diff options
| author |  sarneaud <sarneaud@users.noreply.github.com> | 2015-09-01 10:34:26 +1000 |
|---|---|---|
| committer | sarneaud <sarneaud@users.noreply.github.com> | 2015-09-01 10:55:40 +1000 |
| commit | 78fd72058fcbad63b0fe75f4b0db7c31c5c2a744 (patch) | |
| tree | f2f20d523b1c1f0a86699805edaffd45afc87f20 | |
| parent | using /etc/firejail/server.profile as default profile if the sandbox is start... (diff) | |
| download | firejail-78fd72058fcbad63b0fe75f4b0db7c31c5c2a744.tar.gz firejail-78fd72058fcbad63b0fe75f4b0db7c31c5c2a744.tar.zst firejail-78fd72058fcbad63b0fe75f4b0db7c31c5c2a744.zip | |
Clean up some fragile uses of strncmp.
In some places the code compares the first n characters of a string and
then assumes a valid string starts from the n+2th character. I didn't
find any places where this wasn't justifiable, but I think it's better
to stick to safer patterns, especially in SUID code.
| -rw-r--r-- | src/firejail/caps.c | 2 | ||||
| -rw-r--r-- | src/firejail/fs.c | 8 |
2 files changed, 5 insertions, 5 deletions
diff --git a/src/firejail/caps.c b/src/firejail/caps.c index f63d17e02..cd7dbee74 100644 --- a/src/firejail/caps.c +++ b/src/firejail/caps.c | |||
| @@ -377,7 +377,7 @@ static uint64_t extract_caps(int pid) { | |||
| 377 | 377 | ||
| 378 | char buf[MAXBUF]; | 378 | char buf[MAXBUF]; |
| 379 | while (fgets(buf, MAXBUF, fp)) { | 379 | while (fgets(buf, MAXBUF, fp)) { |
| 380 | if (strncmp(buf, "CapBnd:", 7) == 0) { | 380 | if (strncmp(buf, "CapBnd:\t", 8) == 0) { |
| 381 | char *ptr = buf + 8; | 381 | char *ptr = buf + 8; |
| 382 | unsigned long long val; | 382 | unsigned long long val; |
| 383 | sscanf(ptr, "%llx", &val); | 383 | sscanf(ptr, "%llx", &val); |
diff --git a/src/firejail/fs.c b/src/firejail/fs.c index 8491537b8..8a6dfc674 100644 --- a/src/firejail/fs.c +++ b/src/firejail/fs.c | |||
| @@ -246,7 +246,7 @@ void fs_blacklist(const char *homedir) { | |||
| 246 | char *ptr; | 246 | char *ptr; |
| 247 | 247 | ||
| 248 | // process blacklist command | 248 | // process blacklist command |
| 249 | if (strncmp(entry->data, "bind", 4) == 0) { | 249 | if (strncmp(entry->data, "bind ", 5) == 0) { |
| 250 | char *dname1 = entry->data + 5; | 250 | char *dname1 = entry->data + 5; |
| 251 | char *dname2 = split_comma(dname1); | 251 | char *dname2 = split_comma(dname1); |
| 252 | if (dname2 == NULL) { | 252 | if (dname2 == NULL) { |
| @@ -284,15 +284,15 @@ void fs_blacklist(const char *homedir) { | |||
| 284 | } | 284 | } |
| 285 | 285 | ||
| 286 | // process blacklist command | 286 | // process blacklist command |
| 287 | if (strncmp(entry->data, "blacklist", 9) == 0) { | 287 | if (strncmp(entry->data, "blacklist ", 10) == 0) { |
| 288 | ptr = entry->data + 10; | 288 | ptr = entry->data + 10; |
| 289 | op = BLACKLIST_FILE; | 289 | op = BLACKLIST_FILE; |
| 290 | } | 290 | } |
| 291 | else if (strncmp(entry->data, "read-only", 9) == 0) { | 291 | else if (strncmp(entry->data, "read-only ", 10) == 0) { |
| 292 | ptr = entry->data + 10; | 292 | ptr = entry->data + 10; |
| 293 | op = MOUNT_READONLY; | 293 | op = MOUNT_READONLY; |
| 294 | } | 294 | } |
| 295 | else if (strncmp(entry->data, "tmpfs", 5) == 0) { | 295 | else if (strncmp(entry->data, "tmpfs ", 6) == 0) { |
| 296 | ptr = entry->data + 6; | 296 | ptr = entry->data + 6; |
| 297 | op = MOUNT_TMPFS; | 297 | op = MOUNT_TMPFS; |
| 298 | } | 298 | } |