1 files changed, 12 insertions, 12 deletions
diff --git a/src/firejail/cgroup.c b/src/firejail/cgroup.c
index 6ceb647ff..70f07dd23 100644
--- a/src/firejail/cgroup.c
+++ b/src/firejail/cgroup.c
@@ -25,7 +25,7 @@
 void save_cgroup(void) {
        if (cfg.cgroup == NULL)
                return;
-        
        FILE *fp = fopen(RUN_CGROUP_CFG, "w");
        if (fp) {
                fprintf(fp, "%s", cfg.cgroup);
@@ -36,7 +36,7 @@ void save_cgroup(void) {
        }
        else
                goto errout;
-        
        return;
 errout:
@@ -58,7 +58,7 @@ void load_cgroup(const char *fname) {
                }
                else
                        goto errout;
-                
                fclose(fp);
                return;
        }
@@ -71,34 +71,34 @@ errout:
 void set_cgroup(const char *path) {
        EUID_ASSERT();
-        
        invalid_filename(path);
-        
        // path starts with /sys/fs/cgroup
        if (strncmp(path, "/sys/fs/cgroup", 14) != 0)
                goto errout;
-        
        // path ends in tasks
        char *ptr = strstr(path, "tasks");
        if (!ptr)
                goto errout;
        if (*(ptr + 5) != '\0')
                goto errout;
-        
        // no .. traversal
        ptr = strstr(path, "..");
        if (ptr)
                goto errout;
-        
        // tasks file exists
        struct stat s;
        if (stat(path, &s) == -1)
                goto errout;
-        
        // task file belongs to the user running the sandbox
        if (s.st_uid != getuid() && s.st_gid != getgid())
                goto errout2;
-                
        // add the task to cgroup
        /* coverity[toctou] */
        FILE *fp = fopen(path,  "a");
@@ -110,10 +110,10 @@ void set_cgroup(const char *path) {
        fclose(fp);
        return;
-errout:         
+errout:
        fprintf(stderr, "Error: invalid cgroup\n");
        exit(1);
-errout2:                
+errout2:
        fprintf(stderr, "Error: you don't have permissions to use this control group\n");
        exit(1);
 }

diff --git a/src/firejail/cgroup.c b/src/firejail/cgroup.c index 6ceb647ff..70f07dd23 100644 --- a/src/firejail/cgroup.c +++ b/src/firejail/cgroup.c
@@ -25,7 +25,7 @@
25	void save_cgroup(void) {	25	void save_cgroup(void) {
26	if (cfg.cgroup == NULL)	26	if (cfg.cgroup == NULL)
27	return;	27	return;
28		28
29	FILE *fp = fopen(RUN_CGROUP_CFG, "w");	29	FILE *fp = fopen(RUN_CGROUP_CFG, "w");
30	if (fp) {	30	if (fp) {
31	fprintf(fp, "%s", cfg.cgroup);	31	fprintf(fp, "%s", cfg.cgroup);
@@ -36,7 +36,7 @@ void save_cgroup(void) {
36	}	36	}
37	else	37	else
38	goto errout;	38	goto errout;
39		39
40	return;	40	return;
41		41
42	errout:	42	errout:
@@ -58,7 +58,7 @@ void load_cgroup(const char *fname) {
58	}	58	}
59	else	59	else
60	goto errout;	60	goto errout;
61		61
62	fclose(fp);	62	fclose(fp);
63	return;	63	return;
64	}	64	}
@@ -71,34 +71,34 @@ errout:
71		71
72	void set_cgroup(const char *path) {	72	void set_cgroup(const char *path) {
73	EUID_ASSERT();	73	EUID_ASSERT();
74		74
75	invalid_filename(path);	75	invalid_filename(path);
76		76
77	// path starts with /sys/fs/cgroup	77	// path starts with /sys/fs/cgroup
78	if (strncmp(path, "/sys/fs/cgroup", 14) != 0)	78	if (strncmp(path, "/sys/fs/cgroup", 14) != 0)
79	goto errout;	79	goto errout;
80		80
81	// path ends in tasks	81	// path ends in tasks
82	char *ptr = strstr(path, "tasks");	82	char *ptr = strstr(path, "tasks");
83	if (!ptr)	83	if (!ptr)
84	goto errout;	84	goto errout;
85	if (*(ptr + 5) != '\0')	85	if (*(ptr + 5) != '\0')
86	goto errout;	86	goto errout;
87		87
88	// no .. traversal	88	// no .. traversal
89	ptr = strstr(path, "..");	89	ptr = strstr(path, "..");
90	if (ptr)	90	if (ptr)
91	goto errout;	91	goto errout;
92		92
93	// tasks file exists	93	// tasks file exists
94	struct stat s;	94	struct stat s;
95	if (stat(path, &s) == -1)	95	if (stat(path, &s) == -1)
96	goto errout;	96	goto errout;
97		97
98	// task file belongs to the user running the sandbox	98	// task file belongs to the user running the sandbox
99	if (s.st_uid != getuid() && s.st_gid != getgid())	99	if (s.st_uid != getuid() && s.st_gid != getgid())
100	goto errout2;	100	goto errout2;
101		101
102	// add the task to cgroup	102	// add the task to cgroup
103	/* coverity[toctou] */	103	/* coverity[toctou] */
104	FILE *fp = fopen(path, "a");	104	FILE *fp = fopen(path, "a");
@@ -110,10 +110,10 @@ void set_cgroup(const char *path) {
110	fclose(fp);	110	fclose(fp);
111	return;	111	return;
112		112
113	errout:	113	errout:
114	fprintf(stderr, "Error: invalid cgroup\n");	114	fprintf(stderr, "Error: invalid cgroup\n");
115	exit(1);	115	exit(1);
116	errout2:	116	errout2:
117	fprintf(stderr, "Error: you don't have permissions to use this control group\n");	117	fprintf(stderr, "Error: you don't have permissions to use this control group\n");
118	exit(1);	118	exit(1);
119	}	119	}