diff options
Diffstat (limited to 'src/firejail/util.c')
-rw-r--r-- | src/firejail/util.c | 16 |
1 files changed, 11 insertions, 5 deletions
diff --git a/src/firejail/util.c b/src/firejail/util.c index eb59e36be..1d36980bb 100644 --- a/src/firejail/util.c +++ b/src/firejail/util.c | |||
@@ -1116,20 +1116,26 @@ errexit: | |||
1116 | // user controlled paths. Passed flags are ignored if path is a top level directory. | 1116 | // user controlled paths. Passed flags are ignored if path is a top level directory. |
1117 | int safe_fd(const char *path, int flags) { | 1117 | int safe_fd(const char *path, int flags) { |
1118 | assert(path); | 1118 | assert(path); |
1119 | int fd; | 1119 | int fd = -1; |
1120 | 1120 | ||
1121 | // work with a copy of path | 1121 | // work with a copy of path |
1122 | char *dup = strdup(path); | 1122 | char *dup = strdup(path); |
1123 | if (dup == NULL) | 1123 | if (dup == NULL) |
1124 | errExit("strdup"); | 1124 | errExit("strdup"); |
1125 | if (*dup != '/') | 1125 | // reject relative path and empty string |
1126 | errExit("relative path"); // or empty string | 1126 | if (*dup != '/') { |
1127 | fprintf(stderr, "Error: invalid pathname: %s\n", path); | ||
1128 | exit(1); | ||
1129 | } | ||
1127 | 1130 | ||
1128 | char *p = strrchr(dup, '/'); | 1131 | char *p = strrchr(dup, '/'); |
1129 | if (p == NULL) | 1132 | if (p == NULL) |
1130 | errExit("strrchr"); | 1133 | errExit("strrchr"); |
1131 | if (*(p + 1) == '\0') | 1134 | // reject trailing slash and root dir |
1132 | errExit("trailing slash"); // or root dir | 1135 | if (*(p + 1) == '\0') { |
1136 | fprintf(stderr, "Error: invalid pathname: %s\n", path); | ||
1137 | exit(1); | ||
1138 | } | ||
1133 | 1139 | ||
1134 | int parentfd = open("/", O_PATH|O_DIRECTORY|O_CLOEXEC); | 1140 | int parentfd = open("/", O_PATH|O_DIRECTORY|O_CLOEXEC); |
1135 | if (parentfd == -1) | 1141 | if (parentfd == -1) |