diff options
| author |  Kaan Genç <kaan@kaangenc.me> | 2016-01-08 21:23:39 +0200 |
|---|---|---|
| committer | Kaan Genç <kaan@kaangenc.me> | 2016-01-08 21:23:39 +0200 |
| commit | cc214932335ffcfa28f11f370e7dc9e249bfa9eb (patch) | |
| tree | 41582522b5bc8108786a6c722f45d0eb9c2cd92a /src | |
| parent | Merge branch 'master' of https://github.com/netblue30/firejail (diff) | |
| download | firejail-cc214932335ffcfa28f11f370e7dc9e249bfa9eb.tar.gz firejail-cc214932335ffcfa28f11f370e7dc9e249bfa9eb.tar.zst firejail-cc214932335ffcfa28f11f370e7dc9e249bfa9eb.zip | |
dynamic allocation of noblacklist buffer
Diffstat (limited to 'src')
| -rw-r--r-- | src/firejail/fs.c | 18 |
1 files changed, 11 insertions, 7 deletions
diff --git a/src/firejail/fs.c b/src/firejail/fs.c index ea8752624..402a3df20 100644 --- a/src/firejail/fs.c +++ b/src/firejail/fs.c | |||
| @@ -310,11 +310,12 @@ void fs_blacklist(void) { | |||
| 310 | if (!entry) | 310 | if (!entry) |
| 311 | return; | 311 | return; |
| 312 | 312 | ||
| 313 | // a statically allocated buffer works for all current needs | ||
| 314 | // TODO: if dynamic allocation is ever needed, we should probably add | ||
| 315 | // libraries that make it easy to do without introducing security bugs | ||
| 316 | char *noblacklist[32]; | ||
| 317 | size_t noblacklist_c = 0; | 313 | size_t noblacklist_c = 0; |
| 314 | size_t noblacklist_m = 32; | ||
| 315 | char **noblacklist = calloc(noblacklist_m, sizeof(*noblacklist)); | ||
| 316 | |||
| 317 | if (noblacklist == NULL) | ||
| 318 | errExit("failed allocating memory for noblacklist entries"); | ||
| 318 | 319 | ||
| 319 | while (entry) { | 320 | while (entry) { |
| 320 | OPERATION op = OPERATION_MAX; | 321 | OPERATION op = OPERATION_MAX; |
| @@ -366,9 +367,11 @@ void fs_blacklist(void) { | |||
| 366 | 367 | ||
| 367 | // Process noblacklist command | 368 | // Process noblacklist command |
| 368 | if (strncmp(entry->data, "noblacklist ", 12) == 0) { | 369 | if (strncmp(entry->data, "noblacklist ", 12) == 0) { |
| 369 | if (noblacklist_c >= sizeof(noblacklist) / sizeof(noblacklist[0])) { | 370 | if (noblacklist_c >= noblacklist_m) { |
| 370 | fputs("Error: out of memory for noblacklist entries\n", stderr); | 371 | noblacklist_m *= 2; |
| 371 | exit(1); | 372 | noblacklist = realloc(noblacklist, sizeof(*noblacklist) * noblacklist_m); |
| 373 | if (noblacklist == NULL) | ||
| 374 | errExit("failed increasing memory for noblacklist entries"); | ||
| 372 | } | 375 | } |
| 373 | else | 376 | else |
| 374 | noblacklist[noblacklist_c++] = expand_home(entry->data + 12, homedir); | 377 | noblacklist[noblacklist_c++] = expand_home(entry->data + 12, homedir); |
| @@ -428,6 +431,7 @@ void fs_blacklist(void) { | |||
| 428 | 431 | ||
| 429 | size_t i; | 432 | size_t i; |
| 430 | for (i = 0; i < noblacklist_c; i++) free(noblacklist[i]); | 433 | for (i = 0; i < noblacklist_c; i++) free(noblacklist[i]); |
| 434 | free(noblacklist); | ||
| 431 | } | 435 | } |
| 432 | 436 | ||
| 433 | //*********************************************** | 437 | //*********************************************** |