diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/firejail/checkcfg.c | 14 | ||||
-rw-r--r-- | src/firejail/firejail.h | 1 | ||||
-rw-r--r-- | src/firejail/x11.c | 101 |
3 files changed, 100 insertions, 16 deletions
diff --git a/src/firejail/checkcfg.c b/src/firejail/checkcfg.c index 24d8d0381..3c0c1b9ac 100644 --- a/src/firejail/checkcfg.c +++ b/src/firejail/checkcfg.c | |||
@@ -27,6 +27,7 @@ static int initialized = 0; | |||
27 | static int cfg_val[CFG_MAX]; | 27 | static int cfg_val[CFG_MAX]; |
28 | char *xephyr_screen = "800x600"; | 28 | char *xephyr_screen = "800x600"; |
29 | char *xephyr_extra_params = ""; | 29 | char *xephyr_extra_params = ""; |
30 | char *xpra_extra_params = ""; | ||
30 | char *xvfb_screen = "800x600x24"; | 31 | char *xvfb_screen = "800x600x24"; |
31 | char *xvfb_extra_params = ""; | 32 | char *xvfb_extra_params = ""; |
32 | char *netfilter_default = NULL; | 33 | char *netfilter_default = NULL; |
@@ -248,14 +249,23 @@ int checkcfg(int val) { | |||
248 | } | 249 | } |
249 | 250 | ||
250 | // Xephyr command extra parameters | 251 | // Xephyr command extra parameters |
251 | else if (strncmp(ptr, "xephyr-extra-params ", 19) == 0) { | 252 | else if (strncmp(ptr, "xephyr-extra-params ", 20) == 0) { |
252 | if (*xephyr_extra_params != '\0') | 253 | if (*xephyr_extra_params != '\0') |
253 | goto errout; | 254 | goto errout; |
254 | xephyr_extra_params = strdup(ptr + 19); | 255 | xephyr_extra_params = strdup(ptr + 20); |
255 | if (!xephyr_extra_params) | 256 | if (!xephyr_extra_params) |
256 | errExit("strdup"); | 257 | errExit("strdup"); |
257 | } | 258 | } |
258 | 259 | ||
260 | // xpra server extra parameters | ||
261 | else if (strncmp(ptr, "xpra-extra-params ", 18) == 0) { | ||
262 | if (*xpra_extra_params != '\0') | ||
263 | goto errout; | ||
264 | xpra_extra_params = strdup(ptr + 18); | ||
265 | if (!xpra_extra_params) | ||
266 | errExit("strdup"); | ||
267 | } | ||
268 | |||
259 | // Xvfb screen size | 269 | // Xvfb screen size |
260 | else if (strncmp(ptr, "xvfb-screen ", 12) == 0) { | 270 | else if (strncmp(ptr, "xvfb-screen ", 12) == 0) { |
261 | // expecting three numbers separated by x's | 271 | // expecting three numbers separated by x's |
diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h index 09fadcf34..6b1786a93 100644 --- a/src/firejail/firejail.h +++ b/src/firejail/firejail.h | |||
@@ -692,6 +692,7 @@ enum { | |||
692 | }; | 692 | }; |
693 | extern char *xephyr_screen; | 693 | extern char *xephyr_screen; |
694 | extern char *xephyr_extra_params; | 694 | extern char *xephyr_extra_params; |
695 | extern char *xpra_extra_params; | ||
695 | extern char *xvfb_screen; | 696 | extern char *xvfb_screen; |
696 | extern char *xvfb_extra_params; | 697 | extern char *xvfb_extra_params; |
697 | extern char *netfilter_default; | 698 | extern char *netfilter_default; |
diff --git a/src/firejail/x11.c b/src/firejail/x11.c index da881f344..0f7ea56b6 100644 --- a/src/firejail/x11.c +++ b/src/firejail/x11.c | |||
@@ -239,8 +239,8 @@ void x11_start_xvfb(int argc, char **argv) { | |||
239 | 239 | ||
240 | // parse xvfb_extra_params | 240 | // parse xvfb_extra_params |
241 | // very basic quoting support | 241 | // very basic quoting support |
242 | char *temp = strdup(xephyr_extra_params); | 242 | char *temp = strdup(xvfb_extra_params); |
243 | if (*xephyr_extra_params != '\0') { | 243 | if (*xvfb_extra_params != '\0') { |
244 | if (!temp) | 244 | if (!temp) |
245 | errExit("strdup"); | 245 | errExit("strdup"); |
246 | bool dquote = false; | 246 | bool dquote = false; |
@@ -267,6 +267,7 @@ void x11_start_xvfb(int argc, char **argv) { | |||
267 | exit(1); | 267 | exit(1); |
268 | } | 268 | } |
269 | 269 | ||
270 | server_argv[pos++] = temp; | ||
270 | for (i = 0; i < (int) strlen(xvfb_extra_params)-1; i++) { | 271 | for (i = 0; i < (int) strlen(xvfb_extra_params)-1; i++) { |
271 | if (pos >= (sizeof(server_argv)/sizeof(*server_argv)) - 2) { | 272 | if (pos >= (sizeof(server_argv)/sizeof(*server_argv)) - 2) { |
272 | fprintf(stderr, "Error: arg count limit exceeded while parsing xvfb_extra_params\n"); | 273 | fprintf(stderr, "Error: arg count limit exceeded while parsing xvfb_extra_params\n"); |
@@ -284,12 +285,12 @@ void x11_start_xvfb(int argc, char **argv) { | |||
284 | 285 | ||
285 | if (arg_debug) { | 286 | if (arg_debug) { |
286 | size_t i = 0; | 287 | size_t i = 0; |
287 | printf("xvfb server:"); | 288 | printf("\n*** Starting xvfb server:"); |
288 | while (server_argv[i]!=NULL) { | 289 | while (server_argv[i]!=NULL) { |
289 | printf(" \"%s\"", server_argv[i]); | 290 | printf(" \"%s\"", server_argv[i]); |
290 | i++; | 291 | i++; |
291 | } | 292 | } |
292 | putchar('\n'); | 293 | printf(" ***\n\n"); |
293 | } | 294 | } |
294 | 295 | ||
295 | // remove --x11 arg | 296 | // remove --x11 arg |
@@ -307,12 +308,12 @@ void x11_start_xvfb(int argc, char **argv) { | |||
307 | 308 | ||
308 | if (arg_debug) { | 309 | if (arg_debug) { |
309 | size_t i = 0; | 310 | size_t i = 0; |
310 | printf("xvfb client:"); | 311 | printf("\n*** Stating xvfb client:"); |
311 | while (jail_argv[i]!=NULL) { | 312 | while (jail_argv[i]!=NULL) { |
312 | printf(" \"%s\"", jail_argv[i]); | 313 | printf(" \"%s\"", jail_argv[i]); |
313 | i++; | 314 | i++; |
314 | } | 315 | } |
315 | putchar('\n'); | 316 | printf(" ***\n\n"); |
316 | } | 317 | } |
317 | 318 | ||
318 | server = fork(); | 319 | server = fork(); |
@@ -471,13 +472,18 @@ void x11_start_xephyr(int argc, char **argv) { | |||
471 | exit(1); | 472 | exit(1); |
472 | } | 473 | } |
473 | 474 | ||
475 | server_argv[pos++] = temp; | ||
474 | for (i = 0; i < (int) strlen(xephyr_extra_params)-1; i++) { | 476 | for (i = 0; i < (int) strlen(xephyr_extra_params)-1; i++) { |
475 | if (pos >= (sizeof(server_argv)/sizeof(*server_argv)) - 2) { | 477 | if (pos >= (sizeof(server_argv)/sizeof(*server_argv)) - 2) { |
476 | fprintf(stderr, "Error: arg count limit exceeded while parsing xephyr_extra_params\n"); | 478 | fprintf(stderr, "Error: arg count limit exceeded while parsing xephyr_extra_params\n"); |
477 | exit(1); | 479 | exit(1); |
478 | } | 480 | } |
479 | if (temp[i] == '\0' && (temp[i+1] == '\"' || temp[i+1] == '\'')) server_argv[pos++] = temp + i + 2; | 481 | if (temp[i] == '\0' && (temp[i+1] == '\"' || temp[i+1] == '\'')) { |
480 | else if (temp[i] == '\0' && temp[i+1] != '\0') server_argv[pos++] = temp + i + 1; | 482 | server_argv[pos++] = temp + i + 2; |
483 | } | ||
484 | else if (temp[i] == '\0' && temp[i+1] != '\0') { | ||
485 | server_argv[pos++] = temp + i + 1; | ||
486 | } | ||
481 | } | 487 | } |
482 | } | 488 | } |
483 | 489 | ||
@@ -490,12 +496,12 @@ void x11_start_xephyr(int argc, char **argv) { | |||
490 | 496 | ||
491 | if (arg_debug) { | 497 | if (arg_debug) { |
492 | size_t i = 0; | 498 | size_t i = 0; |
493 | printf("xephyr server:"); | 499 | printf("\n*** Starting xephyr server:"); |
494 | while (server_argv[i]!=NULL) { | 500 | while (server_argv[i]!=NULL) { |
495 | printf(" \"%s\"", server_argv[i]); | 501 | printf(" \"%s\"", server_argv[i]); |
496 | i++; | 502 | i++; |
497 | } | 503 | } |
498 | putchar('\n'); | 504 | printf(" ***\n\n"); |
499 | } | 505 | } |
500 | 506 | ||
501 | // remove --x11 arg | 507 | // remove --x11 arg |
@@ -513,12 +519,12 @@ void x11_start_xephyr(int argc, char **argv) { | |||
513 | 519 | ||
514 | if (arg_debug) { | 520 | if (arg_debug) { |
515 | size_t i = 0; | 521 | size_t i = 0; |
516 | printf("xephyr client:"); | 522 | printf("*** Starting xephyr client:"); |
517 | while (jail_argv[i]!=NULL) { | 523 | while (jail_argv[i]!=NULL) { |
518 | printf(" \"%s\"", jail_argv[i]); | 524 | printf(" \"%s\"", jail_argv[i]); |
519 | i++; | 525 | i++; |
520 | } | 526 | } |
521 | putchar('\n'); | 527 | printf(" ***\n\n"); |
522 | } | 528 | } |
523 | 529 | ||
524 | server = fork(); | 530 | server = fork(); |
@@ -631,7 +637,74 @@ void x11_start_xpra(int argc, char **argv) { | |||
631 | errExit("asprintf"); | 637 | errExit("asprintf"); |
632 | 638 | ||
633 | // build the start command | 639 | // build the start command |
634 | char *server_argv[] = { "xpra", "start", display_str, "--no-daemon", NULL }; | 640 | char *server_argv[256] = { // rest initialyzed to NULL |
641 | "xpra", "start", display_str, "--no-daemon", | ||
642 | }; | ||
643 | unsigned pos = 0; | ||
644 | while (server_argv[pos] != NULL) pos++; | ||
645 | |||
646 | assert(xpra_extra_params); // should be "" if empty | ||
647 | |||
648 | // parse xephyr_extra_params | ||
649 | // very basic quoting support | ||
650 | char *temp = strdup(xpra_extra_params); | ||
651 | if (*xpra_extra_params != '\0') { | ||
652 | if (!temp) | ||
653 | errExit("strdup"); | ||
654 | bool dquote = false; | ||
655 | bool squote = false; | ||
656 | for (i = 0; i < (int) strlen(xpra_extra_params); i++) { | ||
657 | if (temp[i] == '\"') { | ||
658 | dquote = !dquote; | ||
659 | // replace closing quote by \0 | ||
660 | if (dquote) temp[i] = '\0'; | ||
661 | } | ||
662 | if (temp[i] == '\'') { | ||
663 | squote = !squote; | ||
664 | // replace closing quote by \0 | ||
665 | if (squote) temp[i] = '\0'; | ||
666 | } | ||
667 | if (!dquote && !squote && temp[i] == ' ') temp[i] = '\0'; | ||
668 | if (dquote && squote) { | ||
669 | fprintf(stderr, "Error: mixed quoting found while parsing xpra_extra_params\n"); | ||
670 | exit(1); | ||
671 | } | ||
672 | } | ||
673 | if (dquote) { | ||
674 | fprintf(stderr, "Error: unclosed quote found while parsing xpra_extra_params\n"); | ||
675 | exit(1); | ||
676 | } | ||
677 | |||
678 | server_argv[pos++] = temp; | ||
679 | for (i = 0; i < (int) strlen(xpra_extra_params)-1; i++) { | ||
680 | if (pos >= (sizeof(server_argv)/sizeof(*server_argv)) - 2) { | ||
681 | fprintf(stderr, "Error: arg count limit exceeded while parsing xpra_extra_params\n"); | ||
682 | exit(1); | ||
683 | } | ||
684 | if (temp[i] == '\0' && (temp[i+1] == '\"' || temp[i+1] == '\'')) { | ||
685 | server_argv[pos++] = temp + i + 2; | ||
686 | } | ||
687 | else if (temp[i] == '\0' && temp[i+1] != '\0') { | ||
688 | server_argv[pos++] = temp + i + 1; | ||
689 | } | ||
690 | } | ||
691 | } | ||
692 | |||
693 | server_argv[pos++] = NULL; | ||
694 | |||
695 | // no overrun | ||
696 | assert(pos < (sizeof(server_argv)/sizeof(*server_argv))); | ||
697 | assert(server_argv[pos-1] == NULL); // last element is null | ||
698 | |||
699 | if (arg_debug) { | ||
700 | size_t i = 0; | ||
701 | printf("\n*** Starting xpra server: "); | ||
702 | while (server_argv[i]!=NULL) { | ||
703 | printf(" \"%s\"", server_argv[i]); | ||
704 | i++; | ||
705 | } | ||
706 | printf(" ***\n\n"); | ||
707 | } | ||
635 | 708 | ||
636 | int fd_null = -1; | 709 | int fd_null = -1; |
637 | if (arg_quiet) { | 710 | if (arg_quiet) { |
@@ -716,7 +789,7 @@ void x11_start_xpra(int argc, char **argv) { | |||
716 | 789 | ||
717 | // build jail command | 790 | // build jail command |
718 | char *firejail_argv[argc+2]; | 791 | char *firejail_argv[argc+2]; |
719 | int pos = 0; | 792 | pos = 0; |
720 | for (i = 0; i < argc; i++) { | 793 | for (i = 0; i < argc; i++) { |
721 | if (strncmp(argv[i], "--x11", 5) == 0) | 794 | if (strncmp(argv[i], "--x11", 5) == 0) |
722 | continue; | 795 | continue; |