diff options
| author |  sarneaud <sarneaud@users.noreply.github.com> | 2015-09-01 10:34:26 +1000 |
|---|---|---|
| committer | sarneaud <sarneaud@users.noreply.github.com> | 2015-09-01 10:55:40 +1000 |
| commit | 78fd72058fcbad63b0fe75f4b0db7c31c5c2a744 (patch) | |
| tree | f2f20d523b1c1f0a86699805edaffd45afc87f20 /src/firejail/caps.c | |
| parent | using /etc/firejail/server.profile as default profile if the sandbox is start... (diff) | |
| download | firejail-78fd72058fcbad63b0fe75f4b0db7c31c5c2a744.tar.gz firejail-78fd72058fcbad63b0fe75f4b0db7c31c5c2a744.tar.zst firejail-78fd72058fcbad63b0fe75f4b0db7c31c5c2a744.zip | |
Clean up some fragile uses of strncmp.
In some places the code compares the first n characters of a string and
then assumes a valid string starts from the n+2th character. I didn't
find any places where this wasn't justifiable, but I think it's better
to stick to safer patterns, especially in SUID code.
Diffstat (limited to 'src/firejail/caps.c')
| -rw-r--r-- | src/firejail/caps.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/firejail/caps.c b/src/firejail/caps.c index f63d17e02..cd7dbee74 100644 --- a/src/firejail/caps.c +++ b/src/firejail/caps.c | |||
| @@ -377,7 +377,7 @@ static uint64_t extract_caps(int pid) { | |||
| 377 | 377 | ||
| 378 | char buf[MAXBUF]; | 378 | char buf[MAXBUF]; |
| 379 | while (fgets(buf, MAXBUF, fp)) { | 379 | while (fgets(buf, MAXBUF, fp)) { |
| 380 | if (strncmp(buf, "CapBnd:", 7) == 0) { | 380 | if (strncmp(buf, "CapBnd:\t", 8) == 0) { |
| 381 | char *ptr = buf + 8; | 381 | char *ptr = buf + 8; |
| 382 | unsigned long long val; | 382 | unsigned long long val; |
| 383 | sscanf(ptr, "%llx", &val); | 383 | sscanf(ptr, "%llx", &val); |