3 files changed, 23 insertions, 20 deletions
diff --git a/src/firejail/fs_whitelist.c b/src/firejail/fs_whitelist.c
index 2d4640430..6dd4a7e2d 100644
--- a/src/firejail/fs_whitelist.c
+++ b/src/firejail/fs_whitelist.c
@@ -430,7 +430,7 @@ void fs_whitelist(void) {
                        // if 1 the file was not found; mount an empty directory
                        if (!nowhitelist_flag) {
-                                if (strncmp(new_name, cfg.homedir, strlen(cfg.homedir)) == 0) {
+                                if (strncmp(new_name, cfg.homedir, strlen(cfg.homedir)) == 0 && new_name[strlen(cfg.homedir)] == '/') {
                                        if(!arg_private)
                                                home_dir = 1;
                                }
diff --git a/src/firejail/util.c b/src/firejail/util.c
index 4a164901d..ae07a42b0 100644
--- a/src/firejail/util.c
+++ b/src/firejail/util.c
@@ -636,33 +636,33 @@ void extract_command_name(int index, char **argv) {
        if (!cfg.command_name)
                errExit("strdup");
-        // restrict the command name to the first word
-        char *ptr = cfg.command_name;
-        while (*ptr != ' ' && *ptr != '\t' && *ptr != '\0')
-                ptr++;
-        *ptr = '\0';
        // remove the path: /usr/bin/firefox becomes firefox
-        ptr = strrchr(cfg.command_name, '/');
+        char *basename = cfg.command_name;
+        char *ptr = strrchr(cfg.command_name, '/');
        if (ptr) {
-                ptr++;
+                basename = ++ptr;
                if (*ptr == '\0') {
                        fprintf(stderr, "Error: invalid command name\n");
                        exit(1);
                }
+        }
+        else
+                ptr = basename;
-                char *tmp = strdup(ptr);
+        // restrict the command name to the first word
-                if (!tmp)
+        while (*ptr != ' ' && *ptr != '\t' && *ptr != '\0')
-                        errExit("strdup");
+                ptr++;
-                // limit the command to the first ' '
+        // command name is a substring of cfg.command_name
-                char *ptr2 = tmp;
+        if (basename != cfg.command_name || *ptr != '\0') {
-                while (*ptr2 != ' ' && *ptr2 != '\0')
+                *ptr = '\0';
-                        ptr2++;
+                
-                *ptr2 = '\0';
+                basename = strdup(basename);
+                if (!basename)
+                        errExit("strdup");
                free(cfg.command_name);
-                cfg.command_name = tmp;
+                cfg.command_name = basename;
        }
 }
diff --git a/src/lib/pid.c b/src/lib/pid.c
index 75576c787..ee1550e57 100644
--- a/src/lib/pid.c
+++ b/src/lib/pid.c
@@ -359,7 +359,10 @@ void pid_read(pid_t mon_pid) {
                char buf[PIDS_BUFLEN];
                while (fgets(buf, PIDS_BUFLEN - 1, fp)) {
                        if (strncmp(buf, "Name:", 5) == 0) {
-                                char *ptr = buf + 5;
+                                char *ptr = strchr(buf, '\n');
+                                if (ptr)
+                                        *ptr = '\0';
+                                ptr = buf + 5;
                                while (*ptr != '\0' && (*ptr == ' ' || *ptr == '\t')) {
                                        ptr++;
                                }
@@ -368,7 +371,7 @@ void pid_read(pid_t mon_pid) {
                                        exit(1);
                                }
-                                if ((strncmp(ptr, "firejail", 8) == 0) && (mon_pid == 0 || mon_pid == pid)) {
+                                if ((strcmp(ptr, "firejail") == 0) && (mon_pid == 0 || mon_pid == pid)) {
                                        if (pid_proc_cmdline_x11_xpra_xephyr(pid))
                                                pids[pid].level = -1;
                                        else

diff --git a/src/firejail/fs_whitelist.c b/src/firejail/fs_whitelist.c index 2d4640430..6dd4a7e2d 100644 --- a/src/firejail/fs_whitelist.c +++ b/src/firejail/fs_whitelist.c
@@ -430,7 +430,7 @@ void fs_whitelist(void) {
430		430
431	// if 1 the file was not found; mount an empty directory	431	// if 1 the file was not found; mount an empty directory
432	if (!nowhitelist_flag) {	432	if (!nowhitelist_flag) {
433	if (strncmp(new_name, cfg.homedir, strlen(cfg.homedir)) == 0) {	433	if (strncmp(new_name, cfg.homedir, strlen(cfg.homedir)) == 0 && new_name[strlen(cfg.homedir)] == '/') {
434	if(!arg_private)	434	if(!arg_private)
435	home_dir = 1;	435	home_dir = 1;
436	}	436	}


diff --git a/src/firejail/util.c b/src/firejail/util.c index 4a164901d..ae07a42b0 100644 --- a/src/firejail/util.c +++ b/src/firejail/util.c
@@ -636,33 +636,33 @@ void extract_command_name(int index, char **argv) {
636	if (!cfg.command_name)	636	if (!cfg.command_name)
637	errExit("strdup");	637	errExit("strdup");
638		638
639	// restrict the command name to the first word
640	char *ptr = cfg.command_name;
641	while (ptr != ' ' && ptr != '\t' && *ptr != '\0')
642	ptr++;
643	*ptr = '\0';
644
645	// remove the path: /usr/bin/firefox becomes firefox	639	// remove the path: /usr/bin/firefox becomes firefox
646	ptr = strrchr(cfg.command_name, '/');	640	char *basename = cfg.command_name;
		641	char *ptr = strrchr(cfg.command_name, '/');
647	if (ptr) {	642	if (ptr) {
648	ptr++;	643	basename = ++ptr;
649	if (*ptr == '\0') {	644	if (*ptr == '\0') {
650	fprintf(stderr, "Error: invalid command name\n");	645	fprintf(stderr, "Error: invalid command name\n");
651	exit(1);	646	exit(1);
652	}	647	}
		648	}
		649	else
		650	ptr = basename;
653		651
654	char *tmp = strdup(ptr);	652	// restrict the command name to the first word
655	if (!tmp)	653	while (ptr != ' ' && ptr != '\t' && *ptr != '\0')
656	errExit("strdup");	654	ptr++;
657		655
658	// limit the command to the first ' '	656	// command name is a substring of cfg.command_name
659	char *ptr2 = tmp;	657	if (basename != cfg.command_name \|\| *ptr != '\0') {
660	while (ptr2 != ' ' && ptr2 != '\0')	658	*ptr = '\0';
661	ptr2++;	659
662	*ptr2 = '\0';	660	basename = strdup(basename);
		661	if (!basename)
		662	errExit("strdup");
663		663
664	free(cfg.command_name);	664	free(cfg.command_name);
665	cfg.command_name = tmp;	665	cfg.command_name = basename;
666	}	666	}
667	}	667	}
668		668


diff --git a/src/lib/pid.c b/src/lib/pid.c index 75576c787..ee1550e57 100644 --- a/src/lib/pid.c +++ b/src/lib/pid.c
@@ -359,7 +359,10 @@ void pid_read(pid_t mon_pid) {
359	char buf[PIDS_BUFLEN];	359	char buf[PIDS_BUFLEN];
360	while (fgets(buf, PIDS_BUFLEN - 1, fp)) {	360	while (fgets(buf, PIDS_BUFLEN - 1, fp)) {
361	if (strncmp(buf, "Name:", 5) == 0) {	361	if (strncmp(buf, "Name:", 5) == 0) {
362	char *ptr = buf + 5;	362	char *ptr = strchr(buf, '\n');
		363	if (ptr)
		364	*ptr = '\0';
		365	ptr = buf + 5;
363	while (ptr != '\0' && (ptr == ' ' \|\| *ptr == '\t')) {	366	while (ptr != '\0' && (ptr == ' ' \|\| *ptr == '\t')) {
364	ptr++;	367	ptr++;
365	}	368	}
@@ -368,7 +371,7 @@ void pid_read(pid_t mon_pid) {
368	exit(1);	371	exit(1);
369	}	372	}
370		373
371	if ((strncmp(ptr, "firejail", 8) == 0) && (mon_pid == 0 \|\| mon_pid == pid)) {	374	if ((strcmp(ptr, "firejail") == 0) && (mon_pid == 0 \|\| mon_pid == pid)) {
372	if (pid_proc_cmdline_x11_xpra_xephyr(pid))	375	if (pid_proc_cmdline_x11_xpra_xephyr(pid))
373	pids[pid].level = -1;	376	pids[pid].level = -1;
374	else	377	else