5 files changed, 23 insertions, 39 deletions
diff --git a/src/fcopy/main.c b/src/fcopy/main.c
index 82d829bba..ca2643e7d 100644
--- a/src/fcopy/main.c
+++ b/src/fcopy/main.c
@@ -188,22 +188,19 @@ static int fs_copydir(const char *infname, const struct stat *st, int ftype, str
 static char *check(const char *src) {
        struct stat s;
        char *rsrc = realpath(src, NULL);
-        if (!rsrc || stat(rsrc, &s) == -1) {
+        if (!rsrc || stat(rsrc, &s) == -1)
-                fprintf(stderr, "Error fcopy: cannot find %s directory\n", src);
+                goto errexit;
-                exit(1);
-        }
        // check uid
-        if (s.st_uid != getuid() || s.st_gid != getgid()) {
+        if (s.st_uid != getuid() || s.st_gid != getgid())
-                fprintf(stderr, "Error fcopy: uid/gid mismatch for %s\n", rsrc);
+                goto errexit;
-                exit(1);
-        }
        // dir, link, regular file
-        if (S_ISDIR(s.st_mode) || S_ISREG(s.st_mode) || S_ISLNK(s.st_mode)) {
+        if (S_ISDIR(s.st_mode) || S_ISREG(s.st_mode) || S_ISLNK(s.st_mode))
                return rsrc;                      // normal exit from the function
-        }
+        
-        fprintf(stderr, "Error fcopy: invalid directory %s\n", rsrc);
+errexit:
+        fprintf(stderr, "Error fcopy: invalid file %s\n", src);
        exit(1);
 }
diff --git a/src/firemon/caps.c b/src/firemon/caps.c
index 81877ab87..3f8a139ae 100644
--- a/src/firemon/caps.c
+++ b/src/firemon/caps.c
@@ -24,7 +24,6 @@ static void print_caps(int pid) {
        char *file;
        if (asprintf(&file, "/proc/%d/status", pid) == -1) {
                errExit("asprintf");
-                exit(1);
        }
        FILE *fp = fopen(file, "r");
diff --git a/src/firemon/procevent.c b/src/firemon/procevent.c
index 1940f4a34..edae21951 100644
--- a/src/firemon/procevent.c
+++ b/src/firemon/procevent.c
@@ -43,10 +43,8 @@ static int pid_is_firejail(pid_t pid) {
        
        // open /proc/self/comm
        char *file;
-        if (asprintf(&file, "/proc/%u/comm", pid) == -1) {
+        if (asprintf(&file, "/proc/%u/comm", pid) == -1)
-                perror("asprintf");
+                errExit("asprintf");
-                exit(1);
-        }
        
        FILE *fp = fopen(file, "r");
        if (!fp) {
diff --git a/src/firemon/seccomp.c b/src/firemon/seccomp.c
index abc698bb8..f11c624ea 100644
--- a/src/firemon/seccomp.c
+++ b/src/firemon/seccomp.c
@@ -22,10 +22,8 @@
 #define MAXBUF 4098
 static void print_seccomp(int pid) {
        char *file;
-        if (asprintf(&file, "/proc/%d/status", pid) == -1) {
+        if (asprintf(&file, "/proc/%d/status", pid) == -1)
                errExit("asprintf");
-                exit(1);
-        }
        FILE *fp = fopen(file, "r");
        if (!fp) {
diff --git a/src/ftee/main.c b/src/ftee/main.c
index e6aa5f567..2b27baa5a 100644
--- a/src/ftee/main.c
+++ b/src/ftee/main.c
@@ -179,10 +179,6 @@ static int is_link(const char *fname) {
        return 0;
 }
 static void usage(void) {
        printf("Usage: ftee filename\n");
 }
@@ -201,33 +197,25 @@ int main(int argc, char **argv) {
        // do not accept directories, links, and files with ".."
-        if (strstr(fname, "..") || is_link(fname) || is_dir(fname)) {
+        if (strstr(fname, "..") || is_link(fname) || is_dir(fname))
-                fprintf(stderr, "Error: invalid output file. Links, directories and files with \"..\" are not allowed.\n");
+                goto errexit;
-                exit(1);
-        }
        
        struct stat s;
        if (stat(fname, &s) == 0) {
                // check permissions
-                if (s.st_uid != getuid() || s.st_gid != getgid()) {
+                if (s.st_uid != getuid() || s.st_gid != getgid())
-                        fprintf(stderr, "Error: the output file needs to be owned by the current user.\n");
+                        goto errexit;
-                        exit(1);
-                }
                
                // check hard links
-                if (s.st_nlink != 1) {
+                if (s.st_nlink != 1)
-                        fprintf(stderr, "Error: no hard links allowed.\n");
+                        goto errexit;
-                        exit(1);
-                }
        }
        // check if we can append to this file
        /* coverity[toctou] */
        FILE *fp = fopen(fname, "a");
-        if (!fp) {
+        if (!fp)
-                fprintf(stderr, "Error: cannot open output file %s\n", fname);
+                goto errexit;
-                exit(1);
-        }
        fclose(fp);
@@ -248,4 +236,8 @@ int main(int argc, char **argv) {
        
        log_close();
        return 0;
+errexit:
+        fprintf(stderr, "Error ftee: invalid output file.\n");
+        return 1;
 }

diff --git a/src/fcopy/main.c b/src/fcopy/main.c index 82d829bba..ca2643e7d 100644 --- a/src/fcopy/main.c +++ b/src/fcopy/main.c
@@ -188,22 +188,19 @@ static int fs_copydir(const char infname, const struct stat st, int ftype, str
188	static char check(const char src) {	188	static char check(const char src) {
189	struct stat s;	189	struct stat s;
190	char *rsrc = realpath(src, NULL);	190	char *rsrc = realpath(src, NULL);
191	if (!rsrc \|\| stat(rsrc, &s) == -1) {	191	if (!rsrc \|\| stat(rsrc, &s) == -1)
192	fprintf(stderr, "Error fcopy: cannot find %s directory\n", src);	192	goto errexit;
193	exit(1);
194	}
195		193
196	// check uid	194	// check uid
197	if (s.st_uid != getuid() \|\| s.st_gid != getgid()) {	195	if (s.st_uid != getuid() \|\| s.st_gid != getgid())
198	fprintf(stderr, "Error fcopy: uid/gid mismatch for %s\n", rsrc);	196	goto errexit;
199	exit(1);
200	}
201		197
202	// dir, link, regular file	198	// dir, link, regular file
203	if (S_ISDIR(s.st_mode) \|\| S_ISREG(s.st_mode) \|\| S_ISLNK(s.st_mode)) {	199	if (S_ISDIR(s.st_mode) \|\| S_ISREG(s.st_mode) \|\| S_ISLNK(s.st_mode))
204	return rsrc; // normal exit from the function	200	return rsrc; // normal exit from the function
205	}	201
206	fprintf(stderr, "Error fcopy: invalid directory %s\n", rsrc);	202	errexit:
		203	fprintf(stderr, "Error fcopy: invalid file %s\n", src);
207	exit(1);	204	exit(1);
208	}	205	}
209		206


diff --git a/src/firemon/caps.c b/src/firemon/caps.c index 81877ab87..3f8a139ae 100644 --- a/src/firemon/caps.c +++ b/src/firemon/caps.c
@@ -24,7 +24,6 @@ static void print_caps(int pid) {
24	char *file;	24	char *file;
25	if (asprintf(&file, "/proc/%d/status", pid) == -1) {	25	if (asprintf(&file, "/proc/%d/status", pid) == -1) {
26	errExit("asprintf");	26	errExit("asprintf");
27	exit(1);
28	}	27	}
29		28
30	FILE *fp = fopen(file, "r");	29	FILE *fp = fopen(file, "r");


diff --git a/src/firemon/procevent.c b/src/firemon/procevent.c index 1940f4a34..edae21951 100644 --- a/src/firemon/procevent.c +++ b/src/firemon/procevent.c
@@ -43,10 +43,8 @@ static int pid_is_firejail(pid_t pid) {
43		43
44	// open /proc/self/comm	44	// open /proc/self/comm
45	char *file;	45	char *file;
46	if (asprintf(&file, "/proc/%u/comm", pid) == -1) {	46	if (asprintf(&file, "/proc/%u/comm", pid) == -1)
47	perror("asprintf");	47	errExit("asprintf");
48	exit(1);
49	}
50		48
51	FILE *fp = fopen(file, "r");	49	FILE *fp = fopen(file, "r");
52	if (!fp) {	50	if (!fp) {


diff --git a/src/firemon/seccomp.c b/src/firemon/seccomp.c index abc698bb8..f11c624ea 100644 --- a/src/firemon/seccomp.c +++ b/src/firemon/seccomp.c
@@ -22,10 +22,8 @@
22	#define MAXBUF 4098	22	#define MAXBUF 4098
23	static void print_seccomp(int pid) {	23	static void print_seccomp(int pid) {
24	char *file;	24	char *file;
25	if (asprintf(&file, "/proc/%d/status", pid) == -1) {	25	if (asprintf(&file, "/proc/%d/status", pid) == -1)
26	errExit("asprintf");	26	errExit("asprintf");
27	exit(1);
28	}
29		27
30	FILE *fp = fopen(file, "r");	28	FILE *fp = fopen(file, "r");
31	if (!fp) {	29	if (!fp) {


diff --git a/src/ftee/main.c b/src/ftee/main.c index e6aa5f567..2b27baa5a 100644 --- a/src/ftee/main.c +++ b/src/ftee/main.c
@@ -179,10 +179,6 @@ static int is_link(const char *fname) {
179	return 0;	179	return 0;
180	}	180	}
181		181
182
183
184
185
186	static void usage(void) {	182	static void usage(void) {
187	printf("Usage: ftee filename\n");	183	printf("Usage: ftee filename\n");
188	}	184	}
@@ -201,33 +197,25 @@ int main(int argc, char **argv) {
201		197
202		198
203	// do not accept directories, links, and files with ".."	199	// do not accept directories, links, and files with ".."
204	if (strstr(fname, "..") \|\| is_link(fname) \|\| is_dir(fname)) {	200	if (strstr(fname, "..") \|\| is_link(fname) \|\| is_dir(fname))
205	fprintf(stderr, "Error: invalid output file. Links, directories and files with \"..\" are not allowed.\n");	201	goto errexit;
206	exit(1);
207	}
208		202
209	struct stat s;	203	struct stat s;
210	if (stat(fname, &s) == 0) {	204	if (stat(fname, &s) == 0) {
211	// check permissions	205	// check permissions
212	if (s.st_uid != getuid() \|\| s.st_gid != getgid()) {	206	if (s.st_uid != getuid() \|\| s.st_gid != getgid())
213	fprintf(stderr, "Error: the output file needs to be owned by the current user.\n");	207	goto errexit;
214	exit(1);
215	}
216		208
217	// check hard links	209	// check hard links
218	if (s.st_nlink != 1) {	210	if (s.st_nlink != 1)
219	fprintf(stderr, "Error: no hard links allowed.\n");	211	goto errexit;
220	exit(1);
221	}
222	}	212	}
223		213
224	// check if we can append to this file	214	// check if we can append to this file
225	/* coverity[toctou] */	215	/* coverity[toctou] */
226	FILE *fp = fopen(fname, "a");	216	FILE *fp = fopen(fname, "a");
227	if (!fp) {	217	if (!fp)
228	fprintf(stderr, "Error: cannot open output file %s\n", fname);	218	goto errexit;
229	exit(1);
230	}
231	fclose(fp);	219	fclose(fp);
232		220
233		221
@@ -248,4 +236,8 @@ int main(int argc, char **argv) {
248		236
249	log_close();	237	log_close();
250	return 0;	238	return 0;
		239
		240	errexit:
		241	fprintf(stderr, "Error ftee: invalid output file.\n");
		242	return 1;
251	}	243	}