10 files changed, 96 insertions, 40 deletions
diff --git a/src/fcopy/main.c b/src/fcopy/main.c
index 82d829bba..ca2643e7d 100644
--- a/src/fcopy/main.c
+++ b/src/fcopy/main.c
@@ -188,22 +188,19 @@ static int fs_copydir(const char *infname, const struct stat *st, int ftype, str
 static char *check(const char *src) {
        struct stat s;
        char *rsrc = realpath(src, NULL);
-        if (!rsrc || stat(rsrc, &s) == -1) {
+        if (!rsrc || stat(rsrc, &s) == -1)
-                fprintf(stderr, "Error fcopy: cannot find %s directory\n", src);
+                goto errexit;
-                exit(1);
-        }
        // check uid
-        if (s.st_uid != getuid() || s.st_gid != getgid()) {
+        if (s.st_uid != getuid() || s.st_gid != getgid())
-                fprintf(stderr, "Error fcopy: uid/gid mismatch for %s\n", rsrc);
+                goto errexit;
-                exit(1);
-        }
        // dir, link, regular file
-        if (S_ISDIR(s.st_mode) || S_ISREG(s.st_mode) || S_ISLNK(s.st_mode)) {
+        if (S_ISDIR(s.st_mode) || S_ISREG(s.st_mode) || S_ISLNK(s.st_mode))
                return rsrc;                      // normal exit from the function
-        }
+        
-        fprintf(stderr, "Error fcopy: invalid directory %s\n", rsrc);
+errexit:
+        fprintf(stderr, "Error fcopy: invalid file %s\n", src);
        exit(1);
 }
diff --git a/src/firemon/caps.c b/src/firemon/caps.c
index 81877ab87..3f8a139ae 100644
--- a/src/firemon/caps.c
+++ b/src/firemon/caps.c
@@ -24,7 +24,6 @@ static void print_caps(int pid) {
        char *file;
        if (asprintf(&file, "/proc/%d/status", pid) == -1) {
                errExit("asprintf");
-                exit(1);
        }
        FILE *fp = fopen(file, "r");
diff --git a/src/firemon/procevent.c b/src/firemon/procevent.c
index 1940f4a34..edae21951 100644
--- a/src/firemon/procevent.c
+++ b/src/firemon/procevent.c
@@ -43,10 +43,8 @@ static int pid_is_firejail(pid_t pid) {
        
        // open /proc/self/comm
        char *file;
-        if (asprintf(&file, "/proc/%u/comm", pid) == -1) {
+        if (asprintf(&file, "/proc/%u/comm", pid) == -1)
-                perror("asprintf");
+                errExit("asprintf");
-                exit(1);
-        }
        
        FILE *fp = fopen(file, "r");
        if (!fp) {
diff --git a/src/firemon/seccomp.c b/src/firemon/seccomp.c
index abc698bb8..f11c624ea 100644
--- a/src/firemon/seccomp.c
+++ b/src/firemon/seccomp.c
@@ -22,10 +22,8 @@
 #define MAXBUF 4098
 static void print_seccomp(int pid) {
        char *file;
-        if (asprintf(&file, "/proc/%d/status", pid) == -1) {
+        if (asprintf(&file, "/proc/%d/status", pid) == -1)
                errExit("asprintf");
-                exit(1);
-        }
        FILE *fp = fopen(file, "r");
        if (!fp) {
diff --git a/src/ftee/main.c b/src/ftee/main.c
index e6aa5f567..2b27baa5a 100644
--- a/src/ftee/main.c
+++ b/src/ftee/main.c
@@ -179,10 +179,6 @@ static int is_link(const char *fname) {
        return 0;
 }
 static void usage(void) {
        printf("Usage: ftee filename\n");
 }
@@ -201,33 +197,25 @@ int main(int argc, char **argv) {
        // do not accept directories, links, and files with ".."
-        if (strstr(fname, "..") || is_link(fname) || is_dir(fname)) {
+        if (strstr(fname, "..") || is_link(fname) || is_dir(fname))
-                fprintf(stderr, "Error: invalid output file. Links, directories and files with \"..\" are not allowed.\n");
+                goto errexit;
-                exit(1);
-        }
        
        struct stat s;
        if (stat(fname, &s) == 0) {
                // check permissions
-                if (s.st_uid != getuid() || s.st_gid != getgid()) {
+                if (s.st_uid != getuid() || s.st_gid != getgid())
-                        fprintf(stderr, "Error: the output file needs to be owned by the current user.\n");
+                        goto errexit;
-                        exit(1);
-                }
                
                // check hard links
-                if (s.st_nlink != 1) {
+                if (s.st_nlink != 1)
-                        fprintf(stderr, "Error: no hard links allowed.\n");
+                        goto errexit;
-                        exit(1);
-                }
        }
        // check if we can append to this file
        /* coverity[toctou] */
        FILE *fp = fopen(fname, "a");
-        if (!fp) {
+        if (!fp)
-                fprintf(stderr, "Error: cannot open output file %s\n", fname);
+                goto errexit;
-                exit(1);
-        }
        fclose(fp);
@@ -248,4 +236,8 @@ int main(int argc, char **argv) {
        
        log_close();
        return 0;
+errexit:
+        fprintf(stderr, "Error ftee: invalid output file.\n");
+        return 1;
 }
diff --git a/test/utils/firemon-cpu.exp b/test/utils/firemon-cpu.exp
index f2ecd4a5c..00156c909 100755
--- a/test/utils/firemon-cpu.exp
+++ b/test/utils/firemon-cpu.exp
@@ -24,7 +24,6 @@ sleep 1
 spawn $env(SHELL)
 send --  "firemon --cpu\r"
-sleep 4
 expect {
        timeout {puts "TESTING ERROR 2\n";exit}
        "need to be root" {puts "TESTING SKIP: /proc mounted as hidepid\n"; exit}
diff --git a/test/utils/firemon-interface.exp b/test/utils/firemon-interface.exp
new file mode 100755
index 000000000..edafd1639
--- /dev/null
+++ b/test/utils/firemon-interface.exp
@@ -0,0 +1,18 @@
+#!/usr/bin/expect -f
+# This file is part of Firejail project
+# Copyright (C) 2014-2016 Firejail Authors
+# License GPL v2
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+send --  "firemon --interface\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "you need to be root"
+}
+after 100
+puts "\nall done\n"
diff --git a/test/utils/firemon-name.exp b/test/utils/firemon-name.exp
new file mode 100755
index 000000000..c5dbfabab
--- /dev/null
+++ b/test/utils/firemon-name.exp
@@ -0,0 +1,28 @@
+#!/usr/bin/expect -f
+# This file is part of Firejail project
+# Copyright (C) 2014-2016 Firejail Authors
+# License GPL v2
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+send --  "firejail --name=test\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "Child process initialized"
+}
+sleep 1
+spawn $env(SHELL)
+send --  "firemon --cpu --name=test\r"
+expect {
+        timeout {puts "TESTING ERROR 2\n";exit}
+        "need to be root" {puts "TESTING SKIP: /proc mounted as hidepid\n"; exit}
+        "Cpus_allowed_list"
+}
+after 100
+puts "\nall done\n"
diff --git a/test/utils/firemon-version.exp b/test/utils/firemon-version.exp
new file mode 100755
index 000000000..639c15c29
--- /dev/null
+++ b/test/utils/firemon-version.exp
@@ -0,0 +1,18 @@
+#!/usr/bin/expect -f
+# This file is part of Firejail project
+# Copyright (C) 2014-2016 Firejail Authors
+# License GPL v2
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+send --  "firemon --version\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "firemon version"
+}
+after 100
+puts "\nall done\n"
diff --git a/test/utils/utils.sh b/test/utils/utils.sh
index bd91110f7..804e5ae0f 100755
--- a/test/utils/utils.sh
+++ b/test/utils/utils.sh
@@ -100,3 +100,12 @@ echo "TESTING: firemon cpu (test/utils/firemon-cpu.exp)"
 echo "TESTING: firemon cgroup (test/utils/firemon-cgroup.exp)"
 ./firemon-cgroup.exp
+echo "TESTING: firemon version (test/utils/firemon-version.exp)"
+./firemon-version.exp
+echo "TESTING: firemon interface (test/utils/firemon-interface.exp)"
+./firemon-interface.exp
+echo "TESTING: firemon name (test/utils/firemon-name.exp)"
+./firemon-name.exp

diff --git a/src/fcopy/main.c b/src/fcopy/main.c index 82d829bba..ca2643e7d 100644 --- a/src/fcopy/main.c +++ b/src/fcopy/main.c
@@ -188,22 +188,19 @@ static int fs_copydir(const char infname, const struct stat st, int ftype, str
188	static char check(const char src) {	188	static char check(const char src) {
189	struct stat s;	189	struct stat s;
190	char *rsrc = realpath(src, NULL);	190	char *rsrc = realpath(src, NULL);
191	if (!rsrc \|\| stat(rsrc, &s) == -1) {	191	if (!rsrc \|\| stat(rsrc, &s) == -1)
192	fprintf(stderr, "Error fcopy: cannot find %s directory\n", src);	192	goto errexit;
193	exit(1);
194	}
195		193
196	// check uid	194	// check uid
197	if (s.st_uid != getuid() \|\| s.st_gid != getgid()) {	195	if (s.st_uid != getuid() \|\| s.st_gid != getgid())
198	fprintf(stderr, "Error fcopy: uid/gid mismatch for %s\n", rsrc);	196	goto errexit;
199	exit(1);
200	}
201		197
202	// dir, link, regular file	198	// dir, link, regular file
203	if (S_ISDIR(s.st_mode) \|\| S_ISREG(s.st_mode) \|\| S_ISLNK(s.st_mode)) {	199	if (S_ISDIR(s.st_mode) \|\| S_ISREG(s.st_mode) \|\| S_ISLNK(s.st_mode))
204	return rsrc; // normal exit from the function	200	return rsrc; // normal exit from the function
205	}	201
206	fprintf(stderr, "Error fcopy: invalid directory %s\n", rsrc);	202	errexit:
		203	fprintf(stderr, "Error fcopy: invalid file %s\n", src);
207	exit(1);	204	exit(1);
208	}	205	}
209		206


diff --git a/src/firemon/caps.c b/src/firemon/caps.c index 81877ab87..3f8a139ae 100644 --- a/src/firemon/caps.c +++ b/src/firemon/caps.c
@@ -24,7 +24,6 @@ static void print_caps(int pid) {
24	char *file;	24	char *file;
25	if (asprintf(&file, "/proc/%d/status", pid) == -1) {	25	if (asprintf(&file, "/proc/%d/status", pid) == -1) {
26	errExit("asprintf");	26	errExit("asprintf");
27	exit(1);
28	}	27	}
29		28
30	FILE *fp = fopen(file, "r");	29	FILE *fp = fopen(file, "r");


diff --git a/src/firemon/procevent.c b/src/firemon/procevent.c index 1940f4a34..edae21951 100644 --- a/src/firemon/procevent.c +++ b/src/firemon/procevent.c
@@ -43,10 +43,8 @@ static int pid_is_firejail(pid_t pid) {
43		43
44	// open /proc/self/comm	44	// open /proc/self/comm
45	char *file;	45	char *file;
46	if (asprintf(&file, "/proc/%u/comm", pid) == -1) {	46	if (asprintf(&file, "/proc/%u/comm", pid) == -1)
47	perror("asprintf");	47	errExit("asprintf");
48	exit(1);
49	}
50		48
51	FILE *fp = fopen(file, "r");	49	FILE *fp = fopen(file, "r");
52	if (!fp) {	50	if (!fp) {


diff --git a/src/firemon/seccomp.c b/src/firemon/seccomp.c index abc698bb8..f11c624ea 100644 --- a/src/firemon/seccomp.c +++ b/src/firemon/seccomp.c
@@ -22,10 +22,8 @@
22	#define MAXBUF 4098	22	#define MAXBUF 4098
23	static void print_seccomp(int pid) {	23	static void print_seccomp(int pid) {
24	char *file;	24	char *file;
25	if (asprintf(&file, "/proc/%d/status", pid) == -1) {	25	if (asprintf(&file, "/proc/%d/status", pid) == -1)
26	errExit("asprintf");	26	errExit("asprintf");
27	exit(1);
28	}
29		27
30	FILE *fp = fopen(file, "r");	28	FILE *fp = fopen(file, "r");
31	if (!fp) {	29	if (!fp) {


diff --git a/src/ftee/main.c b/src/ftee/main.c index e6aa5f567..2b27baa5a 100644 --- a/src/ftee/main.c +++ b/src/ftee/main.c
@@ -179,10 +179,6 @@ static int is_link(const char *fname) {
179	return 0;	179	return 0;
180	}	180	}
181		181
182
183
184
185
186	static void usage(void) {	182	static void usage(void) {
187	printf("Usage: ftee filename\n");	183	printf("Usage: ftee filename\n");
188	}	184	}
@@ -201,33 +197,25 @@ int main(int argc, char **argv) {
201		197
202		198
203	// do not accept directories, links, and files with ".."	199	// do not accept directories, links, and files with ".."
204	if (strstr(fname, "..") \|\| is_link(fname) \|\| is_dir(fname)) {	200	if (strstr(fname, "..") \|\| is_link(fname) \|\| is_dir(fname))
205	fprintf(stderr, "Error: invalid output file. Links, directories and files with \"..\" are not allowed.\n");	201	goto errexit;
206	exit(1);
207	}
208		202
209	struct stat s;	203	struct stat s;
210	if (stat(fname, &s) == 0) {	204	if (stat(fname, &s) == 0) {
211	// check permissions	205	// check permissions
212	if (s.st_uid != getuid() \|\| s.st_gid != getgid()) {	206	if (s.st_uid != getuid() \|\| s.st_gid != getgid())
213	fprintf(stderr, "Error: the output file needs to be owned by the current user.\n");	207	goto errexit;
214	exit(1);
215	}
216		208
217	// check hard links	209	// check hard links
218	if (s.st_nlink != 1) {	210	if (s.st_nlink != 1)
219	fprintf(stderr, "Error: no hard links allowed.\n");	211	goto errexit;
220	exit(1);
221	}
222	}	212	}
223		213
224	// check if we can append to this file	214	// check if we can append to this file
225	/* coverity[toctou] */	215	/* coverity[toctou] */
226	FILE *fp = fopen(fname, "a");	216	FILE *fp = fopen(fname, "a");
227	if (!fp) {	217	if (!fp)
228	fprintf(stderr, "Error: cannot open output file %s\n", fname);	218	goto errexit;
229	exit(1);
230	}
231	fclose(fp);	219	fclose(fp);
232		220
233		221
@@ -248,4 +236,8 @@ int main(int argc, char **argv) {
248		236
249	log_close();	237	log_close();
250	return 0;	238	return 0;
		239
		240	errexit:
		241	fprintf(stderr, "Error ftee: invalid output file.\n");
		242	return 1;
251	}	243	}


diff --git a/test/utils/firemon-cpu.exp b/test/utils/firemon-cpu.exp index f2ecd4a5c..00156c909 100755 --- a/test/utils/firemon-cpu.exp +++ b/test/utils/firemon-cpu.exp
@@ -24,7 +24,6 @@ sleep 1
24		24
25	spawn $env(SHELL)	25	spawn $env(SHELL)
26	send -- "firemon --cpu\r"	26	send -- "firemon --cpu\r"
27	sleep 4
28	expect {	27	expect {
29	timeout {puts "TESTING ERROR 2\n";exit}	28	timeout {puts "TESTING ERROR 2\n";exit}
30	"need to be root" {puts "TESTING SKIP: /proc mounted as hidepid\n"; exit}	29	"need to be root" {puts "TESTING SKIP: /proc mounted as hidepid\n"; exit}


diff --git a/test/utils/firemon-interface.exp b/test/utils/firemon-interface.exp new file mode 100755 index 000000000..edafd1639 --- /dev/null +++ b/test/utils/firemon-interface.exp
@@ -0,0 +1,18 @@
		1	#!/usr/bin/expect -f
		2	# This file is part of Firejail project
		3	# Copyright (C) 2014-2016 Firejail Authors
		4	# License GPL v2
		5
		6	set timeout 10
		7	spawn $env(SHELL)
		8	match_max 100000
		9
		10	send -- "firemon --interface\r"
		11	expect {
		12	timeout {puts "TESTING ERROR 0\n";exit}
		13	"you need to be root"
		14	}
		15	after 100
		16
		17	puts "\nall done\n"
		18


diff --git a/test/utils/firemon-name.exp b/test/utils/firemon-name.exp new file mode 100755 index 000000000..c5dbfabab --- /dev/null +++ b/test/utils/firemon-name.exp
@@ -0,0 +1,28 @@
		1	#!/usr/bin/expect -f
		2	# This file is part of Firejail project
		3	# Copyright (C) 2014-2016 Firejail Authors
		4	# License GPL v2
		5
		6	set timeout 10
		7	spawn $env(SHELL)
		8	match_max 100000
		9
		10	send -- "firejail --name=test\r"
		11	expect {
		12	timeout {puts "TESTING ERROR 0\n";exit}
		13	"Child process initialized"
		14	}
		15	sleep 1
		16
		17	spawn $env(SHELL)
		18	send -- "firemon --cpu --name=test\r"
		19	expect {
		20	timeout {puts "TESTING ERROR 2\n";exit}
		21	"need to be root" {puts "TESTING SKIP: /proc mounted as hidepid\n"; exit}
		22	"Cpus_allowed_list"
		23	}
		24
		25	after 100
		26
		27	puts "\nall done\n"
		28


diff --git a/test/utils/firemon-version.exp b/test/utils/firemon-version.exp new file mode 100755 index 000000000..639c15c29 --- /dev/null +++ b/test/utils/firemon-version.exp
@@ -0,0 +1,18 @@
		1	#!/usr/bin/expect -f
		2	# This file is part of Firejail project
		3	# Copyright (C) 2014-2016 Firejail Authors
		4	# License GPL v2
		5
		6	set timeout 10
		7	spawn $env(SHELL)
		8	match_max 100000
		9
		10	send -- "firemon --version\r"
		11	expect {
		12	timeout {puts "TESTING ERROR 0\n";exit}
		13	"firemon version"
		14	}
		15	after 100
		16
		17	puts "\nall done\n"
		18


diff --git a/test/utils/utils.sh b/test/utils/utils.sh index bd91110f7..804e5ae0f 100755 --- a/test/utils/utils.sh +++ b/test/utils/utils.sh
@@ -100,3 +100,12 @@ echo "TESTING: firemon cpu (test/utils/firemon-cpu.exp)"
100	echo "TESTING: firemon cgroup (test/utils/firemon-cgroup.exp)"	100	echo "TESTING: firemon cgroup (test/utils/firemon-cgroup.exp)"
101	./firemon-cgroup.exp	101	./firemon-cgroup.exp
102		102
		103	echo "TESTING: firemon version (test/utils/firemon-version.exp)"
		104	./firemon-version.exp
		105
		106	echo "TESTING: firemon interface (test/utils/firemon-interface.exp)"
		107	./firemon-interface.exp
		108
		109	echo "TESTING: firemon name (test/utils/firemon-name.exp)"
		110	./firemon-name.exp
		111