diff options
author | smitsohu <smitsohu@gmail.com> | 2018-10-12 18:33:17 +0200 |
---|---|---|
committer | smitsohu <smitsohu@gmail.com> | 2018-10-12 18:33:17 +0200 |
commit | a5b7a9a8bec6a7f2162850449b1ff29c1fde2826 (patch) | |
tree | a3dc40069cfecde3e009516f5b9d6f0bb0bfff01 /src | |
parent | profiles: file needs access to libmagic (diff) | |
download | firejail-a5b7a9a8bec6a7f2162850449b1ff29c1fde2826.tar.gz firejail-a5b7a9a8bec6a7f2162850449b1ff29c1fde2826.tar.zst firejail-a5b7a9a8bec6a7f2162850449b1ff29c1fde2826.zip |
clean homedir pathname
fixes #2137 and similar issues with the /proc/self/mountinfo checks
Diffstat (limited to 'src')
-rw-r--r-- | src/firejail/firejail.h | 1 | ||||
-rw-r--r-- | src/firejail/main.c | 5 | ||||
-rw-r--r-- | src/firejail/util.c | 42 |
3 files changed, 44 insertions, 4 deletions
diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h index 1d74dc8dc..cae767667 100644 --- a/src/firejail/firejail.h +++ b/src/firejail/firejail.h | |||
@@ -522,6 +522,7 @@ int is_link(const char *fname); | |||
522 | void trim_trailing_slash_or_dot(char *path); | 522 | void trim_trailing_slash_or_dot(char *path); |
523 | char *line_remove_spaces(const char *buf); | 523 | char *line_remove_spaces(const char *buf); |
524 | char *split_comma(char *str); | 524 | char *split_comma(char *str); |
525 | char *clean_pathname(const char *path); | ||
525 | void check_unsigned(const char *str, const char *msg); | 526 | void check_unsigned(const char *str, const char *msg); |
526 | int find_child(pid_t parent, pid_t *child); | 527 | int find_child(pid_t parent, pid_t *child); |
527 | void check_private_dir(void); | 528 | void check_private_dir(void); |
diff --git a/src/firejail/main.c b/src/firejail/main.c index 123fe96a1..315a7260a 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c | |||
@@ -233,9 +233,8 @@ static void init_cfg(int argc, char **argv) { | |||
233 | // build home directory name | 233 | // build home directory name |
234 | cfg.homedir = NULL; | 234 | cfg.homedir = NULL; |
235 | if (pw->pw_dir != NULL) { | 235 | if (pw->pw_dir != NULL) { |
236 | cfg.homedir = strdup(pw->pw_dir); | 236 | cfg.homedir = clean_pathname(pw->pw_dir); |
237 | if (!cfg.homedir) | 237 | assert(cfg.homedir); |
238 | errExit("strdup"); | ||
239 | } | 238 | } |
240 | else { | 239 | else { |
241 | fprintf(stderr, "Error: user %s doesn't have a user directory assigned\n", cfg.username); | 240 | fprintf(stderr, "Error: user %s doesn't have a user directory assigned\n", cfg.username); |
diff --git a/src/firejail/util.c b/src/firejail/util.c index ae07a42b0..0d1418b43 100644 --- a/src/firejail/util.c +++ b/src/firejail/util.c | |||
@@ -533,6 +533,46 @@ char *split_comma(char *str) { | |||
533 | } | 533 | } |
534 | 534 | ||
535 | 535 | ||
536 | // remove consecutive and trailing slashes | ||
537 | // and return allocated memory | ||
538 | // e.g. /home//user/ -> /home/user | ||
539 | char *clean_pathname(const char *path) { | ||
540 | assert(path); | ||
541 | size_t len = strlen(path); | ||
542 | char *rv = calloc(len + 1, 1); | ||
543 | if (!rv) | ||
544 | errExit("calloc"); | ||
545 | |||
546 | if (len > 0) { | ||
547 | int i, j, cnt; | ||
548 | for (i = 0, j = 0, cnt = 0; i < len; i++) { | ||
549 | if (path[i] == '/') | ||
550 | cnt++; | ||
551 | else | ||
552 | cnt = 0; | ||
553 | |||
554 | if (cnt < 2) { | ||
555 | rv[j] = path[i]; | ||
556 | j++; | ||
557 | } | ||
558 | } | ||
559 | |||
560 | // remove a trailing slash | ||
561 | if (j > 1 && rv[j - 1] == '/') | ||
562 | rv[j - 1] = '\0'; | ||
563 | |||
564 | size_t new_len = strlen(rv); | ||
565 | if (new_len < len) { | ||
566 | rv = realloc(rv, new_len + 1); | ||
567 | if (!rv) | ||
568 | errExit("realloc"); | ||
569 | } | ||
570 | } | ||
571 | |||
572 | return rv; | ||
573 | } | ||
574 | |||
575 | |||
536 | void check_unsigned(const char *str, const char *msg) { | 576 | void check_unsigned(const char *str, const char *msg) { |
537 | EUID_ASSERT(); | 577 | EUID_ASSERT(); |
538 | const char *ptr = str; | 578 | const char *ptr = str; |
@@ -656,7 +696,7 @@ void extract_command_name(int index, char **argv) { | |||
656 | // command name is a substring of cfg.command_name | 696 | // command name is a substring of cfg.command_name |
657 | if (basename != cfg.command_name || *ptr != '\0') { | 697 | if (basename != cfg.command_name || *ptr != '\0') { |
658 | *ptr = '\0'; | 698 | *ptr = '\0'; |
659 | 699 | ||
660 | basename = strdup(basename); | 700 | basename = strdup(basename); |
661 | if (!basename) | 701 | if (!basename) |
662 | errExit("strdup"); | 702 | errExit("strdup"); |