diff options
author | netblue30 <netblue30@protonmail.com> | 2023-01-30 20:12:10 -0500 |
---|---|---|
committer | GitHub <noreply@github.com> | 2023-01-30 20:12:10 -0500 |
commit | 9bc8a7283560220d7389e9af6cf5f92dd9b26dde (patch) | |
tree | d0157832e630d254b2e418e7e6504b3aa6d740d3 /src | |
parent | disable-common.inc: sort history file paths (diff) | |
parent | Prevent sandbox name from containing only digits (diff) | |
download | firejail-9bc8a7283560220d7389e9af6cf5f92dd9b26dde.tar.gz firejail-9bc8a7283560220d7389e9af6cf5f92dd9b26dde.tar.zst firejail-9bc8a7283560220d7389e9af6cf5f92dd9b26dde.zip |
Merge pull request #5578 from layderv/master
modif: Prevent sandbox name from containing only digits
Diffstat (limited to 'src')
-rw-r--r-- | src/firejail/main.c | 13 | ||||
-rw-r--r-- | src/firejail/profile.c | 13 | ||||
-rw-r--r-- | src/man/firejail.txt | 1 |
3 files changed, 27 insertions, 0 deletions
diff --git a/src/firejail/main.c b/src/firejail/main.c index 57fe4fb22..02fcb77d7 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c | |||
@@ -2172,11 +2172,24 @@ int main(int argc, char **argv, char **envp) { | |||
2172 | // hostname, etc | 2172 | // hostname, etc |
2173 | //************************************* | 2173 | //************************************* |
2174 | else if (strncmp(argv[i], "--name=", 7) == 0) { | 2174 | else if (strncmp(argv[i], "--name=", 7) == 0) { |
2175 | int only_numbers = 1; | ||
2175 | cfg.name = argv[i] + 7; | 2176 | cfg.name = argv[i] + 7; |
2176 | if (strlen(cfg.name) == 0) { | 2177 | if (strlen(cfg.name) == 0) { |
2177 | fprintf(stderr, "Error: please provide a name for sandbox\n"); | 2178 | fprintf(stderr, "Error: please provide a name for sandbox\n"); |
2178 | return 1; | 2179 | return 1; |
2179 | } | 2180 | } |
2181 | const char *c = cfg.name; | ||
2182 | while (*c) { | ||
2183 | if (!isdigit(*c)) { | ||
2184 | only_numbers = 0; | ||
2185 | break; | ||
2186 | } | ||
2187 | ++c; | ||
2188 | } | ||
2189 | if (only_numbers) { | ||
2190 | fprintf(stderr, "Error: invalid sandbox name: it only contains digits\n"); | ||
2191 | return 1; | ||
2192 | } | ||
2180 | } | 2193 | } |
2181 | else if (strncmp(argv[i], "--hostname=", 11) == 0) { | 2194 | else if (strncmp(argv[i], "--hostname=", 11) == 0) { |
2182 | cfg.hostname = argv[i] + 11; | 2195 | cfg.hostname = argv[i] + 11; |
diff --git a/src/firejail/profile.c b/src/firejail/profile.c index a64198e68..d01999ec5 100644 --- a/src/firejail/profile.c +++ b/src/firejail/profile.c | |||
@@ -326,11 +326,24 @@ int profile_check_line(char *ptr, int lineno, const char *fname) { | |||
326 | } | 326 | } |
327 | // sandbox name | 327 | // sandbox name |
328 | else if (strncmp(ptr, "name ", 5) == 0) { | 328 | else if (strncmp(ptr, "name ", 5) == 0) { |
329 | int only_numbers = 1; | ||
329 | cfg.name = ptr + 5; | 330 | cfg.name = ptr + 5; |
330 | if (strlen(cfg.name) == 0) { | 331 | if (strlen(cfg.name) == 0) { |
331 | fprintf(stderr, "Error: invalid sandbox name\n"); | 332 | fprintf(stderr, "Error: invalid sandbox name\n"); |
332 | exit(1); | 333 | exit(1); |
333 | } | 334 | } |
335 | const char *c = cfg.name; | ||
336 | while (*c) { | ||
337 | if (!isdigit(*c)) { | ||
338 | only_numbers = 0; | ||
339 | break; | ||
340 | } | ||
341 | ++c; | ||
342 | } | ||
343 | if (only_numbers) { | ||
344 | fprintf(stderr, "Error: invalid sandbox name: it only contains digits\n"); | ||
345 | exit(1); | ||
346 | } | ||
334 | return 0; | 347 | return 0; |
335 | } | 348 | } |
336 | else if (strcmp(ptr, "ipc-namespace") == 0) { | 349 | else if (strcmp(ptr, "ipc-namespace") == 0) { |
diff --git a/src/man/firejail.txt b/src/man/firejail.txt index a088d971a..1b051ab57 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt | |||
@@ -1330,6 +1330,7 @@ $ firejail \-\-net=eth0 \-\-mtu=1492 | |||
1330 | \fB\-\-name=name | 1330 | \fB\-\-name=name |
1331 | Set sandbox name. Several options, such as \-\-join and \-\-shutdown, can use | 1331 | Set sandbox name. Several options, such as \-\-join and \-\-shutdown, can use |
1332 | this name to identify a sandbox. | 1332 | this name to identify a sandbox. |
1333 | The name cannot contain only digits, as that is treated as a PID in the other options, such as in \-\-join. | ||
1333 | 1334 | ||
1334 | In case the name supplied by the user is already in use by another sandbox, Firejail will assign a | 1335 | In case the name supplied by the user is already in use by another sandbox, Firejail will assign a |
1335 | new name as "name-PID", where PID is the process ID of the sandbox. This functionality | 1336 | new name as "name-PID", where PID is the process ID of the sandbox. This functionality |