diff options
author | Topi Miettinen <toiwoton@gmail.com> | 2021-02-11 16:49:08 +0200 |
---|---|---|
committer | Topi Miettinen <topimiettinen@users.noreply.github.com> | 2021-02-11 18:24:26 +0000 |
commit | 7d0b11a084c57aaf3afda8c43eb66654b46bb1e6 (patch) | |
tree | 36c6c3c8827213daff2fecfcbee6bd08fe2dc4fe /src | |
parent | display-im6.q16 (diff) | |
download | firejail-7d0b11a084c57aaf3afda8c43eb66654b46bb1e6.tar.gz firejail-7d0b11a084c57aaf3afda8c43eb66654b46bb1e6.tar.zst firejail-7d0b11a084c57aaf3afda8c43eb66654b46bb1e6.zip |
Always allow empty environment variables
With the recent changes to environment variable handling, it should be
safe to always allow empty variables.
Closes: #3965
Diffstat (limited to 'src')
-rw-r--r-- | src/firejail/env.c | 9 | ||||
-rw-r--r-- | src/firejail/firejail.h | 1 | ||||
-rw-r--r-- | src/firejail/main.c | 2 |
3 files changed, 2 insertions, 10 deletions
diff --git a/src/firejail/env.c b/src/firejail/env.c index c87bebced..9ee6c6bfb 100644 --- a/src/firejail/env.c +++ b/src/firejail/env.c | |||
@@ -166,12 +166,10 @@ void env_store(const char *str, ENV_OP op) { | |||
166 | if (*str == '\0') | 166 | if (*str == '\0') |
167 | goto errexit; | 167 | goto errexit; |
168 | char *ptr = strchr(str, '='); | 168 | char *ptr = strchr(str, '='); |
169 | if (op == SETENV || op == SETENV_ALLOW_EMPTY) { | 169 | if (op == SETENV) { |
170 | if (!ptr) | 170 | if (!ptr) |
171 | goto errexit; | 171 | goto errexit; |
172 | ptr++; | 172 | ptr++; |
173 | if (*ptr == '\0' && op != SETENV_ALLOW_EMPTY) | ||
174 | goto errexit; | ||
175 | op = SETENV; | 173 | op = SETENV; |
176 | } | 174 | } |
177 | 175 | ||
@@ -206,11 +204,6 @@ void env_store_name_val(const char *name, const char *val, ENV_OP op) { | |||
206 | // some basic checking | 204 | // some basic checking |
207 | if (*name == '\0') | 205 | if (*name == '\0') |
208 | goto errexit; | 206 | goto errexit; |
209 | if (*val == '\0' && op != SETENV_ALLOW_EMPTY) | ||
210 | goto errexit; | ||
211 | |||
212 | if (op == SETENV_ALLOW_EMPTY) | ||
213 | op = SETENV; | ||
214 | 207 | ||
215 | // build list entry | 208 | // build list entry |
216 | Env *env = calloc(1, sizeof(Env)); | 209 | Env *env = calloc(1, sizeof(Env)); |
diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h index c6e0fed2a..e352dadc4 100644 --- a/src/firejail/firejail.h +++ b/src/firejail/firejail.h | |||
@@ -661,7 +661,6 @@ void run_no_sandbox(int argc, char **argv) __attribute__((noreturn)); | |||
661 | // env.c | 661 | // env.c |
662 | typedef enum { | 662 | typedef enum { |
663 | SETENV = 0, | 663 | SETENV = 0, |
664 | SETENV_ALLOW_EMPTY, | ||
665 | RMENV | 664 | RMENV |
666 | } ENV_OP; | 665 | } ENV_OP; |
667 | 666 | ||
diff --git a/src/firejail/main.c b/src/firejail/main.c index 7a9521e42..982a4c7a6 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c | |||
@@ -1004,7 +1004,7 @@ int main(int argc, char **argv, char **envp) { | |||
1004 | 1004 | ||
1005 | // Stash environment variables | 1005 | // Stash environment variables |
1006 | for (i = 0, ptr = envp; ptr && *ptr && i < MAX_ENVS; i++, ptr++) | 1006 | for (i = 0, ptr = envp; ptr && *ptr && i < MAX_ENVS; i++, ptr++) |
1007 | env_store(*ptr, SETENV_ALLOW_EMPTY); | 1007 | env_store(*ptr, SETENV); |
1008 | 1008 | ||
1009 | // sanity check for environment variables | 1009 | // sanity check for environment variables |
1010 | if (i >= MAX_ENVS) { | 1010 | if (i >= MAX_ENVS) { |