diff options
author | smitsohu <smitsohu@gmail.com> | 2022-03-10 14:43:17 +0100 |
---|---|---|
committer | smitsohu <smitsohu@gmail.com> | 2022-03-10 14:43:17 +0100 |
commit | 4d3d3270883140535cc6ea5a190aebdf6f3dc120 (patch) | |
tree | 7bae03cfce71b7f13bba30fe907354d97d40df74 /src/firejail | |
parent | RELNOTES: add warning about allow-tray (diff) | |
download | firejail-4d3d3270883140535cc6ea5a190aebdf6f3dc120.tar.gz firejail-4d3d3270883140535cc6ea5a190aebdf6f3dc120.tar.zst firejail-4d3d3270883140535cc6ea5a190aebdf6f3dc120.zip |
refactor meta character filtering
Diffstat (limited to 'src/firejail')
-rw-r--r-- | src/firejail/fs_lib.c | 6 | ||||
-rw-r--r-- | src/firejail/macros.c | 43 |
2 files changed, 4 insertions, 45 deletions
diff --git a/src/firejail/fs_lib.c b/src/firejail/fs_lib.c index 194a980f4..848691a56 100644 --- a/src/firejail/fs_lib.c +++ b/src/firejail/fs_lib.c | |||
@@ -276,9 +276,9 @@ static void install_list_entry(const char *lib) { | |||
276 | assert(lib); | 276 | assert(lib); |
277 | 277 | ||
278 | // filename check | 278 | // filename check |
279 | int len = strlen(lib); | 279 | reject_meta_chars(lib, 1); |
280 | if (strcspn(lib, "\\&!?\"'<>%^(){}[];,") != (size_t)len || | 280 | |
281 | strstr(lib, "..")) { | 281 | if (strstr(lib, "..")) { |
282 | fprintf(stderr, "Error: \"%s\" is an invalid library\n", lib); | 282 | fprintf(stderr, "Error: \"%s\" is an invalid library\n", lib); |
283 | exit(1); | 283 | exit(1); |
284 | } | 284 | } |
diff --git a/src/firejail/macros.c b/src/firejail/macros.c index 74d529504..3f9460041 100644 --- a/src/firejail/macros.c +++ b/src/firejail/macros.c | |||
@@ -265,28 +265,6 @@ char *expand_macros(const char *path) { | |||
265 | return rv; | 265 | return rv; |
266 | } | 266 | } |
267 | 267 | ||
268 | // replace control characters with a '?' | ||
269 | static char *fix_control_chars(const char *fname) { | ||
270 | assert(fname); | ||
271 | |||
272 | size_t len = strlen(fname); | ||
273 | char *rv = malloc(len + 1); | ||
274 | if (!rv) | ||
275 | errExit("malloc"); | ||
276 | |||
277 | size_t i = 0; | ||
278 | while (fname[i] != '\0') { | ||
279 | if (iscntrl((unsigned char) fname[i])) | ||
280 | rv[i] = '?'; | ||
281 | else | ||
282 | rv[i] = fname[i]; | ||
283 | i++; | ||
284 | } | ||
285 | rv[i] = '\0'; | ||
286 | |||
287 | return rv; | ||
288 | } | ||
289 | |||
290 | void invalid_filename(const char *fname, int globbing) { | 268 | void invalid_filename(const char *fname, int globbing) { |
291 | // EUID_ASSERT(); | 269 | // EUID_ASSERT(); |
292 | assert(fname); | 270 | assert(fname); |
@@ -304,24 +282,5 @@ void invalid_filename(const char *fname, int globbing) { | |||
304 | return; | 282 | return; |
305 | } | 283 | } |
306 | 284 | ||
307 | size_t i = 0; | 285 | reject_meta_chars(ptr, globbing); |
308 | while (ptr[i] != '\0') { | ||
309 | if (iscntrl((unsigned char) ptr[i])) { | ||
310 | char *new = fix_control_chars(fname); | ||
311 | fprintf(stderr, "Error: \"%s\" is an invalid filename: no control characters allowed\n", new); | ||
312 | exit(1); | ||
313 | } | ||
314 | i++; | ||
315 | } | ||
316 | |||
317 | char *reject; | ||
318 | if (globbing) | ||
319 | reject = "\\&!\"<>%^{};,"; // file globbing ('*?[]') is allowed | ||
320 | else | ||
321 | reject = "\\&!?\"<>%^{};,*[]"; | ||
322 | char *c = strpbrk(ptr, reject); | ||
323 | if (c) { | ||
324 | fprintf(stderr, "Error: \"%s\" is an invalid filename: rejected character: \"%c\"\n", fname, *c); | ||
325 | exit(1); | ||
326 | } | ||
327 | } | 286 | } |