Make env/arg sanity check failure messages more useful

This change doesn't alter any checks, but it gives more specific errors when a sanity check of env vars or argv does not pass, which can point to limits to raise or at least give us better detailed bug reports. Signed-off-by: Hank Leininger <hlein@korelogic.com> Bug: https://github.com/netblue30/firejail/issues/3678 Bug: https://github.com/netblue30/firejail/issues/3851 Bug: https://github.com/netblue30/firejail/issues/4633
author: Hank Leininger <hlein@korelogic.com> 2021-11-10 14:36:47 -0700
committer: Hank Leininger <hlein@korelogic.com> 2021-11-10 15:58:29 -0700
commit: 0d06369a808d184c112bf8cf3de7b4a1bd8ed412 (patch)
tree: 5b36b56f26daa2c970b4108ba708d3e0b6ea9157
parent: disable-common.inc: fix ssh (diff)
download: firejail-0d06369a8.tar.gz
firejail-0d06369a8.tar.zst
firejail-0d06369a8.zip
2 files changed, 8 insertions, 4 deletions
diff --git a/src/firejail/main.c b/src/firejail/main.c
index e765d1d8d..78f4dcc24 100644
--- a/src/firejail/main.c
+++ b/src/firejail/main.c
@@ -935,6 +935,8 @@ static void run_builder(int argc, char **argv) {
        if (setresuid(-1, getuid(), getuid()) != 0)
                errExit("setresuid");
+        if (env_get("LD_PRELOAD") != NULL)
+                fprintf(stderr, "run_builder: LD_PRELOAD is: '%s'\n", env_get("LD_PRELOAD"));
        assert(env_get("LD_PRELOAD") == NULL);
        assert(getenv("LD_PRELOAD") == NULL);
        umask(orig_umask);
@@ -1003,18 +1005,18 @@ int main(int argc, char **argv, char **envp) {
                fprintf(stderr, "Error: argv is invalid\n");
                exit(1);
        } else if (argc >= MAX_ARGS) {
-                fprintf(stderr, "Error: too many arguments\n");
+                fprintf(stderr, "Error: too many arguments: argc (%d) >= MAX_ARGS (%d)\n", argc, MAX_ARGS);
                exit(1);
        }
        // sanity check for arguments
        for (i = 0; i < argc; i++) {
                if (*argv[i] == 0) {
-                        fprintf(stderr, "Error: too short arguments\n");
+                        fprintf(stderr, "Error: too short arguments: argv[%d] is empty\n", i);
                        exit(1);
                }
                if (strlen(argv[i]) >= MAX_ARG_LEN) {
-                        fprintf(stderr, "Error: too long arguments\n");
+                        fprintf(stderr, "Error: too long arguments: argv[%d] len (%zu) >= MAX_ARG_LEN (%d)\n", i, strlen(argv[i]), MAX_ARG_LEN);
                        exit(1);
                }
        }
@@ -1025,7 +1027,7 @@ int main(int argc, char **argv, char **envp) {
        // sanity check for environment variables
        if (i >= MAX_ENVS) {
-                fprintf(stderr, "Error: too many environment variables\n");
+                fprintf(stderr, "Error: too many environment variables: >= MAX_ENVS (%d)\n", MAX_ENVS);
                exit(1);
        }
diff --git a/src/firejail/run_symlink.c b/src/firejail/run_symlink.c
index 6397418d1..14667d9eb 100644
--- a/src/firejail/run_symlink.c
+++ b/src/firejail/run_symlink.c
@@ -76,6 +76,8 @@ void run_symlink(int argc, char **argv, int run_as_is) {
                a[i + 2] = argv[i + 1];
        }
        a[i + 2] = NULL;
+        if (env_get("LD_PRELOAD") != NULL)
+                fprintf(stderr, "run_symlink: LD_PRELOAD is: '%s'\n", env_get("LD_PRELOAD"));
        assert(env_get("LD_PRELOAD") == NULL);
        assert(getenv("LD_PRELOAD") == NULL);
        execvp(a[0], a);
author	Hank Leininger <hlein@korelogic.com>	2021-11-10 14:36:47 -0700
committer	Hank Leininger <hlein@korelogic.com>	2021-11-10 15:58:29 -0700
commit	0d06369a808d184c112bf8cf3de7b4a1bd8ed412 (patch)
tree	5b36b56f26daa2c970b4108ba708d3e0b6ea9157
parent	disable-common.inc: fix ssh (diff)
download	firejail-0d06369a8.tar.gz firejail-0d06369a8.tar.zst firejail-0d06369a8.zip