diff options
| author |  Topi Miettinen <toiwoton@gmail.com> | 2021-02-11 16:49:08 +0200 |
|---|---|---|
| committer |  Topi Miettinen <topimiettinen@users.noreply.github.com> | 2021-02-11 18:24:26 +0000 |
| commit | 7d0b11a084c57aaf3afda8c43eb66654b46bb1e6 (patch) | |
| tree | 36c6c3c8827213daff2fecfcbee6bd08fe2dc4fe /src | |
| parent | display-im6.q16 (diff) | |
| download | firejail-7d0b11a084c57aaf3afda8c43eb66654b46bb1e6.tar.gz firejail-7d0b11a084c57aaf3afda8c43eb66654b46bb1e6.tar.zst firejail-7d0b11a084c57aaf3afda8c43eb66654b46bb1e6.zip | |
Always allow empty environment variables
With the recent changes to environment variable handling, it should be
safe to always allow empty variables.
Closes: #3965
Diffstat (limited to 'src')
| -rw-r--r-- | src/firejail/env.c | 9 | ||||
| -rw-r--r-- | src/firejail/firejail.h | 1 | ||||
| -rw-r--r-- | src/firejail/main.c | 2 |
3 files changed, 2 insertions, 10 deletions
diff --git a/src/firejail/env.c b/src/firejail/env.c index c87bebced..9ee6c6bfb 100644 --- a/src/firejail/env.c +++ b/src/firejail/env.c | |||
| @@ -166,12 +166,10 @@ void env_store(const char *str, ENV_OP op) { | |||
| 166 | if (*str == '\0') | 166 | if (*str == '\0') |
| 167 | goto errexit; | 167 | goto errexit; |
| 168 | char *ptr = strchr(str, '='); | 168 | char *ptr = strchr(str, '='); |
| 169 | if (op == SETENV || op == SETENV_ALLOW_EMPTY) { | 169 | if (op == SETENV) { |
| 170 | if (!ptr) | 170 | if (!ptr) |
| 171 | goto errexit; | 171 | goto errexit; |
| 172 | ptr++; | 172 | ptr++; |
| 173 | if (*ptr == '\0' && op != SETENV_ALLOW_EMPTY) | ||
| 174 | goto errexit; | ||
| 175 | op = SETENV; | 173 | op = SETENV; |
| 176 | } | 174 | } |
| 177 | 175 | ||
| @@ -206,11 +204,6 @@ void env_store_name_val(const char *name, const char *val, ENV_OP op) { | |||
| 206 | // some basic checking | 204 | // some basic checking |
| 207 | if (*name == '\0') | 205 | if (*name == '\0') |
| 208 | goto errexit; | 206 | goto errexit; |
| 209 | if (*val == '\0' && op != SETENV_ALLOW_EMPTY) | ||
| 210 | goto errexit; | ||
| 211 | |||
| 212 | if (op == SETENV_ALLOW_EMPTY) | ||
| 213 | op = SETENV; | ||
| 214 | 207 | ||
| 215 | // build list entry | 208 | // build list entry |
| 216 | Env *env = calloc(1, sizeof(Env)); | 209 | Env *env = calloc(1, sizeof(Env)); |
diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h index c6e0fed2a..e352dadc4 100644 --- a/src/firejail/firejail.h +++ b/src/firejail/firejail.h | |||
| @@ -661,7 +661,6 @@ void run_no_sandbox(int argc, char **argv) __attribute__((noreturn)); | |||
| 661 | // env.c | 661 | // env.c |
| 662 | typedef enum { | 662 | typedef enum { |
| 663 | SETENV = 0, | 663 | SETENV = 0, |
| 664 | SETENV_ALLOW_EMPTY, | ||
| 665 | RMENV | 664 | RMENV |
| 666 | } ENV_OP; | 665 | } ENV_OP; |
| 667 | 666 | ||
diff --git a/src/firejail/main.c b/src/firejail/main.c index 7a9521e42..982a4c7a6 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c | |||
| @@ -1004,7 +1004,7 @@ int main(int argc, char **argv, char **envp) { | |||
| 1004 | 1004 | ||
| 1005 | // Stash environment variables | 1005 | // Stash environment variables |
| 1006 | for (i = 0, ptr = envp; ptr && *ptr && i < MAX_ENVS; i++, ptr++) | 1006 | for (i = 0, ptr = envp; ptr && *ptr && i < MAX_ENVS; i++, ptr++) |
| 1007 | env_store(*ptr, SETENV_ALLOW_EMPTY); | 1007 | env_store(*ptr, SETENV); |
| 1008 | 1008 | ||
| 1009 | // sanity check for environment variables | 1009 | // sanity check for environment variables |
| 1010 | if (i >= MAX_ENVS) { | 1010 | if (i >= MAX_ENVS) { |