Add missing name/hostname checks

Note that the sandbox name may also be set through the "join-or-start" option. Relates to #5578 #5708.
author: Kelvin M. Klann <kmk3.code@protonmail.com> 2023-06-13 19:12:16 -0300
committer: Kelvin M. Klann <kmk3.code@protonmail.com> 2023-06-13 21:25:35 -0300
commit: a51968336dfa869be765e7109948725582971319 (patch)
tree: 7837f49c388355554f32ff8df660bb599e24ec35 /src
parent: Standardize name/hostname checks (diff)
download: firejail-a51968336dfa869be765e7109948725582971319.tar.gz
firejail-a51968336dfa869be765e7109948725582971319.tar.zst
firejail-a51968336dfa869be765e7109948725582971319.zip
2 files changed, 16 insertions, 0 deletions
diff --git a/src/firejail/main.c b/src/firejail/main.c
index df1c81f3a..070eb47f3 100644
--- a/src/firejail/main.c
+++ b/src/firejail/main.c
@@ -2837,6 +2837,10 @@ int main(int argc, char **argv, char **envp) {
                                fprintf(stderr, "Error: invalid sandbox name: cannot be empty\n");
                                return 1;
                        }
+                        if (invalid_name(cfg.name)) {
+                                fprintf(stderr, "Error: invalid sandbox name\n");
+                                return 1;
+                        }
                }
                else if (strcmp(argv[i], "--deterministic-exit-code") == 0) {
                        arg_deterministic_exit_code = 1;
diff --git a/src/firejail/profile.c b/src/firejail/profile.c
index 139ce0580..ae881664b 100644
--- a/src/firejail/profile.c
+++ b/src/firejail/profile.c
@@ -1156,6 +1156,14 @@ int profile_check_line(char *ptr, int lineno, const char *fname) {
        // hostname
        if (strncmp(ptr, "hostname ", 9) == 0) {
                cfg.hostname = ptr + 9;
+                if (strlen(cfg.hostname) == 0) {
+                        fprintf(stderr, "Error: invalid hostname: cannot be empty\n");
+                        exit(1);
+                }
+                if (invalid_name(cfg.hostname)) {
+                        fprintf(stderr, "Error: invalid hostname\n");
+                        exit(1);
+                }
                return 0;
        }
@@ -1641,6 +1649,10 @@ int profile_check_line(char *ptr, int lineno, const char *fname) {
                                fprintf(stderr, "Error: invalid sandbox name: cannot be empty\n");
                                exit(1);
                        }
+                        if (invalid_name(cfg.name)) {
+                                fprintf(stderr, "Error: invalid sandbox name\n");
+                                exit(1);
+                        }
                }
                else
                        warning_feature_disabled("join");
author	Kelvin M. Klann <kmk3.code@protonmail.com>	2023-06-13 19:12:16 -0300
committer	Kelvin M. Klann <kmk3.code@protonmail.com>	2023-06-13 21:25:35 -0300
commit	a51968336dfa869be765e7109948725582971319 (patch)
tree	7837f49c388355554f32ff8df660bb599e24ec35 /src
parent	Standardize name/hostname checks (diff)
download	firejail-a51968336dfa869be765e7109948725582971319.tar.gz firejail-a51968336dfa869be765e7109948725582971319.tar.zst firejail-a51968336dfa869be765e7109948725582971319.zip