diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/firejail/fs_home.c | 12 |
1 files changed, 5 insertions, 7 deletions
diff --git a/src/firejail/fs_home.c b/src/firejail/fs_home.c index 01a807883..75c4b7da3 100644 --- a/src/firejail/fs_home.c +++ b/src/firejail/fs_home.c | |||
@@ -272,7 +272,7 @@ void fs_private_homedir(void) { | |||
272 | MountData *mptr = get_last_mount(); | 272 | MountData *mptr = get_last_mount(); |
273 | size_t len = strlen(homedir); | 273 | size_t len = strlen(homedir); |
274 | if (strncmp(mptr->dir, homedir, len) != 0 || | 274 | if (strncmp(mptr->dir, homedir, len) != 0 || |
275 | (*(mptr->dir + len) != '\0' && *(mptr->dir + len) != '/')) | 275 | (*(mptr->dir + len) != '\0' && *(mptr->dir + len) != '/')) |
276 | errLogExit("invalid private mount"); | 276 | errLogExit("invalid private mount"); |
277 | 277 | ||
278 | fs_logger3("mount-bind", private_homedir, homedir); | 278 | fs_logger3("mount-bind", private_homedir, homedir); |
@@ -443,17 +443,15 @@ static char *check_dir_or_file(const char *name) { | |||
443 | goto errexit; | 443 | goto errexit; |
444 | } | 444 | } |
445 | else { | 445 | else { |
446 | // check the file is in user home directory, a full home directory is not allowed | 446 | // check the file is in user home directory |
447 | char *rname = realpath(fname, NULL); | 447 | char *rname = realpath(fname, NULL); |
448 | if (!rname || | 448 | if (!rname || strncmp(rname, cfg.homedir, strlen(cfg.homedir)) != 0) |
449 | strncmp(rname, cfg.homedir, strlen(cfg.homedir)) != 0 || | ||
450 | strcmp(rname, cfg.homedir) == 0) | ||
451 | goto errexit; | 449 | goto errexit; |
452 | 450 | // a full home directory is not allowed | |
453 | // only top files and directories in user home are allowed | ||
454 | char *ptr = rname + strlen(cfg.homedir); | 451 | char *ptr = rname + strlen(cfg.homedir); |
455 | if (*ptr != '/') | 452 | if (*ptr != '/') |
456 | goto errexit; | 453 | goto errexit; |
454 | // only top files and directories in user home are allowed | ||
457 | ptr = strchr(++ptr, '/'); | 455 | ptr = strchr(++ptr, '/'); |
458 | if (ptr) { | 456 | if (ptr) { |
459 | fprintf(stderr, "Error: only top files and directories in user home are allowed\n"); | 457 | fprintf(stderr, "Error: only top files and directories in user home are allowed\n"); |