aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorLibravatar netblue30 <netblue30@yahoo.com>2018-08-28 19:00:05 -0400
committerLibravatar netblue30 <netblue30@yahoo.com>2018-08-28 19:00:05 -0400
commit7c0cf390b0087c313f0fdd44c0006af69a8a1ca0 (patch)
tree525cee7926459c181c15b2b26d9f274c573007eb /src
parentRevert "improve --chroot directory check" (diff)
downloadfirejail-7c0cf390b0087c313f0fdd44c0006af69a8a1ca0.tar.gz
firejail-7c0cf390b0087c313f0fdd44c0006af69a8a1ca0.tar.zst
firejail-7c0cf390b0087c313f0fdd44c0006af69a8a1ca0.zip
cleanup
Diffstat (limited to 'src')
-rw-r--r--src/firecfg/desktop_files.c4
-rw-r--r--src/firejail/fs_whitelist.c19
-rw-r--r--src/firejail/main.c6
-rw-r--r--src/firejail/profile.c1
-rw-r--r--src/firejail/restrict_users.c2
-rw-r--r--src/fsec-optimize/main.c3
6 files changed, 28 insertions, 7 deletions
diff --git a/src/firecfg/desktop_files.c b/src/firecfg/desktop_files.c
index de2b8cfa2..f09a23977 100644
--- a/src/firecfg/desktop_files.c
+++ b/src/firecfg/desktop_files.c
@@ -184,7 +184,9 @@ void fix_desktop_files(char *homedir) {
184 } 184 }
185 185
186 fseek(fp, 0, SEEK_END); 186 fseek(fp, 0, SEEK_END);
187 size_t size = ftell(fp); 187 long size = ftell(fp);
188 if (size == -1)
189 errExit("ftell");
188 fseek(fp, 0, SEEK_SET); 190 fseek(fp, 0, SEEK_SET);
189 char *buf = malloc(size + 1); 191 char *buf = malloc(size + 1);
190 if (!buf) 192 if (!buf)
diff --git a/src/firejail/fs_whitelist.c b/src/firejail/fs_whitelist.c
index 9b68b6753..e983a071d 100644
--- a/src/firejail/fs_whitelist.c
+++ b/src/firejail/fs_whitelist.c
@@ -523,6 +523,7 @@ void fs_whitelist(void) {
523 523
524 // both path and absolute path are under /tmp 524 // both path and absolute path are under /tmp
525 if (strncmp(fname, "/tmp/", 5) != 0) { 525 if (strncmp(fname, "/tmp/", 5) != 0) {
526 free(fname);
526 goto errexit; 527 goto errexit;
527 } 528 }
528 } 529 }
@@ -531,6 +532,7 @@ void fs_whitelist(void) {
531 media_dir = 1; 532 media_dir = 1;
532 // both path and absolute path are under /media 533 // both path and absolute path are under /media
533 if (strncmp(fname, "/media/", 7) != 0) { 534 if (strncmp(fname, "/media/", 7) != 0) {
535 free(fname);
534 goto errexit; 536 goto errexit;
535 } 537 }
536 } 538 }
@@ -539,6 +541,7 @@ void fs_whitelist(void) {
539 mnt_dir = 1; 541 mnt_dir = 1;
540 // both path and absolute path are under /mnt 542 // both path and absolute path are under /mnt
541 if (strncmp(fname, "/mnt/", 5) != 0) { 543 if (strncmp(fname, "/mnt/", 5) != 0) {
544 free(fname);
542 goto errexit; 545 goto errexit;
543 } 546 }
544 } 547 }
@@ -553,6 +556,7 @@ void fs_whitelist(void) {
553 else { 556 else {
554 // both path and absolute path are under /var 557 // both path and absolute path are under /var
555 if (strncmp(fname, "/var/", 5) != 0) { 558 if (strncmp(fname, "/var/", 5) != 0) {
559 free(fname);
556 goto errexit; 560 goto errexit;
557 } 561 }
558 } 562 }
@@ -573,6 +577,7 @@ void fs_whitelist(void) {
573 else { 577 else {
574 // both path and absolute path are under /dev 578 // both path and absolute path are under /dev
575 if (strncmp(fname, "/dev/", 5) != 0) { 579 if (strncmp(fname, "/dev/", 5) != 0) {
580 free(fname);
576 goto errexit; 581 goto errexit;
577 } 582 }
578 } 583 }
@@ -582,6 +587,7 @@ void fs_whitelist(void) {
582 opt_dir = 1; 587 opt_dir = 1;
583 // both path and absolute path are under /dev 588 // both path and absolute path are under /dev
584 if (strncmp(fname, "/opt/", 5) != 0) { 589 if (strncmp(fname, "/opt/", 5) != 0) {
590 free(fname);
585 goto errexit; 591 goto errexit;
586 } 592 }
587 } 593 }
@@ -590,6 +596,7 @@ void fs_whitelist(void) {
590 srv_dir = 1; 596 srv_dir = 1;
591 // both path and absolute path are under /srv 597 // both path and absolute path are under /srv
592 if (strncmp(fname, "/srv/", 5) != 0) { 598 if (strncmp(fname, "/srv/", 5) != 0) {
599 free(fname);
593 goto errexit; 600 goto errexit;
594 } 601 }
595 } 602 }
@@ -602,23 +609,29 @@ void fs_whitelist(void) {
602 else if (strcmp(new_name, "/etc/os-release") == 0); 609 else if (strcmp(new_name, "/etc/os-release") == 0);
603 // both path and absolute path are under /etc 610 // both path and absolute path are under /etc
604 else { 611 else {
605 if (strncmp(fname, "/etc/", 5) != 0) 612 if (strncmp(fname, "/etc/", 5) != 0) {
613 free(fname);
606 goto errexit; 614 goto errexit;
615 }
607 } 616 }
608 } 617 }
609 else if (strncmp(new_name, "/usr/share/", 11) == 0) { 618 else if (strncmp(new_name, "/usr/share/", 11) == 0) {
610 entry->share_dir = 1; 619 entry->share_dir = 1;
611 share_dir = 1; 620 share_dir = 1;
612 // both path and absolute path are under /etc 621 // both path and absolute path are under /etc
613 if (strncmp(fname, "/usr/share/", 11) != 0) 622 if (strncmp(fname, "/usr/share/", 11) != 0) {
623 free(fname);
614 goto errexit; 624 goto errexit;
625 }
615 } 626 }
616 else if (strncmp(new_name, "/sys/module/", 12) == 0) { 627 else if (strncmp(new_name, "/sys/module/", 12) == 0) {
617 entry->module_dir = 1; 628 entry->module_dir = 1;
618 module_dir = 1; 629 module_dir = 1;
619 // both path and absolute path are under /sys/module 630 // both path and absolute path are under /sys/module
620 if (strncmp(fname, "/sys/module/", 12) != 0) 631 if (strncmp(fname, "/sys/module/", 12) != 0) {
632 free(fname);
621 goto errexit; 633 goto errexit;
634 }
622 } 635 }
623 else { 636 else {
624 goto errexit; 637 goto errexit;
diff --git a/src/firejail/main.c b/src/firejail/main.c
index b3a8dcfd7..ba952b1cb 100644
--- a/src/firejail/main.c
+++ b/src/firejail/main.c
@@ -2409,8 +2409,10 @@ int main(int argc, char **argv) {
2409 int display = x11_display(); 2409 int display = x11_display();
2410 if (display > 0) 2410 if (display > 0)
2411 set_x11_run_file(sandbox_pid, display); 2411 set_x11_run_file(sandbox_pid, display);
2412 flock(lockfd_directory, LOCK_UN); 2412 if (lockfd_directory != -1) {
2413 close(lockfd_directory); 2413 flock(lockfd_directory, LOCK_UN);
2414 close(lockfd_directory);
2415 }
2414 EUID_USER(); 2416 EUID_USER();
2415 2417
2416 // clone environment 2418 // clone environment
diff --git a/src/firejail/profile.c b/src/firejail/profile.c
index 168d7e268..bc5915d46 100644
--- a/src/firejail/profile.c
+++ b/src/firejail/profile.c
@@ -724,6 +724,7 @@ int profile_check_line(char *ptr, int lineno, const char *fname) {
724 cfg.dns4 = dns; 724 cfg.dns4 = dns;
725 else { 725 else {
726 fprintf(stderr, "Error: up to 4 DNS servers can be specified\n"); 726 fprintf(stderr, "Error: up to 4 DNS servers can be specified\n");
727 free(dns);
727 return 1; 728 return 1;
728 } 729 }
729 return 0; 730 return 0;
diff --git a/src/firejail/restrict_users.c b/src/firejail/restrict_users.c
index d66deeb97..fa672eccb 100644
--- a/src/firejail/restrict_users.c
+++ b/src/firejail/restrict_users.c
@@ -41,6 +41,8 @@ static void ulist_add(const char *user) {
41 assert(user); 41 assert(user);
42 42
43 USER_LIST *nlist = malloc(sizeof(USER_LIST)); 43 USER_LIST *nlist = malloc(sizeof(USER_LIST));
44 if (!nlist)
45 errExit("malloc");
44 memset(nlist, 0, sizeof(USER_LIST)); 46 memset(nlist, 0, sizeof(USER_LIST));
45 nlist->user = user; 47 nlist->user = user;
46 nlist->next = ulist; 48 nlist->next = ulist;
diff --git a/src/fsec-optimize/main.c b/src/fsec-optimize/main.c
index f4300f350..80ca098cb 100644
--- a/src/fsec-optimize/main.c
+++ b/src/fsec-optimize/main.c
@@ -87,7 +87,8 @@ printf("\n");
87 87
88 return 0; 88 return 0;
89errexit: 89errexit:
90 close(fd); 90 if (fd != -1)
91 close(fd);
91 fprintf(stderr, "Error: cannot read %s\n", fname); 92 fprintf(stderr, "Error: cannot read %s\n", fname);
92 exit(1); 93 exit(1);
93 94
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-07-01 07:35:21 +0000