diff options
author | smitsohu <smitsohu@gmail.com> | 2018-11-04 17:14:45 +0100 |
---|---|---|
committer | smitsohu <smitsohu@gmail.com> | 2018-11-04 17:14:45 +0100 |
commit | 97eed29370b91f54caac7d150c09a681a1763317 (patch) | |
tree | 376dcefb4bc663910fd3a365f337169aedc4fe0b /src | |
parent | Fix gitlab badge link (diff) | |
download | firejail-97eed29370b91f54caac7d150c09a681a1763317.tar.gz firejail-97eed29370b91f54caac7d150c09a681a1763317.tar.zst firejail-97eed29370b91f54caac7d150c09a681a1763317.zip |
fs_whitelist: minor mountinfo check improvement, cleanup
Diffstat (limited to 'src')
-rw-r--r-- | src/firejail/fs_whitelist.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/src/firejail/fs_whitelist.c b/src/firejail/fs_whitelist.c index 1092268f9..829636b9c 100644 --- a/src/firejail/fs_whitelist.c +++ b/src/firejail/fs_whitelist.c | |||
@@ -303,7 +303,9 @@ static void whitelist_path(ProfileEntry *entry) { | |||
303 | 303 | ||
304 | // confirm the file was mounted on the right target | 304 | // confirm the file was mounted on the right target |
305 | // strcmp does not work here, because mptr->dir can be a child mount | 305 | // strcmp does not work here, because mptr->dir can be a child mount |
306 | if (strncmp(mptr->dir, path, strlen(path)) != 0) | 306 | size_t path_len = strlen(path); |
307 | if (strncmp(mptr->dir, path, path_len) != 0 || | ||
308 | (*(mptr->dir + path_len) != '\0' && *(mptr->dir + path_len) != '/')) | ||
307 | errLogExit("invalid whitelist mount"); | 309 | errLogExit("invalid whitelist mount"); |
308 | // No mounts are allowed on top level directories. A destination such as "/etc" is very bad! | 310 | // No mounts are allowed on top level directories. A destination such as "/etc" is very bad! |
309 | // - there should be more than one '/' char in dest string | 311 | // - there should be more than one '/' char in dest string |
@@ -326,8 +328,6 @@ static void whitelist_path(ProfileEntry *entry) { | |||
326 | 328 | ||
327 | 329 | ||
328 | void fs_whitelist(void) { | 330 | void fs_whitelist(void) { |
329 | char *homedir = cfg.homedir; | ||
330 | assert(homedir); | ||
331 | ProfileEntry *entry = cfg.profile; | 331 | ProfileEntry *entry = cfg.profile; |
332 | if (!entry) | 332 | if (!entry) |
333 | return; | 333 | return; |