file transfer fixes

author: netblue30 <netblue30@yahoo.com> 2016-03-12 12:35:06 -0500
committer: netblue30 <netblue30@yahoo.com> 2016-03-12 12:35:06 -0500
commit: d1a90d0ceb9743e0ce4d41d36189ec9ae9cf20b3 (patch)
tree: 9bece5754be5922c4cb55073329c73f09a386095 /src
parent: added firejail.config (diff)
download: firejail-d1a90d0ceb9743e0ce4d41d36189ec9ae9cf20b3.tar.gz
firejail-d1a90d0ceb9743e0ce4d41d36189ec9ae9cf20b3.tar.zst
firejail-d1a90d0ceb9743e0ce4d41d36189ec9ae9cf20b3.zip
2 files changed, 57 insertions, 40 deletions
diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h
index 99705f0e6..bf0937f35 100644
--- a/src/firejail/firejail.h
+++ b/src/firejail/firejail.h
@@ -535,7 +535,12 @@ int x11_check_xpra(void);
 #define SANDBOX_FS_LS 0
 #define SANDBOX_FS_GET 1
 void sandboxfs_name(int op, const char *name, const char *path);
-void sandboxfs(int op, pid_t pid, const char *path);
+void sandboxfs(int op, pid_t pid, const char *patqh);
+// checkcfg.c
+#define CFG_FILE_TRANSFER 0
+#define CFG_MAX 1 // this should always be the last entry
+int checkcfg(int val);
 #endif
diff --git a/src/firejail/main.c b/src/firejail/main.c
index bfb0eadc9..0a02d0918 100644
--- a/src/firejail/main.c
+++ b/src/firejail/main.c
@@ -429,52 +429,64 @@ static void run_cmd_and_exit(int i, int argc, char **argv) {
                exit(0);
        }
 #endif  
-#ifndef HAVE_FILE_TRANSFER
+#ifdef HAVE_FILE_TRANSFER
        else if (strncmp(argv[i], "--get=", 6) == 0) {
-                logargs(argc, argv);
+                if (checkcfg(CFG_FILE_TRANSFER)) {
-                
+                        logargs(argc, argv);
-                // verify path
+                        
-                if ((i + 2) != argc) {
+                        // verify path
-                        fprintf(stderr, "Error: invalid --get option, path expected\n");
+                        if ((i + 2) != argc) {
+                                fprintf(stderr, "Error: invalid --get option, path expected\n");
+                                exit(1);
+                        }
+                        char *path = argv[i + 1];
+                         invalid_filename(path);
+                         if (strstr(path, "..")) {
+                                fprintf(stderr, "Error: invalid file name %s\n", path);
+                                exit(1);
+                         }
+                         
+                        // get file
+                        pid_t pid;
+                        if (read_pid(argv[i] + 6, &pid) == 0)           
+                                sandboxfs(SANDBOX_FS_GET, pid, path);
+                        else
+                                sandboxfs_name(SANDBOX_FS_GET, argv[i] + 6, path);
+                        exit(0);
+                }
+                else {
+                        fprintf(stderr, "Error: this feature is disabled in Firejail configuration file\n");
                        exit(1);
                }
-                char *path = argv[i + 1];
-                 invalid_filename(path);
-                 if (strstr(path, "..")) {
-                        fprintf(stderr, "Error: invalid file name %s\n", path);
-                        exit(1);
-                 }
-                 
-                // get file
-                pid_t pid;
-                if (read_pid(argv[i] + 6, &pid) == 0)           
-                        sandboxfs(SANDBOX_FS_GET, pid, path);
-                else
-                        sandboxfs_name(SANDBOX_FS_GET, argv[i] + 6, path);
-                exit(0);
        }
        else if (strncmp(argv[i], "--ls=", 5) == 0) {
-                logargs(argc, argv);
+                if (checkcfg(CFG_FILE_TRANSFER)) {
-                
+                        logargs(argc, argv);
-                // verify path
+                        
-                if ((i + 2) != argc) {
+                        // verify path
-                        fprintf(stderr, "Error: invalid --ls option, path expected\n");
+                        if ((i + 2) != argc) {
+                                fprintf(stderr, "Error: invalid --ls option, path expected\n");
+                                exit(1);
+                        }
+                        char *path = argv[i + 1];
+                         invalid_filename(path);
+                         if (strstr(path, "..")) {
+                                fprintf(stderr, "Error: invalid file name %s\n", path);
+                                exit(1);
+                         }
+                         
+                        // list directory contents
+                        pid_t pid;
+                        if (read_pid(argv[i] + 5, &pid) == 0)           
+                                sandboxfs(SANDBOX_FS_LS, pid, path);
+                        else
+                                sandboxfs_name(SANDBOX_FS_LS, argv[i] + 5, path);
+                        exit(0);
+                }
+                else {
+                        fprintf(stderr, "Error: this feature is disabled in Firejail configuration file\n");
                        exit(1);
                }
-                char *path = argv[i + 1];
-                 invalid_filename(path);
-                 if (strstr(path, "..")) {
-                        fprintf(stderr, "Error: invalid file name %s\n", path);
-                        exit(1);
-                 }
-                 
-                // list directory contents
-                pid_t pid;
-                if (read_pid(argv[i] + 5, &pid) == 0)           
-                        sandboxfs(SANDBOX_FS_LS, pid, path);
-                else
-                        sandboxfs_name(SANDBOX_FS_LS, argv[i] + 5, path);
-                exit(0);
        }
 #endif
        else if (strncmp(argv[i], "--join=", 7) == 0) {
author	netblue30 <netblue30@yahoo.com>	2016-03-12 12:35:06 -0500
committer	netblue30 <netblue30@yahoo.com>	2016-03-12 12:35:06 -0500
commit	d1a90d0ceb9743e0ce4d41d36189ec9ae9cf20b3 (patch)
tree	9bece5754be5922c4cb55073329c73f09a386095 /src
parent	added firejail.config (diff)
download	firejail-d1a90d0ceb9743e0ce4d41d36189ec9ae9cf20b3.tar.gz firejail-d1a90d0ceb9743e0ce4d41d36189ec9ae9cf20b3.tar.zst firejail-d1a90d0ceb9743e0ce4d41d36189ec9ae9cf20b3.zip

diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h index 99705f0e6..bf0937f35 100644 --- a/src/firejail/firejail.h +++ b/src/firejail/firejail.h
@@ -535,7 +535,12 @@ int x11_check_xpra(void);
535	#define SANDBOX_FS_LS 0	535	#define SANDBOX_FS_LS 0
536	#define SANDBOX_FS_GET 1	536	#define SANDBOX_FS_GET 1
537	void sandboxfs_name(int op, const char name, const char path);	537	void sandboxfs_name(int op, const char name, const char path);
538	void sandboxfs(int op, pid_t pid, const char *path);	538	void sandboxfs(int op, pid_t pid, const char *patqh);
		539
		540	// checkcfg.c
		541	#define CFG_FILE_TRANSFER 0
		542	#define CFG_MAX 1 // this should always be the last entry
		543	int checkcfg(int val);
539		544
540	#endif	545	#endif
541		546


diff --git a/src/firejail/main.c b/src/firejail/main.c index bfb0eadc9..0a02d0918 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c
@@ -429,52 +429,64 @@ static void run_cmd_and_exit(int i, int argc, char **argv) {
429	exit(0);	429	exit(0);
430	}	430	}
431	#endif	431	#endif
432	#ifndef HAVE_FILE_TRANSFER	432	#ifdef HAVE_FILE_TRANSFER
433	else if (strncmp(argv[i], "--get=", 6) == 0) {	433	else if (strncmp(argv[i], "--get=", 6) == 0) {
434	logargs(argc, argv);	434	if (checkcfg(CFG_FILE_TRANSFER)) {
435		435	logargs(argc, argv);
436	// verify path	436
437	if ((i + 2) != argc) {	437	// verify path
438	fprintf(stderr, "Error: invalid --get option, path expected\n");	438	if ((i + 2) != argc) {
		439	fprintf(stderr, "Error: invalid --get option, path expected\n");
		440	exit(1);
		441	}
		442	char *path = argv[i + 1];
		443	invalid_filename(path);
		444	if (strstr(path, "..")) {
		445	fprintf(stderr, "Error: invalid file name %s\n", path);
		446	exit(1);
		447	}
		448
		449	// get file
		450	pid_t pid;
		451	if (read_pid(argv[i] + 6, &pid) == 0)
		452	sandboxfs(SANDBOX_FS_GET, pid, path);
		453	else
		454	sandboxfs_name(SANDBOX_FS_GET, argv[i] + 6, path);
		455	exit(0);
		456	}
		457	else {
		458	fprintf(stderr, "Error: this feature is disabled in Firejail configuration file\n");
439	exit(1);	459	exit(1);
440	}	460	}
441	char *path = argv[i + 1];
442	invalid_filename(path);
443	if (strstr(path, "..")) {
444	fprintf(stderr, "Error: invalid file name %s\n", path);
445	exit(1);
446	}
447
448	// get file
449	pid_t pid;
450	if (read_pid(argv[i] + 6, &pid) == 0)
451	sandboxfs(SANDBOX_FS_GET, pid, path);
452	else
453	sandboxfs_name(SANDBOX_FS_GET, argv[i] + 6, path);
454	exit(0);
455	}	461	}
456	else if (strncmp(argv[i], "--ls=", 5) == 0) {	462	else if (strncmp(argv[i], "--ls=", 5) == 0) {
457	logargs(argc, argv);	463	if (checkcfg(CFG_FILE_TRANSFER)) {
458		464	logargs(argc, argv);
459	// verify path	465
460	if ((i + 2) != argc) {	466	// verify path
461	fprintf(stderr, "Error: invalid --ls option, path expected\n");	467	if ((i + 2) != argc) {
		468	fprintf(stderr, "Error: invalid --ls option, path expected\n");
		469	exit(1);
		470	}
		471	char *path = argv[i + 1];
		472	invalid_filename(path);
		473	if (strstr(path, "..")) {
		474	fprintf(stderr, "Error: invalid file name %s\n", path);
		475	exit(1);
		476	}
		477
		478	// list directory contents
		479	pid_t pid;
		480	if (read_pid(argv[i] + 5, &pid) == 0)
		481	sandboxfs(SANDBOX_FS_LS, pid, path);
		482	else
		483	sandboxfs_name(SANDBOX_FS_LS, argv[i] + 5, path);
		484	exit(0);
		485	}
		486	else {
		487	fprintf(stderr, "Error: this feature is disabled in Firejail configuration file\n");
462	exit(1);	488	exit(1);
463	}	489	}
464	char *path = argv[i + 1];
465	invalid_filename(path);
466	if (strstr(path, "..")) {
467	fprintf(stderr, "Error: invalid file name %s\n", path);
468	exit(1);
469	}
470
471	// list directory contents
472	pid_t pid;
473	if (read_pid(argv[i] + 5, &pid) == 0)
474	sandboxfs(SANDBOX_FS_LS, pid, path);
475	else
476	sandboxfs_name(SANDBOX_FS_LS, argv[i] + 5, path);
477	exit(0);
478	}	490	}
479	#endif	491	#endif
480	else if (strncmp(argv[i], "--join=", 7) == 0) {	492	else if (strncmp(argv[i], "--join=", 7) == 0) {