Escape control characters

Names and commands can contain control characters: ``` firejail --name="$(echo -e '\e[31mRed\n\b\b\bText\e[0m')" sleep 10s ``` results in "Text" printed in red. Prevent commands like `--tree` to control the terminal.
author: layderv <20249311+layderv@users.noreply.github.com> 2023-01-15 05:50:31 -0500
committer: layderv <20249311+layderv@users.noreply.github.com> 2023-01-15 05:50:31 -0500
commit: ab4bd9c707cd3e872039abd00b3274a01d7dd1c2 (patch)
tree: 157e46011a126ef194595350dd5efe743c8d2c4a /src/lib/pid.c
parent: RELNOTES: add related PR to --apparmor= item (diff)
download: firejail-ab4bd9c707cd3e872039abd00b3274a01d7dd1c2.tar.gz
firejail-ab4bd9c707cd3e872039abd00b3274a01d7dd1c2.tar.zst
firejail-ab4bd9c707cd3e872039abd00b3274a01d7dd1c2.zip
1 files changed, 15 insertions, 1 deletions
diff --git a/src/lib/pid.c b/src/lib/pid.c
index 5e9b20c94..cb9686648 100644
--- a/src/lib/pid.c
+++ b/src/lib/pid.c
@@ -197,6 +197,12 @@ static void print_elem(unsigned index, int nowrap) {
        char *user = pid_get_user_name(uid);
        char *user_allocated = user;
+        char *cmd_escape = escape_cntrl_chars(cmd);
+        if (cmd_escape) {
+                free(cmd);
+                cmd = cmd_escape;
+        }
        // extract sandbox name - pid == index
        char *sandbox_name = "";
        char *sandbox_name_allocated = NULL;
@@ -224,7 +230,15 @@ static void print_elem(unsigned index, int nowrap) {
        }
        free(fname);
-        if (user ==NULL)
+        char *sandbox_name_escape = escape_cntrl_chars(sandbox_name);
+        if (sandbox_name_escape) {
+                if (sandbox_name_allocated)
+                        free(sandbox_name_allocated);
+                sandbox_name = sandbox_name_escape;
+                sandbox_name_allocated = sandbox_name;
+        }
+        if (user == NULL)
                user = "";
        if (cmd) {
                if (col < 4 || nowrap)
author	layderv <20249311+layderv@users.noreply.github.com>	2023-01-15 05:50:31 -0500
committer	layderv <20249311+layderv@users.noreply.github.com>	2023-01-15 05:50:31 -0500
commit	ab4bd9c707cd3e872039abd00b3274a01d7dd1c2 (patch)
tree	157e46011a126ef194595350dd5efe743c8d2c4a /src/lib/pid.c
parent	RELNOTES: add related PR to --apparmor= item (diff)
download	firejail-ab4bd9c707cd3e872039abd00b3274a01d7dd1c2.tar.gz firejail-ab4bd9c707cd3e872039abd00b3274a01d7dd1c2.tar.zst firejail-ab4bd9c707cd3e872039abd00b3274a01d7dd1c2.zip

diff --git a/src/lib/pid.c b/src/lib/pid.c index 5e9b20c94..cb9686648 100644 --- a/src/lib/pid.c +++ b/src/lib/pid.c
@@ -197,6 +197,12 @@ static void print_elem(unsigned index, int nowrap) {
197	char *user = pid_get_user_name(uid);	197	char *user = pid_get_user_name(uid);
198	char *user_allocated = user;	198	char *user_allocated = user;
199		199
		200	char *cmd_escape = escape_cntrl_chars(cmd);
		201	if (cmd_escape) {
		202	free(cmd);
		203	cmd = cmd_escape;
		204	}
		205
200	// extract sandbox name - pid == index	206	// extract sandbox name - pid == index
201	char *sandbox_name = "";	207	char *sandbox_name = "";
202	char *sandbox_name_allocated = NULL;	208	char *sandbox_name_allocated = NULL;
@@ -224,7 +230,15 @@ static void print_elem(unsigned index, int nowrap) {
224	}	230	}
225	free(fname);	231	free(fname);
226		232
227	if (user ==NULL)	233	char *sandbox_name_escape = escape_cntrl_chars(sandbox_name);
		234	if (sandbox_name_escape) {
		235	if (sandbox_name_allocated)
		236	free(sandbox_name_allocated);
		237	sandbox_name = sandbox_name_escape;
		238	sandbox_name_allocated = sandbox_name;
		239	}
		240
		241	if (user == NULL)
228	user = "";	242	user = "";
229	if (cmd) {	243	if (cmd) {
230	if (col < 4 \|\| nowrap)	244	if (col < 4 \|\| nowrap)