diff options
-rw-r--r-- | src/firejail/main.c | 8 | ||||
-rw-r--r-- | src/firejail/profile.c | 8 | ||||
-rw-r--r-- | src/firejail/util.c | 14 | ||||
-rw-r--r-- | src/man/firejail.txt | 4 | ||||
-rwxr-xr-x | test/environment/rlimit-bad-profile.exp | 2 | ||||
-rwxr-xr-x | test/environment/rlimit-bad.exp | 2 |
6 files changed, 25 insertions, 13 deletions
diff --git a/src/firejail/main.c b/src/firejail/main.c index 2dfa19ec2..3311224fd 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c | |||
@@ -1489,8 +1489,8 @@ int main(int argc, char **argv, char **envp) { | |||
1489 | } | 1489 | } |
1490 | else if (strncmp(argv[i], "--rlimit-fsize=", 15) == 0) { | 1490 | else if (strncmp(argv[i], "--rlimit-fsize=", 15) == 0) { |
1491 | cfg.rlimit_fsize = parse_arg_size(argv[i] + 15); | 1491 | cfg.rlimit_fsize = parse_arg_size(argv[i] + 15); |
1492 | if ( cfg.rlimit_fsize == 0 ) { | 1492 | if (cfg.rlimit_fsize == 0) { |
1493 | perror("Error: given rlimit-size is invalid. use only non-negative numbers and k,m,g suffix for size"); | 1493 | perror("Error: invalid rlimit-fsize. only use positive numbers and k, m or g suffix."); |
1494 | exit(1); | 1494 | exit(1); |
1495 | } | 1495 | } |
1496 | arg_rlimit_fsize = 1; | 1496 | arg_rlimit_fsize = 1; |
@@ -1502,8 +1502,8 @@ int main(int argc, char **argv, char **envp) { | |||
1502 | } | 1502 | } |
1503 | else if (strncmp(argv[i], "--rlimit-as=", 12) == 0) { | 1503 | else if (strncmp(argv[i], "--rlimit-as=", 12) == 0) { |
1504 | cfg.rlimit_as = parse_arg_size(argv[i] + 12); | 1504 | cfg.rlimit_as = parse_arg_size(argv[i] + 12); |
1505 | if ( cfg.rlimit_as == 0 ) { | 1505 | if (cfg.rlimit_as == 0) { |
1506 | perror("Error: given rlimit-as is invalid. use only non-negative numbers and k,m,g suffix for size"); | 1506 | perror("Error: invalid rlimit-as. only use positive numbers and k, m or g suffix."); |
1507 | exit(1); | 1507 | exit(1); |
1508 | } | 1508 | } |
1509 | arg_rlimit_as = 1; | 1509 | arg_rlimit_as = 1; |
diff --git a/src/firejail/profile.c b/src/firejail/profile.c index e7e7bdfc2..a0d62241e 100644 --- a/src/firejail/profile.c +++ b/src/firejail/profile.c | |||
@@ -1493,8 +1493,8 @@ int profile_check_line(char *ptr, int lineno, const char *fname) { | |||
1493 | } | 1493 | } |
1494 | else if (strncmp(ptr, "rlimit-fsize ", 13) == 0) { | 1494 | else if (strncmp(ptr, "rlimit-fsize ", 13) == 0) { |
1495 | cfg.rlimit_fsize = parse_arg_size(ptr + 13); | 1495 | cfg.rlimit_fsize = parse_arg_size(ptr + 13); |
1496 | if ( cfg.rlimit_fsize == 0 ) { | 1496 | if (cfg.rlimit_fsize == 0) { |
1497 | perror("Error: invalid rlimit-fsize in profile file. use only non-negative numbers and k,m,g suffix for size"); | 1497 | perror("Error: invalid rlimit-fsize in profile file. only use positive numbers and k, m or g suffix."); |
1498 | exit(1); | 1498 | exit(1); |
1499 | } | 1499 | } |
1500 | arg_rlimit_fsize = 1; | 1500 | arg_rlimit_fsize = 1; |
@@ -1506,8 +1506,8 @@ int profile_check_line(char *ptr, int lineno, const char *fname) { | |||
1506 | } | 1506 | } |
1507 | else if (strncmp(ptr, "rlimit-as ", 10) == 0) { | 1507 | else if (strncmp(ptr, "rlimit-as ", 10) == 0) { |
1508 | cfg.rlimit_as = parse_arg_size(ptr + 10); | 1508 | cfg.rlimit_as = parse_arg_size(ptr + 10); |
1509 | if ( cfg.rlimit_as == 0 ){ | 1509 | if (cfg.rlimit_as == 0) { |
1510 | perror("Error: invalid rlimit-as size in profile file. use only non-negative numbers and k,m,g suffix for size"); | 1510 | perror("Error: invalid rlimit-as in profile file. only use positive numbers and k, m or g suffix."); |
1511 | exit(1); | 1511 | exit(1); |
1512 | } | 1512 | } |
1513 | arg_rlimit_as = 1; | 1513 | arg_rlimit_as = 1; |
diff --git a/src/firejail/util.c b/src/firejail/util.c index 7ee83a13e..cd1a048fe 100644 --- a/src/firejail/util.c +++ b/src/firejail/util.c | |||
@@ -55,10 +55,22 @@ long long unsigned parse_arg_size(char *str) { | |||
55 | sscanf(str, "%llu", &result); | 55 | sscanf(str, "%llu", &result); |
56 | 56 | ||
57 | char suffix = *(str + len - 1); | 57 | char suffix = *(str + len - 1); |
58 | if (!isdigit(suffix) && ( suffix == 'k' || suffix == 'm' || suffix == 'g')) { | ||
59 | len -= 1; | ||
60 | } | ||
61 | |||
62 | /* checks for is value valid positive number */ | ||
63 | for ( int i = 0; i < len; i++) { | ||
64 | if (!isdigit(*(str+i))) { | ||
65 | return 0; | ||
66 | } | ||
67 | } | ||
68 | |||
58 | if (isdigit(suffix)) | 69 | if (isdigit(suffix)) |
59 | return result; | 70 | return result; |
60 | 71 | ||
61 | switch (result) { | 72 | |
73 | switch (suffix) { | ||
62 | case 'k': | 74 | case 'k': |
63 | result *= 1024; | 75 | result *= 1024; |
64 | break; | 76 | break; |
diff --git a/src/man/firejail.txt b/src/man/firejail.txt index 9308eecf4..c72a1dbd8 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt | |||
@@ -2129,7 +2129,7 @@ $ firejail --read-only=~/test --read-write=~/test/a | |||
2129 | .TP | 2129 | .TP |
2130 | \fB\-\-rlimit-as=number | 2130 | \fB\-\-rlimit-as=number |
2131 | Set the maximum size of the process's virtual memory (address space) in bytes. | 2131 | Set the maximum size of the process's virtual memory (address space) in bytes. |
2132 | you can use kilobyte(k),megabyte(m) and gigabyte(g) for size suffix. ( they works on base 1024 ) | 2132 | Use k(ilobyte), m(egabyte) or g(igabyte) for size suffix (base 1024). |
2133 | 2133 | ||
2134 | .TP | 2134 | .TP |
2135 | \fB\-\-rlimit-cpu=number | 2135 | \fB\-\-rlimit-cpu=number |
@@ -2143,7 +2143,7 @@ track of CPU seconds for each process independently. | |||
2143 | .TP | 2143 | .TP |
2144 | \fB\-\-rlimit-fsize=number | 2144 | \fB\-\-rlimit-fsize=number |
2145 | Set the maximum file size that can be created by a process. | 2145 | Set the maximum file size that can be created by a process. |
2146 | you can use kilobyte(k),megabyte(m) and gigabyte(g) for size suffix. ( they works on base 1024 ) | 2146 | Use k(ilobyte), m(egabyte) or g(igabyte) for size suffix (base 1024). |
2147 | .TP | 2147 | .TP |
2148 | \fB\-\-rlimit-nofile=number | 2148 | \fB\-\-rlimit-nofile=number |
2149 | Set the maximum number of files that can be opened by a process. | 2149 | Set the maximum number of files that can be opened by a process. |
diff --git a/test/environment/rlimit-bad-profile.exp b/test/environment/rlimit-bad-profile.exp index b838f83f4..2c5793c9d 100755 --- a/test/environment/rlimit-bad-profile.exp +++ b/test/environment/rlimit-bad-profile.exp | |||
@@ -11,7 +11,7 @@ match_max 100000 | |||
11 | send -- "firejail --profile=rlimit-bad1.profile\r" | 11 | send -- "firejail --profile=rlimit-bad1.profile\r" |
12 | expect { | 12 | expect { |
13 | timeout {puts "TESTING ERROR 4\n";exit} | 13 | timeout {puts "TESTING ERROR 4\n";exit} |
14 | "invalid rlimit" | 14 | "invalid rlimit-fsize in profile file. only use positive numbers and k, m or g suffix." |
15 | } | 15 | } |
16 | after 100 | 16 | after 100 |
17 | 17 | ||
diff --git a/test/environment/rlimit-bad.exp b/test/environment/rlimit-bad.exp index 3a82ded9b..6bdfd4193 100755 --- a/test/environment/rlimit-bad.exp +++ b/test/environment/rlimit-bad.exp | |||
@@ -10,7 +10,7 @@ match_max 100000 | |||
10 | send -- "firejail --rlimit-fsize=-1024\r" | 10 | send -- "firejail --rlimit-fsize=-1024\r" |
11 | expect { | 11 | expect { |
12 | timeout {puts "TESTING ERROR 0\n";exit} | 12 | timeout {puts "TESTING ERROR 0\n";exit} |
13 | "invalid rlimit" | 13 | "invalid rlimit-fsize. only use positive numbers and k, m or g suffix." |
14 | } | 14 | } |
15 | after 100 | 15 | after 100 |
16 | 16 | ||