Merge pull request #5613 from layderv/escape-cntrl-sequences

modif: Escape control characters of the command line
author: netblue30 <netblue30@protonmail.com> 2023-02-14 09:27:50 -0500
committer: GitHub <noreply@github.com> 2023-02-14 09:27:50 -0500
commit: 31d0c32be58413897780606b55b2e60026f9a47c (patch)
tree: 195c459f44637f963c792d95161e528c18106133
parent: merges, disable sort.py in profile checks temporarely, two more private-etc p... (diff)
parent: Style changes (diff)
download: firejail-31d0c32be58413897780606b55b2e60026f9a47c.tar.gz
firejail-31d0c32be58413897780606b55b2e60026f9a47c.tar.zst
firejail-31d0c32be58413897780606b55b2e60026f9a47c.zip
3 files changed, 74 insertions, 1 deletions
diff --git a/src/include/common.h b/src/include/common.h
index ed6560701..dc80e678d 100644
--- a/src/include/common.h
+++ b/src/include/common.h
@@ -143,6 +143,7 @@ int pid_proc_cmdline_x11_xpra_xephyr(const pid_t pid);
 int pid_hidepid(void);
 char *do_replace_cntrl_chars(char *str, char c);
 char *replace_cntrl_chars(const char *str, char c);
+char *escape_cntrl_chars(const char *str);
 int has_cntrl_chars(const char *str);
 void reject_cntrl_chars(const char *fname);
 void reject_meta_chars(const char *fname, int globbing);
diff --git a/src/lib/common.c b/src/lib/common.c
index 111366782..44ff2ab98 100644
--- a/src/lib/common.c
+++ b/src/lib/common.c
@@ -404,6 +404,64 @@ char *replace_cntrl_chars(const char *str, char c) {
        return rv;
 }
+// Replaces each control character in str with an escape sequence, such as by
+// replacing '\n' (0x0a) with "\\n" (0x5c6e).
+char *escape_cntrl_chars(const char *str) {
+        if (str == NULL)
+                return NULL;
+        unsigned int cntrl_chars = 0;
+        const char *c = str;
+        while (*c) {
+                switch (*c++) {
+                case '\b':
+                case '\a':
+                case '\e':
+                case '\f':
+                case '\n':
+                case '\r':
+                case '\t':
+                case '\v':
+                case '\"':
+                case '\'':
+                case '\?':
+                case '\\':
+                        ++cntrl_chars;
+                default:
+                        break;
+                }
+        }
+        char *ptr, *rv = malloc(strlen(str) + cntrl_chars + 1);
+        if (!rv)
+                errExit("malloc");
+        ptr = rv;
+        c = str;
+        while (*c) {
+                if (iscntrl(*c)) {
+                        *ptr++ = '\\';
+                        switch (*c) {
+                        case '\b': *ptr++ = 'b'; break;
+                        case '\a': *ptr++ = 'a'; break;
+                        case '\e': *ptr++ = 'e'; break;
+                        case '\f': *ptr++ = 'f'; break;
+                        case '\n': *ptr++ = 'n'; break;
+                        case '\r': *ptr++ = 'r'; break;
+                        case '\t': *ptr++ = 't'; break;
+                        case '\v': *ptr++ = 'v'; break;
+                        case '\"': *ptr++ = '\"'; break;
+                        case '\'': *ptr++ = '\''; break;
+                        case '\?': *ptr++ = '?'; break;
+                        case '\\': *ptr++ = '\\'; break;
+                        }
+                } else {
+                        *ptr++ = *c;
+                }
+                c++;
+        }
+        *ptr = '\0';
+        return rv;
+}
 int has_cntrl_chars(const char *str) {
        assert(str);
diff --git a/src/lib/pid.c b/src/lib/pid.c
index 5e9b20c94..2e73e85f6 100644
--- a/src/lib/pid.c
+++ b/src/lib/pid.c
@@ -197,6 +197,12 @@ static void print_elem(unsigned index, int nowrap) {
        char *user = pid_get_user_name(uid);
        char *user_allocated = user;
+        char *cmd_escaped = escape_cntrl_chars(cmd);
+        if (cmd_escaped) {
+                free(cmd);
+                cmd = cmd_escaped;
+        }
        // extract sandbox name - pid == index
        char *sandbox_name = "";
        char *sandbox_name_allocated = NULL;
@@ -224,7 +230,15 @@ static void print_elem(unsigned index, int nowrap) {
        }
        free(fname);
-        if (user ==NULL)
+        char *sandbox_name_escaped = escape_cntrl_chars(sandbox_name);
+        if (sandbox_name_escaped) {
+                if (sandbox_name_allocated)
+                        free(sandbox_name_allocated);
+                sandbox_name = sandbox_name_escaped;
+                sandbox_name_allocated = sandbox_name;
+        }
+        if (user == NULL)
                user = "";
        if (cmd) {
                if (col < 4 || nowrap)
author	netblue30 <netblue30@protonmail.com>	2023-02-14 09:27:50 -0500
committer	GitHub <noreply@github.com>	2023-02-14 09:27:50 -0500
commit	31d0c32be58413897780606b55b2e60026f9a47c (patch)
tree	195c459f44637f963c792d95161e528c18106133
parent	merges, disable sort.py in profile checks temporarely, two more private-etc p... (diff)
parent	Style changes (diff)
download	firejail-31d0c32be58413897780606b55b2e60026f9a47c.tar.gz firejail-31d0c32be58413897780606b55b2e60026f9a47c.tar.zst firejail-31d0c32be58413897780606b55b2e60026f9a47c.zip

diff --git a/src/include/common.h b/src/include/common.h index ed6560701..dc80e678d 100644 --- a/src/include/common.h +++ b/src/include/common.h
@@ -143,6 +143,7 @@ int pid_proc_cmdline_x11_xpra_xephyr(const pid_t pid);
143	int pid_hidepid(void);	143	int pid_hidepid(void);
144	char do_replace_cntrl_chars(char str, char c);	144	char do_replace_cntrl_chars(char str, char c);
145	char replace_cntrl_chars(const char str, char c);	145	char replace_cntrl_chars(const char str, char c);
		146	char escape_cntrl_chars(const char str);
146	int has_cntrl_chars(const char *str);	147	int has_cntrl_chars(const char *str);
147	void reject_cntrl_chars(const char *fname);	148	void reject_cntrl_chars(const char *fname);
148	void reject_meta_chars(const char *fname, int globbing);	149	void reject_meta_chars(const char *fname, int globbing);


diff --git a/src/lib/common.c b/src/lib/common.c index 111366782..44ff2ab98 100644 --- a/src/lib/common.c +++ b/src/lib/common.c
@@ -404,6 +404,64 @@ char replace_cntrl_chars(const char str, char c) {
404	return rv;	404	return rv;
405	}	405	}
406		406
		407	// Replaces each control character in str with an escape sequence, such as by
		408	// replacing '\n' (0x0a) with "\\n" (0x5c6e).
		409	char escape_cntrl_chars(const char str) {
		410	if (str == NULL)
		411	return NULL;
		412
		413	unsigned int cntrl_chars = 0;
		414	const char *c = str;
		415	while (*c) {
		416	switch (*c++) {
		417	case '\b':
		418	case '\a':
		419	case '\e':
		420	case '\f':
		421	case '\n':
		422	case '\r':
		423	case '\t':
		424	case '\v':
		425	case '\"':
		426	case '\'':
		427	case '\?':
		428	case '\\':
		429	++cntrl_chars;
		430	default:
		431	break;
		432	}
		433	}
		434	char ptr, rv = malloc(strlen(str) + cntrl_chars + 1);
		435	if (!rv)
		436	errExit("malloc");
		437	ptr = rv;
		438	c = str;
		439	while (*c) {
		440	if (iscntrl(*c)) {
		441	*ptr++ = '\\';
		442	switch (*c) {
		443	case '\b': *ptr++ = 'b'; break;
		444	case '\a': *ptr++ = 'a'; break;
		445	case '\e': *ptr++ = 'e'; break;
		446	case '\f': *ptr++ = 'f'; break;
		447	case '\n': *ptr++ = 'n'; break;
		448	case '\r': *ptr++ = 'r'; break;
		449	case '\t': *ptr++ = 't'; break;
		450	case '\v': *ptr++ = 'v'; break;
		451	case '\"': *ptr++ = '\"'; break;
		452	case '\'': *ptr++ = '\''; break;
		453	case '\?': *ptr++ = '?'; break;
		454	case '\\': *ptr++ = '\\'; break;
		455	}
		456	} else {
		457	ptr++ = c;
		458	}
		459	c++;
		460	}
		461	*ptr = '\0';
		462	return rv;
		463	}
		464
407	int has_cntrl_chars(const char *str) {	465	int has_cntrl_chars(const char *str) {
408	assert(str);	466	assert(str);
409		467


diff --git a/src/lib/pid.c b/src/lib/pid.c index 5e9b20c94..2e73e85f6 100644 --- a/src/lib/pid.c +++ b/src/lib/pid.c
@@ -197,6 +197,12 @@ static void print_elem(unsigned index, int nowrap) {
197	char *user = pid_get_user_name(uid);	197	char *user = pid_get_user_name(uid);
198	char *user_allocated = user;	198	char *user_allocated = user;
199		199
		200	char *cmd_escaped = escape_cntrl_chars(cmd);
		201	if (cmd_escaped) {
		202	free(cmd);
		203	cmd = cmd_escaped;
		204	}
		205
200	// extract sandbox name - pid == index	206	// extract sandbox name - pid == index
201	char *sandbox_name = "";	207	char *sandbox_name = "";
202	char *sandbox_name_allocated = NULL;	208	char *sandbox_name_allocated = NULL;
@@ -224,7 +230,15 @@ static void print_elem(unsigned index, int nowrap) {
224	}	230	}
225	free(fname);	231	free(fname);
226		232
227	if (user ==NULL)	233	char *sandbox_name_escaped = escape_cntrl_chars(sandbox_name);
		234	if (sandbox_name_escaped) {
		235	if (sandbox_name_allocated)
		236	free(sandbox_name_allocated);
		237	sandbox_name = sandbox_name_escaped;
		238	sandbox_name_allocated = sandbox_name;
		239	}
		240
		241	if (user == NULL)
228	user = "";	242	user = "";
229	if (cmd) {	243	if (cmd) {
230	if (col < 4 \|\| nowrap)	244	if (col < 4 \|\| nowrap)