diff options
-rw-r--r-- | src/firejail/fs_logger.c | 1 | ||||
-rw-r--r-- | src/firejail/fs_whitelist.c | 3 | ||||
-rw-r--r-- | src/firejail/main.c | 3 | ||||
-rw-r--r-- | src/firejail/profile.c | 4 | ||||
-rw-r--r-- | src/firejail/restrict_users.c | 2 |
5 files changed, 11 insertions, 2 deletions
diff --git a/src/firejail/fs_logger.c b/src/firejail/fs_logger.c index 4bf24e749..f735b1489 100644 --- a/src/firejail/fs_logger.c +++ b/src/firejail/fs_logger.c | |||
@@ -163,6 +163,7 @@ void fs_logger_print_log(pid_t pid) { | |||
163 | exit(1); | 163 | exit(1); |
164 | } | 164 | } |
165 | 165 | ||
166 | /* coverity[toctou] */ | ||
166 | FILE *fp = fopen(fname, "r"); | 167 | FILE *fp = fopen(fname, "r"); |
167 | if (!fp) { | 168 | if (!fp) { |
168 | printf("Cannot open filesystem log.\n"); | 169 | printf("Cannot open filesystem log.\n"); |
diff --git a/src/firejail/fs_whitelist.c b/src/firejail/fs_whitelist.c index f8cce219e..e0187981b 100644 --- a/src/firejail/fs_whitelist.c +++ b/src/firejail/fs_whitelist.c | |||
@@ -582,6 +582,9 @@ void fs_whitelist(void) { | |||
582 | errExit("mount tmpfs"); | 582 | errExit("mount tmpfs"); |
583 | } | 583 | } |
584 | 584 | ||
585 | if (new_name) | ||
586 | free(new_name); | ||
587 | |||
585 | return; | 588 | return; |
586 | 589 | ||
587 | errexit: | 590 | errexit: |
diff --git a/src/firejail/main.c b/src/firejail/main.c index 41517877b..8076a8146 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c | |||
@@ -765,7 +765,8 @@ int main(int argc, char **argv) { | |||
765 | exit(1); | 765 | exit(1); |
766 | } | 766 | } |
767 | // ... and configure it | 767 | // ... and configure it |
768 | cfg.profile_ignore[j] = argv[i] + 9; | 768 | else |
769 | cfg.profile_ignore[j] = argv[i] + 9; | ||
769 | } | 770 | } |
770 | #ifdef HAVE_CHROOT | 771 | #ifdef HAVE_CHROOT |
771 | else if (strncmp(argv[i], "--chroot=", 9) == 0) { | 772 | else if (strncmp(argv[i], "--chroot=", 9) == 0) { |
diff --git a/src/firejail/profile.c b/src/firejail/profile.c index de89cf40f..6ac7cbe62 100644 --- a/src/firejail/profile.c +++ b/src/firejail/profile.c | |||
@@ -93,7 +93,9 @@ int profile_check_line(char *ptr, int lineno) { | |||
93 | exit(1); | 93 | exit(1); |
94 | } | 94 | } |
95 | // ... and configure it | 95 | // ... and configure it |
96 | cfg.profile_ignore[j] = str; | 96 | else |
97 | cfg.profile_ignore[j] = str; | ||
98 | |||
97 | return 0; | 99 | return 0; |
98 | } | 100 | } |
99 | 101 | ||
diff --git a/src/firejail/restrict_users.c b/src/firejail/restrict_users.c index ec65005ba..1b4058987 100644 --- a/src/firejail/restrict_users.c +++ b/src/firejail/restrict_users.c | |||
@@ -121,6 +121,7 @@ static void sanitize_passwd(void) { | |||
121 | fs_build_mnt_dir(); | 121 | fs_build_mnt_dir(); |
122 | 122 | ||
123 | // open files | 123 | // open files |
124 | /* coverity[toctou] */ | ||
124 | fpin = fopen("/etc/passwd", "r"); | 125 | fpin = fopen("/etc/passwd", "r"); |
125 | if (!fpin) | 126 | if (!fpin) |
126 | goto errout; | 127 | goto errout; |
@@ -253,6 +254,7 @@ static void sanitize_group(void) { | |||
253 | fs_build_mnt_dir(); | 254 | fs_build_mnt_dir(); |
254 | 255 | ||
255 | // open files | 256 | // open files |
257 | /* coverity[toctou] */ | ||
256 | fpin = fopen("/etc/group", "r"); | 258 | fpin = fopen("/etc/group", "r"); |
257 | if (!fpin) | 259 | if (!fpin) |
258 | goto errout; | 260 | goto errout; |