diff options
author | smitsohu <smitsohu@gmail.com> | 2022-03-13 22:35:29 +0100 |
---|---|---|
committer | smitsohu <smitsohu@gmail.com> | 2022-03-13 22:35:29 +0100 |
commit | 20910987363706a61c4d70586e3eb405076eca0f (patch) | |
tree | 6e4bf36353154fdc7265ed0d228015041dc440e8 | |
parent | fbuilder: whitelist-run-common.inc and whitelist-runuser-common.inc support (diff) | |
download | firejail-20910987363706a61c4d70586e3eb405076eca0f.tar.gz firejail-20910987363706a61c4d70586e3eb405076eca0f.tar.zst firejail-20910987363706a61c4d70586e3eb405076eca0f.zip |
fbuilder: whitelist globbing
-rw-r--r-- | src/fbuilder/fbuilder.h | 4 | ||||
-rw-r--r-- | src/fbuilder/filedb.c | 10 |
2 files changed, 6 insertions, 8 deletions
diff --git a/src/fbuilder/fbuilder.h b/src/fbuilder/fbuilder.h index 43bb0b59d..b07209e51 100644 --- a/src/fbuilder/fbuilder.h +++ b/src/fbuilder/fbuilder.h | |||
@@ -26,7 +26,7 @@ | |||
26 | #include <sys/types.h> | 26 | #include <sys/types.h> |
27 | #include <sys/stat.h> | 27 | #include <sys/stat.h> |
28 | #include <fcntl.h> | 28 | #include <fcntl.h> |
29 | 29 | #include <fnmatch.h> | |
30 | 30 | ||
31 | #define MAX_BUF 4096 | 31 | #define MAX_BUF 4096 |
32 | // main.c | 32 | // main.c |
@@ -63,7 +63,7 @@ char *extract_dir(char *fname); | |||
63 | typedef struct filedb_t { | 63 | typedef struct filedb_t { |
64 | struct filedb_t *next; | 64 | struct filedb_t *next; |
65 | char *fname; // file name | 65 | char *fname; // file name |
66 | int len; // length of file name | 66 | unsigned len; // length of file name |
67 | } FileDB; | 67 | } FileDB; |
68 | 68 | ||
69 | FileDB *filedb_add(FileDB *head, const char *fname); | 69 | FileDB *filedb_add(FileDB *head, const char *fname); |
diff --git a/src/fbuilder/filedb.c b/src/fbuilder/filedb.c index 569095785..89b6980d2 100644 --- a/src/fbuilder/filedb.c +++ b/src/fbuilder/filedb.c | |||
@@ -25,17 +25,17 @@ FileDB *filedb_find(FileDB *head, const char *fname) { | |||
25 | assert(fname); | 25 | assert(fname); |
26 | FileDB *ptr = head; | 26 | FileDB *ptr = head; |
27 | int found = 0; | 27 | int found = 0; |
28 | int len = strlen(fname); | ||
29 | 28 | ||
30 | while (ptr) { | 29 | while (ptr) { |
31 | // exact name | 30 | // ptr->fname can be a pattern, like .mutter-Xwaylandauth.* |
32 | if (strcmp(fname, ptr->fname) == 0) { | 31 | // check if fname is a match |
32 | if (fnmatch(ptr->fname, fname, FNM_PATHNAME) == 0) { | ||
33 | found = 1; | 33 | found = 1; |
34 | break; | 34 | break; |
35 | } | 35 | } |
36 | 36 | ||
37 | // parent directory in the list | 37 | // parent directory in the list |
38 | if (len > ptr->len && | 38 | if (strlen(fname) > ptr->len && |
39 | fname[ptr->len] == '/' && | 39 | fname[ptr->len] == '/' && |
40 | strncmp(ptr->fname, fname, ptr->len) == 0) { | 40 | strncmp(ptr->fname, fname, ptr->len) == 0) { |
41 | found = 1; | 41 | found = 1; |
@@ -54,8 +54,6 @@ FileDB *filedb_find(FileDB *head, const char *fname) { | |||
54 | FileDB *filedb_add(FileDB *head, const char *fname) { | 54 | FileDB *filedb_add(FileDB *head, const char *fname) { |
55 | assert(fname); | 55 | assert(fname); |
56 | 56 | ||
57 | // todo: support fnames such as ${RUNUSER}/.mutter-Xwaylandauth.* | ||
58 | |||
59 | // don't add it if it is already there or if the parent directory is already in the list | 57 | // don't add it if it is already there or if the parent directory is already in the list |
60 | if (filedb_find(head, fname)) | 58 | if (filedb_find(head, fname)) |
61 | return head; | 59 | return head; |