From d1a90d0ceb9743e0ce4d41d36189ec9ae9cf20b3 Mon Sep 17 00:00:00 2001 From: netblue30 Date: Sat, 12 Mar 2016 12:35:06 -0500 Subject: file transfer fixes --- src/firejail/firejail.h | 7 +++- src/firejail/main.c | 90 ++++++++++++++++++++++++++++--------------------- 2 files changed, 57 insertions(+), 40 deletions(-) diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h index 99705f0e6..bf0937f35 100644 --- a/src/firejail/firejail.h +++ b/src/firejail/firejail.h @@ -535,7 +535,12 @@ int x11_check_xpra(void); #define SANDBOX_FS_LS 0 #define SANDBOX_FS_GET 1 void sandboxfs_name(int op, const char *name, const char *path); -void sandboxfs(int op, pid_t pid, const char *path); +void sandboxfs(int op, pid_t pid, const char *patqh); + +// checkcfg.c +#define CFG_FILE_TRANSFER 0 +#define CFG_MAX 1 // this should always be the last entry +int checkcfg(int val); #endif diff --git a/src/firejail/main.c b/src/firejail/main.c index bfb0eadc9..0a02d0918 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c @@ -429,52 +429,64 @@ static void run_cmd_and_exit(int i, int argc, char **argv) { exit(0); } #endif -#ifndef HAVE_FILE_TRANSFER +#ifdef HAVE_FILE_TRANSFER else if (strncmp(argv[i], "--get=", 6) == 0) { - logargs(argc, argv); - - // verify path - if ((i + 2) != argc) { - fprintf(stderr, "Error: invalid --get option, path expected\n"); + if (checkcfg(CFG_FILE_TRANSFER)) { + logargs(argc, argv); + + // verify path + if ((i + 2) != argc) { + fprintf(stderr, "Error: invalid --get option, path expected\n"); + exit(1); + } + char *path = argv[i + 1]; + invalid_filename(path); + if (strstr(path, "..")) { + fprintf(stderr, "Error: invalid file name %s\n", path); + exit(1); + } + + // get file + pid_t pid; + if (read_pid(argv[i] + 6, &pid) == 0) + sandboxfs(SANDBOX_FS_GET, pid, path); + else + sandboxfs_name(SANDBOX_FS_GET, argv[i] + 6, path); + exit(0); + } + else { + fprintf(stderr, "Error: this feature is disabled in Firejail configuration file\n"); exit(1); } - char *path = argv[i + 1]; - invalid_filename(path); - if (strstr(path, "..")) { - fprintf(stderr, "Error: invalid file name %s\n", path); - exit(1); - } - - // get file - pid_t pid; - if (read_pid(argv[i] + 6, &pid) == 0) - sandboxfs(SANDBOX_FS_GET, pid, path); - else - sandboxfs_name(SANDBOX_FS_GET, argv[i] + 6, path); - exit(0); } else if (strncmp(argv[i], "--ls=", 5) == 0) { - logargs(argc, argv); - - // verify path - if ((i + 2) != argc) { - fprintf(stderr, "Error: invalid --ls option, path expected\n"); + if (checkcfg(CFG_FILE_TRANSFER)) { + logargs(argc, argv); + + // verify path + if ((i + 2) != argc) { + fprintf(stderr, "Error: invalid --ls option, path expected\n"); + exit(1); + } + char *path = argv[i + 1]; + invalid_filename(path); + if (strstr(path, "..")) { + fprintf(stderr, "Error: invalid file name %s\n", path); + exit(1); + } + + // list directory contents + pid_t pid; + if (read_pid(argv[i] + 5, &pid) == 0) + sandboxfs(SANDBOX_FS_LS, pid, path); + else + sandboxfs_name(SANDBOX_FS_LS, argv[i] + 5, path); + exit(0); + } + else { + fprintf(stderr, "Error: this feature is disabled in Firejail configuration file\n"); exit(1); } - char *path = argv[i + 1]; - invalid_filename(path); - if (strstr(path, "..")) { - fprintf(stderr, "Error: invalid file name %s\n", path); - exit(1); - } - - // list directory contents - pid_t pid; - if (read_pid(argv[i] + 5, &pid) == 0) - sandboxfs(SANDBOX_FS_LS, pid, path); - else - sandboxfs_name(SANDBOX_FS_LS, argv[i] + 5, path); - exit(0); } #endif else if (strncmp(argv[i], "--join=", 7) == 0) { -- cgit v1.2.3-70-g09d2