diff options
| author |  smitsohu <smitsohu@gmail.com> | 2021-10-08 00:48:14 +0200 |
|---|---|---|
| committer | smitsohu <smitsohu@gmail.com> | 2021-10-08 00:53:15 +0200 |
| commit | a68fc0a040da498b3c01b6b9a281024c2dafe193 (patch) | |
| tree | 76c5e5ff409b8dd9bd60f8e8ac828f05b364c958 | |
| parent | Merge pull request #4590 from smitsohu/mountid (diff) | |
| download | firejail-a68fc0a040da498b3c01b6b9a281024c2dafe193.tar.gz firejail-a68fc0a040da498b3c01b6b9a281024c2dafe193.tar.zst firejail-a68fc0a040da498b3c01b6b9a281024c2dafe193.zip | |
profile parsing fixes
results from a systematic search for strncmp
calls with a suspicious (non-fitting) integer
literal as third argument
| -rw-r--r-- | src/firejail/profile.c | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/src/firejail/profile.c b/src/firejail/profile.c index 059100fcb..2daa968f7 100644 --- a/src/firejail/profile.c +++ b/src/firejail/profile.c | |||
| @@ -630,7 +630,7 @@ int profile_check_line(char *ptr, int lineno, const char *fname) { | |||
| 630 | #endif | 630 | #endif |
| 631 | return 0; | 631 | return 0; |
| 632 | } | 632 | } |
| 633 | else if (strncmp(ptr, "netns ", 6) == 0) { | 633 | else if (strncmp(ptr, "netns ", 6) == 0) { |
| 634 | #ifdef HAVE_NETWORK | 634 | #ifdef HAVE_NETWORK |
| 635 | if (checkcfg(CFG_NETWORK)) { | 635 | if (checkcfg(CFG_NETWORK)) { |
| 636 | arg_netns = ptr + 6; | 636 | arg_netns = ptr + 6; |
| @@ -981,10 +981,10 @@ int profile_check_line(char *ptr, int lineno, const char *fname) { | |||
| 981 | warning_feature_disabled("seccomp"); | 981 | warning_feature_disabled("seccomp"); |
| 982 | return 0; | 982 | return 0; |
| 983 | } | 983 | } |
| 984 | if (strncmp(ptr, "seccomp.32.drop ", 13) == 0) { | 984 | if (strncmp(ptr, "seccomp.32.drop ", 16) == 0) { |
| 985 | if (checkcfg(CFG_SECCOMP)) { | 985 | if (checkcfg(CFG_SECCOMP)) { |
| 986 | arg_seccomp32 = 1; | 986 | arg_seccomp32 = 1; |
| 987 | cfg.seccomp_list_drop32 = seccomp_check_list(ptr + 13); | 987 | cfg.seccomp_list_drop32 = seccomp_check_list(ptr + 16); |
| 988 | } | 988 | } |
| 989 | else | 989 | else |
| 990 | warning_feature_disabled("seccomp"); | 990 | warning_feature_disabled("seccomp"); |
| @@ -1001,10 +1001,10 @@ int profile_check_line(char *ptr, int lineno, const char *fname) { | |||
| 1001 | warning_feature_disabled("seccomp"); | 1001 | warning_feature_disabled("seccomp"); |
| 1002 | return 0; | 1002 | return 0; |
| 1003 | } | 1003 | } |
| 1004 | if (strncmp(ptr, "seccomp.32.keep ", 13) == 0) { | 1004 | if (strncmp(ptr, "seccomp.32.keep ", 16) == 0) { |
| 1005 | if (checkcfg(CFG_SECCOMP)) { | 1005 | if (checkcfg(CFG_SECCOMP)) { |
| 1006 | arg_seccomp32 = 1; | 1006 | arg_seccomp32 = 1; |
| 1007 | cfg.seccomp_list_keep32 = seccomp_check_list(ptr + 13); | 1007 | cfg.seccomp_list_keep32 = seccomp_check_list(ptr + 16); |
| 1008 | } | 1008 | } |
| 1009 | else | 1009 | else |
| 1010 | warning_feature_disabled("seccomp"); | 1010 | warning_feature_disabled("seccomp"); |