From a68fc0a040da498b3c01b6b9a281024c2dafe193 Mon Sep 17 00:00:00 2001
From: smitsohu <smitsohu@gmail.com>
Date: Fri, 8 Oct 2021 00:48:14 +0200
Subject: profile parsing fixes

results from a systematic search for strncmp
calls with a suspicious (non-fitting) integer
literal as third argument
---
 src/firejail/profile.c | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

(limited to 'src')

diff --git a/src/firejail/profile.c b/src/firejail/profile.c
index 059100fcb..2daa968f7 100644
--- a/src/firejail/profile.c
+++ b/src/firejail/profile.c
@@ -630,7 +630,7 @@ int profile_check_line(char *ptr, int lineno, const char *fname) {
 #endif
 		return 0;
 	}
-	else if (strncmp(ptr, "netns  ", 6) == 0) {
+	else if (strncmp(ptr, "netns ", 6) == 0) {
 #ifdef HAVE_NETWORK
 		if (checkcfg(CFG_NETWORK)) {
 			arg_netns = ptr + 6;
@@ -981,10 +981,10 @@ int profile_check_line(char *ptr, int lineno, const char *fname) {
 			warning_feature_disabled("seccomp");
 		return 0;
 	}
-	if (strncmp(ptr, "seccomp.32.drop ", 13) == 0) {
+	if (strncmp(ptr, "seccomp.32.drop ", 16) == 0) {
 		if (checkcfg(CFG_SECCOMP)) {
 			arg_seccomp32 = 1;
-			cfg.seccomp_list_drop32 = seccomp_check_list(ptr + 13);
+			cfg.seccomp_list_drop32 = seccomp_check_list(ptr + 16);
 		}
 		else
 			warning_feature_disabled("seccomp");
@@ -1001,10 +1001,10 @@ int profile_check_line(char *ptr, int lineno, const char *fname) {
 			warning_feature_disabled("seccomp");
 		return 0;
 	}
-	if (strncmp(ptr, "seccomp.32.keep ", 13) == 0) {
+	if (strncmp(ptr, "seccomp.32.keep ", 16) == 0) {
 		if (checkcfg(CFG_SECCOMP)) {
 			arg_seccomp32 = 1;
-			cfg.seccomp_list_keep32 = seccomp_check_list(ptr + 13);
+			cfg.seccomp_list_keep32 = seccomp_check_list(ptr + 16);
 		}
 		else
 			warning_feature_disabled("seccomp");
-- 
cgit v1.2.3-70-g09d2