Prevent sandbox name from containing only digits

Names should not contain only numbers,
as they are used in other commands as PIDs.

3 files changed, 27 insertions, 0 deletions

diff --git a/src/firejail/main.c b/src/firejail/main.c
index 18e9ae651..36b4d2477 100644
--- a/src/firejail/main.c
+++ b/src/firejail/main.c
@@ -2161,11 +2161,24 @@ int main(int argc, char **argv, char **envp) {
                 // hostname, etc
                 //*************************************
                 else if (strncmp(argv[i], "--name=", 7) == 0) {
+                        int only_numbers = 1;
                         cfg.name = argv[i] + 7;
                         if (strlen(cfg.name) == 0) {
                                 fprintf(stderr, "Error: please provide a name for sandbox\n");
                                 return 1;
                         }
+                        const char *c = cfg.name;
+                        while (*c) {
+                                if (!isdigit(*c)) {
+                                        only_numbers = 0;
+                                        break;
+                                }
+                                ++c;
+                        }
+                        if (only_numbers) {
+                                fprintf(stderr, "Error: invalid sandbox name: it only contains digits\n");
+                                return 1;
+                        }
                 }
                 else if (strncmp(argv[i], "--hostname=", 11) == 0) {
                         cfg.hostname = argv[i] + 11;
diff --git a/src/firejail/profile.c b/src/firejail/profile.c
index acf206da6..c1419aada 100644
--- a/src/firejail/profile.c
+++ b/src/firejail/profile.c
@@ -326,11 +326,24 @@ int profile_check_line(char *ptr, int lineno, const char *fname) {
         }
         // sandbox name
         else if (strncmp(ptr, "name ", 5) == 0) {
+                int only_numbers = 1;
                 cfg.name = ptr + 5;
                 if (strlen(cfg.name) == 0) {
                         fprintf(stderr, "Error: invalid sandbox name\n");
                         exit(1);
                 }
+                const char *c = cfg.name;
+                while (*c) {
+                        if (!isdigit(*c)) {
+                                only_numbers = 0;
+                                break;
+                        }
+                        ++c;
+                }
+                if (only_numbers) {
+                        fprintf(stderr, "Error: invalid sandbox name: it only contains digits\n");
+                        exit(1);
+                }
                 return 0;
         }
         else if (strcmp(ptr, "ipc-namespace") == 0) {
diff --git a/src/man/firejail.txt b/src/man/firejail.txt
index 39c81312c..29f15a74f 100644
--- a/src/man/firejail.txt
+++ b/src/man/firejail.txt
@@ -1330,6 +1330,7 @@ $ firejail \-\-net=eth0 \-\-mtu=1492
 \fB\-\-name=name
 Set sandbox name. Several options, such as \-\-join and \-\-shutdown, can use
 this name to identify a sandbox.
+The name cannot contain only digits, as that is treated as a PID in the other options, such as in \-\-join.
 
 In case the name supplied by the user is already in use by another sandbox, Firejail will assign a
 new name as "name-PID", where PID is the process ID of the sandbox. This functionality