diff options
author | smitsohu <smitsohu@gmail.com> | 2018-08-11 23:32:40 +0200 |
---|---|---|
committer | smitsohu <smitsohu@gmail.com> | 2018-08-11 23:32:40 +0200 |
commit | f8762bcff754911bc4a2a2c8d998f5ba93f4a384 (patch) | |
tree | c40ce67b5b98c93de75f14626ab78228e69e8dda /src | |
parent | clear all warnings from cppcheck static code analysis (diff) | |
download | firejail-f8762bcff754911bc4a2a2c8d998f5ba93f4a384.tar.gz firejail-f8762bcff754911bc4a2a2c8d998f5ba93f4a384.tar.zst firejail-f8762bcff754911bc4a2a2c8d998f5ba93f4a384.zip |
various small improvements, fixes, nitpicks
Diffstat (limited to 'src')
-rw-r--r-- | src/firejail/fs_whitelist.c | 8 | ||||
-rw-r--r-- | src/firejail/join.c | 2 | ||||
-rw-r--r-- | src/firejail/ls.c | 5 | ||||
-rw-r--r-- | src/firejail/main.c | 4 | ||||
-rw-r--r-- | src/firejail/run_symlink.c | 1 | ||||
-rw-r--r-- | src/firejail/util.c | 3 | ||||
-rw-r--r-- | src/firejail/x11.c | 5 | ||||
-rw-r--r-- | src/fnetfilter/main.c | 6 |
8 files changed, 20 insertions, 14 deletions
diff --git a/src/firejail/fs_whitelist.c b/src/firejail/fs_whitelist.c index bfcf9c209..c3d34e259 100644 --- a/src/firejail/fs_whitelist.c +++ b/src/firejail/fs_whitelist.c | |||
@@ -65,8 +65,7 @@ static int mkpath(const char* path, mode_t mode) { | |||
65 | 65 | ||
66 | // don't create the last path element | 66 | // don't create the last path element |
67 | char *p = strrchr(dup, '/'); | 67 | char *p = strrchr(dup, '/'); |
68 | if (!p) | 68 | assert(p); |
69 | errExit("strrchr"); | ||
70 | *p = '\0'; | 69 | *p = '\0'; |
71 | 70 | ||
72 | int parentfd = open("/", O_PATH|O_DIRECTORY|O_CLOEXEC); | 71 | int parentfd = open("/", O_PATH|O_DIRECTORY|O_CLOEXEC); |
@@ -77,8 +76,7 @@ static int mkpath(const char* path, mode_t mode) { | |||
77 | int done = 0; | 76 | int done = 0; |
78 | int fd = -1; | 77 | int fd = -1; |
79 | char *tok = strtok(dup, "/"); | 78 | char *tok = strtok(dup, "/"); |
80 | if (!tok) | 79 | assert(tok); // path is no top level directory |
81 | errExit("strtok"); | ||
82 | while (tok) { | 80 | while (tok) { |
83 | // skip all instances of "/./" | 81 | // skip all instances of "/./" |
84 | if (strcmp(tok, ".") == 0) { | 82 | if (strcmp(tok, ".") == 0) { |
@@ -398,7 +396,7 @@ void fs_whitelist(void) { | |||
398 | assert(new_name); | 396 | assert(new_name); |
399 | 397 | ||
400 | // trim trailing slashes or dots | 398 | // trim trailing slashes or dots |
401 | char *end = strrchr(new_name, '\0'); | 399 | char *end = strchr(new_name, '\0'); |
402 | assert(end); | 400 | assert(end); |
403 | if ((end - new_name) > 1) { | 401 | if ((end - new_name) > 1) { |
404 | end--; | 402 | end--; |
diff --git a/src/firejail/join.c b/src/firejail/join.c index a75262711..729c7f797 100644 --- a/src/firejail/join.c +++ b/src/firejail/join.c | |||
@@ -214,7 +214,7 @@ static void extract_umask(pid_t pid) { | |||
214 | free(fname); | 214 | free(fname); |
215 | if (!fp) | 215 | if (!fp) |
216 | return; | 216 | return; |
217 | if (fscanf(fp, "%4o", &orig_umask) < 1) { | 217 | if (fscanf(fp, "%3o", &orig_umask) < 1) { |
218 | fprintf(stderr, "Error: cannot read umask\n"); | 218 | fprintf(stderr, "Error: cannot read umask\n"); |
219 | exit(1); | 219 | exit(1); |
220 | } | 220 | } |
diff --git a/src/firejail/ls.c b/src/firejail/ls.c index 79e4b679b..601cab4f8 100644 --- a/src/firejail/ls.c +++ b/src/firejail/ls.c | |||
@@ -198,6 +198,10 @@ char *expand_path(const char *path) { | |||
198 | } | 198 | } |
199 | else { | 199 | else { |
200 | // assume the file is in current working directory | 200 | // assume the file is in current working directory |
201 | if (!cfg.cwd) { | ||
202 | fprintf(stderr, "Error: current working directory has been deleted\n"); | ||
203 | exit(1); | ||
204 | } | ||
201 | if (asprintf(&fname, "%s/%s", cfg.cwd, path) == -1) | 205 | if (asprintf(&fname, "%s/%s", cfg.cwd, path) == -1) |
202 | errExit("asprintf"); | 206 | errExit("asprintf"); |
203 | } | 207 | } |
@@ -206,6 +210,7 @@ char *expand_path(const char *path) { | |||
206 | 210 | ||
207 | void sandboxfs(int op, pid_t pid, const char *path1, const char *path2) { | 211 | void sandboxfs(int op, pid_t pid, const char *path1, const char *path2) { |
208 | EUID_ASSERT(); | 212 | EUID_ASSERT(); |
213 | assert(path1); | ||
209 | 214 | ||
210 | // if the pid is that of a firejail process, use the pid of the first child process | 215 | // if the pid is that of a firejail process, use the pid of the first child process |
211 | EUID_ROOT(); | 216 | EUID_ROOT(); |
diff --git a/src/firejail/main.c b/src/firejail/main.c index 0651e2f0a..b064155f4 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c | |||
@@ -241,7 +241,10 @@ static void init_cfg(int argc, char **argv) { | |||
241 | fprintf(stderr, "Error: user %s doesn't have a user directory assigned\n", cfg.username); | 241 | fprintf(stderr, "Error: user %s doesn't have a user directory assigned\n", cfg.username); |
242 | exit(1); | 242 | exit(1); |
243 | } | 243 | } |
244 | |||
244 | cfg.cwd = getcwd(NULL, 0); | 245 | cfg.cwd = getcwd(NULL, 0); |
246 | if (!cfg.cwd && errno != ENOENT) | ||
247 | errExit("getcwd"); | ||
245 | 248 | ||
246 | // check user database | 249 | // check user database |
247 | if (!firejail_user_check(cfg.username)) { | 250 | if (!firejail_user_check(cfg.username)) { |
@@ -830,6 +833,7 @@ static void run_builder(int argc, char **argv) { | |||
830 | (void) argc; | 833 | (void) argc; |
831 | 834 | ||
832 | // drop privileges | 835 | // drop privileges |
836 | EUID_ROOT(); | ||
833 | if (setgid(getgid()) < 0) | 837 | if (setgid(getgid()) < 0) |
834 | errExit("setgid/getgid"); | 838 | errExit("setgid/getgid"); |
835 | if (setuid(getuid()) < 0) | 839 | if (setuid(getuid()) < 0) |
diff --git a/src/firejail/run_symlink.c b/src/firejail/run_symlink.c index 5714206d4..ec8e0f1e5 100644 --- a/src/firejail/run_symlink.c +++ b/src/firejail/run_symlink.c | |||
@@ -34,6 +34,7 @@ void run_symlink(int argc, char **argv, int run_as_is) { | |||
34 | return; | 34 | return; |
35 | 35 | ||
36 | // drop privileges | 36 | // drop privileges |
37 | EUID_ROOT(); | ||
37 | if (setgid(getgid()) < 0) | 38 | if (setgid(getgid()) < 0) |
38 | errExit("setgid/getgid"); | 39 | errExit("setgid/getgid"); |
39 | if (setuid(getuid()) < 0) | 40 | if (setuid(getuid()) < 0) |
diff --git a/src/firejail/util.c b/src/firejail/util.c index 67776b36c..329ae141b 100644 --- a/src/firejail/util.c +++ b/src/firejail/util.c | |||
@@ -1006,8 +1006,7 @@ int safe_fd(const char *path, int flags) { | |||
1006 | errExit("strdup"); | 1006 | errExit("strdup"); |
1007 | 1007 | ||
1008 | char *p = strrchr(dup, '/'); | 1008 | char *p = strrchr(dup, '/'); |
1009 | if (p == NULL) | 1009 | assert(p); |
1010 | errExit("strrchr"); | ||
1011 | // reject trailing slash, root directory | 1010 | // reject trailing slash, root directory |
1012 | if (*(p + 1) == '\0') | 1011 | if (*(p + 1) == '\0') |
1013 | goto errexit; | 1012 | goto errexit; |
diff --git a/src/firejail/x11.c b/src/firejail/x11.c index 9cbe6598e..e40ca0f05 100644 --- a/src/firejail/x11.c +++ b/src/firejail/x11.c | |||
@@ -30,12 +30,7 @@ | |||
30 | #include <sys/wait.h> | 30 | #include <sys/wait.h> |
31 | #include <errno.h> | 31 | #include <errno.h> |
32 | #include <limits.h> | 32 | #include <limits.h> |
33 | |||
34 | // on Debian 7 we are missing O_PATH definition | ||
35 | #include <fcntl.h> | 33 | #include <fcntl.h> |
36 | #ifndef O_PATH | ||
37 | #define O_PATH 010000000 | ||
38 | #endif | ||
39 | 34 | ||
40 | 35 | ||
41 | // Parse the DISPLAY environment variable and return a display number. | 36 | // Parse the DISPLAY environment variable and return a display number. |
diff --git a/src/fnetfilter/main.c b/src/fnetfilter/main.c index d8b950e8f..34ebf5926 100644 --- a/src/fnetfilter/main.c +++ b/src/fnetfilter/main.c | |||
@@ -79,13 +79,17 @@ static void process_template(char *src, const char *dest) { | |||
79 | *arg_start = '\0'; | 79 | *arg_start = '\0'; |
80 | arg_start++; | 80 | arg_start++; |
81 | if (*arg_start == '\0') { | 81 | if (*arg_start == '\0') { |
82 | fprintf(stderr, "Error fnetfilter: you need to provide at least on argument\n"); | 82 | fprintf(stderr, "Error fnetfilter: you need to provide at least one argument\n"); |
83 | exit(1); | 83 | exit(1); |
84 | } | 84 | } |
85 | 85 | ||
86 | // extract the arguments from command line | 86 | // extract the arguments from command line |
87 | char *token = strtok(arg_start, ","); | 87 | char *token = strtok(arg_start, ","); |
88 | while (token) { | 88 | while (token) { |
89 | if (argcnt == MAXARGS) { | ||
90 | fprintf(stderr, "Error fnetfilter: only up to %u arguments are supported\n", (unsigned) MAXARGS); | ||
91 | exit(1); | ||
92 | } | ||
89 | // look for abnormal things | 93 | // look for abnormal things |
90 | int len = strlen(token); | 94 | int len = strlen(token); |
91 | if (strcspn(token, "\\&!?\"'<>%^(){};,*[]") != (size_t)len) { | 95 | if (strcspn(token, "\\&!?\"'<>%^(){};,*[]") != (size_t)len) { |