diff options
Diffstat (limited to 'src/firejail/fs.c')
-rw-r--r-- | src/firejail/fs.c | 18 |
1 files changed, 11 insertions, 7 deletions
diff --git a/src/firejail/fs.c b/src/firejail/fs.c index ea8752624..402a3df20 100644 --- a/src/firejail/fs.c +++ b/src/firejail/fs.c | |||
@@ -310,11 +310,12 @@ void fs_blacklist(void) { | |||
310 | if (!entry) | 310 | if (!entry) |
311 | return; | 311 | return; |
312 | 312 | ||
313 | // a statically allocated buffer works for all current needs | ||
314 | // TODO: if dynamic allocation is ever needed, we should probably add | ||
315 | // libraries that make it easy to do without introducing security bugs | ||
316 | char *noblacklist[32]; | ||
317 | size_t noblacklist_c = 0; | 313 | size_t noblacklist_c = 0; |
314 | size_t noblacklist_m = 32; | ||
315 | char **noblacklist = calloc(noblacklist_m, sizeof(*noblacklist)); | ||
316 | |||
317 | if (noblacklist == NULL) | ||
318 | errExit("failed allocating memory for noblacklist entries"); | ||
318 | 319 | ||
319 | while (entry) { | 320 | while (entry) { |
320 | OPERATION op = OPERATION_MAX; | 321 | OPERATION op = OPERATION_MAX; |
@@ -366,9 +367,11 @@ void fs_blacklist(void) { | |||
366 | 367 | ||
367 | // Process noblacklist command | 368 | // Process noblacklist command |
368 | if (strncmp(entry->data, "noblacklist ", 12) == 0) { | 369 | if (strncmp(entry->data, "noblacklist ", 12) == 0) { |
369 | if (noblacklist_c >= sizeof(noblacklist) / sizeof(noblacklist[0])) { | 370 | if (noblacklist_c >= noblacklist_m) { |
370 | fputs("Error: out of memory for noblacklist entries\n", stderr); | 371 | noblacklist_m *= 2; |
371 | exit(1); | 372 | noblacklist = realloc(noblacklist, sizeof(*noblacklist) * noblacklist_m); |
373 | if (noblacklist == NULL) | ||
374 | errExit("failed increasing memory for noblacklist entries"); | ||
372 | } | 375 | } |
373 | else | 376 | else |
374 | noblacklist[noblacklist_c++] = expand_home(entry->data + 12, homedir); | 377 | noblacklist[noblacklist_c++] = expand_home(entry->data + 12, homedir); |
@@ -428,6 +431,7 @@ void fs_blacklist(void) { | |||
428 | 431 | ||
429 | size_t i; | 432 | size_t i; |
430 | for (i = 0; i < noblacklist_c; i++) free(noblacklist[i]); | 433 | for (i = 0; i < noblacklist_c; i++) free(noblacklist[i]); |
434 | free(noblacklist); | ||
431 | } | 435 | } |
432 | 436 | ||
433 | //*********************************************** | 437 | //*********************************************** |