clean homedir pathname

fixes #2137 and similar issues with the /proc/self/mountinfo checks
author: smitsohu <smitsohu@gmail.com> 2018-10-12 18:33:17 +0200
committer: smitsohu <smitsohu@gmail.com> 2018-10-12 18:33:17 +0200
commit: a5b7a9a8bec6a7f2162850449b1ff29c1fde2826 (patch)
tree: a3dc40069cfecde3e009516f5b9d6f0bb0bfff01
parent: profiles: file needs access to libmagic (diff)
download: firejail-a5b7a9a8bec6a7f2162850449b1ff29c1fde2826.tar.gz
firejail-a5b7a9a8bec6a7f2162850449b1ff29c1fde2826.tar.zst
firejail-a5b7a9a8bec6a7f2162850449b1ff29c1fde2826.zip
3 files changed, 44 insertions, 4 deletions
diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h
index 1d74dc8dc..cae767667 100644
--- a/src/firejail/firejail.h
+++ b/src/firejail/firejail.h
@@ -522,6 +522,7 @@ int is_link(const char *fname);
 void trim_trailing_slash_or_dot(char *path);
 char *line_remove_spaces(const char *buf);
 char *split_comma(char *str);
+char *clean_pathname(const char *path);
 void check_unsigned(const char *str, const char *msg);
 int find_child(pid_t parent, pid_t *child);
 void check_private_dir(void);
diff --git a/src/firejail/main.c b/src/firejail/main.c
index 123fe96a1..315a7260a 100644
--- a/src/firejail/main.c
+++ b/src/firejail/main.c
@@ -233,9 +233,8 @@ static void init_cfg(int argc, char **argv) {
        // build home directory name
        cfg.homedir = NULL;
        if (pw->pw_dir != NULL) {
-                cfg.homedir = strdup(pw->pw_dir);
+                cfg.homedir = clean_pathname(pw->pw_dir);
-                if (!cfg.homedir)
+                assert(cfg.homedir);
-                        errExit("strdup");
        }
        else {
                fprintf(stderr, "Error: user %s doesn't have a user directory assigned\n", cfg.username);
diff --git a/src/firejail/util.c b/src/firejail/util.c
index ae07a42b0..0d1418b43 100644
--- a/src/firejail/util.c
+++ b/src/firejail/util.c
@@ -533,6 +533,46 @@ char *split_comma(char *str) {
 }
+// remove consecutive and trailing slashes
+// and return allocated memory
+// e.g. /home//user/ -> /home/user
+char *clean_pathname(const char *path) {
+        assert(path);
+        size_t len = strlen(path);
+        char *rv = calloc(len + 1, 1);
+        if (!rv)
+                errExit("calloc");
+        if (len > 0) {
+                int i, j, cnt;
+                for (i = 0, j = 0, cnt = 0; i < len; i++) {
+                        if (path[i] == '/')
+                                cnt++;
+                        else
+                                cnt = 0;
+                        if (cnt < 2) {
+                                rv[j] = path[i];
+                                j++;
+                        }
+                }
+                // remove a trailing slash
+                if (j > 1 && rv[j - 1] == '/')
+                        rv[j - 1] = '\0';
+                size_t new_len = strlen(rv);
+                if (new_len < len) {
+                        rv = realloc(rv, new_len + 1);
+                        if (!rv)
+                                errExit("realloc");
+                }
+        }
+        return rv;
+}
 void check_unsigned(const char *str, const char *msg) {
        EUID_ASSERT();
        const char *ptr = str;
@@ -656,7 +696,7 @@ void extract_command_name(int index, char **argv) {
        // command name is a substring of cfg.command_name
        if (basename != cfg.command_name || *ptr != '\0') {
                *ptr = '\0';
-                
                basename = strdup(basename);
                if (!basename)
                        errExit("strdup");
author	smitsohu <smitsohu@gmail.com>	2018-10-12 18:33:17 +0200
committer	smitsohu <smitsohu@gmail.com>	2018-10-12 18:33:17 +0200
commit	a5b7a9a8bec6a7f2162850449b1ff29c1fde2826 (patch)
tree	a3dc40069cfecde3e009516f5b9d6f0bb0bfff01
parent	profiles: file needs access to libmagic (diff)
download	firejail-a5b7a9a8bec6a7f2162850449b1ff29c1fde2826.tar.gz firejail-a5b7a9a8bec6a7f2162850449b1ff29c1fde2826.tar.zst firejail-a5b7a9a8bec6a7f2162850449b1ff29c1fde2826.zip

diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h index 1d74dc8dc..cae767667 100644 --- a/src/firejail/firejail.h +++ b/src/firejail/firejail.h
@@ -522,6 +522,7 @@ int is_link(const char *fname);
522	void trim_trailing_slash_or_dot(char *path);	522	void trim_trailing_slash_or_dot(char *path);
523	char line_remove_spaces(const char buf);	523	char line_remove_spaces(const char buf);
524	char split_comma(char str);	524	char split_comma(char str);
		525	char clean_pathname(const char path);
525	void check_unsigned(const char str, const char msg);	526	void check_unsigned(const char str, const char msg);
526	int find_child(pid_t parent, pid_t *child);	527	int find_child(pid_t parent, pid_t *child);
527	void check_private_dir(void);	528	void check_private_dir(void);


diff --git a/src/firejail/main.c b/src/firejail/main.c index 123fe96a1..315a7260a 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c
@@ -233,9 +233,8 @@ static void init_cfg(int argc, char **argv) {
233	// build home directory name	233	// build home directory name
234	cfg.homedir = NULL;	234	cfg.homedir = NULL;
235	if (pw->pw_dir != NULL) {	235	if (pw->pw_dir != NULL) {
236	cfg.homedir = strdup(pw->pw_dir);	236	cfg.homedir = clean_pathname(pw->pw_dir);
237	if (!cfg.homedir)	237	assert(cfg.homedir);
238	errExit("strdup");
239	}	238	}
240	else {	239	else {
241	fprintf(stderr, "Error: user %s doesn't have a user directory assigned\n", cfg.username);	240	fprintf(stderr, "Error: user %s doesn't have a user directory assigned\n", cfg.username);


diff --git a/src/firejail/util.c b/src/firejail/util.c index ae07a42b0..0d1418b43 100644 --- a/src/firejail/util.c +++ b/src/firejail/util.c
@@ -533,6 +533,46 @@ char split_comma(char str) {
533	}	533	}
534		534
535		535
		536	// remove consecutive and trailing slashes
		537	// and return allocated memory
		538	// e.g. /home//user/ -> /home/user
		539	char clean_pathname(const char path) {
		540	assert(path);
		541	size_t len = strlen(path);
		542	char *rv = calloc(len + 1, 1);
		543	if (!rv)
		544	errExit("calloc");
		545
		546	if (len > 0) {
		547	int i, j, cnt;
		548	for (i = 0, j = 0, cnt = 0; i < len; i++) {
		549	if (path[i] == '/')
		550	cnt++;
		551	else
		552	cnt = 0;
		553
		554	if (cnt < 2) {
		555	rv[j] = path[i];
		556	j++;
		557	}
		558	}
		559
		560	// remove a trailing slash
		561	if (j > 1 && rv[j - 1] == '/')
		562	rv[j - 1] = '\0';
		563
		564	size_t new_len = strlen(rv);
		565	if (new_len < len) {
		566	rv = realloc(rv, new_len + 1);
		567	if (!rv)
		568	errExit("realloc");
		569	}
		570	}
		571
		572	return rv;
		573	}
		574
		575
536	void check_unsigned(const char str, const char msg) {	576	void check_unsigned(const char str, const char msg) {
537	EUID_ASSERT();	577	EUID_ASSERT();
538	const char *ptr = str;	578	const char *ptr = str;
@@ -656,7 +696,7 @@ void extract_command_name(int index, char **argv) {
656	// command name is a substring of cfg.command_name	696	// command name is a substring of cfg.command_name
657	if (basename != cfg.command_name \|\| *ptr != '\0') {	697	if (basename != cfg.command_name \|\| *ptr != '\0') {
658	*ptr = '\0';	698	*ptr = '\0';
659		699
660	basename = strdup(basename);	700	basename = strdup(basename);
661	if (!basename)	701	if (!basename)
662	errExit("strdup");	702	errExit("strdup");