Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

modif: Standardize and add missing name/hostname checks #5856

Merged
merged 6 commits into from
Jun 19, 2023
Merged

modif: Standardize and add missing name/hostname checks #5856

Changes from 1 commit
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
10e9596
main.c: remove redundant has_cntrl_chars check
kmk3 Jun 13, 2023
052de47
util.c: increase name max length from 64 to 253
kmk3 Jun 13, 2023
9473881
util.c: check first/last char and allow extra chars
kmk3 Jun 13, 2023
eb6c611
Standardize name/hostname checks
kmk3 Jun 13, 2023
a519683
Add missing name/hostname checks
kmk3 Jun 13, 2023
6489138
docs: document NAME VALIDATION in firejail.txt
kmk3 Jun 14, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
util.c: check first/last char and allow extra chars 
In `invalid_name`.
  • Loading branch information
@kmk3
kmk3 committed Jun 14, 2023
commit 94738819b17cd03adbce6284a87f5fd0bb28d077
30 changes: 26 additions & 4 deletions src/firejail/util.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1476,21 +1476,43 @@ int ascii_isxdigit(unsigned char c) {
return ret;
}

// allow strict ASCII letters and numbers; names with only numbers are rejected; spaces are rejected
// Allow only ASCII letters, digits and a few special characters; names with
// only numbers are rejected; spaces and control characters are rejected.
int invalid_name(const char *name) {
const char *c = name;
int only_numbers = 1;

if (strlen(name) > 253)
return 1;

// must start with alnum
if (!ascii_isalnum(*c))
return 1;
if (!ascii_isdigit(*c))
only_numbers = 0;
++c;

while (*c) {
if (!ascii_isalnum(*c))
return 1;
if (!ascii_isdigit(*c))
switch (*c) {
case '-':
case '.':
case '_':
only_numbers = 0;
break;
default:
if (!ascii_isalnum(*c))
return 1;
if (!ascii_isdigit(*c))
only_numbers = 0;
}
++c;
}

// must end with alnum
--c;
if (!ascii_isalnum(*c))
return 1;

if (only_numbers)
return 1;

Expand Down