diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/firejail/fs_logger.c | 1 | ||||
| -rw-r--r-- | src/firejail/fs_whitelist.c | 3 | ||||
| -rw-r--r-- | src/firejail/main.c | 3 | ||||
| -rw-r--r-- | src/firejail/profile.c | 4 | ||||
| -rw-r--r-- | src/firejail/restrict_users.c | 2 |
5 files changed, 11 insertions, 2 deletions
diff --git a/src/firejail/fs_logger.c b/src/firejail/fs_logger.c index 4bf24e749..f735b1489 100644 --- a/src/firejail/fs_logger.c +++ b/src/firejail/fs_logger.c | |||
| @@ -163,6 +163,7 @@ void fs_logger_print_log(pid_t pid) { | |||
| 163 | exit(1); | 163 | exit(1); |
| 164 | } | 164 | } |
| 165 | 165 | ||
| 166 | /* coverity[toctou] */ | ||
| 166 | FILE *fp = fopen(fname, "r"); | 167 | FILE *fp = fopen(fname, "r"); |
| 167 | if (!fp) { | 168 | if (!fp) { |
| 168 | printf("Cannot open filesystem log.\n"); | 169 | printf("Cannot open filesystem log.\n"); |
diff --git a/src/firejail/fs_whitelist.c b/src/firejail/fs_whitelist.c index f8cce219e..e0187981b 100644 --- a/src/firejail/fs_whitelist.c +++ b/src/firejail/fs_whitelist.c | |||
| @@ -582,6 +582,9 @@ void fs_whitelist(void) { | |||
| 582 | errExit("mount tmpfs"); | 582 | errExit("mount tmpfs"); |
| 583 | } | 583 | } |
| 584 | 584 | ||
| 585 | if (new_name) | ||
| 586 | free(new_name); | ||
| 587 | |||
| 585 | return; | 588 | return; |
| 586 | 589 | ||
| 587 | errexit: | 590 | errexit: |
diff --git a/src/firejail/main.c b/src/firejail/main.c index 41517877b..8076a8146 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c | |||
| @@ -765,7 +765,8 @@ int main(int argc, char **argv) { | |||
| 765 | exit(1); | 765 | exit(1); |
| 766 | } | 766 | } |
| 767 | // ... and configure it | 767 | // ... and configure it |
| 768 | cfg.profile_ignore[j] = argv[i] + 9; | 768 | else |
| 769 | cfg.profile_ignore[j] = argv[i] + 9; | ||
| 769 | } | 770 | } |
| 770 | #ifdef HAVE_CHROOT | 771 | #ifdef HAVE_CHROOT |
| 771 | else if (strncmp(argv[i], "--chroot=", 9) == 0) { | 772 | else if (strncmp(argv[i], "--chroot=", 9) == 0) { |
diff --git a/src/firejail/profile.c b/src/firejail/profile.c index de89cf40f..6ac7cbe62 100644 --- a/src/firejail/profile.c +++ b/src/firejail/profile.c | |||
| @@ -93,7 +93,9 @@ int profile_check_line(char *ptr, int lineno) { | |||
| 93 | exit(1); | 93 | exit(1); |
| 94 | } | 94 | } |
| 95 | // ... and configure it | 95 | // ... and configure it |
| 96 | cfg.profile_ignore[j] = str; | 96 | else |
| 97 | cfg.profile_ignore[j] = str; | ||
| 98 | |||
| 97 | return 0; | 99 | return 0; |
| 98 | } | 100 | } |
| 99 | 101 | ||
diff --git a/src/firejail/restrict_users.c b/src/firejail/restrict_users.c index ec65005ba..1b4058987 100644 --- a/src/firejail/restrict_users.c +++ b/src/firejail/restrict_users.c | |||
| @@ -121,6 +121,7 @@ static void sanitize_passwd(void) { | |||
| 121 | fs_build_mnt_dir(); | 121 | fs_build_mnt_dir(); |
| 122 | 122 | ||
| 123 | // open files | 123 | // open files |
| 124 | /* coverity[toctou] */ | ||
| 124 | fpin = fopen("/etc/passwd", "r"); | 125 | fpin = fopen("/etc/passwd", "r"); |
| 125 | if (!fpin) | 126 | if (!fpin) |
| 126 | goto errout; | 127 | goto errout; |
| @@ -253,6 +254,7 @@ static void sanitize_group(void) { | |||
| 253 | fs_build_mnt_dir(); | 254 | fs_build_mnt_dir(); |
| 254 | 255 | ||
| 255 | // open files | 256 | // open files |
| 257 | /* coverity[toctou] */ | ||
| 256 | fpin = fopen("/etc/group", "r"); | 258 | fpin = fopen("/etc/group", "r"); |
| 257 | if (!fpin) | 259 | if (!fpin) |
| 258 | goto errout; | 260 | goto errout; |