add trace file validation

author: smitsohu <smitsohu@gmail.com> 2019-09-17 14:41:49 +0200
committer: smitsohu <smitsohu@gmail.com> 2019-09-17 14:41:49 +0200
commit: 50ebe3adca1132be2f311ecfed443cede9d5fcf2 (patch)
tree: 5e670b2eb7f518ddc3e07d9ccab1664ae4ba590c
parent: move to fd based trace file mount (diff)
download: firejail-50ebe3adca1132be2f311ecfed443cede9d5fcf2.tar.gz
firejail-50ebe3adca1132be2f311ecfed443cede9d5fcf2.tar.zst
firejail-50ebe3adca1132be2f311ecfed443cede9d5fcf2.zip
1 files changed, 16 insertions, 0 deletions
diff --git a/src/firejail/main.c b/src/firejail/main.c
index 4c6d20626..900e61226 100644
--- a/src/firejail/main.c
+++ b/src/firejail/main.c
@@ -1300,6 +1300,22 @@ int main(int argc, char **argv) {
                else if (strncmp(argv[i], "--trace=", 8) == 0) {
                        arg_trace = 1;
                        arg_tracefile = argv[i] + 8;
+                        if (*arg_tracefile == '\0') {
+                                fprintf(stderr, "Error: invalid trace option\n");
+                                exit(1);
+                        }
+                        invalid_filename(arg_tracefile, 0); // no globbing
+                        if (strstr(arg_tracefile, "..")) {
+                                fprintf(stderr, "Error: invalid file name %s\n", arg_tracefile);
+                                exit(1);
+                        }
+                        // if the filename starts with ~, expand the home directory
+                        if (*arg_tracefile == '~') {
+                                char *tmp;
+                                if (asprintf(&tmp, "%s%s", cfg.homedir, arg_tracefile + 1) == -1)
+                                        errExit("asprintf");
+                                arg_tracefile = tmp;
+                        }
                }
                else if (strcmp(argv[i], "--tracelog") == 0)
                        arg_tracelog = 1;
author	smitsohu <smitsohu@gmail.com>	2019-09-17 14:41:49 +0200
committer	smitsohu <smitsohu@gmail.com>	2019-09-17 14:41:49 +0200
commit	50ebe3adca1132be2f311ecfed443cede9d5fcf2 (patch)
tree	5e670b2eb7f518ddc3e07d9ccab1664ae4ba590c
parent	move to fd based trace file mount (diff)
download	firejail-50ebe3adca1132be2f311ecfed443cede9d5fcf2.tar.gz firejail-50ebe3adca1132be2f311ecfed443cede9d5fcf2.tar.zst firejail-50ebe3adca1132be2f311ecfed443cede9d5fcf2.zip

diff --git a/src/firejail/main.c b/src/firejail/main.c index 4c6d20626..900e61226 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c
@@ -1300,6 +1300,22 @@ int main(int argc, char **argv) {
1300	else if (strncmp(argv[i], "--trace=", 8) == 0) {	1300	else if (strncmp(argv[i], "--trace=", 8) == 0) {
1301	arg_trace = 1;	1301	arg_trace = 1;
1302	arg_tracefile = argv[i] + 8;	1302	arg_tracefile = argv[i] + 8;
		1303	if (*arg_tracefile == '\0') {
		1304	fprintf(stderr, "Error: invalid trace option\n");
		1305	exit(1);
		1306	}
		1307	invalid_filename(arg_tracefile, 0); // no globbing
		1308	if (strstr(arg_tracefile, "..")) {
		1309	fprintf(stderr, "Error: invalid file name %s\n", arg_tracefile);
		1310	exit(1);
		1311	}
		1312	// if the filename starts with ~, expand the home directory
		1313	if (*arg_tracefile == '~') {
		1314	char *tmp;
		1315	if (asprintf(&tmp, "%s%s", cfg.homedir, arg_tracefile + 1) == -1)
		1316	errExit("asprintf");
		1317	arg_tracefile = tmp;
		1318	}
1303	}	1319	}
1304	else if (strcmp(argv[i], "--tracelog") == 0)	1320	else if (strcmp(argv[i], "--tracelog") == 0)
1305	arg_tracelog = 1;	1321	arg_tracelog = 1;