diff options
author | smitsohu <smitsohu@gmail.com> | 2018-10-17 18:10:04 +0200 |
---|---|---|
committer | smitsohu <smitsohu@gmail.com> | 2018-10-17 18:10:04 +0200 |
commit | 438fdd3d9099a01a7e9c62844ae5150ca17155c4 (patch) | |
tree | 0a8851e253783d60eec4ab41982a9e47d60a9ca6 | |
parent | fix #2197 (diff) | |
download | firejail-438fdd3d9099a01a7e9c62844ae5150ca17155c4.tar.gz firejail-438fdd3d9099a01a7e9c62844ae5150ca17155c4.tar.zst firejail-438fdd3d9099a01a7e9c62844ae5150ca17155c4.zip |
fs_whitelist: cache length of home directory string
-rw-r--r-- | src/firejail/fs_whitelist.c | 14 |
1 files changed, 8 insertions, 6 deletions
diff --git a/src/firejail/fs_whitelist.c b/src/firejail/fs_whitelist.c index 8ef948239..1092268f9 100644 --- a/src/firejail/fs_whitelist.c +++ b/src/firejail/fs_whitelist.c | |||
@@ -34,6 +34,7 @@ | |||
34 | 34 | ||
35 | #define EMPTY_STRING ("") | 35 | #define EMPTY_STRING ("") |
36 | #define MAXBUF 4098 | 36 | #define MAXBUF 4098 |
37 | static size_t homedir_len; // cache length of homedir string | ||
37 | 38 | ||
38 | 39 | ||
39 | static int mkpath(const char* path, mode_t mode) { | 40 | static int mkpath(const char* path, mode_t mode) { |
@@ -42,7 +43,7 @@ static int mkpath(const char* path, mode_t mode) { | |||
42 | 43 | ||
43 | // create directories with uid/gid as root or as current user if inside home directory | 44 | // create directories with uid/gid as root or as current user if inside home directory |
44 | int userhome = 0; | 45 | int userhome = 0; |
45 | if (strncmp(path, cfg.homedir, strlen(cfg.homedir)) == 0) { | 46 | if (strncmp(path, cfg.homedir, homedir_len) == 0) { |
46 | EUID_USER(); | 47 | EUID_USER(); |
47 | userhome = 1; | 48 | userhome = 1; |
48 | } | 49 | } |
@@ -123,12 +124,12 @@ static void whitelist_path(ProfileEntry *entry) { | |||
123 | char *wfile = NULL; | 124 | char *wfile = NULL; |
124 | 125 | ||
125 | if (entry->home_dir) { | 126 | if (entry->home_dir) { |
126 | if (strncmp(path, cfg.homedir, strlen(cfg.homedir)) != 0 || path[strlen(cfg.homedir)] != '/') | 127 | if (strncmp(path, cfg.homedir, homedir_len) != 0 || path[homedir_len] != '/') |
127 | // either symlink pointing outside home directory | 128 | // either symlink pointing outside home directory |
128 | // or entire home directory, skip the mount | 129 | // or entire home directory, skip the mount |
129 | return; | 130 | return; |
130 | 131 | ||
131 | fname = path + strlen(cfg.homedir) + 1; // strlen("/home/user/") | 132 | fname = path + homedir_len + 1; // strlen("/home/user/") |
132 | 133 | ||
133 | if (asprintf(&wfile, "%s/%s", RUN_WHITELIST_HOME_USER_DIR, fname) == -1) | 134 | if (asprintf(&wfile, "%s/%s", RUN_WHITELIST_HOME_USER_DIR, fname) == -1) |
134 | errExit("asprintf"); | 135 | errExit("asprintf"); |
@@ -331,6 +332,7 @@ void fs_whitelist(void) { | |||
331 | if (!entry) | 332 | if (!entry) |
332 | return; | 333 | return; |
333 | 334 | ||
335 | homedir_len = strlen(cfg.homedir); | ||
334 | char *new_name = NULL; | 336 | char *new_name = NULL; |
335 | int home_dir = 0; // /home/user directory flag | 337 | int home_dir = 0; // /home/user directory flag |
336 | int tmp_dir = 0; // /tmp directory flag | 338 | int tmp_dir = 0; // /tmp directory flag |
@@ -430,7 +432,7 @@ void fs_whitelist(void) { | |||
430 | 432 | ||
431 | // if 1 the file was not found; mount an empty directory | 433 | // if 1 the file was not found; mount an empty directory |
432 | if (!nowhitelist_flag) { | 434 | if (!nowhitelist_flag) { |
433 | if (strncmp(new_name, cfg.homedir, strlen(cfg.homedir)) == 0 && new_name[strlen(cfg.homedir)] == '/') { | 435 | if (strncmp(new_name, cfg.homedir, homedir_len) == 0 && new_name[homedir_len] == '/') { |
434 | if(!arg_private) | 436 | if(!arg_private) |
435 | home_dir = 1; | 437 | home_dir = 1; |
436 | } | 438 | } |
@@ -483,7 +485,7 @@ void fs_whitelist(void) { | |||
483 | } | 485 | } |
484 | 486 | ||
485 | // check for supported directories | 487 | // check for supported directories |
486 | if (strncmp(new_name, cfg.homedir, strlen(cfg.homedir)) == 0 && new_name[strlen(cfg.homedir)] == '/') { | 488 | if (strncmp(new_name, cfg.homedir, homedir_len) == 0 && new_name[homedir_len] == '/') { |
487 | // whitelisting home directory is disabled if --private option is present | 489 | // whitelisting home directory is disabled if --private option is present |
488 | if (arg_private) { | 490 | if (arg_private) { |
489 | if (arg_debug || arg_debug_whitelists) | 491 | if (arg_debug || arg_debug_whitelists) |
@@ -504,7 +506,7 @@ void fs_whitelist(void) { | |||
504 | 506 | ||
505 | // both path and absolute path are in user home, | 507 | // both path and absolute path are in user home, |
506 | // if not check if the symlink destination is owned by the user | 508 | // if not check if the symlink destination is owned by the user |
507 | if (strncmp(fname, cfg.homedir, strlen(cfg.homedir)) != 0 || fname[strlen(cfg.homedir)] != '/') { | 509 | if (strncmp(fname, cfg.homedir, homedir_len) != 0 || fname[homedir_len] != '/') { |
508 | if (checkcfg(CFG_FOLLOW_SYMLINK_AS_USER)) { | 510 | if (checkcfg(CFG_FOLLOW_SYMLINK_AS_USER)) { |
509 | if (stat(fname, &s) == 0 && s.st_uid != getuid()) { | 511 | if (stat(fname, &s) == 0 && s.st_uid != getuid()) { |
510 | free(fname); | 512 | free(fname); |