CVE-2016-7545

2 files changed, 10 insertions, 0 deletions

diff --git a/src/firejail/main.c b/src/firejail/main.c
index 1f2ee9573..135ff17d8 100644
--- a/src/firejail/main.c
+++ b/src/firejail/main.c
@@ -35,6 +35,8 @@
 #include <signal.h>
 #include <time.h>
 #include <net/if.h>
+#include <sys/ioctl.h>
+#include <termios.h>
 
 #if 0
 #include <sys/times.h>
@@ -141,6 +143,7 @@ static void myexit(int rv) {
         EUID_ROOT();
         clear_run_files(sandbox_pid);
         appimage_clear();
+        ioctl(0, TCFLSH, TCIFLUSH);
                 
         exit(rv); 
 }
diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c
index cc5483c08..08296d823 100644
--- a/src/firejail/sandbox.c
+++ b/src/firejail/sandbox.c
@@ -28,6 +28,8 @@
 #include <sys/types.h>
 #include <dirent.h>
 #include <errno.h>
+#include <sys/ioctl.h>
+#include <termios.h>
 
 #include <sched.h>
 #ifndef CLONE_NEWUSER
@@ -80,8 +82,10 @@ static void sandbox_handler(int sig){
                 
         }
 
+
         // broadcast a SIGKILL
         kill(-1, SIGKILL);
+        ioctl(0, TCFLSH, TCIFLUSH);
         exit(sig);
 }
 
@@ -290,6 +294,8 @@ void start_audit(void) {
 }
 
 void start_application(void) {
+//if (setsid() == -1)
+//errExit("setsid");
         //****************************************
         // audit
         //****************************************
@@ -890,6 +896,7 @@ int sandbox(void* sandbox_arg) {
         }
 
         int status = monitor_application(app_pid);      // monitor application
+        ioctl(0, TCFLSH, TCIFLUSH);
 
         if (WIFEXITED(status)) {
                 // if we had a proper exit, return that exit status