diff options
author | Hank Leininger <hlein@korelogic.com> | 2021-11-10 14:36:47 -0700 |
---|---|---|
committer | Hank Leininger <hlein@korelogic.com> | 2021-11-10 15:58:29 -0700 |
commit | 0d06369a808d184c112bf8cf3de7b4a1bd8ed412 (patch) | |
tree | 5b36b56f26daa2c970b4108ba708d3e0b6ea9157 | |
parent | disable-common.inc: fix ssh (diff) | |
download | firejail-0d06369a808d184c112bf8cf3de7b4a1bd8ed412.tar.gz firejail-0d06369a808d184c112bf8cf3de7b4a1bd8ed412.tar.zst firejail-0d06369a808d184c112bf8cf3de7b4a1bd8ed412.zip |
Make env/arg sanity check failure messages more useful
This change doesn't alter any checks, but it gives more specific
errors when a sanity check of env vars or argv does not pass, which
can point to limits to raise or at least give us better detailed bug
reports.
Signed-off-by: Hank Leininger <hlein@korelogic.com>
Bug: https://github.com/netblue30/firejail/issues/3678
Bug: https://github.com/netblue30/firejail/issues/3851
Bug: https://github.com/netblue30/firejail/issues/4633
-rw-r--r-- | src/firejail/main.c | 10 | ||||
-rw-r--r-- | src/firejail/run_symlink.c | 2 |
2 files changed, 8 insertions, 4 deletions
diff --git a/src/firejail/main.c b/src/firejail/main.c index e765d1d8d..78f4dcc24 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c | |||
@@ -935,6 +935,8 @@ static void run_builder(int argc, char **argv) { | |||
935 | if (setresuid(-1, getuid(), getuid()) != 0) | 935 | if (setresuid(-1, getuid(), getuid()) != 0) |
936 | errExit("setresuid"); | 936 | errExit("setresuid"); |
937 | 937 | ||
938 | if (env_get("LD_PRELOAD") != NULL) | ||
939 | fprintf(stderr, "run_builder: LD_PRELOAD is: '%s'\n", env_get("LD_PRELOAD")); | ||
938 | assert(env_get("LD_PRELOAD") == NULL); | 940 | assert(env_get("LD_PRELOAD") == NULL); |
939 | assert(getenv("LD_PRELOAD") == NULL); | 941 | assert(getenv("LD_PRELOAD") == NULL); |
940 | umask(orig_umask); | 942 | umask(orig_umask); |
@@ -1003,18 +1005,18 @@ int main(int argc, char **argv, char **envp) { | |||
1003 | fprintf(stderr, "Error: argv is invalid\n"); | 1005 | fprintf(stderr, "Error: argv is invalid\n"); |
1004 | exit(1); | 1006 | exit(1); |
1005 | } else if (argc >= MAX_ARGS) { | 1007 | } else if (argc >= MAX_ARGS) { |
1006 | fprintf(stderr, "Error: too many arguments\n"); | 1008 | fprintf(stderr, "Error: too many arguments: argc (%d) >= MAX_ARGS (%d)\n", argc, MAX_ARGS); |
1007 | exit(1); | 1009 | exit(1); |
1008 | } | 1010 | } |
1009 | 1011 | ||
1010 | // sanity check for arguments | 1012 | // sanity check for arguments |
1011 | for (i = 0; i < argc; i++) { | 1013 | for (i = 0; i < argc; i++) { |
1012 | if (*argv[i] == 0) { | 1014 | if (*argv[i] == 0) { |
1013 | fprintf(stderr, "Error: too short arguments\n"); | 1015 | fprintf(stderr, "Error: too short arguments: argv[%d] is empty\n", i); |
1014 | exit(1); | 1016 | exit(1); |
1015 | } | 1017 | } |
1016 | if (strlen(argv[i]) >= MAX_ARG_LEN) { | 1018 | if (strlen(argv[i]) >= MAX_ARG_LEN) { |
1017 | fprintf(stderr, "Error: too long arguments\n"); | 1019 | fprintf(stderr, "Error: too long arguments: argv[%d] len (%zu) >= MAX_ARG_LEN (%d)\n", i, strlen(argv[i]), MAX_ARG_LEN); |
1018 | exit(1); | 1020 | exit(1); |
1019 | } | 1021 | } |
1020 | } | 1022 | } |
@@ -1025,7 +1027,7 @@ int main(int argc, char **argv, char **envp) { | |||
1025 | 1027 | ||
1026 | // sanity check for environment variables | 1028 | // sanity check for environment variables |
1027 | if (i >= MAX_ENVS) { | 1029 | if (i >= MAX_ENVS) { |
1028 | fprintf(stderr, "Error: too many environment variables\n"); | 1030 | fprintf(stderr, "Error: too many environment variables: >= MAX_ENVS (%d)\n", MAX_ENVS); |
1029 | exit(1); | 1031 | exit(1); |
1030 | } | 1032 | } |
1031 | 1033 | ||
diff --git a/src/firejail/run_symlink.c b/src/firejail/run_symlink.c index 6397418d1..14667d9eb 100644 --- a/src/firejail/run_symlink.c +++ b/src/firejail/run_symlink.c | |||
@@ -76,6 +76,8 @@ void run_symlink(int argc, char **argv, int run_as_is) { | |||
76 | a[i + 2] = argv[i + 1]; | 76 | a[i + 2] = argv[i + 1]; |
77 | } | 77 | } |
78 | a[i + 2] = NULL; | 78 | a[i + 2] = NULL; |
79 | if (env_get("LD_PRELOAD") != NULL) | ||
80 | fprintf(stderr, "run_symlink: LD_PRELOAD is: '%s'\n", env_get("LD_PRELOAD")); | ||
79 | assert(env_get("LD_PRELOAD") == NULL); | 81 | assert(env_get("LD_PRELOAD") == NULL); |
80 | assert(getenv("LD_PRELOAD") == NULL); | 82 | assert(getenv("LD_PRELOAD") == NULL); |
81 | execvp(a[0], a); | 83 | execvp(a[0], a); |