diff options
author | smitsohu <smitsohu@gmail.com> | 2021-10-08 00:48:14 +0200 |
---|---|---|
committer | smitsohu <smitsohu@gmail.com> | 2021-10-08 00:53:15 +0200 |
commit | a68fc0a040da498b3c01b6b9a281024c2dafe193 (patch) | |
tree | 76c5e5ff409b8dd9bd60f8e8ac828f05b364c958 /src | |
parent | Merge pull request #4590 from smitsohu/mountid (diff) | |
download | firejail-a68fc0a040da498b3c01b6b9a281024c2dafe193.tar.gz firejail-a68fc0a040da498b3c01b6b9a281024c2dafe193.tar.zst firejail-a68fc0a040da498b3c01b6b9a281024c2dafe193.zip |
profile parsing fixes
results from a systematic search for strncmp
calls with a suspicious (non-fitting) integer
literal as third argument
Diffstat (limited to 'src')
-rw-r--r-- | src/firejail/profile.c | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/src/firejail/profile.c b/src/firejail/profile.c index 059100fcb..2daa968f7 100644 --- a/src/firejail/profile.c +++ b/src/firejail/profile.c | |||
@@ -630,7 +630,7 @@ int profile_check_line(char *ptr, int lineno, const char *fname) { | |||
630 | #endif | 630 | #endif |
631 | return 0; | 631 | return 0; |
632 | } | 632 | } |
633 | else if (strncmp(ptr, "netns ", 6) == 0) { | 633 | else if (strncmp(ptr, "netns ", 6) == 0) { |
634 | #ifdef HAVE_NETWORK | 634 | #ifdef HAVE_NETWORK |
635 | if (checkcfg(CFG_NETWORK)) { | 635 | if (checkcfg(CFG_NETWORK)) { |
636 | arg_netns = ptr + 6; | 636 | arg_netns = ptr + 6; |
@@ -981,10 +981,10 @@ int profile_check_line(char *ptr, int lineno, const char *fname) { | |||
981 | warning_feature_disabled("seccomp"); | 981 | warning_feature_disabled("seccomp"); |
982 | return 0; | 982 | return 0; |
983 | } | 983 | } |
984 | if (strncmp(ptr, "seccomp.32.drop ", 13) == 0) { | 984 | if (strncmp(ptr, "seccomp.32.drop ", 16) == 0) { |
985 | if (checkcfg(CFG_SECCOMP)) { | 985 | if (checkcfg(CFG_SECCOMP)) { |
986 | arg_seccomp32 = 1; | 986 | arg_seccomp32 = 1; |
987 | cfg.seccomp_list_drop32 = seccomp_check_list(ptr + 13); | 987 | cfg.seccomp_list_drop32 = seccomp_check_list(ptr + 16); |
988 | } | 988 | } |
989 | else | 989 | else |
990 | warning_feature_disabled("seccomp"); | 990 | warning_feature_disabled("seccomp"); |
@@ -1001,10 +1001,10 @@ int profile_check_line(char *ptr, int lineno, const char *fname) { | |||
1001 | warning_feature_disabled("seccomp"); | 1001 | warning_feature_disabled("seccomp"); |
1002 | return 0; | 1002 | return 0; |
1003 | } | 1003 | } |
1004 | if (strncmp(ptr, "seccomp.32.keep ", 13) == 0) { | 1004 | if (strncmp(ptr, "seccomp.32.keep ", 16) == 0) { |
1005 | if (checkcfg(CFG_SECCOMP)) { | 1005 | if (checkcfg(CFG_SECCOMP)) { |
1006 | arg_seccomp32 = 1; | 1006 | arg_seccomp32 = 1; |
1007 | cfg.seccomp_list_keep32 = seccomp_check_list(ptr + 13); | 1007 | cfg.seccomp_list_keep32 = seccomp_check_list(ptr + 16); |
1008 | } | 1008 | } |
1009 | else | 1009 | else |
1010 | warning_feature_disabled("seccomp"); | 1010 | warning_feature_disabled("seccomp"); |