diff options
-rw-r--r-- | etc/disable-programs.inc | 2 | ||||
-rw-r--r-- | src/faudit/dbus.c | 2 | ||||
-rw-r--r-- | src/faudit/pid.c | 2 | ||||
-rw-r--r-- | src/firecfg/main.c | 1 | ||||
-rw-r--r-- | src/firejail/appimage.c | 15 | ||||
-rw-r--r-- | src/firejail/checkcfg.c | 5 | ||||
-rw-r--r-- | src/firejail/fs.c | 1 | ||||
-rw-r--r-- | src/firejail/fs_bin.c | 1 | ||||
-rw-r--r-- | src/firejail/fs_home.c | 1 | ||||
-rw-r--r-- | src/firejail/fs_hostname.c | 4 | ||||
-rw-r--r-- | src/firejail/fs_mkdir.c | 2 | ||||
-rw-r--r-- | src/firejail/fs_var.c | 10 | ||||
-rw-r--r-- | src/firejail/fs_whitelist.c | 2 | ||||
-rw-r--r-- | src/firejail/ls.c | 5 | ||||
-rw-r--r-- | src/firejail/netfilter.c | 111 | ||||
-rw-r--r-- | src/firejail/no_sandbox.c | 2 | ||||
-rw-r--r-- | src/firejail/profile.c | 1 | ||||
-rw-r--r-- | src/firejail/pulseaudio.c | 1 | ||||
-rw-r--r-- | src/firejail/run_symlink.c | 1 | ||||
-rw-r--r-- | src/firejail/sbox.c | 1 | ||||
-rw-r--r-- | src/firejail/util.c | 9 | ||||
-rw-r--r-- | src/firejail/x11.c | 1 | ||||
-rw-r--r-- | src/fseccomp/seccomp_print.c | 48 | ||||
-rw-r--r-- | src/lib/common.c | 2 | ||||
-rw-r--r-- | src/libtracelog/libtracelog.c | 2 | ||||
-rw-r--r-- | todo | 2 |
26 files changed, 143 insertions, 91 deletions
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index e2b7a4929..1ac926e3f 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc | |||
@@ -24,7 +24,7 @@ blacklist ${HOME}/.config/libreoffice | |||
24 | blacklist ${HOME}/.config/pix | 24 | blacklist ${HOME}/.config/pix |
25 | blacklist ${HOME}/.config/mate/eom | 25 | blacklist ${HOME}/.config/mate/eom |
26 | blacklist ${HOME}/.config/xed | 26 | blacklist ${HOME}/.config/xed |
27 | blacklist %{HOME}/.config/pluma | 27 | blacklist ${HOME}/.config/pluma |
28 | blacklist ${HOME}/.kde/share/apps/okular | 28 | blacklist ${HOME}/.kde/share/apps/okular |
29 | blacklist ${HOME}/.kde/share/config/okularrc | 29 | blacklist ${HOME}/.kde/share/config/okularrc |
30 | blacklist ${HOME}/.kde/share/config/okularpartrc | 30 | blacklist ${HOME}/.kde/share/config/okularpartrc |
diff --git a/src/faudit/dbus.c b/src/faudit/dbus.c index 4debf2ff6..d92660536 100644 --- a/src/faudit/dbus.c +++ b/src/faudit/dbus.c | |||
@@ -35,7 +35,7 @@ int check_unix(const char *sockfile) { | |||
35 | struct sockaddr_un remote; | 35 | struct sockaddr_un remote; |
36 | memset(&remote, 0, sizeof(struct sockaddr_un)); | 36 | memset(&remote, 0, sizeof(struct sockaddr_un)); |
37 | remote.sun_family = AF_UNIX; | 37 | remote.sun_family = AF_UNIX; |
38 | strcpy(remote.sun_path, sockfile); | 38 | strncpy(remote.sun_path, sockfile, sizeof(remote.sun_path)); |
39 | int len = strlen(remote.sun_path) + sizeof(remote.sun_family); | 39 | int len = strlen(remote.sun_path) + sizeof(remote.sun_family); |
40 | if (*sockfile == '@') | 40 | if (*sockfile == '@') |
41 | remote.sun_path[0] = '\0'; | 41 | remote.sun_path[0] = '\0'; |
diff --git a/src/faudit/pid.c b/src/faudit/pid.c index a0fb1d921..84b23fe0a 100644 --- a/src/faudit/pid.c +++ b/src/faudit/pid.c | |||
@@ -46,7 +46,6 @@ void pid_test(void) { | |||
46 | /* coverity[toctou] */ | 46 | /* coverity[toctou] */ |
47 | FILE *fp = fopen(fname, "r"); | 47 | FILE *fp = fopen(fname, "r"); |
48 | if (!fp) { | 48 | if (!fp) { |
49 | // fprintf(stderr, "Warning: cannot open %s\n", fname); | ||
50 | free(fname); | 49 | free(fname); |
51 | continue; | 50 | continue; |
52 | } | 51 | } |
@@ -54,7 +53,6 @@ void pid_test(void) { | |||
54 | // read file | 53 | // read file |
55 | char buf[100]; | 54 | char buf[100]; |
56 | if (fgets(buf, 10, fp) == NULL) { | 55 | if (fgets(buf, 10, fp) == NULL) { |
57 | // fprintf(stderr, "Warning: cannot read %s\n", fname); | ||
58 | fclose(fp); | 56 | fclose(fp); |
59 | free(fname); | 57 | free(fname); |
60 | continue; | 58 | continue; |
diff --git a/src/firecfg/main.c b/src/firecfg/main.c index d2566ce22..15ee78384 100644 --- a/src/firecfg/main.c +++ b/src/firecfg/main.c | |||
@@ -342,6 +342,7 @@ static void fix_desktop_files(void) { | |||
342 | if (stat(filename, &sb) == -1) | 342 | if (stat(filename, &sb) == -1) |
343 | errExit("stat"); | 343 | errExit("stat"); |
344 | 344 | ||
345 | /* coverity[toctou] */ | ||
345 | int fd = open(filename, O_RDONLY); | 346 | int fd = open(filename, O_RDONLY); |
346 | if (fd == -1) | 347 | if (fd == -1) |
347 | errExit("open"); | 348 | errExit("open"); |
diff --git a/src/firejail/appimage.c b/src/firejail/appimage.c index 6a9ca1679..0d1f8cb4d 100644 --- a/src/firejail/appimage.c +++ b/src/firejail/appimage.c | |||
@@ -51,6 +51,7 @@ void appimage_set(const char *appimage) { | |||
51 | printf("AppImage ELF size %lu\n", size); | 51 | printf("AppImage ELF size %lu\n", size); |
52 | 52 | ||
53 | // open appimage file | 53 | // open appimage file |
54 | /* coverity[toctou] */ | ||
54 | int ffd = open(appimage, O_RDONLY|O_CLOEXEC); | 55 | int ffd = open(appimage, O_RDONLY|O_CLOEXEC); |
55 | if (ffd == -1) { | 56 | if (ffd == -1) { |
56 | fprintf(stderr, "Error: cannot open AppImage file\n"); | 57 | fprintf(stderr, "Error: cannot open AppImage file\n"); |
@@ -74,6 +75,10 @@ void appimage_set(const char *appimage) { | |||
74 | errExit("asprintf"); | 75 | errExit("asprintf"); |
75 | 76 | ||
76 | int lfd = open(devloop, O_RDONLY); | 77 | int lfd = open(devloop, O_RDONLY); |
78 | if (lfd == -1) { | ||
79 | fprintf(stderr, "Error: cannot open %s\n", devloop); | ||
80 | exit(1); | ||
81 | } | ||
77 | if (ioctl(lfd, LOOP_SET_FD, ffd) == -1) { | 82 | if (ioctl(lfd, LOOP_SET_FD, ffd) == -1) { |
78 | fprintf(stderr, "Error: cannot configure the loopback device\n"); | 83 | fprintf(stderr, "Error: cannot configure the loopback device\n"); |
79 | exit(1); | 84 | exit(1); |
@@ -118,7 +123,7 @@ void appimage_set(const char *appimage) { | |||
118 | EUID_USER(); | 123 | EUID_USER(); |
119 | 124 | ||
120 | // set environment | 125 | // set environment |
121 | if (appimage && setenv("APPIMAGE", appimage, 1) < 0) | 126 | if (setenv("APPIMAGE", appimage, 1) < 0) |
122 | errExit("setenv"); | 127 | errExit("setenv"); |
123 | if (mntdir && setenv("APPDIR", mntdir, 1) < 0) | 128 | if (mntdir && setenv("APPDIR", mntdir, 1) < 0) |
124 | errExit("setenv"); | 129 | errExit("setenv"); |
@@ -170,8 +175,10 @@ void appimage_clear(void) { | |||
170 | 175 | ||
171 | if (devloop) { | 176 | if (devloop) { |
172 | int lfd = open(devloop, O_RDONLY); | 177 | int lfd = open(devloop, O_RDONLY); |
173 | rv = ioctl(lfd, LOOP_CLR_FD, 0); | 178 | if (lfd != -1) { |
174 | (void) rv; | 179 | rv = ioctl(lfd, LOOP_CLR_FD, 0); |
175 | close(lfd); | 180 | (void) rv; |
181 | close(lfd); | ||
182 | } | ||
176 | } | 183 | } |
177 | } | 184 | } |
diff --git a/src/firejail/checkcfg.c b/src/firejail/checkcfg.c index 963d95bed..974fbb8a3 100644 --- a/src/firejail/checkcfg.c +++ b/src/firejail/checkcfg.c | |||
@@ -32,6 +32,7 @@ char *netfilter_default = NULL; | |||
32 | int checkcfg(int val) { | 32 | int checkcfg(int val) { |
33 | assert(val < CFG_MAX); | 33 | assert(val < CFG_MAX); |
34 | int line = 0; | 34 | int line = 0; |
35 | FILE *fp = NULL; | ||
35 | 36 | ||
36 | if (!initialized) { | 37 | if (!initialized) { |
37 | // initialize defaults | 38 | // initialize defaults |
@@ -47,7 +48,7 @@ int checkcfg(int val) { | |||
47 | if (asprintf(&fname, "%s/firejail.config", SYSCONFDIR) == -1) | 48 | if (asprintf(&fname, "%s/firejail.config", SYSCONFDIR) == -1) |
48 | errExit("asprintf"); | 49 | errExit("asprintf"); |
49 | 50 | ||
50 | FILE *fp = fopen(fname, "r"); | 51 | fp = fopen(fname, "r"); |
51 | if (!fp) { | 52 | if (!fp) { |
52 | #ifdef HAVE_GLOBALCFG | 53 | #ifdef HAVE_GLOBALCFG |
53 | fprintf(stderr, "Error: Firejail configuration file %s not found\n", fname); | 54 | fprintf(stderr, "Error: Firejail configuration file %s not found\n", fname); |
@@ -285,6 +286,8 @@ int checkcfg(int val) { | |||
285 | return cfg_val[val]; | 286 | return cfg_val[val]; |
286 | 287 | ||
287 | errout: | 288 | errout: |
289 | if (fp) | ||
290 | fclose(fp); | ||
288 | fprintf(stderr, "Error: invalid line %d in firejail configuration file\n", line ); | 291 | fprintf(stderr, "Error: invalid line %d in firejail configuration file\n", line ); |
289 | exit(1); | 292 | exit(1); |
290 | } | 293 | } |
diff --git a/src/firejail/fs.c b/src/firejail/fs.c index 6f9b5a60c..9a2f4facc 100644 --- a/src/firejail/fs.c +++ b/src/firejail/fs.c | |||
@@ -717,6 +717,7 @@ void fs_overlayfs(void) { | |||
717 | } | 717 | } |
718 | } | 718 | } |
719 | else { | 719 | else { |
720 | /* coverity[toctou] */ | ||
720 | if (mkdir(basedir, 0755) != 0) { | 721 | if (mkdir(basedir, 0755) != 0) { |
721 | fprintf(stderr, "Error: cannot create overlay directory\n"); | 722 | fprintf(stderr, "Error: cannot create overlay directory\n"); |
722 | exit(1); | 723 | exit(1); |
diff --git a/src/firejail/fs_bin.c b/src/firejail/fs_bin.c index 421df717d..7c56d524e 100644 --- a/src/firejail/fs_bin.c +++ b/src/firejail/fs_bin.c | |||
@@ -59,6 +59,7 @@ static char *check_dir_or_file(const char *name) { | |||
59 | if (stat(fname, &s) == 0 && !S_ISDIR(s.st_mode)) { // do not allow directories | 59 | if (stat(fname, &s) == 0 && !S_ISDIR(s.st_mode)) { // do not allow directories |
60 | // check symlink to firejail executable in /usr/local/bin | 60 | // check symlink to firejail executable in /usr/local/bin |
61 | if (strcmp(paths[i], "/usr/local/bin") == 0 && is_link(fname)) { | 61 | if (strcmp(paths[i], "/usr/local/bin") == 0 && is_link(fname)) { |
62 | /* coverity[toctou] */ | ||
62 | char *actual_path = realpath(fname, NULL); | 63 | char *actual_path = realpath(fname, NULL); |
63 | if (actual_path) { | 64 | if (actual_path) { |
64 | char *ptr = strstr(actual_path, "/firejail"); | 65 | char *ptr = strstr(actual_path, "/firejail"); |
diff --git a/src/firejail/fs_home.c b/src/firejail/fs_home.c index 1f8da398e..0872bf0d0 100644 --- a/src/firejail/fs_home.c +++ b/src/firejail/fs_home.c | |||
@@ -137,6 +137,7 @@ static int store_asoundrc(void) { | |||
137 | if (stat(src, &s) == 0) { | 137 | if (stat(src, &s) == 0) { |
138 | if (is_link(src)) { | 138 | if (is_link(src)) { |
139 | // make sure the real path of the file is inside the home directory | 139 | // make sure the real path of the file is inside the home directory |
140 | /* coverity[toctou] */ | ||
140 | char* rp = realpath(src, NULL); | 141 | char* rp = realpath(src, NULL); |
141 | if (!rp) { | 142 | if (!rp) { |
142 | fprintf(stderr, "Error: Cannot access %s\n", src); | 143 | fprintf(stderr, "Error: Cannot access %s\n", src); |
diff --git a/src/firejail/fs_hostname.c b/src/firejail/fs_hostname.c index dcf06fc6f..b2e1b4a99 100644 --- a/src/firejail/fs_hostname.c +++ b/src/firejail/fs_hostname.c | |||
@@ -52,8 +52,10 @@ void fs_hostname(const char *hostname) { | |||
52 | goto errexit; | 52 | goto errexit; |
53 | 53 | ||
54 | FILE *fp2 = fopen(RUN_HOSTS_FILE, "w"); | 54 | FILE *fp2 = fopen(RUN_HOSTS_FILE, "w"); |
55 | if (!fp2) | 55 | if (!fp2) { |
56 | fclose(fp1); | ||
56 | goto errexit; | 57 | goto errexit; |
58 | } | ||
57 | 59 | ||
58 | char buf[4096]; | 60 | char buf[4096]; |
59 | int done = 0; | 61 | int done = 0; |
diff --git a/src/firejail/fs_mkdir.c b/src/firejail/fs_mkdir.c index 6bcb3f33e..5b6ceae90 100644 --- a/src/firejail/fs_mkdir.c +++ b/src/firejail/fs_mkdir.c | |||
@@ -37,6 +37,7 @@ static void mkdir_recursive(char *path) { | |||
37 | subdir = strtok(path, "/"); | 37 | subdir = strtok(path, "/"); |
38 | while(subdir) { | 38 | while(subdir) { |
39 | if (stat(subdir, &s) == -1) { | 39 | if (stat(subdir, &s) == -1) { |
40 | /* coverity[toctou] */ | ||
40 | if (mkdir(subdir, 0700) == -1) { | 41 | if (mkdir(subdir, 0700) == -1) { |
41 | fprintf(stderr, "Warning: cannot create %s directory\n", subdir); | 42 | fprintf(stderr, "Warning: cannot create %s directory\n", subdir); |
42 | return; | 43 | return; |
@@ -118,6 +119,7 @@ void fs_mkfile(const char *name) { | |||
118 | // drop privileges | 119 | // drop privileges |
119 | drop_privs(0); | 120 | drop_privs(0); |
120 | 121 | ||
122 | /* coverity[toctou] */ | ||
121 | FILE *fp = fopen(expanded, "w"); | 123 | FILE *fp = fopen(expanded, "w"); |
122 | if (!fp) | 124 | if (!fp) |
123 | fprintf(stderr, "Warning: cannot create %s file\n", expanded); | 125 | fprintf(stderr, "Warning: cannot create %s file\n", expanded); |
diff --git a/src/firejail/fs_var.c b/src/firejail/fs_var.c index ca50685ad..2aa4a1b54 100644 --- a/src/firejail/fs_var.c +++ b/src/firejail/fs_var.c | |||
@@ -128,16 +128,18 @@ void fs_var_log(void) { | |||
128 | // create an empty /var/log/wtmp file | 128 | // create an empty /var/log/wtmp file |
129 | /* coverity[toctou] */ | 129 | /* coverity[toctou] */ |
130 | FILE *fp = fopen("/var/log/wtmp", "w"); | 130 | FILE *fp = fopen("/var/log/wtmp", "w"); |
131 | SET_PERMS_STREAM(fp, 0, wtmp_group, S_IRUSR | S_IWRITE | S_IRGRP | S_IWGRP | S_IROTH); | 131 | if (fp) { |
132 | if (fp) | 132 | SET_PERMS_STREAM(fp, 0, wtmp_group, S_IRUSR | S_IWRITE | S_IRGRP | S_IWGRP | S_IROTH); |
133 | fclose(fp); | 133 | fclose(fp); |
134 | } | ||
134 | fs_logger("touch /var/log/wtmp"); | 135 | fs_logger("touch /var/log/wtmp"); |
135 | 136 | ||
136 | // create an empty /var/log/btmp file | 137 | // create an empty /var/log/btmp file |
137 | fp = fopen("/var/log/btmp", "w"); | 138 | fp = fopen("/var/log/btmp", "w"); |
138 | SET_PERMS_STREAM(fp, 0, wtmp_group, S_IRUSR | S_IWRITE | S_IRGRP | S_IWGRP); | 139 | if (fp) { |
139 | if (fp) | 140 | SET_PERMS_STREAM(fp, 0, wtmp_group, S_IRUSR | S_IWRITE | S_IRGRP | S_IWGRP); |
140 | fclose(fp); | 141 | fclose(fp); |
142 | } | ||
141 | fs_logger("touch /var/log/btmp"); | 143 | fs_logger("touch /var/log/btmp"); |
142 | } | 144 | } |
143 | else | 145 | else |
diff --git a/src/firejail/fs_whitelist.c b/src/firejail/fs_whitelist.c index 564dc8290..7b32021be 100644 --- a/src/firejail/fs_whitelist.c +++ b/src/firejail/fs_whitelist.c | |||
@@ -350,6 +350,8 @@ void fs_whitelist(void) { | |||
350 | } | 350 | } |
351 | 351 | ||
352 | // replace ~/ or ${HOME} into /home/username | 352 | // replace ~/ or ${HOME} into /home/username |
353 | // if (new_name) | ||
354 | // free(new_name); | ||
353 | new_name = expand_home(entry->data + 10, cfg.homedir); | 355 | new_name = expand_home(entry->data + 10, cfg.homedir); |
354 | assert(new_name); | 356 | assert(new_name); |
355 | if (arg_debug) | 357 | if (arg_debug) |
diff --git a/src/firejail/ls.c b/src/firejail/ls.c index 5444ad9c2..4b4ae1de2 100644 --- a/src/firejail/ls.c +++ b/src/firejail/ls.c | |||
@@ -259,6 +259,7 @@ void sandboxfs(int op, pid_t pid, const char *path1, const char *path2) { | |||
259 | drop_privs(0); | 259 | drop_privs(0); |
260 | 260 | ||
261 | // check access | 261 | // check access |
262 | /* coverity[toctou] */ | ||
262 | if (access(fname1, R_OK) == -1) { | 263 | if (access(fname1, R_OK) == -1) { |
263 | fprintf(stderr, "Error: Cannot access %s\n", fname1); | 264 | fprintf(stderr, "Error: Cannot access %s\n", fname1); |
264 | exit(1); | 265 | exit(1); |
@@ -392,6 +393,10 @@ void sandboxfs(int op, pid_t pid, const char *path1, const char *path2) { | |||
392 | // create a user-owned temporary file in /run/firejail directory | 393 | // create a user-owned temporary file in /run/firejail directory |
393 | char tmp_fname[] = "/run/firejail/tmpget-XXXXXX"; | 394 | char tmp_fname[] = "/run/firejail/tmpget-XXXXXX"; |
394 | int fd = mkstemp(tmp_fname); | 395 | int fd = mkstemp(tmp_fname); |
396 | if (fd == -1) { | ||
397 | fprintf(stderr, "Error: cannot create temporary file %s\n", tmp_fname); | ||
398 | exit(1); | ||
399 | } | ||
395 | SET_PERMS_FD(fd, getuid(), getgid(), 0600); | 400 | SET_PERMS_FD(fd, getuid(), getgid(), 0600); |
396 | close(fd); | 401 | close(fd); |
397 | 402 | ||
diff --git a/src/firejail/netfilter.c b/src/firejail/netfilter.c index 1df4b7a0f..0136ab1f8 100644 --- a/src/firejail/netfilter.c +++ b/src/firejail/netfilter.c | |||
@@ -69,31 +69,33 @@ void netfilter(const char *fname) { | |||
69 | if (netfilter_default) | 69 | if (netfilter_default) |
70 | fname = netfilter_default; | 70 | fname = netfilter_default; |
71 | if (fname) { | 71 | if (fname) { |
72 | // buffer the filter | 72 | assert(fname); |
73 | struct stat s; | 73 | |
74 | if (stat(fname, &s) == -1) { | 74 | // open filter file |
75 | fprintf(stderr, "Error: cannot find network filter file %s\n", fname); | 75 | int fd = open(fname, O_RDONLY); |
76 | exit(1); | 76 | if (fd == -1) |
77 | } | 77 | goto errexit; |
78 | 78 | int size = lseek(fd, 0, SEEK_END); | |
79 | filter = malloc(s.st_size + 1); // + '\0' | 79 | if (size == -1) |
80 | if (!filter) | 80 | goto errexit; |
81 | errExit("malloc"); | 81 | if (lseek(fd, 0 , SEEK_SET) == -1) |
82 | memset(filter, 0, s.st_size + 1); | 82 | goto errexit; |
83 | 83 | ||
84 | /* coverity[toctou] */ | 84 | // read filter |
85 | FILE *fp = fopen(fname, "r"); | 85 | filter = malloc(size + 1); // + '\0' |
86 | if (!fp) { | 86 | if (filter == NULL) |
87 | fprintf(stderr, "Error: cannot open network filter file %s\n", fname); | 87 | goto errexit; |
88 | exit(1); | 88 | memset(&filter[0], 0, sizeof(filter)); |
89 | } | 89 | int rd = 0; |
90 | 90 | while (rd < size) { | |
91 | size_t sz = fread(filter, 1, s.st_size, fp); | 91 | int rv = read(fd, (unsigned char *) filter + rd, size - rd); |
92 | if ((off_t)sz != s.st_size) { | 92 | if (rv == -1) |
93 | fprintf(stderr, "Error: cannot read network filter file %s\n", fname); | 93 | goto errexit; |
94 | exit(1); | 94 | rd += rv; |
95 | } | 95 | } |
96 | fclose(fp); | 96 | |
97 | // close file | ||
98 | close(fd); | ||
97 | allocated = 1; | 99 | allocated = 1; |
98 | } | 100 | } |
99 | 101 | ||
@@ -178,6 +180,11 @@ doexit: | |||
178 | 180 | ||
179 | if (allocated) | 181 | if (allocated) |
180 | free(filter); | 182 | free(filter); |
183 | return; | ||
184 | |||
185 | errexit: | ||
186 | fprintf(stderr, "Error: cannot read network filter %s\n", fname); | ||
187 | exit(1); | ||
181 | } | 188 | } |
182 | 189 | ||
183 | void netfilter6(const char *fname) { | 190 | void netfilter6(const char *fname) { |
@@ -186,38 +193,38 @@ void netfilter6(const char *fname) { | |||
186 | 193 | ||
187 | char *filter; | 194 | char *filter; |
188 | 195 | ||
189 | // buffer the filter | 196 | // open filter file |
190 | struct stat s; | 197 | int fd = open(fname, O_RDONLY); |
191 | if (stat(fname, &s) == -1) { | 198 | if (fd == -1) |
192 | fprintf(stderr, "Error: cannot find network filter file %s\n", fname); | 199 | goto errexit; |
193 | exit(1); | 200 | int size = lseek(fd, 0, SEEK_END); |
194 | } | 201 | if (size == -1) |
195 | 202 | goto errexit; | |
196 | filter = malloc(s.st_size + 1); // + '\0' | 203 | if (lseek(fd, 0 , SEEK_SET) == -1) |
197 | if (!filter) | 204 | goto errexit; |
198 | errExit("malloc"); | 205 | |
199 | memset(filter, 0, s.st_size + 1); | 206 | // read filter |
200 | 207 | filter = malloc(size + 1); // + '\0' | |
201 | /* coverity[toctou] */ | 208 | if (filter == NULL) |
202 | FILE *fp = fopen(fname, "r"); | 209 | goto errexit; |
203 | if (!fp) { | 210 | memset(&filter[0], 0, sizeof(filter)); |
204 | fprintf(stderr, "Error: cannot open network filter file %s\n", fname); | 211 | int rd = 0; |
205 | exit(1); | 212 | while (rd < size) { |
206 | } | 213 | int rv = read(fd, (unsigned char *) filter + rd, size - rd); |
207 | 214 | if (rv == -1) | |
208 | size_t sz = fread(filter, 1, s.st_size, fp); | 215 | goto errexit; |
209 | if ((off_t)sz != s.st_size) { | 216 | rd += rv; |
210 | fprintf(stderr, "Error: cannot read network filter file %s\n", fname); | ||
211 | exit(1); | ||
212 | } | 217 | } |
213 | fclose(fp); | 218 | |
219 | // close file | ||
220 | close(fd); | ||
214 | 221 | ||
215 | // temporarily mount a tempfs on top of /tmp directory | 222 | // temporarily mount a tempfs on top of /tmp directory |
216 | if (mount("tmpfs", "/tmp", "tmpfs", MS_NOSUID | MS_STRICTATIME | MS_REC, "mode=755,gid=0") < 0) | 223 | if (mount("tmpfs", "/tmp", "tmpfs", MS_NOSUID | MS_STRICTATIME | MS_REC, "mode=755,gid=0") < 0) |
217 | errExit("mounting /tmp"); | 224 | errExit("mounting /tmp"); |
218 | 225 | ||
219 | // create the filter file | 226 | // create the filter file |
220 | fp = fopen("/tmp/netfilter6", "w"); | 227 | FILE *fp = fopen("/tmp/netfilter6", "w"); |
221 | if (!fp) { | 228 | if (!fp) { |
222 | fprintf(stderr, "Error: cannot open /tmp/netfilter6 file\n"); | 229 | fprintf(stderr, "Error: cannot open /tmp/netfilter6 file\n"); |
223 | exit(1); | 230 | exit(1); |
@@ -228,6 +235,7 @@ void netfilter6(const char *fname) { | |||
228 | // find iptables command | 235 | // find iptables command |
229 | char *ip6tables = NULL; | 236 | char *ip6tables = NULL; |
230 | char *ip6tables_restore = NULL; | 237 | char *ip6tables_restore = NULL; |
238 | struct stat s; | ||
231 | if (stat("/sbin/ip6tables", &s) == 0) { | 239 | if (stat("/sbin/ip6tables", &s) == 0) { |
232 | ip6tables = "/sbin/ip6tables"; | 240 | ip6tables = "/sbin/ip6tables"; |
233 | ip6tables_restore = "/sbin/ip6tables-restore"; | 241 | ip6tables_restore = "/sbin/ip6tables-restore"; |
@@ -284,4 +292,9 @@ doexit: | |||
284 | // unmount /tmp | 292 | // unmount /tmp |
285 | umount("/tmp"); | 293 | umount("/tmp"); |
286 | free(filter); | 294 | free(filter); |
295 | return; | ||
296 | |||
297 | errexit: | ||
298 | fprintf(stderr, "Error: cannot read network filter %s\n", fname); | ||
299 | exit(1); | ||
287 | } | 300 | } |
diff --git a/src/firejail/no_sandbox.c b/src/firejail/no_sandbox.c index aae490c34..8af555ea2 100644 --- a/src/firejail/no_sandbox.c +++ b/src/firejail/no_sandbox.c | |||
@@ -232,7 +232,7 @@ void run_no_sandbox(int argc, char **argv) { | |||
232 | // use $SHELL to get shell used in sandbox | 232 | // use $SHELL to get shell used in sandbox |
233 | if (!arg_shell_none && !cfg.shell) { | 233 | if (!arg_shell_none && !cfg.shell) { |
234 | char *shell = getenv("SHELL"); | 234 | char *shell = getenv("SHELL"); |
235 | if (access(shell, R_OK) == 0) | 235 | if (shell && access(shell, R_OK) == 0) |
236 | cfg.shell = shell; | 236 | cfg.shell = shell; |
237 | } | 237 | } |
238 | // guess shell otherwise | 238 | // guess shell otherwise |
diff --git a/src/firejail/profile.c b/src/firejail/profile.c index 694509511..9acb1b813 100644 --- a/src/firejail/profile.c +++ b/src/firejail/profile.c | |||
@@ -990,6 +990,7 @@ void profile_read(const char *fname) { | |||
990 | // process quiet | 990 | // process quiet |
991 | if (strcmp(ptr, "quiet") == 0) { | 991 | if (strcmp(ptr, "quiet") == 0) { |
992 | arg_quiet = 1; | 992 | arg_quiet = 1; |
993 | free(ptr); | ||
993 | continue; | 994 | continue; |
994 | } | 995 | } |
995 | if (!msg_printed) { | 996 | if (!msg_printed) { |
diff --git a/src/firejail/pulseaudio.c b/src/firejail/pulseaudio.c index 6ec590eaa..f890dd534 100644 --- a/src/firejail/pulseaudio.c +++ b/src/firejail/pulseaudio.c | |||
@@ -137,6 +137,7 @@ void pulseaudio_init(void) { | |||
137 | if (asprintf(&dir1, "%s/.config/pulse", cfg.homedir) == -1) | 137 | if (asprintf(&dir1, "%s/.config/pulse", cfg.homedir) == -1) |
138 | errExit("asprintf"); | 138 | errExit("asprintf"); |
139 | if (stat(dir1, &s) == -1) { | 139 | if (stat(dir1, &s) == -1) { |
140 | /* coverity[toctou] */ | ||
140 | int rv = mkdir(dir1, 0700); | 141 | int rv = mkdir(dir1, 0700); |
141 | if (rv == 0) { | 142 | if (rv == 0) { |
142 | if (set_perms(dir1, getuid(), getgid(), 0700)) | 143 | if (set_perms(dir1, getuid(), getgid(), 0700)) |
diff --git a/src/firejail/run_symlink.c b/src/firejail/run_symlink.c index 8aa2fe53f..a4dce405d 100644 --- a/src/firejail/run_symlink.c +++ b/src/firejail/run_symlink.c | |||
@@ -59,6 +59,7 @@ void run_symlink(int argc, char **argv) { | |||
59 | 59 | ||
60 | struct stat s; | 60 | struct stat s; |
61 | if (stat(name, &s) == 0) { | 61 | if (stat(name, &s) == 0) { |
62 | /* coverity[toctou] */ | ||
62 | char* rp = realpath(name, NULL); | 63 | char* rp = realpath(name, NULL); |
63 | if (!rp) | 64 | if (!rp) |
64 | errExit("realpath"); | 65 | errExit("realpath"); |
diff --git a/src/firejail/sbox.c b/src/firejail/sbox.c index 430ffb86e..dbfdd445a 100644 --- a/src/firejail/sbox.c +++ b/src/firejail/sbox.c | |||
@@ -150,6 +150,7 @@ int sbox_run(unsigned filter, int num, ...) { | |||
150 | } | 150 | } |
151 | else // the user could run the sandbox without /dev/null | 151 | else // the user could run the sandbox without /dev/null |
152 | close(STDIN_FILENO); | 152 | close(STDIN_FILENO); |
153 | close(fd); | ||
153 | } | 154 | } |
154 | umask(027); | 155 | umask(027); |
155 | 156 | ||
diff --git a/src/firejail/util.c b/src/firejail/util.c index 03f52fabb..c3e00a110 100644 --- a/src/firejail/util.c +++ b/src/firejail/util.c | |||
@@ -683,11 +683,12 @@ int remove_directory(const char *path) { | |||
683 | void flush_stdin(void) { | 683 | void flush_stdin(void) { |
684 | if (isatty(STDIN_FILENO)) { | 684 | if (isatty(STDIN_FILENO)) { |
685 | int cnt = 0; | 685 | int cnt = 0; |
686 | ioctl(STDIN_FILENO, FIONREAD, &cnt); | 686 | int rv = ioctl(STDIN_FILENO, FIONREAD, &cnt); |
687 | if (cnt) { | 687 | if (rv == 0 && cnt) { |
688 | if (!arg_quiet) | 688 | if (!arg_quiet) |
689 | printf("Warning: removing %d bytes from stdin\n", cnt); | 689 | printf("Warning: removing %d bytes from stdin\n", cnt); |
690 | ioctl(STDIN_FILENO, TCFLSH, TCIFLUSH); | 690 | rv = ioctl(STDIN_FILENO, TCFLSH, TCIFLUSH); |
691 | (void) rv; | ||
691 | } | 692 | } |
692 | } | 693 | } |
693 | } | 694 | } |
@@ -700,6 +701,7 @@ void create_empty_dir_as_root(const char *dir, mode_t mode) { | |||
700 | if (stat(dir, &s)) { | 701 | if (stat(dir, &s)) { |
701 | if (arg_debug) | 702 | if (arg_debug) |
702 | printf("Creating empty %s directory\n", dir); | 703 | printf("Creating empty %s directory\n", dir); |
704 | /* coverity[toctou] */ | ||
703 | if (mkdir(dir, mode) == -1) | 705 | if (mkdir(dir, mode) == -1) |
704 | errExit("mkdir"); | 706 | errExit("mkdir"); |
705 | if (set_perms(dir, 0, 0, mode)) | 707 | if (set_perms(dir, 0, 0, mode)) |
@@ -717,6 +719,7 @@ void create_empty_file_as_root(const char *fname, mode_t mode) { | |||
717 | if (arg_debug) | 719 | if (arg_debug) |
718 | printf("Creating empty %s file\n", fname); | 720 | printf("Creating empty %s file\n", fname); |
719 | 721 | ||
722 | /* coverity[toctou] */ | ||
720 | FILE *fp = fopen(fname, "w"); | 723 | FILE *fp = fopen(fname, "w"); |
721 | if (!fp) | 724 | if (!fp) |
722 | errExit("fopen"); | 725 | errExit("fopen"); |
diff --git a/src/firejail/x11.c b/src/firejail/x11.c index 9da6d3e30..807f2d5f0 100644 --- a/src/firejail/x11.c +++ b/src/firejail/x11.c | |||
@@ -151,6 +151,7 @@ void fs_x11(void) { | |||
151 | fs_logger("tmpfs /tmp/.X11-unix"); | 151 | fs_logger("tmpfs /tmp/.X11-unix"); |
152 | 152 | ||
153 | // create an empty file | 153 | // create an empty file |
154 | /* coverity[toctou] */ | ||
154 | FILE *fp = fopen(x11file, "w"); | 155 | FILE *fp = fopen(x11file, "w"); |
155 | if (!fp) { | 156 | if (!fp) { |
156 | fprintf(stderr, "Error: cannot create empty file in x11 directory\n"); | 157 | fprintf(stderr, "Error: cannot create empty file in x11 directory\n"); |
diff --git a/src/fseccomp/seccomp_print.c b/src/fseccomp/seccomp_print.c index 7dc983b12..af240307c 100644 --- a/src/fseccomp/seccomp_print.c +++ b/src/fseccomp/seccomp_print.c | |||
@@ -26,35 +26,41 @@ static int filter_cnt = 0; | |||
26 | 26 | ||
27 | static void load_seccomp(const char *fname) { | 27 | static void load_seccomp(const char *fname) { |
28 | assert(fname); | 28 | assert(fname); |
29 | |||
30 | // open filter file | ||
31 | int fd = open(fname, O_RDONLY); | ||
32 | if (fd == -1) | ||
33 | goto errexit; | ||
29 | 34 | ||
30 | // check file | 35 | // calculate the number of entries |
31 | struct stat s; | 36 | int size = lseek(fd, 0, SEEK_END); |
32 | if (stat(fname, &s) == -1) { | 37 | if (size == -1) |
33 | fprintf(stderr, "Error fseccomp: cannot read protocol filter file\n"); | 38 | goto errexit; |
34 | exit(1); | 39 | if (lseek(fd, 0 , SEEK_SET) == -1) |
35 | } | 40 | goto errexit; |
36 | int size = s.st_size; | ||
37 | unsigned short entries = (unsigned short) size / (unsigned short) sizeof(struct sock_filter); | 41 | unsigned short entries = (unsigned short) size / (unsigned short) sizeof(struct sock_filter); |
38 | filter_cnt = entries; | 42 | filter_cnt = entries; |
39 | //printf("size %d, entries %d\n", s.st_size, entries); | 43 | |
40 | |||
41 | filter = malloc(sizeof(struct sock_filter) * entries); | ||
42 | if (!filter) | ||
43 | errExit("malloc"); | ||
44 | |||
45 | // read filter | 44 | // read filter |
46 | memset(filter, 0, sizeof(struct sock_filter) * entries); | 45 | filter = malloc(size); |
47 | int src = open(fname, O_RDONLY); | 46 | if (filter == NULL) |
47 | goto errexit; | ||
48 | memset(&filter[0], 0, sizeof(filter)); | ||
48 | int rd = 0; | 49 | int rd = 0; |
49 | while (rd < size) { | 50 | while (rd < size) { |
50 | int rv = read(src, (unsigned char *) filter + rd, size - rd); | 51 | int rv = read(fd, (unsigned char *) filter + rd, size - rd); |
51 | if (rv == -1) { | 52 | if (rv == -1) |
52 | fprintf(stderr, "Error fseccomp: cannot read %s file\n", fname); | 53 | goto errexit; |
53 | exit(1); | ||
54 | } | ||
55 | rd += rv; | 54 | rd += rv; |
56 | } | 55 | } |
57 | close(src); | 56 | |
57 | // close file | ||
58 | close(fd); | ||
59 | return; | ||
60 | |||
61 | errexit: | ||
62 | fprintf(stderr, "Error fseccomp: cannot read %s\n", fname); | ||
63 | exit(1); | ||
58 | } | 64 | } |
59 | 65 | ||
60 | // debug filter | 66 | // debug filter |
diff --git a/src/lib/common.c b/src/lib/common.c index add4ff087..3f66fa72a 100644 --- a/src/lib/common.c +++ b/src/lib/common.c | |||
@@ -203,6 +203,8 @@ char *pid_proc_cmdline(const pid_t pid) { | |||
203 | int pid_proc_cmdline_x11_xpra_xephyr(const pid_t pid) { | 203 | int pid_proc_cmdline_x11_xpra_xephyr(const pid_t pid) { |
204 | // if comm is not firejail return 0 | 204 | // if comm is not firejail return 0 |
205 | char *comm = pid_proc_comm(pid); | 205 | char *comm = pid_proc_comm(pid); |
206 | if (comm == NULL) | ||
207 | return 0; | ||
206 | if (strcmp(comm, "firejail") != 0) { | 208 | if (strcmp(comm, "firejail") != 0) { |
207 | free(comm); | 209 | free(comm); |
208 | return 0; | 210 | return 0; |
diff --git a/src/libtracelog/libtracelog.c b/src/libtracelog/libtracelog.c index ca496d41c..90fe726de 100644 --- a/src/libtracelog/libtracelog.c +++ b/src/libtracelog/libtracelog.c | |||
@@ -191,7 +191,7 @@ static void load_blacklist(void) { | |||
191 | char *ptr = strchr(buf, '\n'); | 191 | char *ptr = strchr(buf, '\n'); |
192 | if (ptr) | 192 | if (ptr) |
193 | *ptr = '\0'; | 193 | *ptr = '\0'; |
194 | if (sandbox_name_str == NULL); | 194 | if (sandbox_name_str == NULL) |
195 | sandbox_name_str = strdup(buf + 14); | 195 | sandbox_name_str = strdup(buf + 14); |
196 | } | 196 | } |
197 | else if (strncmp(buf, "blacklist ", 10) == 0) { | 197 | else if (strncmp(buf, "blacklist ", 10) == 0) { |
@@ -286,6 +286,4 @@ removable media, partitions, software RAID volumes, logical volumes, and files. | |||
286 | 286 | ||
287 | 29. grsecurity - move test after "firejail --name=blablabla" in /test/apps* | 287 | 29. grsecurity - move test after "firejail --name=blablabla" in /test/apps* |
288 | 288 | ||
289 | 30. /* coverity[toctou] */ | ||
290 | 289 | ||
291 | 31. test dillo, sandbox.c:240 | ||