diff options
author | smitsohu <smitsohu@gmail.com> | 2018-07-13 18:17:32 +0200 |
---|---|---|
committer | smitsohu <smitsohu@gmail.com> | 2018-07-13 18:17:32 +0200 |
commit | 949b924fba58dc05f1c21d6621f05047be5397f0 (patch) | |
tree | 24783130bedb3061812dc9daa06238f0fcc06be9 | |
parent | Blacklist all .snapshots directories in AppArmor profile (diff) | |
download | firejail-949b924fba58dc05f1c21d6621f05047be5397f0.tar.gz firejail-949b924fba58dc05f1c21d6621f05047be5397f0.tar.zst firejail-949b924fba58dc05f1c21d6621f05047be5397f0.zip |
fix empty spaces in mountinfo fields
-rw-r--r-- | src/firejail/fs_whitelist.c | 4 | ||||
-rw-r--r-- | src/firejail/util.c | 38 |
2 files changed, 40 insertions, 2 deletions
diff --git a/src/firejail/fs_whitelist.c b/src/firejail/fs_whitelist.c index 24c83adee..e177c3ec0 100644 --- a/src/firejail/fs_whitelist.c +++ b/src/firejail/fs_whitelist.c | |||
@@ -358,8 +358,8 @@ static void whitelist_path(ProfileEntry *entry) { | |||
358 | // check the last mount operation | 358 | // check the last mount operation |
359 | MountData *mptr = get_last_mount(); // will do exit(1) if the mount cannot be found | 359 | MountData *mptr = get_last_mount(); // will do exit(1) if the mount cannot be found |
360 | 360 | ||
361 | //if (strncmp(mptr->dir, path, strlen(path)) != 0) - temporarily disabled, problems with paths that have empty spaces | 361 | if (strncmp(mptr->dir, path, strlen(path)) != 0) |
362 | // errLogExit("invalid whitelist mount"); | 362 | errLogExit("invalid whitelist mount"); |
363 | // No mounts are allowed on top level directories. A destination such as "/etc" is very bad! | 363 | // No mounts are allowed on top level directories. A destination such as "/etc" is very bad! |
364 | // - there should be more than one '/' char in dest string | 364 | // - there should be more than one '/' char in dest string |
365 | if (mptr->dir == strrchr(mptr->dir, '/')) | 365 | if (mptr->dir == strrchr(mptr->dir, '/')) |
diff --git a/src/firejail/util.c b/src/firejail/util.c index 1d36980bb..54e59d7d2 100644 --- a/src/firejail/util.c +++ b/src/firejail/util.c | |||
@@ -1045,6 +1045,40 @@ void disable_file_path(const char *path, const char *file) { | |||
1045 | free(fname); | 1045 | free(fname); |
1046 | } | 1046 | } |
1047 | 1047 | ||
1048 | // Restore empty spaces in pathnames extracted from /proc/self/mountinfo | ||
1049 | static void unmangle_path(char *path) { | ||
1050 | int i, decimal; | ||
1051 | char *worker; | ||
1052 | |||
1053 | char *p = strchr(path, '\\'); | ||
1054 | while (p) { | ||
1055 | // convert octal to decimal | ||
1056 | decimal = 0; | ||
1057 | for (i = 1; i < 4; i++) { | ||
1058 | worker = p + i; | ||
1059 | // there are always three octal digits | ||
1060 | if (*worker < '0' || *worker > '7') { | ||
1061 | fprintf(stderr, "Error: bad escape sequence\n"); | ||
1062 | exit(1); | ||
1063 | } | ||
1064 | decimal += *worker - '0'; | ||
1065 | if (i < 3) | ||
1066 | decimal *= 8; | ||
1067 | } | ||
1068 | // do the replacement | ||
1069 | if (decimal == ' ') { | ||
1070 | *p = ' '; | ||
1071 | worker = p; | ||
1072 | do { | ||
1073 | worker++; | ||
1074 | *worker = *(worker + 3); | ||
1075 | } while (*worker); | ||
1076 | } | ||
1077 | |||
1078 | p = strchr(p + 1, '\\'); | ||
1079 | } | ||
1080 | } | ||
1081 | |||
1048 | #define MAX_BUF 4096 | 1082 | #define MAX_BUF 4096 |
1049 | static char mbuf[MAX_BUF]; | 1083 | static char mbuf[MAX_BUF]; |
1050 | static MountData mdata; | 1084 | static MountData mdata; |
@@ -1103,6 +1137,10 @@ MountData *get_last_mount(void) { | |||
1103 | mdata.dir == NULL || | 1137 | mdata.dir == NULL || |
1104 | mdata.fstype == NULL) | 1138 | mdata.fstype == NULL) |
1105 | goto errexit; | 1139 | goto errexit; |
1140 | |||
1141 | unmangle_path(mdata.fsname); | ||
1142 | unmangle_path(mdata.dir); | ||
1143 | |||
1106 | if (arg_debug) | 1144 | if (arg_debug) |
1107 | printf("fsname=%s dir=%s fstype=%s\n", mdata.fsname, mdata.dir, mdata.fstype); | 1145 | printf("fsname=%s dir=%s fstype=%s\n", mdata.fsname, mdata.dir, mdata.fstype); |
1108 | return &mdata; | 1146 | return &mdata; |