From 15298f20afeaff362c74e8ad7e66338f442cf441 Mon Sep 17 00:00:00 2001
From: netblue30 <netblue30@yahoo.com>
Date: Fri, 4 Nov 2016 10:06:21 -0400
Subject: execv fixes

---
 src/firejail/bandwidth.c | 2 +-
 src/firejail/fs_bin.c    | 2 +-
 src/firejail/fs_etc.c    | 2 +-
 src/firejail/netfilter.c | 8 +++-----
 src/firejail/sbox.c      | 2 +-
 5 files changed, 7 insertions(+), 9 deletions(-)

diff --git a/src/firejail/bandwidth.c b/src/firejail/bandwidth.c
index ab9714afe..512cc0b05 100644
--- a/src/firejail/bandwidth.c
+++ b/src/firejail/bandwidth.c
@@ -462,7 +462,7 @@ void bandwidth_pid(pid_t pid, const char *command, const char *dev, int down, in
 	arg[1] = "-c";
 	arg[2] = cmd;
 	arg[3] = NULL;
-	assert(getenv("LD_PRELOAD") == NULL);	
+	clearenv();
 	execvp(arg[0], arg);
 	
 	// it will never get here
diff --git a/src/firejail/fs_bin.c b/src/firejail/fs_bin.c
index d6fee0608..a3576e7c4 100644
--- a/src/firejail/fs_bin.c
+++ b/src/firejail/fs_bin.c
@@ -191,7 +191,7 @@ static void duplicate(char *fname) {
 				char *f;
 				if (asprintf(&f, "%s/%s", RUN_BIN_DIR, fname) == -1)
 					errExit("asprintf");
-				assert(getenv("LD_PRELOAD") == NULL);	
+				clearenv();	
 				execlp(RUN_CP_COMMAND, RUN_CP_COMMAND, "-a", actual_path, f, NULL);
 				perror("execlp");
 				_exit(1);
diff --git a/src/firejail/fs_etc.c b/src/firejail/fs_etc.c
index 4f3417236..830de7c9f 100644
--- a/src/firejail/fs_etc.c
+++ b/src/firejail/fs_etc.c
@@ -105,7 +105,7 @@ static void duplicate(char *fname) {
 		char *f;
 		if (asprintf(&f, "/etc/%s", fname) == -1)
 			errExit("asprintf");
-		assert(getenv("LD_PRELOAD") == NULL);	
+		clearenv();	
 		execlp(RUN_CP_COMMAND, RUN_CP_COMMAND, "-a", "--parents", f, RUN_MNT_DIR, NULL);
 		perror("execlp");
 		_exit(1);
diff --git a/src/firejail/netfilter.c b/src/firejail/netfilter.c
index efef45d90..1df4b7a0f 100644
--- a/src/firejail/netfilter.c
+++ b/src/firejail/netfilter.c
@@ -143,8 +143,7 @@ void netfilter(const char *fname) {
 		dup2(fd,STDIN_FILENO);
 
 		// wipe out environment variables
-		environ = NULL;
-		assert(getenv("LD_PRELOAD") == NULL);	
+		clearenv();	
 		execl(iptables_restore, iptables_restore, NULL);
 		perror("execl");
 		_exit(1);
@@ -258,8 +257,7 @@ void netfilter6(const char *fname) {
 		dup2(fd,STDIN_FILENO);
 
 		// wipe out environment variables
-		environ = NULL;
-		assert(getenv("LD_PRELOAD") == NULL);	
+		clearenv();	
 		execl(ip6tables_restore, ip6tables_restore, NULL);
 		perror("execl");
 		_exit(1);
@@ -273,7 +271,7 @@ void netfilter6(const char *fname) {
 		if (child < 0)
 			errExit("fork");
 		if (child == 0) {
-			environ = NULL;
+			clearenv();	
 			execl(ip6tables, ip6tables, "-vL", NULL);
 			perror("execl");
 			_exit(1);
diff --git a/src/firejail/sbox.c b/src/firejail/sbox.c
index a5a067090..65ca5c443 100644
--- a/src/firejail/sbox.c
+++ b/src/firejail/sbox.c
@@ -165,7 +165,7 @@ int sbox_run(unsigned filter, int num, ...) {
 		else if (filter & SBOX_USER)
 			drop_privs(1);
 
-		assert(getenv("LD_PRELOAD") == NULL);	
+		clearenv();
 		if (arg[0])	// get rid of scan-build warning
 			execvp(arg[0], arg);
 		else
-- 
cgit v1.2.3-70-g09d2