fix path

author: netblue30 <netblue30@yahoo.com> 2016-02-15 19:26:29 -0500
committer: netblue30 <netblue30@yahoo.com> 2016-02-15 19:26:29 -0500
commit: 0c7935bab29275f854b3a69a4796597c470c1a22 (patch)
tree: 4e3c4c9bf815555146f79e391651e5d5c1b26b97
parent: centos6 fix (diff)
download: firejail-0c7935bab29275f854b3a69a4796597c470c1a22.tar.gz
firejail-0c7935bab29275f854b3a69a4796597c470c1a22.tar.zst
firejail-0c7935bab29275f854b3a69a4796597c470c1a22.zip
4 files changed, 112 insertions, 8 deletions
diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h
index 19c8c5eb5..a754711b1 100644
--- a/src/firejail/firejail.h
+++ b/src/firejail/firejail.h
@@ -509,5 +509,8 @@ void run_symlink(int argc, char **argv);
 // user.c
 void check_user(int argc, char **argv);
+// paths.c
+char **build_paths(void);
 #endif
diff --git a/src/firejail/fs.c b/src/firejail/fs.c
index a43ed3134..c3e9890b4 100644
--- a/src/firejail/fs.c
+++ b/src/firejail/fs.c
@@ -460,13 +460,14 @@ void fs_blacklist(void) {
                        if (strncmp(ptr, "${PATH}", 7) == 0) {
                                char *fname = ptr + 7;
                                size_t fname_len = strlen(fname);
-                                char **path, *paths[] = {"/bin", "/sbin", "/usr/bin", "/usr/sbin", NULL};
+                                char **paths = build_paths(); //{"/bin", "/sbin", "/usr/bin", "/usr/sbin", NULL};
-                                for (path = &paths[0]; *path; path++) {
+                                int i = 0;
-                                        char newname[strlen(*path) + fname_len + 1];
+                                while (paths[i] != NULL) {
-                                        sprintf(newname, "%s%s", *path, fname);
+                                        char *path = paths[i];
+                                        i++;
+                                        char newname[strlen(path) + fname_len + 1];
+                                        sprintf(newname, "%s%s", path, fname);
                                        globbing(op, newname, (const char**)noblacklist, noblacklist_c);
-                                        if  (last_disable == SUCCESSFUL)
-                                                break;
                                }
                        }
                        else
diff --git a/src/firejail/paths.c b/src/firejail/paths.c
new file mode 100644
index 000000000..3d4b8cd8e
--- /dev/null
+++ b/src/firejail/paths.c
@@ -0,0 +1,98 @@
+/*
+ * Copyright (C) 2014-2016 Firejail Authors
+ *
+ * This file is part of firejail project
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+*/
+#include "firejail.h"
+static char **paths = NULL;
+static int path_cnt = 0;
+static char initialized = 0;
+static void add_path(const char *path) {
+        assert(paths);
+        assert(path_cnt);
+        
+        // filter out duplicates
+        int i;
+        int empty = 0;
+        for (i = 0; i < path_cnt; i++) {
+                if (paths[i] && strcmp(path, paths[i]) == 0) {
+                        return;
+                }
+                if (!paths[i]) {
+                        empty = i;
+                        break;
+                }
+        }
+        paths[empty] = strdup(path);
+        if (!paths[empty])
+                errExit("strdup");
+}
+char **build_paths(void) {
+        if (initialized) {
+                assert(paths);
+                return paths;
+        }
+        initialized = 1;
+        
+        int cnt = 5;    // 4 default paths + 1 NULL to end the array
+        char *path1 = getenv("PATH");
+        if (path1) {
+                char *path2 = strdup(path1);
+                if (!path2)
+                        errExit("strdup");
+                
+                // use path2 to count the entries
+                char *ptr = strtok(path2, ":");
+                while (ptr) {
+                        cnt++;
+                        ptr = strtok(NULL, ":");
+                }
+                free(path2);
+                path_cnt = cnt;
+                // allocate paths array
+                paths = malloc(sizeof(char *) * cnt);
+                if (!paths)
+                        errExit("malloc");
+                memset(paths, 0, sizeof(char *) * cnt);
+                // add default paths
+                add_path("/bin");
+                add_path("/sbin");
+                add_path("/usr/bin");
+                add_path("/usr/sbin");
+                path2 = strdup(path1);
+                if (!path2)
+                        errExit("strdup");
+                
+                // use path2 to count the entries
+                ptr = strtok(path2, ":");
+                while (ptr) {
+                        cnt++;
+                        add_path(ptr);
+                        ptr = strtok(NULL, ":");
+                }
+                free(path2);
+        }
+        
+        return paths;
+}
diff --git a/src/firejail/profile.c b/src/firejail/profile.c
index 5acbbec38..70ec360ce 100644
--- a/src/firejail/profile.c
+++ b/src/firejail/profile.c
@@ -533,8 +533,10 @@ void profile_read(const char *fname) {
                // verify syntax, exit in case of error
                if (profile_check_line(ptr, lineno, fname))
                        profile_add(ptr);
-                else
+// we cannot free ptr here, data is extracted from ptr and linked as a pointer in cfg structure
-                        free(ptr);
+//              else {
+//                      free(ptr);
+//              }
        }
        fclose(fp);
 }
author	netblue30 <netblue30@yahoo.com>	2016-02-15 19:26:29 -0500
committer	netblue30 <netblue30@yahoo.com>	2016-02-15 19:26:29 -0500
commit	0c7935bab29275f854b3a69a4796597c470c1a22 (patch)
tree	4e3c4c9bf815555146f79e391651e5d5c1b26b97
parent	centos6 fix (diff)
download	firejail-0c7935bab29275f854b3a69a4796597c470c1a22.tar.gz firejail-0c7935bab29275f854b3a69a4796597c470c1a22.tar.zst firejail-0c7935bab29275f854b3a69a4796597c470c1a22.zip

diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h index 19c8c5eb5..a754711b1 100644 --- a/src/firejail/firejail.h +++ b/src/firejail/firejail.h
@@ -509,5 +509,8 @@ void run_symlink(int argc, char **argv);
509	// user.c	509	// user.c
510	void check_user(int argc, char **argv);	510	void check_user(int argc, char **argv);
511		511
		512	// paths.c
		513	char **build_paths(void);
		514
512	#endif	515	#endif
513		516


diff --git a/src/firejail/fs.c b/src/firejail/fs.c index a43ed3134..c3e9890b4 100644 --- a/src/firejail/fs.c +++ b/src/firejail/fs.c
@@ -460,13 +460,14 @@ void fs_blacklist(void) {
460	if (strncmp(ptr, "${PATH}", 7) == 0) {	460	if (strncmp(ptr, "${PATH}", 7) == 0) {
461	char *fname = ptr + 7;	461	char *fname = ptr + 7;
462	size_t fname_len = strlen(fname);	462	size_t fname_len = strlen(fname);
463	char *path, paths[] = {"/bin", "/sbin", "/usr/bin", "/usr/sbin", NULL};	463	char **paths = build_paths(); //{"/bin", "/sbin", "/usr/bin", "/usr/sbin", NULL};
464	for (path = &paths[0]; *path; path++) {	464	int i = 0;
465	char newname[strlen(*path) + fname_len + 1];	465	while (paths[i] != NULL) {
466	sprintf(newname, "%s%s", *path, fname);	466	char *path = paths[i];
		467	i++;
		468	char newname[strlen(path) + fname_len + 1];
		469	sprintf(newname, "%s%s", path, fname);
467	globbing(op, newname, (const char**)noblacklist, noblacklist_c);	470	globbing(op, newname, (const char**)noblacklist, noblacklist_c);
468	if (last_disable == SUCCESSFUL)
469	break;
470	}	471	}
471	}	472	}
472	else	473	else


diff --git a/src/firejail/paths.c b/src/firejail/paths.c new file mode 100644 index 000000000..3d4b8cd8e --- /dev/null +++ b/src/firejail/paths.c
@@ -0,0 +1,98 @@
		1	/*
		2	* Copyright (C) 2014-2016 Firejail Authors
		3	*
		4	* This file is part of firejail project
		5	*
		6	* This program is free software; you can redistribute it and/or modify
		7	* it under the terms of the GNU General Public License as published by
		8	* the Free Software Foundation; either version 2 of the License, or
		9	* (at your option) any later version.
		10	*
		11	* This program is distributed in the hope that it will be useful,
		12	* but WITHOUT ANY WARRANTY; without even the implied warranty of
		13	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
		14	* GNU General Public License for more details.
		15	*
		16	* You should have received a copy of the GNU General Public License along
		17	* with this program; if not, write to the Free Software Foundation, Inc.,
		18	* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
		19	*/
		20	#include "firejail.h"
		21
		22	static char **paths = NULL;
		23	static int path_cnt = 0;
		24	static char initialized = 0;
		25
		26	static void add_path(const char *path) {
		27	assert(paths);
		28	assert(path_cnt);
		29
		30	// filter out duplicates
		31	int i;
		32	int empty = 0;
		33	for (i = 0; i < path_cnt; i++) {
		34	if (paths[i] && strcmp(path, paths[i]) == 0) {
		35	return;
		36	}
		37	if (!paths[i]) {
		38	empty = i;
		39	break;
		40	}
		41	}
		42
		43	paths[empty] = strdup(path);
		44	if (!paths[empty])
		45	errExit("strdup");
		46	}
		47
		48	char **build_paths(void) {
		49	if (initialized) {
		50	assert(paths);
		51	return paths;
		52	}
		53	initialized = 1;
		54
		55	int cnt = 5; // 4 default paths + 1 NULL to end the array
		56	char *path1 = getenv("PATH");
		57	if (path1) {
		58	char *path2 = strdup(path1);
		59	if (!path2)
		60	errExit("strdup");
		61
		62	// use path2 to count the entries
		63	char *ptr = strtok(path2, ":");
		64	while (ptr) {
		65	cnt++;
		66	ptr = strtok(NULL, ":");
		67	}
		68	free(path2);
		69	path_cnt = cnt;
		70
		71	// allocate paths array
		72	paths = malloc(sizeof(char ) cnt);
		73	if (!paths)
		74	errExit("malloc");
		75	memset(paths, 0, sizeof(char ) cnt);
		76
		77	// add default paths
		78	add_path("/bin");
		79	add_path("/sbin");
		80	add_path("/usr/bin");
		81	add_path("/usr/sbin");
		82
		83	path2 = strdup(path1);
		84	if (!path2)
		85	errExit("strdup");
		86
		87	// use path2 to count the entries
		88	ptr = strtok(path2, ":");
		89	while (ptr) {
		90	cnt++;
		91	add_path(ptr);
		92	ptr = strtok(NULL, ":");
		93	}
		94	free(path2);
		95	}
		96
		97	return paths;
		98	}


diff --git a/src/firejail/profile.c b/src/firejail/profile.c index 5acbbec38..70ec360ce 100644 --- a/src/firejail/profile.c +++ b/src/firejail/profile.c
@@ -533,8 +533,10 @@ void profile_read(const char *fname) {
533	// verify syntax, exit in case of error	533	// verify syntax, exit in case of error
534	if (profile_check_line(ptr, lineno, fname))	534	if (profile_check_line(ptr, lineno, fname))
535	profile_add(ptr);	535	profile_add(ptr);
536	else	536	// we cannot free ptr here, data is extracted from ptr and linked as a pointer in cfg structure
537	free(ptr);	537	// else {
		538	// free(ptr);
		539	// }
538	}	540	}
539	fclose(fp);	541	fclose(fp);
540	}	542	}