From cf1e38c210b12a504bebf4b63b2a0abfd7d023e0 Mon Sep 17 00:00:00 2001
From: netblue30 <netblue30@yahoo.com>
Date: Mon, 26 Sep 2016 12:27:27 -0400
Subject: CVE-2016-7545

---
 README                 | 1 +
 RELNOTES               | 1 +
 src/firejail/main.c    | 3 +++
 src/firejail/sandbox.c | 7 +++++++
 4 files changed, 12 insertions(+)

diff --git a/README b/README
index 0b2a27f02..dcdc7fde1 100644
--- a/README
+++ b/README
@@ -45,6 +45,7 @@ Aleksey Manevich (https://github.com/manevich)
 	- added --x11=block options
 	- x11 xpra, xphyr, block profile commands
 	- added --join-or-start command
+	- CVE-2016-7545
 Fred-Barclay (https://github.com/Fred-Barclay)
 	- added Vivaldi, Atril profiles
 	- added PaleMoon profile
diff --git a/RELNOTES b/RELNOTES
index da882e461..f0528b28c 100644
--- a/RELNOTES
+++ b/RELNOTES
@@ -1,4 +1,5 @@
 firejail (0.9.43) baseline; urgency=low
+  * CVE-2016-7545 submitted by Aleksey Manevich
   * development version
   * modifs: removed man firejail-config
   * modifs: --private-tmp whitelists /tmp/.X11-unix directory
diff --git a/src/firejail/main.c b/src/firejail/main.c
index 1f2ee9573..135ff17d8 100644
--- a/src/firejail/main.c
+++ b/src/firejail/main.c
@@ -35,6 +35,8 @@
 #include <signal.h>
 #include <time.h>
 #include <net/if.h>
+#include <sys/ioctl.h>
+#include <termios.h>
 
 #if 0
 #include <sys/times.h>
@@ -141,6 +143,7 @@ static void myexit(int rv) {
 	EUID_ROOT();
 	clear_run_files(sandbox_pid);
 	appimage_clear();
+	ioctl(0, TCFLSH, TCIFLUSH);
 		
 	exit(rv); 
 }
diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c
index cc5483c08..08296d823 100644
--- a/src/firejail/sandbox.c
+++ b/src/firejail/sandbox.c
@@ -28,6 +28,8 @@
 #include <sys/types.h>
 #include <dirent.h>
 #include <errno.h>
+#include <sys/ioctl.h>
+#include <termios.h>
 
 #include <sched.h>
 #ifndef CLONE_NEWUSER
@@ -80,8 +82,10 @@ static void sandbox_handler(int sig){
 		
 	}
 
+
 	// broadcast a SIGKILL
 	kill(-1, SIGKILL);
+	ioctl(0, TCFLSH, TCIFLUSH);
 	exit(sig);
 }
 
@@ -290,6 +294,8 @@ void start_audit(void) {
 }
 
 void start_application(void) {
+//if (setsid() == -1)
+//errExit("setsid");
 	//****************************************
 	// audit
 	//****************************************
@@ -890,6 +896,7 @@ int sandbox(void* sandbox_arg) {
 	}
 
 	int status = monitor_application(app_pid);	// monitor application
+	ioctl(0, TCFLSH, TCIFLUSH);
 
 	if (WIFEXITED(status)) {
 		// if we had a proper exit, return that exit status
-- 
cgit v1.2.3-70-g09d2