merges; more on cleaning up esc chars

netblue30 · Feb 14, 2023 · b4ffaa2 · b4ffaa2
1 parent 31d0c32
commit b4ffaa2
Show file tree

Hide file tree

Showing 5 changed files with 31 additions and 18 deletions.
diff --git a/README b/README
@@ -685,6 +685,7 @@ LaurentGH (https://github.com/LaurentGH)
  - allow private-bin parameters to be absolute paths
 layderv (https://github.com/layderv)
  - prevent sandbox name from containing only digits
+ - clean escape control characters from the command line
 lecso7 (https://github.com/lecso7)
  - added goldendict profile
  - allow evince to read .cbz file format

diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h
@@ -525,6 +525,7 @@ int macro_id(const char *name);
 
 
 // util.c
+int invalid_name(const char *name);
 void errLogExit(char* fmt, ...) __attribute__((noreturn));
 void fwarning(char* fmt, ...);
 void fmessage(char* fmt, ...);

diff --git a/src/firejail/main.c b/src/firejail/main.c
@@ -2182,16 +2182,8 @@ int main(int argc, char **argv, char **envp) {
  fprintf(stderr, "Error: please provide a name for sandbox\n");
  return 1;
  }
- const char *c = cfg.name;
- while (*c) {
- if (!isdigit(*c)) {
- only_numbers = 0;
- break;
- }
- ++c;
- }
- if (only_numbers) {
- fprintf(stderr, "Error: invalid sandbox name: it only contains digits\n");
+ if (invalid_name(cfg.name)) {
+ fprintf(stderr, "Error: invalid sandbox name\n");
  return 1;
  }
  }
@@ -2201,6 +2193,10 @@ int main(int argc, char **argv, char **envp) {
  fprintf(stderr, "Error: please provide a hostname for sandbox\n");
  return 1;
  }
+ if (invalid_name(cfg.hostname)) {
+ fprintf(stderr, "Error: invalid hostname\n");
+ return 1;
+ }
  }
  else if (strcmp(argv[i], "--nogroups") == 0)
  arg_nogroups = 1;

diff --git a/src/firejail/util.c b/src/firejail/util.c
@@ -1448,6 +1448,29 @@ static int has_link(const char *dir) {
  return 0;
 }
 
+// allow strict ASCII letters and numbers; names with only numbers are rejected; spaces are rejected
+int invalid_name(const char *name) {
+ const char *c = name;
+
+ int only_numbers = 1;
+ while (*c) {
+ if (!isalnum(*c))
+ return 1;
+ if (!isdigit(*c))
+ only_numbers = 0;
+ ++c;
+ }
+ if (only_numbers)
+ return 1;
+
+ // restrict name to 64 chars max
+ if (strlen(name) > 64)
+ return 1;
+
+ return 0;
+}
+
+
 void check_homedir(const char *dir) {
  assert(dir);
  if (dir[0] != '/') {

diff --git a/src/lib/pid.c b/src/lib/pid.c
@@ -230,14 +230,6 @@ static void print_elem(unsigned index, int nowrap) {
  }
  free(fname);
 
- char *sandbox_name_escaped = escape_cntrl_chars(sandbox_name);
- if (sandbox_name_escaped) {
- if (sandbox_name_allocated)
- free(sandbox_name_allocated);
- sandbox_name = sandbox_name_escaped;
- sandbox_name_allocated = sandbox_name;
- }
-
  if (user == NULL)
  user = "";
  if (cmd) {