_array filter functions now rely on final NULL parameter

src/common/sandbox.c

@@ -731,20 +731,20 @@ sandbox_cfg_allow_stat64_filename(sandbox_cfg_t **cfg, char *file, int fr)
 }
 
 int
-sandbox_cfg_allow_stat64_filename_array(sandbox_cfg_t **cfg, int num, ...)
+sandbox_cfg_allow_stat64_filename_array(sandbox_cfg_t **cfg, ...)
 {
-  int rc = 0, i;
+  int rc = 0;
+  char *fn = NULL;
 
   va_list ap;
-  va_start(ap, num);
+  va_start(ap, cfg);
 
-  for (i = 0; i < num; i++) {
-    char *fn = va_arg(ap, char*);
+  while((fn = va_arg(ap, char*)) != NULL) {
     int fr = va_arg(ap, int);
 
     rc = sandbox_cfg_allow_stat64_filename(cfg, fn, fr);
     if (rc) {
-      log_err(LD_BUG,"(Sandbox) failed on par %d", i);
+      log_err(LD_BUG,"(Sandbox) sandbox_cfg_allow_stat64_filename_array fail");
       goto end;
     }
   }
@@ -775,20 +775,20 @@ sandbox_cfg_allow_open_filename(sandbox_cfg_t **cfg, char *file, int fr)
 }
 
 int
-sandbox_cfg_allow_open_filename_array(sandbox_cfg_t **cfg, int num, ...)
+sandbox_cfg_allow_open_filename_array(sandbox_cfg_t **cfg, ...)
 {
-  int rc = 0, i;
+  int rc = 0;
+  char *fn = NULL;
 
   va_list ap;
-  va_start(ap, num);
+  va_start(ap, cfg);
 
-  for (i = 0; i < num; i++) {
-    char *fn = va_arg(ap, char*);
+  while((fn = va_arg(ap, char*)) != NULL) {
     int fr = va_arg(ap, int);
 
     rc = sandbox_cfg_allow_open_filename(cfg, fn, fr);
     if (rc) {
-      log_err(LD_BUG,"(Sandbox) failed on par %d", i);
+      log_err(LD_BUG,"(Sandbox) sandbox_cfg_allow_open_filename_array fail");
       goto end;
     }
   }
@@ -818,20 +818,20 @@ sandbox_cfg_allow_openat_filename(sandbox_cfg_t **cfg, char *file, int fr)
 }
 
 int
-sandbox_cfg_allow_openat_filename_array(sandbox_cfg_t **cfg, int num, ...)
+sandbox_cfg_allow_openat_filename_array(sandbox_cfg_t **cfg, ...)
 {
-  int rc = 0, i;
+  int rc = 0;
+  char *fn = NULL;
 
   va_list ap;
-  va_start(ap, num);
+  va_start(ap, cfg);
 
-  for (i = 0; i < num; i++) {
-    char *fn = va_arg(ap, char*);
+  while((fn = va_arg(ap, char*)) != NULL) {
     int fr = va_arg(ap, int);
 
     rc = sandbox_cfg_allow_openat_filename(cfg, fn, fr);
     if (rc) {
-      log_err(LD_BUG,"(Sandbox) failed on par %d", i);
+      log_err(LD_BUG,"(Sandbox) sandbox_cfg_allow_openat_filename_array fail");
       goto end;
     }
   }
@@ -859,20 +859,19 @@ sandbox_cfg_allow_execve(sandbox_cfg_t **cfg, char *com)
 }
 
 int
-sandbox_cfg_allow_execve_array(sandbox_cfg_t **cfg, int num, ...)
+sandbox_cfg_allow_execve_array(sandbox_cfg_t **cfg, ...)
 {
-  int rc = 0, i;
+  int rc = 0;
+  char *fn = NULL;
 
   va_list ap;
-  va_start(ap, num);
+  va_start(ap, cfg);
 
-  for (i = 0; i < num; i++) {
-    char *fn = va_arg(ap, char*);
+  while((fn = va_arg(ap, char*)) != NULL) {
 
     rc = sandbox_cfg_allow_execve(cfg, fn);
-
     if (rc) {
-      log_err(LD_BUG,"(Sandbox) failed on par %d", i);
+      log_err(LD_BUG,"(Sandbox) sandbox_cfg_allow_execve_array failed");
       goto end;
     }
   }

src/common/sandbox.h

@@ -125,7 +125,7 @@ int sandbox_cfg_allow_open_filename(sandbox_cfg_t **cfg, char *file,
  *    that the char* needs to be free-ed, 0 means the pointer does not need to
  *    be free-ed.
  */
-int sandbox_cfg_allow_open_filename_array(sandbox_cfg_t **cfg, int num, ...);
+int sandbox_cfg_allow_open_filename_array(sandbox_cfg_t **cfg, ...);
 
 /**
  * Function used to add a openat allowed filename to a supplied configuration.
@@ -145,7 +145,7 @@ int sandbox_cfg_allow_openat_filename(sandbox_cfg_t **cfg, char *file,
  *    that the char* needs to be free-ed, 0 means the pointer does not need to
  *    be free-ed.
  */
-int sandbox_cfg_allow_openat_filename_array(sandbox_cfg_t **cfg, int num, ...);
+int sandbox_cfg_allow_openat_filename_array(sandbox_cfg_t **cfg, ...);
 
 /**
  * Function used to add a execve allowed filename to a supplied configuration.
@@ -164,7 +164,7 @@ int sandbox_cfg_allow_execve(sandbox_cfg_t **cfg, char *com);
  *    that the char* needs to be free-ed, 0 means the pointer does not need to
  *    be free-ed.
  */
-int sandbox_cfg_allow_execve_array(sandbox_cfg_t **cfg, int num, ...);
+int sandbox_cfg_allow_execve_array(sandbox_cfg_t **cfg, ...);
 
 /**
  * Function used to add a stat64 allowed filename to a supplied configuration.
@@ -184,8 +184,7 @@ int sandbox_cfg_allow_stat64_filename(sandbox_cfg_t **cfg, char *file,
  *    that the char* needs to be free-ed, 0 means the pointer does not need to
  *    be free-ed.
  */
-int sandbox_cfg_allow_stat64_filename_array(sandbox_cfg_t **cfg,
-    int num, ...);
+int sandbox_cfg_allow_stat64_filename_array(sandbox_cfg_t **cfg, ...);
 
 /** Function used to initialise a sandbox configuration.*/
 int sandbox_init(sandbox_cfg_t* cfg);

src/or/main.c

@@ -2647,7 +2647,7 @@ sandbox_init_filter()
   sandbox_cfg_allow_openat_filename(&cfg,
       get_datadir_fname("cached-status"), 1);
 
-  sandbox_cfg_allow_open_filename_array(&cfg, 24,
+  sandbox_cfg_allow_open_filename_array(&cfg,
       get_datadir_fname("cached-certs"), 1,
       get_datadir_fname("cached-certs.tmp"), 1,
       get_datadir_fname("cached-consensus"), 1,
@@ -2671,20 +2671,22 @@ sandbox_init_filter()
       get_datadir_fname("unparseable-desc"), 1,
       "/dev/srandom", 0,
       "/dev/urandom", 0,
-      "/dev/random", 0
+      "/dev/random", 0,
+      NULL, 0
   );
 
-  sandbox_cfg_allow_stat64_filename_array(&cfg, 5,
+  sandbox_cfg_allow_stat64_filename_array(&cfg,
       get_datadir_fname(NULL), 1,
       get_datadir_fname("lock"), 1,
       get_datadir_fname("state"), 1,
       get_datadir_fname("router-stability"), 1,
-      get_datadir_fname("cached-extrainfo.new"), 1
+      get_datadir_fname("cached-extrainfo.new"), 1,
+      NULL, 0
   );
 
   // orport
   if (server_mode(get_options())) {
-    sandbox_cfg_allow_open_filename_array(&cfg, 14,
+    sandbox_cfg_allow_open_filename_array(&cfg,
         get_datadir_fname2("keys", "secret_id_key"), 1,
         get_datadir_fname2("keys", "secret_onion_key"), 1,
         get_datadir_fname2("keys", "secret_onion_key_ntor"), 1,
@@ -2698,12 +2700,14 @@ sandbox_init_filter()
         get_datadir_fname("fingerprint.tmp"), 1,
         get_datadir_fname("cached-consensus"), 1,
         get_datadir_fname("cached-consensus.tmp"), 1,
-        "/etc/resolv.conf", 0
+        "/etc/resolv.conf", 0,
+        NULL, 0
     );
 
-    sandbox_cfg_allow_stat64_filename_array(&cfg, 2,
+    sandbox_cfg_allow_stat64_filename_array(&cfg,
         get_datadir_fname("keys"), 1,
-        get_datadir_fname("stats/dirreq-stats"), 1
+        get_datadir_fname("stats/dirreq-stats"), 1,
+        NULL, 0
     );
   }