diff options
author | layderv <20249311+layderv@users.noreply.github.com> | 2023-03-03 11:03:40 -0500 |
---|---|---|
committer | layderv <20249311+layderv@users.noreply.github.com> | 2023-03-03 11:12:56 -0500 |
commit | d349a2ff8312dc7e149cc5545a53a1d6d7357717 (patch) | |
tree | ea4fda85d08fea823f288e34d9f1cf6f60ac5883 /src | |
parent | cleanup (diff) | |
download | firejail-d349a2ff8312dc7e149cc5545a53a1d6d7357717.tar.gz firejail-d349a2ff8312dc7e149cc5545a53a1d6d7357717.tar.zst firejail-d349a2ff8312dc7e149cc5545a53a1d6d7357717.zip |
Forbid control chars in names
Diffstat (limited to 'src')
-rw-r--r-- | src/firejail/main.c | 23 | ||||
-rw-r--r-- | src/firejail/output.c | 4 |
2 files changed, 20 insertions, 7 deletions
diff --git a/src/firejail/main.c b/src/firejail/main.c index 0e5363cb0..62035ff04 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c | |||
@@ -1575,7 +1575,7 @@ int main(int argc, char **argv, char **envp) { | |||
1575 | exit(1); | 1575 | exit(1); |
1576 | } | 1576 | } |
1577 | invalid_filename(arg_tracefile, 0); // no globbing | 1577 | invalid_filename(arg_tracefile, 0); // no globbing |
1578 | if (strstr(arg_tracefile, "..")) { | 1578 | if (strstr(arg_tracefile, "..") || has_cntrl_chars(arg_tracefile)) { |
1579 | fprintf(stderr, "Error: invalid file name %s\n", arg_tracefile); | 1579 | fprintf(stderr, "Error: invalid file name %s\n", arg_tracefile); |
1580 | exit(1); | 1580 | exit(1); |
1581 | } | 1581 | } |
@@ -2186,18 +2186,31 @@ int main(int argc, char **argv, char **envp) { | |||
2186 | fprintf(stderr, "Error: please provide a name for sandbox\n"); | 2186 | fprintf(stderr, "Error: please provide a name for sandbox\n"); |
2187 | return 1; | 2187 | return 1; |
2188 | } | 2188 | } |
2189 | if (invalid_name(cfg.name)) { | 2189 | if (invalid_name(cfg.name) || has_cntrl_chars(cfg.name)) { |
2190 | fprintf(stderr, "Error: invalid sandbox name\n"); | 2190 | fprintf(stderr, "Error: invalid sandbox name\n"); |
2191 | return 1; | 2191 | return 1; |
2192 | } | 2192 | } |
2193 | } | 2193 | } |
2194 | else if (strncmp(argv[i], "--hostname=", 11) == 0) { | 2194 | else if (strncmp(argv[i], "--hostname=", 11) == 0) { |
2195 | cfg.hostname = argv[i] + 11; | 2195 | cfg.hostname = argv[i] + 11; |
2196 | if (strlen(cfg.hostname) == 0) { | 2196 | size_t len = strlen(cfg.hostname); |
2197 | fprintf(stderr, "Error: please provide a hostname for sandbox\n"); | 2197 | if (len == 0 || len > 253) { |
2198 | fprintf(stderr, "Error: please provide a valid hostname for sandbox, with maximum length of 253 ASCII characters\n"); | ||
2198 | return 1; | 2199 | return 1; |
2199 | } | 2200 | } |
2200 | if (invalid_name(cfg.hostname)) { | 2201 | int invalid = invalid_name(cfg.hostname); |
2202 | char* hostname = cfg.hostname; | ||
2203 | while (*hostname && !invalid) { | ||
2204 | invalid = invalid || !( | ||
2205 | (*hostname >= 'a' && *hostname <= 'z') || | ||
2206 | (*hostname >= 'A' && *hostname <= 'Z') || | ||
2207 | (*hostname >= '0' && *hostname <= '9') || | ||
2208 | (*hostname == '-' || *hostname == '.')); | ||
2209 | hostname++; | ||
2210 | } | ||
2211 | invalid = invalid || cfg.hostname[0] == '-'; // must not start with - | ||
2212 | invalid = invalid || cfg.hostname[len - 1] == '-'; // must not end with - | ||
2213 | if (invalid) { | ||
2201 | fprintf(stderr, "Error: invalid hostname\n"); | 2214 | fprintf(stderr, "Error: invalid hostname\n"); |
2202 | return 1; | 2215 | return 1; |
2203 | } | 2216 | } |
diff --git a/src/firejail/output.c b/src/firejail/output.c index 57679901f..687aaba9c 100644 --- a/src/firejail/output.c +++ b/src/firejail/output.c | |||
@@ -66,8 +66,8 @@ void check_output(int argc, char **argv) { | |||
66 | } | 66 | } |
67 | 67 | ||
68 | // do not accept directories, links, and files with ".." | 68 | // do not accept directories, links, and files with ".." |
69 | if (strstr(outfile, "..") || is_link(outfile) || is_dir(outfile)) { | 69 | if (strstr(outfile, "..") || is_link(outfile) || is_dir(outfile) || has_cntrl_chars(outfile)) { |
70 | fprintf(stderr, "Error: invalid output file. Links, directories and files with \"..\" are not allowed.\n"); | 70 | fprintf(stderr, "Error: invalid output file. Links, directories, files with \"..\" and control characters in filenames are not allowed.\n"); |
71 | exit(1); | 71 | exit(1); |
72 | } | 72 | } |
73 | 73 | ||