diff options
Diffstat (limited to 'src/firejail/fs_whitelist.c')
| -rw-r--r-- | src/firejail/fs_whitelist.c | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/src/firejail/fs_whitelist.c b/src/firejail/fs_whitelist.c index e983a071d..8a402f692 100644 --- a/src/firejail/fs_whitelist.c +++ b/src/firejail/fs_whitelist.c | |||
| @@ -506,14 +506,18 @@ void fs_whitelist(void) { | |||
| 506 | // both path and absolute path are under /home | 506 | // both path and absolute path are under /home |
| 507 | if (strncmp(fname, cfg.homedir, strlen(cfg.homedir)) == 0) { | 507 | if (strncmp(fname, cfg.homedir, strlen(cfg.homedir)) == 0) { |
| 508 | // entire home directory is not allowed | 508 | // entire home directory is not allowed |
| 509 | if (*(fname + strlen(cfg.homedir)) != '/') | 509 | if (*(fname + strlen(cfg.homedir)) != '/') { |
| 510 | free(fname); | ||
| 510 | goto errexit; | 511 | goto errexit; |
| 512 | } | ||
| 511 | } | 513 | } |
| 512 | else { | 514 | else { |
| 513 | if (checkcfg(CFG_FOLLOW_SYMLINK_AS_USER)) { | 515 | if (checkcfg(CFG_FOLLOW_SYMLINK_AS_USER)) { |
| 514 | // check if the file is owned by the user | 516 | // check if the file is owned by the user |
| 515 | if (stat(fname, &s) == 0 && s.st_uid != getuid()) | 517 | if (stat(fname, &s) == 0 && s.st_uid != getuid()) { |
| 518 | free(fname); | ||
| 516 | goto errexit; | 519 | goto errexit; |
| 520 | } | ||
| 517 | } | 521 | } |
| 518 | } | 522 | } |
| 519 | } | 523 | } |