From 4b6892092a77b61a0de485966a7561ec61c72928 Mon Sep 17 00:00:00 2001
From: layderv <20249311+layderv@users.noreply.github.com>
Date: Mon, 9 Jan 2023 18:03:03 -0500
Subject: Prevent sandbox name from containing only digits

Names should not contain only numbers,
as they are used in other commands as PIDs.
---
 src/firejail/main.c    | 13 +++++++++++++
 src/firejail/profile.c | 13 +++++++++++++
 src/man/firejail.txt   |  1 +
 3 files changed, 27 insertions(+)

(limited to 'src')

diff --git a/src/firejail/main.c b/src/firejail/main.c
index 18e9ae651..36b4d2477 100644
--- a/src/firejail/main.c
+++ b/src/firejail/main.c
@@ -2161,11 +2161,24 @@ int main(int argc, char **argv, char **envp) {
 		// hostname, etc
 		//*************************************
 		else if (strncmp(argv[i], "--name=", 7) == 0) {
+			int only_numbers = 1;
 			cfg.name = argv[i] + 7;
 			if (strlen(cfg.name) == 0) {
 				fprintf(stderr, "Error: please provide a name for sandbox\n");
 				return 1;
 			}
+			const char *c = cfg.name;
+			while (*c) {
+				if (!isdigit(*c)) {
+					only_numbers = 0;
+					break;
+				}
+				++c;
+			}
+			if (only_numbers) {
+				fprintf(stderr, "Error: invalid sandbox name: it only contains digits\n");
+				return 1;
+			}
 		}
 		else if (strncmp(argv[i], "--hostname=", 11) == 0) {
 			cfg.hostname = argv[i] + 11;
diff --git a/src/firejail/profile.c b/src/firejail/profile.c
index acf206da6..c1419aada 100644
--- a/src/firejail/profile.c
+++ b/src/firejail/profile.c
@@ -326,11 +326,24 @@ int profile_check_line(char *ptr, int lineno, const char *fname) {
 	}
 	// sandbox name
 	else if (strncmp(ptr, "name ", 5) == 0) {
+		int only_numbers = 1;
 		cfg.name = ptr + 5;
 		if (strlen(cfg.name) == 0) {
 			fprintf(stderr, "Error: invalid sandbox name\n");
 			exit(1);
 		}
+		const char *c = cfg.name;
+		while (*c) {
+			if (!isdigit(*c)) {
+				only_numbers = 0;
+				break;
+			}
+			++c;
+		}
+		if (only_numbers) {
+			fprintf(stderr, "Error: invalid sandbox name: it only contains digits\n");
+			exit(1);
+		}
 		return 0;
 	}
 	else if (strcmp(ptr, "ipc-namespace") == 0) {
diff --git a/src/man/firejail.txt b/src/man/firejail.txt
index 39c81312c..29f15a74f 100644
--- a/src/man/firejail.txt
+++ b/src/man/firejail.txt
@@ -1330,6 +1330,7 @@ $ firejail \-\-net=eth0 \-\-mtu=1492
 \fB\-\-name=name
 Set sandbox name. Several options, such as \-\-join and \-\-shutdown, can use
 this name to identify a sandbox.
+The name cannot contain only digits, as that is treated as a PID in the other options, such as in \-\-join.
 
 In case the name supplied by the user is already in use by another sandbox, Firejail will assign a
 new name as "name-PID", where PID is the process ID of the sandbox. This functionality
-- 
cgit v1.2.3-70-g09d2