diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/faudit/syscall.c | 3 | ||||
-rw-r--r-- | src/firejail/checkcfg.c | 9 | ||||
-rw-r--r-- | src/firejail/ls.c | 10 | ||||
-rw-r--r-- | src/firejail/netfilter.c | 8 | ||||
-rw-r--r-- | src/firejail/sbox.c | 4 | ||||
-rw-r--r-- | src/firejail/seccomp.c | 2 | ||||
-rw-r--r-- | src/firejail/x11.c | 4 | ||||
-rw-r--r-- | src/fseccomp/seccomp_print.c | 2 |
8 files changed, 25 insertions, 17 deletions
diff --git a/src/faudit/syscall.c b/src/faudit/syscall.c index 3c87305df..4cd2526ba 100644 --- a/src/faudit/syscall.c +++ b/src/faudit/syscall.c | |||
@@ -35,7 +35,8 @@ void syscall_helper(int argc, char **argv) { | |||
35 | (void) argc; | 35 | (void) argc; |
36 | 36 | ||
37 | if (strcmp(argv[2], "mount") == 0) { | 37 | if (strcmp(argv[2], "mount") == 0) { |
38 | mount(NULL, NULL, NULL, 0, NULL); | 38 | int rv = mount(NULL, NULL, NULL, 0, NULL); |
39 | (void) rv; | ||
39 | printf("\nUGLY: mount syscall permitted.\n"); | 40 | printf("\nUGLY: mount syscall permitted.\n"); |
40 | } | 41 | } |
41 | else if (strcmp(argv[2], "umount2") == 0) { | 42 | else if (strcmp(argv[2], "umount2") == 0) { |
diff --git a/src/firejail/checkcfg.c b/src/firejail/checkcfg.c index 974fbb8a3..6565f488a 100644 --- a/src/firejail/checkcfg.c +++ b/src/firejail/checkcfg.c | |||
@@ -33,6 +33,7 @@ int checkcfg(int val) { | |||
33 | assert(val < CFG_MAX); | 33 | assert(val < CFG_MAX); |
34 | int line = 0; | 34 | int line = 0; |
35 | FILE *fp = NULL; | 35 | FILE *fp = NULL; |
36 | char *ptr; | ||
36 | 37 | ||
37 | if (!initialized) { | 38 | if (!initialized) { |
38 | // initialize defaults | 39 | // initialize defaults |
@@ -76,7 +77,7 @@ int checkcfg(int val) { | |||
76 | continue; | 77 | continue; |
77 | 78 | ||
78 | // parse line | 79 | // parse line |
79 | char *ptr = line_remove_spaces(buf); | 80 | ptr = line_remove_spaces(buf); |
80 | if (!ptr) | 81 | if (!ptr) |
81 | continue; | 82 | continue; |
82 | 83 | ||
@@ -286,8 +287,10 @@ int checkcfg(int val) { | |||
286 | return cfg_val[val]; | 287 | return cfg_val[val]; |
287 | 288 | ||
288 | errout: | 289 | errout: |
289 | if (fp) | 290 | assert(ptr); |
290 | fclose(fp); | 291 | free(ptr); |
292 | assert(fp); | ||
293 | fclose(fp); | ||
291 | fprintf(stderr, "Error: invalid line %d in firejail configuration file\n", line ); | 294 | fprintf(stderr, "Error: invalid line %d in firejail configuration file\n", line ); |
292 | exit(1); | 295 | exit(1); |
293 | } | 296 | } |
diff --git a/src/firejail/ls.c b/src/firejail/ls.c index 4b4ae1de2..77eb35f97 100644 --- a/src/firejail/ls.c +++ b/src/firejail/ls.c | |||
@@ -259,11 +259,11 @@ void sandboxfs(int op, pid_t pid, const char *path1, const char *path2) { | |||
259 | drop_privs(0); | 259 | drop_privs(0); |
260 | 260 | ||
261 | // check access | 261 | // check access |
262 | /* coverity[toctou] */ | ||
263 | if (access(fname1, R_OK) == -1) { | 262 | if (access(fname1, R_OK) == -1) { |
264 | fprintf(stderr, "Error: Cannot access %s\n", fname1); | 263 | fprintf(stderr, "Error: Cannot access %s\n", fname1); |
265 | exit(1); | 264 | exit(1); |
266 | } | 265 | } |
266 | /* coverity[toctou] */ | ||
267 | char *rp = realpath(fname1, NULL); | 267 | char *rp = realpath(fname1, NULL); |
268 | if (!rp) { | 268 | if (!rp) { |
269 | fprintf(stderr, "Error: Cannot access %s\n", fname1); | 269 | fprintf(stderr, "Error: Cannot access %s\n", fname1); |
@@ -316,9 +316,11 @@ void sandboxfs(int op, pid_t pid, const char *path1, const char *path2) { | |||
316 | // create a user-owned temporary file in /run/firejail directory | 316 | // create a user-owned temporary file in /run/firejail directory |
317 | char tmp_fname[] = "/run/firejail/tmpget-XXXXXX"; | 317 | char tmp_fname[] = "/run/firejail/tmpget-XXXXXX"; |
318 | int fd = mkstemp(tmp_fname); | 318 | int fd = mkstemp(tmp_fname); |
319 | SET_PERMS_FD(fd, getuid(), getgid(), 0600); | 319 | if (fd != -1) { |
320 | close(fd); | 320 | SET_PERMS_FD(fd, getuid(), getgid(), 0600); |
321 | 321 | close(fd); | |
322 | } | ||
323 | |||
322 | // copy the source file into the temporary file - we need to chroot | 324 | // copy the source file into the temporary file - we need to chroot |
323 | pid_t child = fork(); | 325 | pid_t child = fork(); |
324 | if (child < 0) | 326 | if (child < 0) |
diff --git a/src/firejail/netfilter.c b/src/firejail/netfilter.c index 0136ab1f8..43f08e45b 100644 --- a/src/firejail/netfilter.c +++ b/src/firejail/netfilter.c | |||
@@ -85,12 +85,14 @@ void netfilter(const char *fname) { | |||
85 | filter = malloc(size + 1); // + '\0' | 85 | filter = malloc(size + 1); // + '\0' |
86 | if (filter == NULL) | 86 | if (filter == NULL) |
87 | goto errexit; | 87 | goto errexit; |
88 | memset(&filter[0], 0, sizeof(filter)); | 88 | memset(filter, 0, size + 1); |
89 | int rd = 0; | 89 | int rd = 0; |
90 | while (rd < size) { | 90 | while (rd < size) { |
91 | int rv = read(fd, (unsigned char *) filter + rd, size - rd); | 91 | int rv = read(fd, (unsigned char *) filter + rd, size - rd); |
92 | if (rv == -1) | 92 | if (rv == -1) { |
93 | close(fd); | ||
93 | goto errexit; | 94 | goto errexit; |
95 | } | ||
94 | rd += rv; | 96 | rd += rv; |
95 | } | 97 | } |
96 | 98 | ||
@@ -207,7 +209,7 @@ void netfilter6(const char *fname) { | |||
207 | filter = malloc(size + 1); // + '\0' | 209 | filter = malloc(size + 1); // + '\0' |
208 | if (filter == NULL) | 210 | if (filter == NULL) |
209 | goto errexit; | 211 | goto errexit; |
210 | memset(&filter[0], 0, sizeof(filter)); | 212 | memset(filter, 0, size + 1); |
211 | int rd = 0; | 213 | int rd = 0; |
212 | while (rd < size) { | 214 | while (rd < size) { |
213 | int rv = read(fd, (unsigned char *) filter + rd, size - rd); | 215 | int rv = read(fd, (unsigned char *) filter + rd, size - rd); |
diff --git a/src/firejail/sbox.c b/src/firejail/sbox.c index dbfdd445a..65c4e35e9 100644 --- a/src/firejail/sbox.c +++ b/src/firejail/sbox.c | |||
@@ -145,12 +145,10 @@ int sbox_run(unsigned filter, int num, ...) { | |||
145 | int fd = open("/dev/null",O_RDWR, 0); | 145 | int fd = open("/dev/null",O_RDWR, 0); |
146 | if (fd != -1) { | 146 | if (fd != -1) { |
147 | dup2 (fd, STDIN_FILENO); | 147 | dup2 (fd, STDIN_FILENO); |
148 | if (fd > 2) | 148 | close(fd); |
149 | close (fd); | ||
150 | } | 149 | } |
151 | else // the user could run the sandbox without /dev/null | 150 | else // the user could run the sandbox without /dev/null |
152 | close(STDIN_FILENO); | 151 | close(STDIN_FILENO); |
153 | close(fd); | ||
154 | } | 152 | } |
155 | umask(027); | 153 | umask(027); |
156 | 154 | ||
diff --git a/src/firejail/seccomp.c b/src/firejail/seccomp.c index dd133b2ba..cdbbe4fdd 100644 --- a/src/firejail/seccomp.c +++ b/src/firejail/seccomp.c | |||
@@ -72,7 +72,7 @@ int seccomp_load(const char *fname) { | |||
72 | struct sock_filter *filter = malloc(size); | 72 | struct sock_filter *filter = malloc(size); |
73 | if (filter == NULL) | 73 | if (filter == NULL) |
74 | goto errexit; | 74 | goto errexit; |
75 | memset(&filter[0], 0, sizeof(filter)); | 75 | memset(filter, 0, size); |
76 | int rd = 0; | 76 | int rd = 0; |
77 | while (rd < size) { | 77 | while (rd < size) { |
78 | int rv = read(fd, (unsigned char *) filter + rd, size - rd); | 78 | int rv = read(fd, (unsigned char *) filter + rd, size - rd); |
diff --git a/src/firejail/x11.c b/src/firejail/x11.c index 807f2d5f0..d9b3b23d1 100644 --- a/src/firejail/x11.c +++ b/src/firejail/x11.c | |||
@@ -252,7 +252,8 @@ void x11_start_xephyr(int argc, char **argv) { | |||
252 | } | 252 | } |
253 | 253 | ||
254 | for (i = 0; i < (int) strlen(xephyr_extra_params)-1; i++) { | 254 | for (i = 0; i < (int) strlen(xephyr_extra_params)-1; i++) { |
255 | if (pos >= (sizeof(server_argv)/sizeof(*server_argv))) { | 255 | //todo: if working , add a -2 also in 0.9.44-bugfix |
256 | if (pos >= (sizeof(server_argv)/sizeof(*server_argv)) - 2) { | ||
256 | fprintf(stderr, "Error: arg count limit exceeded while parsing xephyr_extra_params\n"); | 257 | fprintf(stderr, "Error: arg count limit exceeded while parsing xephyr_extra_params\n"); |
257 | exit(1); | 258 | exit(1); |
258 | } | 259 | } |
@@ -716,6 +717,7 @@ void x11_xorg(void) { | |||
716 | } | 717 | } |
717 | if (set_perms(RUN_XAUTHORITY_SEC_FILE, getuid(), getgid(), 0600)) | 718 | if (set_perms(RUN_XAUTHORITY_SEC_FILE, getuid(), getgid(), 0600)) |
718 | errExit("set_perms"); | 719 | errExit("set_perms"); |
720 | /* coverity[toctou] */ | ||
719 | unlink(tmpfname); | 721 | unlink(tmpfname); |
720 | 722 | ||
721 | // mount | 723 | // mount |
diff --git a/src/fseccomp/seccomp_print.c b/src/fseccomp/seccomp_print.c index af240307c..e22c682dc 100644 --- a/src/fseccomp/seccomp_print.c +++ b/src/fseccomp/seccomp_print.c | |||
@@ -45,7 +45,7 @@ static void load_seccomp(const char *fname) { | |||
45 | filter = malloc(size); | 45 | filter = malloc(size); |
46 | if (filter == NULL) | 46 | if (filter == NULL) |
47 | goto errexit; | 47 | goto errexit; |
48 | memset(&filter[0], 0, sizeof(filter)); | 48 | memset(filter, 0, size); |
49 | int rd = 0; | 49 | int rd = 0; |
50 | while (rd < size) { | 50 | while (rd < size) { |
51 | int rv = read(fd, (unsigned char *) filter + rd, size - rd); | 51 | int rv = read(fd, (unsigned char *) filter + rd, size - rd); |