbox.h
index 22c5535..8902b41 100644
--- a/libsandbox/libsandbox.h
+++ b/libsandbox/libsandbox.h
@@ -66,7 +66,7 @@ enum sandbox_method_t get_sandbox_method(void);
 
 void *get_dlsym(const char *symname, const char *symver);
 
-extern char sandbox_lib[SB_PATH_MAX];
+extern char sandbox_lib[PATH_MAX];
 extern bool sandbox_on;
 
 struct sb_envp_ctx {

diff --git a/libsandbox/pre_check_unlinkat.c b/libsandbox/pre_check_unlinkat.c
index 887d8bb..7fa143a 100644
--- a/libsandbox/pre_check_unlinkat.c
+++ b/libsandbox/pre_check_unlinkat.c
@@ -14,7 +14,7 @@ bool sb_unlinkat_pre_check(const char *func, const char *pathname, int dirfd)
 {
 	save_errno();
 
-	char canonic[SB_PATH_MAX];
+	char canonic[PATH_MAX];
 	if (sb_realpathat(dirfd, pathname, canonic, sizeof(canonic), AT_SYMLINK_NOFOLLOW, false)) {
 		if (!strcmp(canonic, "/dev/null") || !strcmp(canonic, "/dev/zero")) {
 			errno = EACCES;

diff --git a/libsandbox/realpath.c b/libsandbox/realpath.c
index 9c65033..559ecc1 100644
--- a/libsandbox/realpath.c
+++ b/libsandbox/realpath.c
@@ -89,7 +89,7 @@ static bool chase_linkfd(int linkfd, char *buf, size_t bufsiz)
 	if (buf[0] != '/')
 		return true;
 
-	char target[SB_PATH_MAX];
+	char target[PATH_MAX];
 	ssize_t tlen = zreadlinkat(linkfd, "", target, sizeof(target));
 
 	int i;

diff --git a/libsbutil/get_sandbox_confd.c b/libsbutil/get_sandbox_confd.c
index 871af9b..133ded8 100644
--- a/libsbutil/get_sandbox_confd.c
+++ b/libsbutil/get_sandbox_confd.c
@@ -15,7 +15,7 @@ char *get_sandbox_confd(char *path)
 	save_errno();
 	char *p;
 	if (is_env_on(ENV_SANDBOX_TESTING) && (p = getenv("__SANDBOX_CONFD_DIR")))
-		strlcpy(path, p, SB_PATH_MAX);
+		strlcpy(path, p, PATH_MAX);
 	else
 		strcpy(path, SANDBOX_CONFD_DIR);
 	restore_errno();

diff --git a/libsbutil/get_sandbox_lib.c b/libsbutil/get_sandbox_lib.c
index b64a5ac..e767845 100644
--- a/libsbutil/get_sandbox_lib.c
+++ b/libsbutil/get_sandbox_lib.c
@@ -26,7 +26,7 @@ void get_sandbox_lib(char *path)
 	if (strncmp("/usr/lib", LIBSANDBOX_PATH, 8)) {
 		void *hndl = dlopen(path, RTLD_LAZY);
 		if (!hndl)
-			snprintf(path, SB_PATH_MAX, "%s/%s", LIBSANDBOX_PATH, LIB_NAME);
+			snprintf(path, PATH_MAX, "%s/%s", LIBSANDBOX_PATH, LIB_NAME);
 		else
 			dlclose(hndl);
 	}

diff --git a/libsbutil/get_sandbox_log.c b/libsbutil/get_sandbox_log.c
index bdb4278..a969341 100644
--- a/libsbutil/get_sandbox_log.c
+++ b/libsbutil/get_sandbox_log.c
@@ -26,7 +26,7 @@ static void _get_sb_log(char *path, const char *tmpdir, const char *env, const c
 		 * about people breaking the security of the sandbox by
 		 * exporting SANDBOX_LOG=/dev/null.
 		 */
-		strncpy(path, sandbox_log_env, SB_PATH_MAX);
+		strncpy(path, sandbox_log_env, PATH_MAX);
 	} else {
 		/* If running as a user w/out write access to /var/log, don't
 		 * shit ourselves.
@@ -35,7 +35,7 @@ static void _get_sb_log(char *path, const char *tmpdir, const char *env, const c
 		if (tmpdir && access(sb_log_dir, W_OK))
 			sb_log_dir = tmpdir;
 
-		snprintf(path, SB_PATH_MAX, "%s%s%s%s%d%s",
+		snprintf(path, PATH_MAX, "%s%s%s%s%d%s",
 			sb_log_dir, prefix,
 			(sandbox_log_env == NULL ? "" : sandbox_log_env),
 			(sandbox_log_env == NULL ? "" : "-"),

diff --git a/libsbutil/get_sandbox_rc.c b/libsbutil/get_sandbox_rc.c
index a02f6f0..cb5c6c8 100644
--- a/libsbutil/get_sandbox_rc.c
+++ b/libsbutil/get_sandbox_rc.c
@@ -17,10 +17,10 @@ void get_sandbox_rc(char *path)
 {
 	save_errno();
 	if (is_env_on(ENV_SANDBOX_TESTING))
-		snprintf(path, SB_PATH_MAX, "%s/%s",
+		snprintf(path, PATH_MAX, "%s/%s",
 			getenv("__SANDBOX_BASHRC_PATH"), BASHRC_NAME);
 	else
-		snprintf(path, SB_PATH_MAX, "%s/%s",
+		snprintf(path, PATH_MAX, "%s/%s",
 			SANDBOX_BASHRC_PATH, BASHRC_NAME);
 	restore_errno();
 }

diff --git a/localdecls.h b/localdecls.h
index 74e5049..7039814 100644
--- a/localdecls.h
+++ b/localdecls.h
@@ -32,19 +32,6 @@
 
 #endif
 
-#ifdef PATH_MAX
-# define SB_PATH_MAX PATH_MAX * 2
-# if (SB_PATH_MAX >= INT_MAX) || (SB_PATH_MAX < PATH_MAX)
-#  undef SB_PATH_MAX
-#  define SB_PATH_MAX PATH_MAX + 25
-#  if (SB_PATH_MAX >= INT_MAX) || (SB_PATH_MAX < PATH_MAX)
-#   error SB_PATH_MAX too big!
-#  endif
-# endif
-#else
-# error PATH_MAX not defined!
-#endif
-
 #ifndef MAP_ANONYMOUS
 # define MAP_ANONYMOUS MAP_ANON
 #endif

diff --git a/src/environ.c b/src/environ.c
index 2b28c0b..b09f5aa 100644
--- a/src/environ.c
+++ b/src/environ.c
@@ -113,7 +113,7 @@ static int setup_access_var(const char *access_var)
 {
 	rc_dynbuf_t *env_data;
   	int count = 0;
-	char confd_path[SB_PATH_MAX];
+	char confd_path[PATH_MAX];
 	char *config;
 	char **confd_files = NULL;
 	bool use_confd = true;

diff --git a/src/sandbox.c b/src/sandbox.c
index 9c3e0da..81c7ac9 100644
--- a/src/sandbox.c
+++ b/src/sandbox.c
@@ -39,7 +39,7 @@ static int setup_sandbox(struct sandbox_info_t *sandbox_info, bool interactive)
 		/* Portage handle setting SANDBOX_WRITE itself. */
 		sandbox_info->work_dir[0] = '\0';
 	} else {
-		if (NULL == getcwd(sandbox_info->work_dir, SB_PATH_MAX)) {
+		if (NULL == getcwd(sandbox_info->work_dir, PATH_MAX)) {
 			sb_pwarn("failed to get current directory");
 			return -1;
 		}

diff --git a/src/sandbox.h b/src/sandbox.h
index cdc1b9e..e21dde3 100644
--- a/src/sandbox.h
+++ b/src/sandbox.h
@@ -14,13 +14,13 @@
 #define __SANDBOX_H__
 
 struct sandbox_info_t {
-	char sandbox_log[SB_PATH_MAX];
-	char sandbox_debug_log[SB_PATH_MAX];
-	char sandbox_message_path[SB_PATH_MAX];
-	char sandbox_lib[SB_PATH_MAX];
-	char sandbox_rc[SB_PATH_MAX];
-	char work_dir[SB_PATH_MAX];
-	char tmp_dir[SB_PATH_MAX];
+	char sandbox_log[PATH_MAX];
+	char sandbox_debug_log[PATH_MAX];
+	char sandbox_message_path[PATH_MAX];
+	char sandbox_lib[PATH_MAX];
+	char sandbox_rc[PATH_MAX];
+	char work_dir[PATH_MAX];
+	char tmp_dir[PATH_MAX];
 	char *home_dir;
 };