diff options
-rw-r--r-- | src/firejail/main.c | 23 | ||||
-rw-r--r-- | src/firejail/profile.c | 17 |
2 files changed, 9 insertions, 31 deletions
diff --git a/src/firejail/main.c b/src/firejail/main.c index 715123279..df1c81f3a 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c | |||
@@ -2187,7 +2187,7 @@ int main(int argc, char **argv, char **envp) { | |||
2187 | else if (strncmp(argv[i], "--name=", 7) == 0) { | 2187 | else if (strncmp(argv[i], "--name=", 7) == 0) { |
2188 | cfg.name = argv[i] + 7; | 2188 | cfg.name = argv[i] + 7; |
2189 | if (strlen(cfg.name) == 0) { | 2189 | if (strlen(cfg.name) == 0) { |
2190 | fprintf(stderr, "Error: please provide a name for sandbox\n"); | 2190 | fprintf(stderr, "Error: invalid sandbox name: cannot be empty\n"); |
2191 | return 1; | 2191 | return 1; |
2192 | } | 2192 | } |
2193 | if (invalid_name(cfg.name)) { | 2193 | if (invalid_name(cfg.name)) { |
@@ -2197,24 +2197,11 @@ int main(int argc, char **argv, char **envp) { | |||
2197 | } | 2197 | } |
2198 | else if (strncmp(argv[i], "--hostname=", 11) == 0) { | 2198 | else if (strncmp(argv[i], "--hostname=", 11) == 0) { |
2199 | cfg.hostname = argv[i] + 11; | 2199 | cfg.hostname = argv[i] + 11; |
2200 | size_t len = strlen(cfg.hostname); | 2200 | if (strlen(cfg.hostname) == 0) { |
2201 | if (len == 0 || len > 253) { | 2201 | fprintf(stderr, "Error: invalid hostname: cannot be empty\n"); |
2202 | fprintf(stderr, "Error: please provide a valid hostname for sandbox, with maximum length of 253 ASCII characters\n"); | ||
2203 | return 1; | 2202 | return 1; |
2204 | } | 2203 | } |
2205 | int invalid = invalid_name(cfg.hostname); | 2204 | if (invalid_name(cfg.hostname)) { |
2206 | char* hostname = cfg.hostname; | ||
2207 | while (*hostname && !invalid) { | ||
2208 | invalid = invalid || !( | ||
2209 | (*hostname >= 'a' && *hostname <= 'z') || | ||
2210 | (*hostname >= 'A' && *hostname <= 'Z') || | ||
2211 | (*hostname >= '0' && *hostname <= '9') || | ||
2212 | (*hostname == '-' || *hostname == '.')); | ||
2213 | hostname++; | ||
2214 | } | ||
2215 | invalid = invalid || cfg.hostname[0] == '-'; // must not start with - | ||
2216 | invalid = invalid || cfg.hostname[len - 1] == '-'; // must not end with - | ||
2217 | if (invalid) { | ||
2218 | fprintf(stderr, "Error: invalid hostname\n"); | 2205 | fprintf(stderr, "Error: invalid hostname\n"); |
2219 | return 1; | 2206 | return 1; |
2220 | } | 2207 | } |
@@ -2847,7 +2834,7 @@ int main(int argc, char **argv, char **envp) { | |||
2847 | // set sandbox name and start normally | 2834 | // set sandbox name and start normally |
2848 | cfg.name = argv[i] + 16; | 2835 | cfg.name = argv[i] + 16; |
2849 | if (strlen(cfg.name) == 0) { | 2836 | if (strlen(cfg.name) == 0) { |
2850 | fprintf(stderr, "Error: please provide a name for sandbox\n"); | 2837 | fprintf(stderr, "Error: invalid sandbox name: cannot be empty\n"); |
2851 | return 1; | 2838 | return 1; |
2852 | } | 2839 | } |
2853 | } | 2840 | } |
diff --git a/src/firejail/profile.c b/src/firejail/profile.c index 202bcf4da..139ce0580 100644 --- a/src/firejail/profile.c +++ b/src/firejail/profile.c | |||
@@ -326,22 +326,13 @@ int profile_check_line(char *ptr, int lineno, const char *fname) { | |||
326 | } | 326 | } |
327 | // sandbox name | 327 | // sandbox name |
328 | else if (strncmp(ptr, "name ", 5) == 0) { | 328 | else if (strncmp(ptr, "name ", 5) == 0) { |
329 | int only_numbers = 1; | ||
330 | cfg.name = ptr + 5; | 329 | cfg.name = ptr + 5; |
331 | if (strlen(cfg.name) == 0) { | 330 | if (strlen(cfg.name) == 0) { |
332 | fprintf(stderr, "Error: invalid sandbox name\n"); | 331 | fprintf(stderr, "Error: invalid sandbox name: cannot be empty\n"); |
333 | exit(1); | 332 | exit(1); |
334 | } | 333 | } |
335 | const char *c = cfg.name; | 334 | if (invalid_name(cfg.name)) { |
336 | while (*c) { | 335 | fprintf(stderr, "Error: invalid sandbox name\n"); |
337 | if (!isdigit(*c)) { | ||
338 | only_numbers = 0; | ||
339 | break; | ||
340 | } | ||
341 | ++c; | ||
342 | } | ||
343 | if (only_numbers) { | ||
344 | fprintf(stderr, "Error: invalid sandbox name: it only contains digits\n"); | ||
345 | exit(1); | 336 | exit(1); |
346 | } | 337 | } |
347 | return 0; | 338 | return 0; |
@@ -1647,7 +1638,7 @@ int profile_check_line(char *ptr, int lineno, const char *fname) { | |||
1647 | // set sandbox name and start normally | 1638 | // set sandbox name and start normally |
1648 | cfg.name = ptr + 14; | 1639 | cfg.name = ptr + 14; |
1649 | if (strlen(cfg.name) == 0) { | 1640 | if (strlen(cfg.name) == 0) { |
1650 | fprintf(stderr, "Error: invalid sandbox name\n"); | 1641 | fprintf(stderr, "Error: invalid sandbox name: cannot be empty\n"); |
1651 | exit(1); | 1642 | exit(1); |
1652 | } | 1643 | } |
1653 | } | 1644 | } |