From a51968336dfa869be765e7109948725582971319 Mon Sep 17 00:00:00 2001
From: "Kelvin M. Klann" <kmk3.code@protonmail.com>
Date: Tue, 13 Jun 2023 19:12:16 -0300
Subject: Add missing name/hostname checks

Note that the sandbox name may also be set through the "join-or-start"
option.

Relates to #5578 #5708.
---
 src/firejail/main.c    |  4 ++++
 src/firejail/profile.c | 12 ++++++++++++
 2 files changed, 16 insertions(+)

(limited to 'src')

diff --git a/src/firejail/main.c b/src/firejail/main.c
index df1c81f3a..070eb47f3 100644
--- a/src/firejail/main.c
+++ b/src/firejail/main.c
@@ -2837,6 +2837,10 @@ int main(int argc, char **argv, char **envp) {
 				fprintf(stderr, "Error: invalid sandbox name: cannot be empty\n");
 				return 1;
 			}
+			if (invalid_name(cfg.name)) {
+				fprintf(stderr, "Error: invalid sandbox name\n");
+				return 1;
+			}
 		}
 		else if (strcmp(argv[i], "--deterministic-exit-code") == 0) {
 			arg_deterministic_exit_code = 1;
diff --git a/src/firejail/profile.c b/src/firejail/profile.c
index 139ce0580..ae881664b 100644
--- a/src/firejail/profile.c
+++ b/src/firejail/profile.c
@@ -1156,6 +1156,14 @@ int profile_check_line(char *ptr, int lineno, const char *fname) {
 	// hostname
 	if (strncmp(ptr, "hostname ", 9) == 0) {
 		cfg.hostname = ptr + 9;
+		if (strlen(cfg.hostname) == 0) {
+			fprintf(stderr, "Error: invalid hostname: cannot be empty\n");
+			exit(1);
+		}
+		if (invalid_name(cfg.hostname)) {
+			fprintf(stderr, "Error: invalid hostname\n");
+			exit(1);
+		}
 		return 0;
 	}
 
@@ -1641,6 +1649,10 @@ int profile_check_line(char *ptr, int lineno, const char *fname) {
 				fprintf(stderr, "Error: invalid sandbox name: cannot be empty\n");
 				exit(1);
 			}
+			if (invalid_name(cfg.name)) {
+				fprintf(stderr, "Error: invalid sandbox name\n");
+				exit(1);
+			}
 		}
 		else
 			warning_feature_disabled("join");
-- 
cgit v1.2.3-54-g00ecf