From 7c0cf390b0087c313f0fdd44c0006af69a8a1ca0 Mon Sep 17 00:00:00 2001
From: netblue30 <netblue30@yahoo.com>
Date: Tue, 28 Aug 2018 19:00:05 -0400
Subject: cleanup

---
 src/firecfg/desktop_files.c   |  4 +++-
 src/firejail/fs_whitelist.c   | 19 ++++++++++++++++---
 src/firejail/main.c           |  6 ++++--
 src/firejail/profile.c        |  1 +
 src/firejail/restrict_users.c |  2 ++
 src/fsec-optimize/main.c      |  3 ++-
 6 files changed, 28 insertions(+), 7 deletions(-)

diff --git a/src/firecfg/desktop_files.c b/src/firecfg/desktop_files.c
index de2b8cfa2..f09a23977 100644
--- a/src/firecfg/desktop_files.c
+++ b/src/firecfg/desktop_files.c
@@ -184,7 +184,9 @@ void fix_desktop_files(char *homedir) {
 		}
 
 		fseek(fp, 0, SEEK_END);
-		size_t size = ftell(fp);
+		long size = ftell(fp);
+		if (size == -1)
+			errExit("ftell");
 		fseek(fp, 0, SEEK_SET);
 		char *buf = malloc(size + 1);
 		if (!buf)
diff --git a/src/firejail/fs_whitelist.c b/src/firejail/fs_whitelist.c
index 9b68b6753..e983a071d 100644
--- a/src/firejail/fs_whitelist.c
+++ b/src/firejail/fs_whitelist.c
@@ -523,6 +523,7 @@ void fs_whitelist(void) {
 
 			// both path and absolute path are under /tmp
 			if (strncmp(fname, "/tmp/", 5) != 0) {
+				free(fname);
 				goto errexit;
 			}
 		}
@@ -531,6 +532,7 @@ void fs_whitelist(void) {
 			media_dir = 1;
 			// both path and absolute path are under /media
 			if (strncmp(fname, "/media/", 7) != 0) {
+				free(fname);
 				goto errexit;
 			}
 		}
@@ -539,6 +541,7 @@ void fs_whitelist(void) {
 			mnt_dir = 1;
 			// both path and absolute path are under /mnt
 			if (strncmp(fname, "/mnt/", 5) != 0) {
+				free(fname);
 				goto errexit;
 			}
 		}
@@ -553,6 +556,7 @@ void fs_whitelist(void) {
 			else {
 				// both path and absolute path are under /var
 				if (strncmp(fname, "/var/", 5) != 0) {
+					free(fname);
 					goto errexit;
 				}
 			}
@@ -573,6 +577,7 @@ void fs_whitelist(void) {
 			else {
 				// both path and absolute path are under /dev
 				if (strncmp(fname, "/dev/", 5) != 0) {
+					free(fname);
 					goto errexit;
 				}
 			}
@@ -582,6 +587,7 @@ void fs_whitelist(void) {
 			opt_dir = 1;
 			// both path and absolute path are under /dev
 			if (strncmp(fname, "/opt/", 5) != 0) {
+				free(fname);
 				goto errexit;
 			}
 		}
@@ -590,6 +596,7 @@ void fs_whitelist(void) {
 			srv_dir = 1;
 			// both path and absolute path are under /srv
 			if (strncmp(fname, "/srv/", 5) != 0) {
+				free(fname);
 				goto errexit;
 			}
 		}
@@ -602,23 +609,29 @@ void fs_whitelist(void) {
 			else if (strcmp(new_name, "/etc/os-release") == 0);
 			// both path and absolute path are under /etc
 			else {
-				if (strncmp(fname, "/etc/", 5) != 0)
+				if (strncmp(fname, "/etc/", 5) != 0) {
+					free(fname);
 					goto errexit;
+				}
 			}
 		}
 		else if (strncmp(new_name, "/usr/share/", 11) == 0) {
 			entry->share_dir = 1;
 			share_dir = 1;
 			// both path and absolute path are under /etc
-			if (strncmp(fname, "/usr/share/", 11) != 0)
+			if (strncmp(fname, "/usr/share/", 11) != 0) {
+				free(fname);
 				goto errexit;
+			}
 		}
 		else if (strncmp(new_name, "/sys/module/", 12) == 0) {
 			entry->module_dir = 1;
 			module_dir = 1;
 			// both path and absolute path are under /sys/module
-			if (strncmp(fname, "/sys/module/", 12) != 0)
+			if (strncmp(fname, "/sys/module/", 12) != 0) {
+				free(fname);
 				goto errexit;
+			}
 		}
 		else {
 			goto errexit;
diff --git a/src/firejail/main.c b/src/firejail/main.c
index b3a8dcfd7..ba952b1cb 100644
--- a/src/firejail/main.c
+++ b/src/firejail/main.c
@@ -2409,8 +2409,10 @@ int main(int argc, char **argv) {
 	int display = x11_display();
 	if (display > 0)
 		set_x11_run_file(sandbox_pid, display);
-	flock(lockfd_directory, LOCK_UN);
-	close(lockfd_directory);
+	if (lockfd_directory != -1) {
+		flock(lockfd_directory, LOCK_UN);
+		close(lockfd_directory);
+	}
 	EUID_USER();
 
 	// clone environment
diff --git a/src/firejail/profile.c b/src/firejail/profile.c
index 168d7e268..bc5915d46 100644
--- a/src/firejail/profile.c
+++ b/src/firejail/profile.c
@@ -724,6 +724,7 @@ int profile_check_line(char *ptr, int lineno, const char *fname) {
 			cfg.dns4 = dns;
 		else {
 			fprintf(stderr, "Error: up to 4 DNS servers can be specified\n");
+			free(dns);
 			return 1;
 		}
 		return 0;
diff --git a/src/firejail/restrict_users.c b/src/firejail/restrict_users.c
index d66deeb97..fa672eccb 100644
--- a/src/firejail/restrict_users.c
+++ b/src/firejail/restrict_users.c
@@ -41,6 +41,8 @@ static void ulist_add(const char *user) {
 	assert(user);
 
 	USER_LIST *nlist = malloc(sizeof(USER_LIST));
+	if (!nlist)
+		errExit("malloc");
 	memset(nlist, 0, sizeof(USER_LIST));
 	nlist->user = user;
 	nlist->next = ulist;
diff --git a/src/fsec-optimize/main.c b/src/fsec-optimize/main.c
index f4300f350..80ca098cb 100644
--- a/src/fsec-optimize/main.c
+++ b/src/fsec-optimize/main.c
@@ -87,7 +87,8 @@ printf("\n");
 
 	return 0;
 errexit:
-	close(fd);
+	if (fd != -1)
+		close(fd);
 	fprintf(stderr, "Error: cannot read %s\n", fname);
 	exit(1);
 
-- 
cgit v1.2.3-70-g09d2