diff options
Diffstat (limited to 'src/firejail/util.c')
| -rw-r--r-- | src/firejail/util.c | 16 |
1 files changed, 11 insertions, 5 deletions
diff --git a/src/firejail/util.c b/src/firejail/util.c index eb59e36be..1d36980bb 100644 --- a/src/firejail/util.c +++ b/src/firejail/util.c | |||
| @@ -1116,20 +1116,26 @@ errexit: | |||
| 1116 | // user controlled paths. Passed flags are ignored if path is a top level directory. | 1116 | // user controlled paths. Passed flags are ignored if path is a top level directory. |
| 1117 | int safe_fd(const char *path, int flags) { | 1117 | int safe_fd(const char *path, int flags) { |
| 1118 | assert(path); | 1118 | assert(path); |
| 1119 | int fd; | 1119 | int fd = -1; |
| 1120 | 1120 | ||
| 1121 | // work with a copy of path | 1121 | // work with a copy of path |
| 1122 | char *dup = strdup(path); | 1122 | char *dup = strdup(path); |
| 1123 | if (dup == NULL) | 1123 | if (dup == NULL) |
| 1124 | errExit("strdup"); | 1124 | errExit("strdup"); |
| 1125 | if (*dup != '/') | 1125 | // reject relative path and empty string |
| 1126 | errExit("relative path"); // or empty string | 1126 | if (*dup != '/') { |
| 1127 | fprintf(stderr, "Error: invalid pathname: %s\n", path); | ||
| 1128 | exit(1); | ||
| 1129 | } | ||
| 1127 | 1130 | ||
| 1128 | char *p = strrchr(dup, '/'); | 1131 | char *p = strrchr(dup, '/'); |
| 1129 | if (p == NULL) | 1132 | if (p == NULL) |
| 1130 | errExit("strrchr"); | 1133 | errExit("strrchr"); |
| 1131 | if (*(p + 1) == '\0') | 1134 | // reject trailing slash and root dir |
| 1132 | errExit("trailing slash"); // or root dir | 1135 | if (*(p + 1) == '\0') { |
| 1136 | fprintf(stderr, "Error: invalid pathname: %s\n", path); | ||
| 1137 | exit(1); | ||
| 1138 | } | ||
| 1133 | 1139 | ||
| 1134 | int parentfd = open("/", O_PATH|O_DIRECTORY|O_CLOEXEC); | 1140 | int parentfd = open("/", O_PATH|O_DIRECTORY|O_CLOEXEC); |
| 1135 | if (parentfd == -1) | 1141 | if (parentfd == -1) |