Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

modif: Forbid control chars in names and restrict hostname #5708

Merged
merged 1 commit into from
Mar 4, 2023
Merged

modif: Forbid control chars in names and restrict hostname #5708

merged 1 commit into from
Mar 4, 2023

Conversation

layderv
Copy link
Contributor

@layderv layderv commented Mar 3, 2023

Forbid control characters in names and filenames. #5613.

Syntax for hostnames from https://en.wikipedia.org/wiki/Hostname#Syntax

glitsj16
glitsj16 approved these changes Mar 4, 2023
View reviewed changes
Copy link
Collaborator

@glitsj16 glitsj16 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@netblue30 netblue30 merged commit 0d21c4e into netblue30:master Mar 4, 2023
@netblue30
Copy link
Owner

merged, thanks!

@kmk3 kmk3 added this to In progress in Release 0.9.74 via automation Mar 7, 2023
@kmk3 kmk3 changed the title Forbid control chars in names modif: Forbid control chars in names Mar 7, 2023
@kmk3 kmk3 changed the title modif: Forbid control chars in names modif: Forbid control chars in names and restrict hostname Mar 20, 2023
kmk3 added a commit to kmk3/firejail that referenced this pull request Mar 21, 2023
@kmk3
util.c: add and use ascii-only char functions
46cb7b1 
The "invalid_name" function claims to "allow strict ASCII letters and
numbers".

However, it uses isalnum(3) and isdigit(3), which may take the current
locale into account and thus return 1 for non-ASCII characters.

So add the following functions:

* ascii_isalnum
* ascii_isalpha
* ascii_isdigit
* ascii_isxdigit

And use them in "invalid_name" so that it actually uses strictly ASCII
in its comparisons.

Added on commit b4ffaa2 ("merges; more on cleaning up esc chars",
2023-02-14).

Relates to netblue30#5578.

Kind of relates to netblue30#5708.
@kmk3 kmk3 mentioned this pull request Mar 21, 2023
Merged
kmk3 added a commit to kmk3/firejail that referenced this pull request Mar 21, 2023
@kmk3
util.c: add and use ascii-only char functions
bcef8f4 
The "invalid_name" function claims to "allow strict ASCII letters and
numbers".

However, it uses isalnum(3) and isdigit(3), which may take the current
locale into account and thus return 1 for non-ASCII characters.

So add the following functions:

* ascii_isalnum
* ascii_isalpha
* ascii_isdigit
* ascii_isxdigit

And use them in "invalid_name" so that it actually uses strictly ASCII
in its comparisons.

Added on commit b4ffaa2 ("merges; more on cleaning up esc chars",
2023-02-14).

Relates to netblue30#5578.

Kind of relates to netblue30#5708.
kmk3 added a commit to kmk3/firejail that referenced this pull request Mar 21, 2023
@kmk3
util.c: add and use ascii-only char functions
f6ee837 
The "invalid_name" function claims to "allow strict ASCII letters and
numbers".

However, it uses isalnum(3) and isdigit(3), which may take the current
locale into account and thus return 1 for non-ASCII characters.

So add the following functions:

* ascii_isalnum
* ascii_isalpha
* ascii_isdigit
* ascii_isxdigit

And use them in "invalid_name" so that it actually uses strictly ASCII
in its comparisons.

Added on commit b4ffaa2 ("merges; more on cleaning up esc chars",
2023-02-14).

Relates to netblue30#5578.

Kind of relates to netblue30#5708.
kmk3 added a commit to kmk3/firejail that referenced this pull request Mar 21, 2023
@kmk3
util.c: add and use ascii-only char functions
f95bbb6 
The "invalid_name" function claims to "allow strict ASCII letters and
numbers".

However, it uses isalnum(3) and isdigit(3), which may take the current
locale into account and thus return 1 for non-ASCII characters.

So add the following functions:

* ascii_isalnum
* ascii_isalpha
* ascii_isdigit
* ascii_islower
* ascii_isupper
* ascii_isxdigit

And use the applicable ones in "invalid_name" so that it actually uses
strictly ASCII in its comparisons.

Added on commit b4ffaa2 ("merges; more on cleaning up esc chars",
2023-02-14).

Relates to netblue30#5578.

Kind of relates to netblue30#5708.
kmk3 added a commit to kmk3/firejail that referenced this pull request Jun 14, 2023
@kmk3
main.c: remove redundant has_cntrl_chars check
10e9596 
The `invalid_name` function does not allow control characters.

Added on commit d349a2f ("Forbid control chars in names", 2023-03-03)
/ PR netblue30#5708.
kmk3 added a commit to kmk3/firejail that referenced this pull request Jun 14, 2023
@kmk3
Standardize name/hostname checks
eb6c611 
Changes:

* Use only `invalid_name` to check the name and hostname instead of
  ad-hoc checks
* Standardize empty/invalid error messages for name/hostname

Note: This makes the hostname validation less strict, though it still
forbids control characters and only numbers.

Relates to netblue30#5578 netblue30#5708.

See also commit b4ffaa2 ("merges; more on cleaning up esc chars",
2023-02-14).
kmk3 added a commit to kmk3/firejail that referenced this pull request Jun 14, 2023
@kmk3
Add missing name/hostname checks
a519683 
Note that the sandbox name may also be set through the "join-or-start"
option.

Relates to netblue30#5578 netblue30#5708.
@kmk3 kmk3 mentioned this pull request Jun 14, 2023
Merged
kmk3 added a commit that referenced this pull request Jun 19, 2023
@kmk3
RELNOTES: update name/hostname modifs
1874109 
Relates to #5708 #5741 #5856.
@kmk3 kmk3 moved this from In progress to Done (on RELNOTES) in Release 0.9.74 Jun 19, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@glitsj16 glitsj16 glitsj16 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
Release 0.9.74
  
Done (on RELNOTES)
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@layderv @netblue30 @glitsj16