From b4ffaa207419715a81525e48e4ceb59d471047ee Mon Sep 17 00:00:00 2001
From: netblue30 <netblue30@protonmail.com>
Date: Tue, 14 Feb 2023 11:33:35 -0500
Subject: merges; more on cleaning up esc chars

---
 README                  |  1 +
 src/firejail/firejail.h |  1 +
 src/firejail/main.c     | 16 ++++++----------
 src/firejail/util.c     | 23 +++++++++++++++++++++++
 src/lib/pid.c           |  8 --------
 5 files changed, 31 insertions(+), 18 deletions(-)

diff --git a/README b/README
index 2d0ddb513..d09b4a0a9 100644
--- a/README
+++ b/README
@@ -685,6 +685,7 @@ LaurentGH (https://github.com/LaurentGH)
 	- allow private-bin parameters to be absolute paths
 layderv (https://github.com/layderv)
 	- prevent sandbox name from containing only digits
+	- clean escape control characters from the command line
 lecso7 (https://github.com/lecso7)
 	- added goldendict profile
 	- allow evince to read .cbz file format
diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h
index a09158e9e..d1ecb1466 100644
--- a/src/firejail/firejail.h
+++ b/src/firejail/firejail.h
@@ -525,6 +525,7 @@ int macro_id(const char *name);
 
 
 // util.c
+int invalid_name(const char *name);
 void errLogExit(char* fmt, ...) __attribute__((noreturn));
 void fwarning(char* fmt, ...);
 void fmessage(char* fmt, ...);
diff --git a/src/firejail/main.c b/src/firejail/main.c
index 8df6926ee..41ad3308f 100644
--- a/src/firejail/main.c
+++ b/src/firejail/main.c
@@ -2182,16 +2182,8 @@ int main(int argc, char **argv, char **envp) {
 				fprintf(stderr, "Error: please provide a name for sandbox\n");
 				return 1;
 			}
-			const char *c = cfg.name;
-			while (*c) {
-				if (!isdigit(*c)) {
-					only_numbers = 0;
-					break;
-				}
-				++c;
-			}
-			if (only_numbers) {
-				fprintf(stderr, "Error: invalid sandbox name: it only contains digits\n");
+			if (invalid_name(cfg.name)) {
+				fprintf(stderr, "Error: invalid sandbox name\n");
 				return 1;
 			}
 		}
@@ -2201,6 +2193,10 @@ int main(int argc, char **argv, char **envp) {
 				fprintf(stderr, "Error: please provide a hostname for sandbox\n");
 				return 1;
 			}
+			if (invalid_name(cfg.hostname)) {
+				fprintf(stderr, "Error: invalid hostname\n");
+				return 1;
+			}
 		}
 		else if (strcmp(argv[i], "--nogroups") == 0)
 			arg_nogroups = 1;
diff --git a/src/firejail/util.c b/src/firejail/util.c
index b35225620..8c3a13fb8 100644
--- a/src/firejail/util.c
+++ b/src/firejail/util.c
@@ -1448,6 +1448,29 @@ static int has_link(const char *dir) {
 	return 0;
 }
 
+// allow strict ASCII letters and numbers; names with only numbers are rejected; spaces are rejected
+int invalid_name(const char *name) {
+	const char *c = name;
+
+	int only_numbers = 1;
+	while (*c) {
+		if (!isalnum(*c))
+			return 1;
+		if (!isdigit(*c))
+			only_numbers = 0;
+		++c;
+	}
+	if (only_numbers)
+		return 1;
+
+	// restrict name to 64 chars max
+	if (strlen(name) > 64)
+		return 1;
+
+	return 0;
+}
+
+
 void check_homedir(const char *dir) {
 	assert(dir);
 	if (dir[0] != '/') {
diff --git a/src/lib/pid.c b/src/lib/pid.c
index 2e73e85f6..9186b241a 100644
--- a/src/lib/pid.c
+++ b/src/lib/pid.c
@@ -230,14 +230,6 @@ static void print_elem(unsigned index, int nowrap) {
 	}
 	free(fname);
 
-	char *sandbox_name_escaped = escape_cntrl_chars(sandbox_name);
-	if (sandbox_name_escaped) {
-		if (sandbox_name_allocated)
-			free(sandbox_name_allocated);
-		sandbox_name = sandbox_name_escaped;
-		sandbox_name_allocated = sandbox_name;
-	}
-
 	if (user == NULL)
 		user = "";
 	if (cmd) {
-- 
cgit v1.2.3-54-g00ecf