Generate temporary filenames instead of using a fixed one (fixes #2083)

author: ಚಿರಾಗ್ ನಟರಾಜ್ <chiraag.nataraj@gmail.com> 2018-08-16 09:42:58 -0400
committer: ಚಿರಾಗ್ ನಟರಾಜ್ <chiraag.nataraj@gmail.com> 2018-08-16 09:42:58 -0400
commit: b0f49116fb026fe08fc30c495c637c42ed3195ad (patch)
tree: 0656986b7e39f857f48c576f7671a29001a56ace /src/fbuilder/build_home.c
parent: harden private-home mounting, small improvements (diff)
download: firejail-b0f49116fb026fe08fc30c495c637c42ed3195ad.tar.gz
firejail-b0f49116fb026fe08fc30c495c637c42ed3195ad.tar.zst
firejail-b0f49116fb026fe08fc30c495c637c42ed3195ad.zip
1 files changed, 22 insertions, 15 deletions
diff --git a/src/fbuilder/build_home.c b/src/fbuilder/build_home.c
index 7470a8d10..d97b6b33a 100644
--- a/src/fbuilder/build_home.c
+++ b/src/fbuilder/build_home.c
@@ -47,17 +47,18 @@ static void load_whitelist_common(void) {
        fclose(fp);
 }
-void process_home(const char *fname, char *home, int home_len) {
+void process_home(char *fname, FILE *fp, char *home, int home_len) {
        assert(fname);
+        assert(fp);
        assert(home);
        assert(home_len);
        // process trace file
-        FILE *fp = fopen(fname, "r");
+        /* FILE *fp = fdopen(fd, "r"); */
-        if (!fp) {
+        /* if (!fp) { */
-                fprintf(stderr, "Error: cannot open %s\n", fname);
+        /*      fprintf(stderr, "Error: cannot open %s\n", fname); */
-                exit(1);
+        /*      exit(1); */
-        }
+        /* } */
        char buf[MAX_BUF];
        while (fgets(buf, MAX_BUF, fp)) {
@@ -153,13 +154,15 @@ void process_home(const char *fname, char *home, int home_len) {
                        free(dir);
        }
-        fclose(fp);
+        /* fclose(fp); */
 }
 // process fname, fname.1, fname.2, fname.3, fname.4, fname.5
-void build_home(const char *fname, FILE *fp) {
+void build_home(char *fname, FILE *fp, FILE *fpo) {
        assert(fname);
+        assert(fp);
+        assert(fpo);
        // load whitelist common
        load_whitelist_common();
@@ -174,7 +177,7 @@ void build_home(const char *fname, FILE *fp) {
        int home_len = strlen(home);
        // run fname
-        process_home(fname, home, home_len);
+        process_home(fname, fp, home, home_len);
        // run all the rest
        struct stat s;
@@ -183,17 +186,21 @@ void build_home(const char *fname, FILE *fp) {
                char *newname;
                if (asprintf(&newname, "%s.%d", fname, i) == -1)
                        errExit("asprintf");
-                if (stat(newname, &s) == 0)
+                if (stat(newname, &s) == 0) {
-                        process_home(newname, home, home_len);
+                  int nfd = open(newname, O_RDONLY);
+                  FILE *nfp = fdopen(nfd, "r");
+                  process_home(newname, nfp, home, home_len);
+                  fclose(nfp);
+                }
                free(newname);
        }
        // print the out list if any
        if (db_out) {
-                filedb_print(db_out, "whitelist ~/", fp);
+                filedb_print(db_out, "whitelist ~/", fpo);
-                fprintf(fp, "include /etc/firejail/whitelist-common.inc\n");
+                fprintf(fpo, "include /etc/firejail/whitelist-common.inc\n");
        }
        else
-                fprintf(fp, "private\n");
+                fprintf(fpo, "private\n");
-}
-\ No newline at end of file
+}
author	ಚಿರಾಗ್ ನಟರಾಜ್ <chiraag.nataraj@gmail.com>	2018-08-16 09:42:58 -0400
committer	ಚಿರಾಗ್ ನಟರಾಜ್ <chiraag.nataraj@gmail.com>	2018-08-16 09:42:58 -0400
commit	b0f49116fb026fe08fc30c495c637c42ed3195ad (patch)
tree	0656986b7e39f857f48c576f7671a29001a56ace /src/fbuilder/build_home.c
parent	harden private-home mounting, small improvements (diff)
download	firejail-b0f49116fb026fe08fc30c495c637c42ed3195ad.tar.gz firejail-b0f49116fb026fe08fc30c495c637c42ed3195ad.tar.zst firejail-b0f49116fb026fe08fc30c495c637c42ed3195ad.zip