From eb6c61154c37605842c3fed906405e3d9653f1ae Mon Sep 17 00:00:00 2001 From: "Kelvin M. Klann" Date: Tue, 13 Jun 2023 18:30:25 -0300 Subject: Standardize name/hostname checks Changes: * Use only `invalid_name` to check the name and hostname instead of ad-hoc checks * Standardize empty/invalid error messages for name/hostname Note: This makes the hostname validation less strict, though it still forbids control characters and only numbers. Relates to #5578 #5708. See also commit b4ffaa207 ("merges; more on cleaning up esc chars", 2023-02-14). --- src/firejail/main.c | 23 +++++------------------ src/firejail/profile.c | 17 ++++------------- 2 files changed, 9 insertions(+), 31 deletions(-) (limited to 'src') diff --git a/src/firejail/main.c b/src/firejail/main.c index 715123279..df1c81f3a 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c @@ -2187,7 +2187,7 @@ int main(int argc, char **argv, char **envp) { else if (strncmp(argv[i], "--name=", 7) == 0) { cfg.name = argv[i] + 7; if (strlen(cfg.name) == 0) { - fprintf(stderr, "Error: please provide a name for sandbox\n"); + fprintf(stderr, "Error: invalid sandbox name: cannot be empty\n"); return 1; } if (invalid_name(cfg.name)) { @@ -2197,24 +2197,11 @@ int main(int argc, char **argv, char **envp) { } else if (strncmp(argv[i], "--hostname=", 11) == 0) { cfg.hostname = argv[i] + 11; - size_t len = strlen(cfg.hostname); - if (len == 0 || len > 253) { - fprintf(stderr, "Error: please provide a valid hostname for sandbox, with maximum length of 253 ASCII characters\n"); + if (strlen(cfg.hostname) == 0) { + fprintf(stderr, "Error: invalid hostname: cannot be empty\n"); return 1; } - int invalid = invalid_name(cfg.hostname); - char* hostname = cfg.hostname; - while (*hostname && !invalid) { - invalid = invalid || !( - (*hostname >= 'a' && *hostname <= 'z') || - (*hostname >= 'A' && *hostname <= 'Z') || - (*hostname >= '0' && *hostname <= '9') || - (*hostname == '-' || *hostname == '.')); - hostname++; - } - invalid = invalid || cfg.hostname[0] == '-'; // must not start with - - invalid = invalid || cfg.hostname[len - 1] == '-'; // must not end with - - if (invalid) { + if (invalid_name(cfg.hostname)) { fprintf(stderr, "Error: invalid hostname\n"); return 1; } @@ -2847,7 +2834,7 @@ int main(int argc, char **argv, char **envp) { // set sandbox name and start normally cfg.name = argv[i] + 16; if (strlen(cfg.name) == 0) { - fprintf(stderr, "Error: please provide a name for sandbox\n"); + fprintf(stderr, "Error: invalid sandbox name: cannot be empty\n"); return 1; } } diff --git a/src/firejail/profile.c b/src/firejail/profile.c index 202bcf4da..139ce0580 100644 --- a/src/firejail/profile.c +++ b/src/firejail/profile.c @@ -326,22 +326,13 @@ int profile_check_line(char *ptr, int lineno, const char *fname) { } // sandbox name else if (strncmp(ptr, "name ", 5) == 0) { - int only_numbers = 1; cfg.name = ptr + 5; if (strlen(cfg.name) == 0) { - fprintf(stderr, "Error: invalid sandbox name\n"); + fprintf(stderr, "Error: invalid sandbox name: cannot be empty\n"); exit(1); } - const char *c = cfg.name; - while (*c) { - if (!isdigit(*c)) { - only_numbers = 0; - break; - } - ++c; - } - if (only_numbers) { - fprintf(stderr, "Error: invalid sandbox name: it only contains digits\n"); + if (invalid_name(cfg.name)) { + fprintf(stderr, "Error: invalid sandbox name\n"); exit(1); } return 0; @@ -1647,7 +1638,7 @@ int profile_check_line(char *ptr, int lineno, const char *fname) { // set sandbox name and start normally cfg.name = ptr + 14; if (strlen(cfg.name) == 0) { - fprintf(stderr, "Error: invalid sandbox name\n"); + fprintf(stderr, "Error: invalid sandbox name: cannot be empty\n"); exit(1); } } -- cgit v1.2.3-54-g00ecf