From 949b924fba58dc05f1c21d6621f05047be5397f0 Mon Sep 17 00:00:00 2001 From: smitsohu Date: Fri, 13 Jul 2018 18:17:32 +0200 Subject: fix empty spaces in mountinfo fields --- src/firejail/fs_whitelist.c | 4 ++-- src/firejail/util.c | 38 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 40 insertions(+), 2 deletions(-) diff --git a/src/firejail/fs_whitelist.c b/src/firejail/fs_whitelist.c index 24c83adee..e177c3ec0 100644 --- a/src/firejail/fs_whitelist.c +++ b/src/firejail/fs_whitelist.c @@ -358,8 +358,8 @@ static void whitelist_path(ProfileEntry *entry) { // check the last mount operation MountData *mptr = get_last_mount(); // will do exit(1) if the mount cannot be found - //if (strncmp(mptr->dir, path, strlen(path)) != 0) - temporarily disabled, problems with paths that have empty spaces - // errLogExit("invalid whitelist mount"); + if (strncmp(mptr->dir, path, strlen(path)) != 0) + errLogExit("invalid whitelist mount"); // No mounts are allowed on top level directories. A destination such as "/etc" is very bad! // - there should be more than one '/' char in dest string if (mptr->dir == strrchr(mptr->dir, '/')) diff --git a/src/firejail/util.c b/src/firejail/util.c index 1d36980bb..54e59d7d2 100644 --- a/src/firejail/util.c +++ b/src/firejail/util.c @@ -1045,6 +1045,40 @@ void disable_file_path(const char *path, const char *file) { free(fname); } +// Restore empty spaces in pathnames extracted from /proc/self/mountinfo +static void unmangle_path(char *path) { + int i, decimal; + char *worker; + + char *p = strchr(path, '\\'); + while (p) { + // convert octal to decimal + decimal = 0; + for (i = 1; i < 4; i++) { + worker = p + i; + // there are always three octal digits + if (*worker < '0' || *worker > '7') { + fprintf(stderr, "Error: bad escape sequence\n"); + exit(1); + } + decimal += *worker - '0'; + if (i < 3) + decimal *= 8; + } + // do the replacement + if (decimal == ' ') { + *p = ' '; + worker = p; + do { + worker++; + *worker = *(worker + 3); + } while (*worker); + } + + p = strchr(p + 1, '\\'); + } +} + #define MAX_BUF 4096 static char mbuf[MAX_BUF]; static MountData mdata; @@ -1103,6 +1137,10 @@ MountData *get_last_mount(void) { mdata.dir == NULL || mdata.fstype == NULL) goto errexit; + + unmangle_path(mdata.fsname); + unmangle_path(mdata.dir); + if (arg_debug) printf("fsname=%s dir=%s fstype=%s\n", mdata.fsname, mdata.dir, mdata.fstype); return &mdata; -- cgit v1.2.3-54-g00ecf