diff options
Diffstat (limited to 'src/firejail')
-rw-r--r-- | src/firejail/main.c | 14 |
1 files changed, 9 insertions, 5 deletions
diff --git a/src/firejail/main.c b/src/firejail/main.c index bdf960b96..6b50b450c 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c | |||
@@ -1154,23 +1154,27 @@ int main(int argc, char **argv) { | |||
1154 | fprintf(stderr, "Error: --noprofile and --profile options are mutually exclusive\n"); | 1154 | fprintf(stderr, "Error: --noprofile and --profile options are mutually exclusive\n"); |
1155 | exit(1); | 1155 | exit(1); |
1156 | } | 1156 | } |
1157 | invalid_filename(argv[i] + 10); | 1157 | |
1158 | char *ppath = expand_home(argv[i] + 10, cfg.homedir); | ||
1159 | if (!ppath) | ||
1160 | errExit("strdup"); | ||
1161 | invalid_filename(ppath); | ||
1158 | 1162 | ||
1159 | // multiple profile files are allowed! | 1163 | // multiple profile files are allowed! |
1160 | char *ptr = argv[i] + 10; | 1164 | if (is_dir(ppath) || is_link(ppath) || strstr(ppath, "..")) { |
1161 | if (is_dir(ptr) || is_link(ptr) || strstr(ptr, "..")) { | ||
1162 | fprintf(stderr, "Error: invalid profile file\n"); | 1165 | fprintf(stderr, "Error: invalid profile file\n"); |
1163 | exit(1); | 1166 | exit(1); |
1164 | } | 1167 | } |
1165 | 1168 | ||
1166 | // access call checks as real UID/GID, not as effective UID/GID | 1169 | // access call checks as real UID/GID, not as effective UID/GID |
1167 | if (access(argv[i] + 10, R_OK)) { | 1170 | if (access(ppath, R_OK)) { |
1168 | fprintf(stderr, "Error: cannot access profile file\n"); | 1171 | fprintf(stderr, "Error: cannot access profile file\n"); |
1169 | return 1; | 1172 | return 1; |
1170 | } | 1173 | } |
1171 | 1174 | ||
1172 | profile_read(argv[i] + 10); | 1175 | profile_read(ppath); |
1173 | custom_profile = 1; | 1176 | custom_profile = 1; |
1177 | free(ppath); | ||
1174 | } | 1178 | } |
1175 | else if (strncmp(argv[i], "--profile-path=", 15) == 0) { | 1179 | else if (strncmp(argv[i], "--profile-path=", 15) == 0) { |
1176 | if (arg_noprofile) { | 1180 | if (arg_noprofile) { |