diff options
-rw-r--r-- | src/firecfg/desktop_files.c | 8 | ||||
-rw-r--r-- | src/firejail/cmdline.c | 1 | ||||
-rw-r--r-- | src/firejail/fs_whitelist.c | 11 | ||||
-rw-r--r-- | src/fsec-print/main.c | 3 | ||||
-rw-r--r-- | src/libpostexecseccomp/libpostexecseccomp.c | 2 |
5 files changed, 19 insertions, 6 deletions
diff --git a/src/firecfg/desktop_files.c b/src/firecfg/desktop_files.c index 71b39390e..de2b8cfa2 100644 --- a/src/firecfg/desktop_files.c +++ b/src/firecfg/desktop_files.c | |||
@@ -144,6 +144,8 @@ void fix_desktop_files(char *homedir) { | |||
144 | perror("opendir"); | 144 | perror("opendir"); |
145 | fprintf(stderr, "Warning: cannot access /usr/share/applications directory, desktop files fixing skipped...\n"); | 145 | fprintf(stderr, "Warning: cannot access /usr/share/applications directory, desktop files fixing skipped...\n"); |
146 | free(user_apps_dir); | 146 | free(user_apps_dir); |
147 | if (dir) | ||
148 | closedir(dir); | ||
147 | return; | 149 | return; |
148 | } | 150 | } |
149 | 151 | ||
@@ -266,12 +268,16 @@ void fix_desktop_files(char *homedir) { | |||
266 | 268 | ||
267 | if (stat(outname, &sb) == 0) { | 269 | if (stat(outname, &sb) == 0) { |
268 | printf(" %s skipped: file exists\n", filename); | 270 | printf(" %s skipped: file exists\n", filename); |
271 | if (change_exec) | ||
272 | free(change_exec); | ||
269 | continue; | 273 | continue; |
270 | } | 274 | } |
271 | 275 | ||
272 | FILE *fpin = fopen(filename, "r"); | 276 | FILE *fpin = fopen(filename, "r"); |
273 | if (!fpin) { | 277 | if (!fpin) { |
274 | fprintf(stderr, "Warning: cannot open /usr/share/applications/%s\n", filename); | 278 | fprintf(stderr, "Warning: cannot open /usr/share/applications/%s\n", filename); |
279 | if (change_exec) | ||
280 | free(change_exec); | ||
275 | continue; | 281 | continue; |
276 | } | 282 | } |
277 | 283 | ||
@@ -279,6 +285,8 @@ void fix_desktop_files(char *homedir) { | |||
279 | if (!fpout) { | 285 | if (!fpout) { |
280 | fprintf(stderr, "Warning: cannot open ~/.local/share/applications/%s\n", outname); | 286 | fprintf(stderr, "Warning: cannot open ~/.local/share/applications/%s\n", outname); |
281 | fclose(fpin); | 287 | fclose(fpin); |
288 | if (change_exec) | ||
289 | free(change_exec); | ||
282 | continue; | 290 | continue; |
283 | } | 291 | } |
284 | fprintf(fpout, "# converted by firecfg\n"); | 292 | fprintf(fpout, "# converted by firecfg\n"); |
diff --git a/src/firejail/cmdline.c b/src/firejail/cmdline.c index ce1e281a5..1fe5a2398 100644 --- a/src/firejail/cmdline.c +++ b/src/firejail/cmdline.c | |||
@@ -208,4 +208,5 @@ void build_appimage_cmdline(char **command_line, char **window_title, int argc, | |||
208 | 208 | ||
209 | // free strdup | 209 | // free strdup |
210 | free(tmp1); | 210 | free(tmp1); |
211 | free(command_line_tmp); | ||
211 | } | 212 | } |
diff --git a/src/firejail/fs_whitelist.c b/src/firejail/fs_whitelist.c index 602985b4e..9b68b6753 100644 --- a/src/firejail/fs_whitelist.c +++ b/src/firejail/fs_whitelist.c | |||
@@ -371,10 +371,13 @@ void fs_whitelist(void) { | |||
371 | 371 | ||
372 | // resolve macros | 372 | // resolve macros |
373 | if (is_macro(dataptr)) { | 373 | if (is_macro(dataptr)) { |
374 | char *tmp = resolve_macro(dataptr); | 374 | char *tmp = resolve_macro(dataptr); // returns allocated mem |
375 | if (tmp != NULL) | 375 | if (tmp != NULL) { |
376 | tmp = parse_nowhitelist(nowhitelist_flag, tmp); | 376 | char *tmp1 = parse_nowhitelist(nowhitelist_flag, tmp); |
377 | 377 | assert(tmp1); | |
378 | free(tmp); | ||
379 | tmp = tmp1; | ||
380 | } | ||
378 | if (tmp) { | 381 | if (tmp) { |
379 | entry->data = tmp; | 382 | entry->data = tmp; |
380 | dataptr = (nowhitelist_flag)? entry->data + 12: entry->data + 10; | 383 | dataptr = (nowhitelist_flag)? entry->data + 12: entry->data + 10; |
diff --git a/src/fsec-print/main.c b/src/fsec-print/main.c index 94c60687f..5a1e34080 100644 --- a/src/fsec-print/main.c +++ b/src/fsec-print/main.c | |||
@@ -74,7 +74,8 @@ printf("\n"); | |||
74 | close(fd); | 74 | close(fd); |
75 | return 0; | 75 | return 0; |
76 | errexit: | 76 | errexit: |
77 | close(fd); | 77 | if (fd != -1) |
78 | close(fd); | ||
78 | fprintf(stderr, "Error: cannot read %s\n", fname); | 79 | fprintf(stderr, "Error: cannot read %s\n", fname); |
79 | exit(1); | 80 | exit(1); |
80 | 81 | ||
diff --git a/src/libpostexecseccomp/libpostexecseccomp.c b/src/libpostexecseccomp/libpostexecseccomp.c index 0ccb74b10..6d2c8c695 100644 --- a/src/libpostexecseccomp/libpostexecseccomp.c +++ b/src/libpostexecseccomp/libpostexecseccomp.c | |||
@@ -31,7 +31,7 @@ static void load_seccomp(void) { | |||
31 | if (fd == -1) | 31 | if (fd == -1) |
32 | return; | 32 | return; |
33 | 33 | ||
34 | int size = lseek(fd, 0, SEEK_END); | 34 | off_t size = lseek(fd, 0, SEEK_END); |
35 | unsigned short entries = (unsigned short) size / (unsigned short) sizeof(struct sock_filter); | 35 | unsigned short entries = (unsigned short) size / (unsigned short) sizeof(struct sock_filter); |
36 | struct sock_filter *filter = MAP_FAILED; | 36 | struct sock_filter *filter = MAP_FAILED; |
37 | if (size != 0) | 37 | if (size != 0) |