From 671ba2b8ef43edd74b32267f22f053cb510b2bde Mon Sep 17 00:00:00 2001
From: netblue30 <netblue30@yahoo.com>
Date: Tue, 28 Mar 2017 08:44:07 -0400
Subject: fix rlimits - bug #1168

---
 src/firejail/firejail.h | 10 +++++-----
 src/firejail/main.c     | 28 ++++++++--------------------
 src/firejail/profile.c  | 28 ++++++++--------------------
 src/firejail/util.c     |  8 +++-----
 4 files changed, 24 insertions(+), 50 deletions(-)

(limited to 'src')

diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h
index 75e5feaff..a981c8759 100644
--- a/src/firejail/firejail.h
+++ b/src/firejail/firejail.h
@@ -234,10 +234,10 @@ typedef struct config_t {
 	char *protocol;			// protocol list
 
 	// rlimits
-	unsigned rlimit_nofile;
-	unsigned rlimit_nproc;
-	unsigned rlimit_fsize;
-	unsigned rlimit_sigpending;
+	long long unsigned rlimit_nofile;
+	long long unsigned rlimit_nproc;
+	long long unsigned rlimit_fsize;
+	long long unsigned rlimit_sigpending;
 	
 	// cpu affinity, nice and control groups
 	uint32_t cpus;
@@ -462,7 +462,7 @@ int is_dir(const char *fname);
 int is_link(const char *fname);
 char *line_remove_spaces(const char *buf);
 char *split_comma(char *str);
-int not_unsigned(const char *str);
+void check_unsigned(const char *str, const char *msg);
 int find_child(pid_t parent, pid_t *child);
 void check_private_dir(void);
 void update_map(char *mapping, char *map_file);
diff --git a/src/firejail/main.c b/src/firejail/main.c
index 843dc2f3a..216488287 100644
--- a/src/firejail/main.c
+++ b/src/firejail/main.c
@@ -1162,35 +1162,23 @@ int main(int argc, char **argv) {
 		else if (strcmp(argv[i], "--tracelog") == 0)
 			arg_tracelog = 1;
 		else if (strncmp(argv[i], "--rlimit-nofile=", 16) == 0) {
-			if (not_unsigned(argv[i] + 16)) {
-				fprintf(stderr, "Error: invalid rlimt nofile\n");
-				exit(1);
-			}
-			sscanf(argv[i] + 16, "%u", &cfg.rlimit_nofile);
+			check_unsigned(argv[i] + 16, "Error: invalid rlimit");
+			sscanf(argv[i] + 16, "%llu", &cfg.rlimit_nofile);
 			arg_rlimit_nofile = 1;
 		}		
 		else if (strncmp(argv[i], "--rlimit-nproc=", 15) == 0) {
-			if (not_unsigned(argv[i] + 15)) {
-				fprintf(stderr, "Error: invalid rlimt nproc\n");
-				exit(1);
-			}
-			sscanf(argv[i] + 15, "%u", &cfg.rlimit_nproc);
+			check_unsigned(argv[i] + 15, "Error: invalid rlimit");
+			sscanf(argv[i] + 15, "%llu", &cfg.rlimit_nproc);
 			arg_rlimit_nproc = 1;
 		}	
 		else if (strncmp(argv[i], "--rlimit-fsize=", 15) == 0) {
-			if (not_unsigned(argv[i] + 15)) {
-				fprintf(stderr, "Error: invalid rlimt fsize\n");
-				exit(1);
-			}
-			sscanf(argv[i] + 15, "%u", &cfg.rlimit_fsize);
+			check_unsigned(argv[i] + 15, "Error: invalid rlimit");
+			sscanf(argv[i] + 15, "%llu", &cfg.rlimit_fsize);
 			arg_rlimit_fsize = 1;
 		}	
 		else if (strncmp(argv[i], "--rlimit-sigpending=", 20) == 0) {
-			if (not_unsigned(argv[i] + 20)) {
-				fprintf(stderr, "Error: invalid rlimt sigpending\n");
-				exit(1);
-			}
-			sscanf(argv[i] + 20, "%u", &cfg.rlimit_sigpending);
+			check_unsigned(argv[i] + 20, "Error: invalid rlimit");
+			sscanf(argv[i] + 20, "%llu", &cfg.rlimit_sigpending);
 			arg_rlimit_sigpending = 1;
 		}	
 		else if (strncmp(argv[i], "--ipc-namespace", 15) == 0)
diff --git a/src/firejail/profile.c b/src/firejail/profile.c
index 993acf2aa..8f98fd397 100644
--- a/src/firejail/profile.c
+++ b/src/firejail/profile.c
@@ -875,38 +875,26 @@ int profile_check_line(char *ptr, int lineno, const char *fname) {
 	if (strncmp(ptr, "rlimit", 6) == 0) {
 		if (strncmp(ptr, "rlimit-nofile ", 14) == 0) {
 			ptr += 14;
-			if (not_unsigned(ptr)) {
-				fprintf(stderr, "Invalid rlimit option on line %d\n", lineno);
-				exit(1);
-			}
-			sscanf(ptr, "%u", &cfg.rlimit_nofile);
+			check_unsigned(ptr + 14, "Error: invalid rlimit in profile file: ");
+			sscanf(ptr, "%llu", &cfg.rlimit_nofile);
 			arg_rlimit_nofile = 1;
 		}
 		else if (strncmp(ptr, "rlimit-nproc ", 13) == 0) {
 			ptr += 13;
-			if (not_unsigned(ptr)) {
-				fprintf(stderr, "Invalid rlimit option on line %d\n", lineno);
-				exit(1);
-			}
-			sscanf(ptr, "%u", &cfg.rlimit_nproc);
+			check_unsigned(ptr + 13, "Error: invalid rlimit in profile file: ");
+			sscanf(ptr, "%llu", &cfg.rlimit_nproc);
 			arg_rlimit_nproc = 1;
 		}
 		else if (strncmp(ptr, "rlimit-fsize ", 13) == 0) {
 			ptr += 13;
-			if (not_unsigned(ptr)) {
-				fprintf(stderr, "Invalid rlimit option on line %d\n", lineno);
-				exit(1);
-			}
-			sscanf(ptr, "%u", &cfg.rlimit_fsize);
+			check_unsigned(ptr + 13, "Error: invalid rlimit in profile file: ");
+			sscanf(ptr, "%llu", &cfg.rlimit_fsize);
 			arg_rlimit_fsize = 1;
 		}
 		else if (strncmp(ptr, "rlimit-sigpending ", 18) == 0) {
 			ptr += 18;
-			if (not_unsigned(ptr)) {
-				fprintf(stderr, "Invalid rlimit option on line %d\n", lineno);
-				exit(1);
-			}
-			sscanf(ptr, "%u", &cfg.rlimit_sigpending);
+			check_unsigned(ptr + 18, "Error: invalid rlimit in profile file: ");
+			sscanf(ptr, "%llu", &cfg.rlimit_sigpending);
 			arg_rlimit_sigpending = 1;
 		}
 		else {
diff --git a/src/firejail/util.c b/src/firejail/util.c
index 9b9308670..93eabec65 100644
--- a/src/firejail/util.c
+++ b/src/firejail/util.c
@@ -419,20 +419,18 @@ char *split_comma(char *str) {
 }
 
 
-int not_unsigned(const char *str) {
+void check_unsigned(const char *str, const char *msg) {
 	EUID_ASSERT();
 
 	int rv = 0;
 	const char *ptr = str;
 	while (*ptr != ' ' && *ptr != '\t' && *ptr != '\0') {
 		if (!isdigit(*ptr)) {
-			rv = 1;
-			break;
+			fprintf(stderr, "%s %s\n", msg, str);
+			exit(1);
 		}
 		ptr++;
 	}
-
-	return rv;
 }
 
 
-- 
cgit v1.2.3-70-g09d2