diff options
author | netblue30 <netblue30@yahoo.com> | 2018-08-29 08:55:32 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2018-08-29 08:55:32 -0400 |
commit | 594e2a48ec1a2350d9315ba6cf71b805446a49ad (patch) | |
tree | ed05e8de6d45da91138275e1d0d636081654d909 /src | |
parent | apparmor: cleanup /home path (diff) | |
download | firejail-594e2a48ec1a2350d9315ba6cf71b805446a49ad.tar.gz firejail-594e2a48ec1a2350d9315ba6cf71b805446a49ad.tar.zst firejail-594e2a48ec1a2350d9315ba6cf71b805446a49ad.zip |
cleanup
Diffstat (limited to 'src')
-rw-r--r-- | src/firejail/fs_whitelist.c | 2 | ||||
-rw-r--r-- | src/firejail/sbox.c | 4 | ||||
-rw-r--r-- | src/libpostexecseccomp/libpostexecseccomp.c | 4 |
3 files changed, 8 insertions, 2 deletions
diff --git a/src/firejail/fs_whitelist.c b/src/firejail/fs_whitelist.c index 8a402f692..1fd1fb675 100644 --- a/src/firejail/fs_whitelist.c +++ b/src/firejail/fs_whitelist.c | |||
@@ -494,6 +494,7 @@ void fs_whitelist(void) { | |||
494 | printf("\"%s\" disabled by --private\n", entry->data); | 494 | printf("\"%s\" disabled by --private\n", entry->data); |
495 | 495 | ||
496 | entry->data = EMPTY_STRING; | 496 | entry->data = EMPTY_STRING; |
497 | free(fname); | ||
497 | continue; | 498 | continue; |
498 | } | 499 | } |
499 | 500 | ||
@@ -638,6 +639,7 @@ void fs_whitelist(void) { | |||
638 | } | 639 | } |
639 | } | 640 | } |
640 | else { | 641 | else { |
642 | free(fname); | ||
641 | goto errexit; | 643 | goto errexit; |
642 | } | 644 | } |
643 | 645 | ||
diff --git a/src/firejail/sbox.c b/src/firejail/sbox.c index c11daad58..1c6f3c327 100644 --- a/src/firejail/sbox.c +++ b/src/firejail/sbox.c | |||
@@ -142,8 +142,10 @@ int sbox_run(unsigned filter, int num, ...) { | |||
142 | } | 142 | } |
143 | else if ((filter & SBOX_ALLOW_STDIN) == 0) { | 143 | else if ((filter & SBOX_ALLOW_STDIN) == 0) { |
144 | int fd = open("/dev/null",O_RDWR, 0); | 144 | int fd = open("/dev/null",O_RDWR, 0); |
145 | if (fd != -1) | 145 | if (fd != -1) { |
146 | dup2(fd, STDIN_FILENO); | 146 | dup2(fd, STDIN_FILENO); |
147 | close(fd); | ||
148 | } | ||
147 | else // the user could run the sandbox without /dev/null | 149 | else // the user could run the sandbox without /dev/null |
148 | close(STDIN_FILENO); | 150 | close(STDIN_FILENO); |
149 | } | 151 | } |
diff --git a/src/libpostexecseccomp/libpostexecseccomp.c b/src/libpostexecseccomp/libpostexecseccomp.c index 6d2c8c695..de64d50c5 100644 --- a/src/libpostexecseccomp/libpostexecseccomp.c +++ b/src/libpostexecseccomp/libpostexecseccomp.c | |||
@@ -32,6 +32,8 @@ static void load_seccomp(void) { | |||
32 | return; | 32 | return; |
33 | 33 | ||
34 | off_t size = lseek(fd, 0, SEEK_END); | 34 | off_t size = lseek(fd, 0, SEEK_END); |
35 | if (size <= 0) | ||
36 | return; | ||
35 | unsigned short entries = (unsigned short) size / (unsigned short) sizeof(struct sock_filter); | 37 | unsigned short entries = (unsigned short) size / (unsigned short) sizeof(struct sock_filter); |
36 | struct sock_filter *filter = MAP_FAILED; | 38 | struct sock_filter *filter = MAP_FAILED; |
37 | if (size != 0) | 39 | if (size != 0) |
@@ -39,7 +41,7 @@ static void load_seccomp(void) { | |||
39 | 41 | ||
40 | close(fd); | 42 | close(fd); |
41 | 43 | ||
42 | if (size == 0 || filter == MAP_FAILED) | 44 | if (filter == MAP_FAILED) |
43 | return; | 45 | return; |
44 | 46 | ||
45 | // install filter | 47 | // install filter |