fix NP deref

private-home and private-bin are included just for consistency
author: smitsohu <smitsohu@gmail.com> 2018-08-15 17:41:37 +0200
committer: smitsohu <smitsohu@gmail.com> 2018-08-15 17:41:37 +0200
commit: 2dc3371a071aec665ac34e04bc53a0ef2ab59fb2 (patch)
tree: 7efed375f737694ed1a38e378d4a730045074abd /src
parent: wireshark.profile: enable apparmor (diff)
download: firejail-2dc3371a071aec665ac34e04bc53a0ef2ab59fb2.tar.gz
firejail-2dc3371a071aec665ac34e04bc53a0ef2ab59fb2.tar.zst
firejail-2dc3371a071aec665ac34e04bc53a0ef2ab59fb2.zip
4 files changed, 20 insertions, 0 deletions
diff --git a/src/firejail/fs_bin.c b/src/firejail/fs_bin.c
index 5625ed356..168ecacfb 100644
--- a/src/firejail/fs_bin.c
+++ b/src/firejail/fs_bin.c
@@ -285,6 +285,10 @@ void fs_private_bin_list(void) {
                errExit("strdup");
        char *ptr = strtok(dlist, ",");
+        if (!ptr) {
+                fprintf(stderr, "Error: invalid private-bin argument\n");
+                exit(1);
+        }
        globbing(ptr);
        while ((ptr = strtok(NULL, ",")) != NULL)
                globbing(ptr);
diff --git a/src/firejail/fs_etc.c b/src/firejail/fs_etc.c
index 8847e44e7..bf60b56a7 100644
--- a/src/firejail/fs_etc.c
+++ b/src/firejail/fs_etc.c
@@ -99,6 +99,8 @@ errexit:
 }
 static void duplicate(const char *fname, const char *private_dir, const char *private_run_dir) {
+        assert(fname);
        if (*fname == '~' || *fname == '/' || strstr(fname, "..")) {
                fprintf(stderr, "Error: \"%s\" is an invalid filename\n", fname);
                exit(1);
@@ -162,6 +164,10 @@ void fs_private_dir_list(const char *private_dir, const char *private_run_dir, c
                char *ptr = strtok(dlist, ",");
+                if (!ptr) {
+                        fprintf(stderr, "Error: invalid private %s argument\n", private_dir);
+                        exit(1);
+                }
                duplicate(ptr, private_dir, private_run_dir);
                while ((ptr = strtok(NULL, ",")) != NULL)
diff --git a/src/firejail/fs_home.c b/src/firejail/fs_home.c
index 09931bd56..3b5094ac9 100644
--- a/src/firejail/fs_home.c
+++ b/src/firejail/fs_home.c
@@ -494,6 +494,10 @@ void fs_private_home_list(void) {
                errExit("strdup");
        char *ptr = strtok(dlist, ",");
+        if (!ptr) {
+                fprintf(stderr, "Error: invalid private-home argument\n");
+                exit(1);
+        }
        duplicate(ptr);
        while ((ptr = strtok(NULL, ",")) != NULL)
                duplicate(ptr);
diff --git a/src/firejail/fs_lib.c b/src/firejail/fs_lib.c
index 77c9a0cf5..a607280a0 100644
--- a/src/firejail/fs_lib.c
+++ b/src/firejail/fs_lib.c
@@ -196,6 +196,8 @@ static void load_library(const char *fname) {
 }
 static void install_list_entry(const char *lib) {
+        assert(lib);
        // filename check
        int len = strlen(lib);
        if (strcspn(lib, "\\&!?\"'<>%^(){}[];,") != (size_t)len ||
@@ -255,6 +257,10 @@ void fslib_install_list(const char *lib_list) {
                errExit("strdup");
        char *ptr = strtok(dlist, ",");
+        if (!ptr) {
+                fprintf(stderr, "Error: invalid private-lib argument\n");
+                exit(1);
+        }
        install_list_entry(ptr);
        while ((ptr = strtok(NULL, ",")) != NULL)
author	smitsohu <smitsohu@gmail.com>	2018-08-15 17:41:37 +0200
committer	smitsohu <smitsohu@gmail.com>	2018-08-15 17:41:37 +0200
commit	2dc3371a071aec665ac34e04bc53a0ef2ab59fb2 (patch)
tree	7efed375f737694ed1a38e378d4a730045074abd /src
parent	wireshark.profile: enable apparmor (diff)
download	firejail-2dc3371a071aec665ac34e04bc53a0ef2ab59fb2.tar.gz firejail-2dc3371a071aec665ac34e04bc53a0ef2ab59fb2.tar.zst firejail-2dc3371a071aec665ac34e04bc53a0ef2ab59fb2.zip