diff options
author | netblue30 <netblue30@yahoo.com> | 2020-04-05 16:10:20 -0500 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-04-05 16:10:20 -0500 |
commit | 9c9bde5387c772794163f71cea2dee6b8d782f19 (patch) | |
tree | 5dc2dddb8eb8399054a57c849e7112728e6bd7ce /src/firejail/main.c | |
parent | travis make install test (diff) | |
parent | Simple sanity checks for arguments and environment (diff) | |
download | firejail-9c9bde5387c772794163f71cea2dee6b8d782f19.tar.gz firejail-9c9bde5387c772794163f71cea2dee6b8d782f19.tar.zst firejail-9c9bde5387c772794163f71cea2dee6b8d782f19.zip |
Merge pull request #3319 from topimiettinen/sanity-check-for-args-envs
Simple sanity checks for arguments and environment
Diffstat (limited to 'src/firejail/main.c')
-rw-r--r-- | src/firejail/main.c | 32 |
1 files changed, 30 insertions, 2 deletions
diff --git a/src/firejail/main.c b/src/firejail/main.c index d550e8df9..9bff960cb 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c | |||
@@ -990,7 +990,7 @@ static int check_postexec(const char *list) { | |||
990 | //******************************************* | 990 | //******************************************* |
991 | // Main program | 991 | // Main program |
992 | //******************************************* | 992 | //******************************************* |
993 | int main(int argc, char **argv) { | 993 | int main(int argc, char **argv, char **envp) { |
994 | int i; | 994 | int i; |
995 | int prog_index = -1; // index in argv where the program command starts | 995 | int prog_index = -1; // index in argv where the program command starts |
996 | int lockfd_network = -1; | 996 | int lockfd_network = -1; |
@@ -998,6 +998,7 @@ int main(int argc, char **argv) { | |||
998 | int option_cgroup = 0; | 998 | int option_cgroup = 0; |
999 | int custom_profile = 0; // custom profile loaded | 999 | int custom_profile = 0; // custom profile loaded |
1000 | int arg_caps_cmdline = 0; // caps requested on command line (used to break out of --chroot) | 1000 | int arg_caps_cmdline = 0; // caps requested on command line (used to break out of --chroot) |
1001 | char **ptr; | ||
1001 | 1002 | ||
1002 | // drop permissions by default and rise them when required | 1003 | // drop permissions by default and rise them when required |
1003 | EUID_INIT(); | 1004 | EUID_INIT(); |
@@ -1007,9 +1008,36 @@ int main(int argc, char **argv) { | |||
1007 | orig_umask = umask(022); | 1008 | orig_umask = umask(022); |
1008 | 1009 | ||
1009 | // argument count should be larger than 0 | 1010 | // argument count should be larger than 0 |
1010 | if (argc == 0) { | 1011 | if (argc == 0 || !argv || strlen(argv[0]) == 0) { |
1011 | fprintf(stderr, "Error: argv[0] is NULL\n"); | 1012 | fprintf(stderr, "Error: argv[0] is NULL\n"); |
1012 | exit(1); | 1013 | exit(1); |
1014 | } else if (argc >= MAX_ARGS) { | ||
1015 | fprintf(stderr, "Error: too many arguments\n"); | ||
1016 | exit(1); | ||
1017 | } | ||
1018 | |||
1019 | // sanity check for arguments | ||
1020 | for (i = 0; i < argc; i++) { | ||
1021 | if (*argv[i] == 0) { | ||
1022 | fprintf(stderr, "Error: too short arguments\n"); | ||
1023 | exit(1); | ||
1024 | } | ||
1025 | if (strlen(argv[i]) >= MAX_ARG_LEN) { | ||
1026 | fprintf(stderr, "Error: too long arguments\n"); | ||
1027 | exit(1); | ||
1028 | } | ||
1029 | } | ||
1030 | |||
1031 | // sanity check for environment variables | ||
1032 | for (i = 0, ptr = envp; ptr && *ptr && i < MAX_ENVS; i++, ptr++) { | ||
1033 | if (strlen(*ptr) >= MAX_ENV_LEN) { | ||
1034 | fprintf(stderr, "Error: too long environment variables\n"); | ||
1035 | exit(1); | ||
1036 | } | ||
1037 | } | ||
1038 | if (i >= MAX_ENVS) { | ||
1039 | fprintf(stderr, "Error: too many environment variables\n"); | ||
1040 | exit(1); | ||
1013 | } | 1041 | } |
1014 | 1042 | ||
1015 | // check if the user is allowed to use firejail | 1043 | // check if the user is allowed to use firejail |