From 0c7935bab29275f854b3a69a4796597c470c1a22 Mon Sep 17 00:00:00 2001 From: netblue30 Date: Mon, 15 Feb 2016 19:26:29 -0500 Subject: fix path --- src/firejail/firejail.h | 3 ++ src/firejail/fs.c | 13 ++++--- src/firejail/paths.c | 98 +++++++++++++++++++++++++++++++++++++++++++++++++ src/firejail/profile.c | 6 ++- 4 files changed, 112 insertions(+), 8 deletions(-) create mode 100644 src/firejail/paths.c diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h index 19c8c5eb5..a754711b1 100644 --- a/src/firejail/firejail.h +++ b/src/firejail/firejail.h @@ -509,5 +509,8 @@ void run_symlink(int argc, char **argv); // user.c void check_user(int argc, char **argv); +// paths.c +char **build_paths(void); + #endif diff --git a/src/firejail/fs.c b/src/firejail/fs.c index a43ed3134..c3e9890b4 100644 --- a/src/firejail/fs.c +++ b/src/firejail/fs.c @@ -460,13 +460,14 @@ void fs_blacklist(void) { if (strncmp(ptr, "${PATH}", 7) == 0) { char *fname = ptr + 7; size_t fname_len = strlen(fname); - char **path, *paths[] = {"/bin", "/sbin", "/usr/bin", "/usr/sbin", NULL}; - for (path = &paths[0]; *path; path++) { - char newname[strlen(*path) + fname_len + 1]; - sprintf(newname, "%s%s", *path, fname); + char **paths = build_paths(); //{"/bin", "/sbin", "/usr/bin", "/usr/sbin", NULL}; + int i = 0; + while (paths[i] != NULL) { + char *path = paths[i]; + i++; + char newname[strlen(path) + fname_len + 1]; + sprintf(newname, "%s%s", path, fname); globbing(op, newname, (const char**)noblacklist, noblacklist_c); - if (last_disable == SUCCESSFUL) - break; } } else diff --git a/src/firejail/paths.c b/src/firejail/paths.c new file mode 100644 index 000000000..3d4b8cd8e --- /dev/null +++ b/src/firejail/paths.c @@ -0,0 +1,98 @@ +/* + * Copyright (C) 2014-2016 Firejail Authors + * + * This file is part of firejail project + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +*/ +#include "firejail.h" + +static char **paths = NULL; +static int path_cnt = 0; +static char initialized = 0; + +static void add_path(const char *path) { + assert(paths); + assert(path_cnt); + + // filter out duplicates + int i; + int empty = 0; + for (i = 0; i < path_cnt; i++) { + if (paths[i] && strcmp(path, paths[i]) == 0) { + return; + } + if (!paths[i]) { + empty = i; + break; + } + } + + paths[empty] = strdup(path); + if (!paths[empty]) + errExit("strdup"); +} + +char **build_paths(void) { + if (initialized) { + assert(paths); + return paths; + } + initialized = 1; + + int cnt = 5; // 4 default paths + 1 NULL to end the array + char *path1 = getenv("PATH"); + if (path1) { + char *path2 = strdup(path1); + if (!path2) + errExit("strdup"); + + // use path2 to count the entries + char *ptr = strtok(path2, ":"); + while (ptr) { + cnt++; + ptr = strtok(NULL, ":"); + } + free(path2); + path_cnt = cnt; + + // allocate paths array + paths = malloc(sizeof(char *) * cnt); + if (!paths) + errExit("malloc"); + memset(paths, 0, sizeof(char *) * cnt); + + // add default paths + add_path("/bin"); + add_path("/sbin"); + add_path("/usr/bin"); + add_path("/usr/sbin"); + + path2 = strdup(path1); + if (!path2) + errExit("strdup"); + + // use path2 to count the entries + ptr = strtok(path2, ":"); + while (ptr) { + cnt++; + add_path(ptr); + ptr = strtok(NULL, ":"); + } + free(path2); + } + + return paths; +} diff --git a/src/firejail/profile.c b/src/firejail/profile.c index 5acbbec38..70ec360ce 100644 --- a/src/firejail/profile.c +++ b/src/firejail/profile.c @@ -533,8 +533,10 @@ void profile_read(const char *fname) { // verify syntax, exit in case of error if (profile_check_line(ptr, lineno, fname)) profile_add(ptr); - else - free(ptr); +// we cannot free ptr here, data is extracted from ptr and linked as a pointer in cfg structure +// else { +// free(ptr); +// } } fclose(fp); } -- cgit v1.2.3-70-g09d2