diff options
| author |  Kelvin M. Klann <kmk3.code@protonmail.com> | 2023-06-13 18:30:25 -0300 |
|---|---|---|
| committer | Kelvin M. Klann <kmk3.code@protonmail.com> | 2023-06-13 21:25:35 -0300 |
| commit | eb6c61154c37605842c3fed906405e3d9653f1ae (patch) | |
| tree | b64715d14adeaa7739a92c46bac0235393d7f077 /src | |
| parent | util.c: check first/last char and allow extra chars (diff) | |
| download | firejail-eb6c61154c37605842c3fed906405e3d9653f1ae.tar.gz firejail-eb6c61154c37605842c3fed906405e3d9653f1ae.tar.zst firejail-eb6c61154c37605842c3fed906405e3d9653f1ae.zip | |
Standardize name/hostname checks
Changes:
* Use only `invalid_name` to check the name and hostname instead of
ad-hoc checks
* Standardize empty/invalid error messages for name/hostname
Note: This makes the hostname validation less strict, though it still
forbids control characters and only numbers.
Relates to #5578 #5708.
See also commit b4ffaa207 ("merges; more on cleaning up esc chars",
2023-02-14).
Diffstat (limited to 'src')
| -rw-r--r-- | src/firejail/main.c | 23 | ||||
| -rw-r--r-- | src/firejail/profile.c | 17 |
2 files changed, 9 insertions, 31 deletions
diff --git a/src/firejail/main.c b/src/firejail/main.c index 715123279..df1c81f3a 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c | |||
| @@ -2187,7 +2187,7 @@ int main(int argc, char **argv, char **envp) { | |||
| 2187 | else if (strncmp(argv[i], "--name=", 7) == 0) { | 2187 | else if (strncmp(argv[i], "--name=", 7) == 0) { |
| 2188 | cfg.name = argv[i] + 7; | 2188 | cfg.name = argv[i] + 7; |
| 2189 | if (strlen(cfg.name) == 0) { | 2189 | if (strlen(cfg.name) == 0) { |
| 2190 | fprintf(stderr, "Error: please provide a name for sandbox\n"); | 2190 | fprintf(stderr, "Error: invalid sandbox name: cannot be empty\n"); |
| 2191 | return 1; | 2191 | return 1; |
| 2192 | } | 2192 | } |
| 2193 | if (invalid_name(cfg.name)) { | 2193 | if (invalid_name(cfg.name)) { |
| @@ -2197,24 +2197,11 @@ int main(int argc, char **argv, char **envp) { | |||
| 2197 | } | 2197 | } |
| 2198 | else if (strncmp(argv[i], "--hostname=", 11) == 0) { | 2198 | else if (strncmp(argv[i], "--hostname=", 11) == 0) { |
| 2199 | cfg.hostname = argv[i] + 11; | 2199 | cfg.hostname = argv[i] + 11; |
| 2200 | size_t len = strlen(cfg.hostname); | 2200 | if (strlen(cfg.hostname) == 0) { |
| 2201 | if (len == 0 || len > 253) { | 2201 | fprintf(stderr, "Error: invalid hostname: cannot be empty\n"); |
| 2202 | fprintf(stderr, "Error: please provide a valid hostname for sandbox, with maximum length of 253 ASCII characters\n"); | ||
| 2203 | return 1; | 2202 | return 1; |
| 2204 | } | 2203 | } |
| 2205 | int invalid = invalid_name(cfg.hostname); | 2204 | if (invalid_name(cfg.hostname)) { |
| 2206 | char* hostname = cfg.hostname; | ||
| 2207 | while (*hostname && !invalid) { | ||
| 2208 | invalid = invalid || !( | ||
| 2209 | (*hostname >= 'a' && *hostname <= 'z') || | ||
| 2210 | (*hostname >= 'A' && *hostname <= 'Z') || | ||
| 2211 | (*hostname >= '0' && *hostname <= '9') || | ||
| 2212 | (*hostname == '-' || *hostname == '.')); | ||
| 2213 | hostname++; | ||
| 2214 | } | ||
| 2215 | invalid = invalid || cfg.hostname[0] == '-'; // must not start with - | ||
| 2216 | invalid = invalid || cfg.hostname[len - 1] == '-'; // must not end with - | ||
| 2217 | if (invalid) { | ||
| 2218 | fprintf(stderr, "Error: invalid hostname\n"); | 2205 | fprintf(stderr, "Error: invalid hostname\n"); |
| 2219 | return 1; | 2206 | return 1; |
| 2220 | } | 2207 | } |
| @@ -2847,7 +2834,7 @@ int main(int argc, char **argv, char **envp) { | |||
| 2847 | // set sandbox name and start normally | 2834 | // set sandbox name and start normally |
| 2848 | cfg.name = argv[i] + 16; | 2835 | cfg.name = argv[i] + 16; |
| 2849 | if (strlen(cfg.name) == 0) { | 2836 | if (strlen(cfg.name) == 0) { |
| 2850 | fprintf(stderr, "Error: please provide a name for sandbox\n"); | 2837 | fprintf(stderr, "Error: invalid sandbox name: cannot be empty\n"); |
| 2851 | return 1; | 2838 | return 1; |
| 2852 | } | 2839 | } |
| 2853 | } | 2840 | } |
diff --git a/src/firejail/profile.c b/src/firejail/profile.c index 202bcf4da..139ce0580 100644 --- a/src/firejail/profile.c +++ b/src/firejail/profile.c | |||
| @@ -326,22 +326,13 @@ int profile_check_line(char *ptr, int lineno, const char *fname) { | |||
| 326 | } | 326 | } |
| 327 | // sandbox name | 327 | // sandbox name |
| 328 | else if (strncmp(ptr, "name ", 5) == 0) { | 328 | else if (strncmp(ptr, "name ", 5) == 0) { |
| 329 | int only_numbers = 1; | ||
| 330 | cfg.name = ptr + 5; | 329 | cfg.name = ptr + 5; |
| 331 | if (strlen(cfg.name) == 0) { | 330 | if (strlen(cfg.name) == 0) { |
| 332 | fprintf(stderr, "Error: invalid sandbox name\n"); | 331 | fprintf(stderr, "Error: invalid sandbox name: cannot be empty\n"); |
| 333 | exit(1); | 332 | exit(1); |
| 334 | } | 333 | } |
| 335 | const char *c = cfg.name; | 334 | if (invalid_name(cfg.name)) { |
| 336 | while (*c) { | 335 | fprintf(stderr, "Error: invalid sandbox name\n"); |
| 337 | if (!isdigit(*c)) { | ||
| 338 | only_numbers = 0; | ||
| 339 | break; | ||
| 340 | } | ||
| 341 | ++c; | ||
| 342 | } | ||
| 343 | if (only_numbers) { | ||
| 344 | fprintf(stderr, "Error: invalid sandbox name: it only contains digits\n"); | ||
| 345 | exit(1); | 336 | exit(1); |
| 346 | } | 337 | } |
| 347 | return 0; | 338 | return 0; |
| @@ -1647,7 +1638,7 @@ int profile_check_line(char *ptr, int lineno, const char *fname) { | |||
| 1647 | // set sandbox name and start normally | 1638 | // set sandbox name and start normally |
| 1648 | cfg.name = ptr + 14; | 1639 | cfg.name = ptr + 14; |
| 1649 | if (strlen(cfg.name) == 0) { | 1640 | if (strlen(cfg.name) == 0) { |
| 1650 | fprintf(stderr, "Error: invalid sandbox name\n"); | 1641 | fprintf(stderr, "Error: invalid sandbox name: cannot be empty\n"); |
| 1651 | exit(1); | 1642 | exit(1); |
| 1652 | } | 1643 | } |
| 1653 | } | 1644 | } |