diff options
author | sarneaud <sarneaud@users.noreply.github.com> | 2015-09-01 10:34:26 +1000 |
---|---|---|
committer | sarneaud <sarneaud@users.noreply.github.com> | 2015-09-01 10:55:40 +1000 |
commit | 78fd72058fcbad63b0fe75f4b0db7c31c5c2a744 (patch) | |
tree | f2f20d523b1c1f0a86699805edaffd45afc87f20 /src/firejail/caps.c | |
parent | using /etc/firejail/server.profile as default profile if the sandbox is start... (diff) | |
download | firejail-78fd72058fcbad63b0fe75f4b0db7c31c5c2a744.tar.gz firejail-78fd72058fcbad63b0fe75f4b0db7c31c5c2a744.tar.zst firejail-78fd72058fcbad63b0fe75f4b0db7c31c5c2a744.zip |
Clean up some fragile uses of strncmp.
In some places the code compares the first n characters of a string and
then assumes a valid string starts from the n+2th character. I didn't
find any places where this wasn't justifiable, but I think it's better
to stick to safer patterns, especially in SUID code.
Diffstat (limited to 'src/firejail/caps.c')
-rw-r--r-- | src/firejail/caps.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/firejail/caps.c b/src/firejail/caps.c index f63d17e02..cd7dbee74 100644 --- a/src/firejail/caps.c +++ b/src/firejail/caps.c | |||
@@ -377,7 +377,7 @@ static uint64_t extract_caps(int pid) { | |||
377 | 377 | ||
378 | char buf[MAXBUF]; | 378 | char buf[MAXBUF]; |
379 | while (fgets(buf, MAXBUF, fp)) { | 379 | while (fgets(buf, MAXBUF, fp)) { |
380 | if (strncmp(buf, "CapBnd:", 7) == 0) { | 380 | if (strncmp(buf, "CapBnd:\t", 8) == 0) { |
381 | char *ptr = buf + 8; | 381 | char *ptr = buf + 8; |
382 | unsigned long long val; | 382 | unsigned long long val; |
383 | sscanf(ptr, "%llx", &val); | 383 | sscanf(ptr, "%llx", &val); |