diff options
-rw-r--r-- | src/firejail/fs_home.c | 15 |
1 files changed, 12 insertions, 3 deletions
diff --git a/src/firejail/fs_home.c b/src/firejail/fs_home.c index 8a3484b06..d4a16da0a 100644 --- a/src/firejail/fs_home.c +++ b/src/firejail/fs_home.c | |||
@@ -162,10 +162,19 @@ static int store_asoundrc(void) { | |||
162 | errExit("asprintf"); | 162 | errExit("asprintf"); |
163 | 163 | ||
164 | struct stat s; | 164 | struct stat s; |
165 | if (stat(src, &s) == 0) { | 165 | if (stat(src, &s) == 0) { |
166 | if (is_link(src)) { | 166 | if (is_link(src)) { |
167 | fprintf(stderr, "Error: invalid .asoundrc file\n"); | 167 | // make sure the real path of the file is inside the home directory |
168 | exit(1); | 168 | char* rp = realpath(src, NULL); |
169 | if (!rp) { | ||
170 | fprintf(stderr, "Error: Cannot access %s\n", src); | ||
171 | exit(1); | ||
172 | } | ||
173 | if (strncmp(rp, cfg.homedir, strlen(cfg.homedir)) != 0) { | ||
174 | fprintf(stderr, "Error: .asoundrc is a symbolic link pointing to a file outside home directory\n"); | ||
175 | exit(1); | ||
176 | } | ||
177 | free(rp); | ||
169 | } | 178 | } |
170 | 179 | ||
171 | int rv = copy_file(src, dest); | 180 | int rv = copy_file(src, dest); |