private-home: remove redundancy

author: smitsohu <smitsohu@gmail.com> 2019-07-12 11:19:22 +0200
committer: GitHub <noreply@github.com> 2019-07-12 11:19:22 +0200
commit: 113038bceda865c61f55d10a56e287dba4f72a52 (patch)
tree: d064ba89609d4c346651da6ca1d6d950c1f3fc84 /src/firejail/fs_home.c
parent: Merge pull request #2855 from veloute/galc-fix (diff)
download: firejail-113038bceda865c61f55d10a56e287dba4f72a52.tar.gz
firejail-113038bceda865c61f55d10a56e287dba4f72a52.tar.zst
firejail-113038bceda865c61f55d10a56e287dba4f72a52.zip
1 files changed, 5 insertions, 7 deletions
diff --git a/src/firejail/fs_home.c b/src/firejail/fs_home.c
index 01a807883..75c4b7da3 100644
--- a/src/firejail/fs_home.c
+++ b/src/firejail/fs_home.c
@@ -272,7 +272,7 @@ void fs_private_homedir(void) {
        MountData *mptr = get_last_mount();
        size_t len = strlen(homedir);
        if (strncmp(mptr->dir, homedir, len) != 0 ||
-                (*(mptr->dir + len) != '\0' && *(mptr->dir + len) != '/'))
+           (*(mptr->dir + len) != '\0' && *(mptr->dir + len) != '/'))
                errLogExit("invalid private mount");
        fs_logger3("mount-bind", private_homedir, homedir);
@@ -443,17 +443,15 @@ static char *check_dir_or_file(const char *name) {
                        goto errexit;
        }
        else {
-                // check the file is in user home directory, a full home directory is not allowed
+                // check the file is in user home directory
                char *rname = realpath(fname, NULL);
-                if (!rname ||
+                if (!rname || strncmp(rname, cfg.homedir, strlen(cfg.homedir)) != 0)
-                    strncmp(rname, cfg.homedir, strlen(cfg.homedir)) != 0 ||
-                    strcmp(rname, cfg.homedir) == 0)
                        goto errexit;
+                // a full home directory is not allowed
-                // only top files and directories in user home are allowed
                char *ptr = rname + strlen(cfg.homedir);
                if (*ptr != '/')
                        goto errexit;
+                // only top files and directories in user home are allowed
                ptr = strchr(++ptr, '/');
                if (ptr) {
                        fprintf(stderr, "Error: only top files and directories in user home are allowed\n");
author	smitsohu <smitsohu@gmail.com>	2019-07-12 11:19:22 +0200
committer	GitHub <noreply@github.com>	2019-07-12 11:19:22 +0200
commit	113038bceda865c61f55d10a56e287dba4f72a52 (patch)
tree	d064ba89609d4c346651da6ca1d6d950c1f3fc84 /src/firejail/fs_home.c
parent	Merge pull request #2855 from veloute/galc-fix (diff)
download	firejail-113038bceda865c61f55d10a56e287dba4f72a52.tar.gz firejail-113038bceda865c61f55d10a56e287dba4f72a52.tar.zst firejail-113038bceda865c61f55d10a56e287dba4f72a52.zip

diff --git a/src/firejail/fs_home.c b/src/firejail/fs_home.c index 01a807883..75c4b7da3 100644 --- a/src/firejail/fs_home.c +++ b/src/firejail/fs_home.c
@@ -272,7 +272,7 @@ void fs_private_homedir(void) {
272	MountData *mptr = get_last_mount();	272	MountData *mptr = get_last_mount();
273	size_t len = strlen(homedir);	273	size_t len = strlen(homedir);
274	if (strncmp(mptr->dir, homedir, len) != 0 \|\|	274	if (strncmp(mptr->dir, homedir, len) != 0 \|\|
275	((mptr->dir + len) != '\0' && (mptr->dir + len) != '/'))	275	((mptr->dir + len) != '\0' && (mptr->dir + len) != '/'))
276	errLogExit("invalid private mount");	276	errLogExit("invalid private mount");
277		277
278	fs_logger3("mount-bind", private_homedir, homedir);	278	fs_logger3("mount-bind", private_homedir, homedir);
@@ -443,17 +443,15 @@ static char check_dir_or_file(const char name) {
443	goto errexit;	443	goto errexit;
444	}	444	}
445	else {	445	else {
446	// check the file is in user home directory, a full home directory is not allowed	446	// check the file is in user home directory
447	char *rname = realpath(fname, NULL);	447	char *rname = realpath(fname, NULL);
448	if (!rname \|\|	448	if (!rname \|\| strncmp(rname, cfg.homedir, strlen(cfg.homedir)) != 0)
449	strncmp(rname, cfg.homedir, strlen(cfg.homedir)) != 0 \|\|
450	strcmp(rname, cfg.homedir) == 0)
451	goto errexit;	449	goto errexit;
452		450	// a full home directory is not allowed
453	// only top files and directories in user home are allowed
454	char *ptr = rname + strlen(cfg.homedir);	451	char *ptr = rname + strlen(cfg.homedir);
455	if (*ptr != '/')	452	if (*ptr != '/')
456	goto errexit;	453	goto errexit;
		454	// only top files and directories in user home are allowed
457	ptr = strchr(++ptr, '/');	455	ptr = strchr(++ptr, '/');
458	if (ptr) {	456	if (ptr) {
459	fprintf(stderr, "Error: only top files and directories in user home are allowed\n");	457	fprintf(stderr, "Error: only top files and directories in user home are allowed\n");