merges; more on cleaning up esc chars

2026-05-15 14:16:14 -06:00 · 2023-02-14 11:33:35 -05:00 · 2023-02-14 11:33:35 -05:00 · b4ffaa2074
commit b4ffaa2074
parent 31d0c32be5
5 changed files with 31 additions and 18 deletions
--- a/1
+++ b/1
@ -685,6 +685,7 @@ LaurentGH (https://github.com/LaurentGH)
 	- allow private-bin parameters to be absolute paths
 layderv (https://github.com/layderv)
 	- prevent sandbox name from containing only digits
+	- clean escape control characters from the command line
 lecso7 (https://github.com/lecso7)
 	- added goldendict profile
 	- allow evince to read .cbz file format
--- a/src/firejail/firejail.h
+++ b/src/firejail/firejail.h
@ -525,6 +525,7 @@ int macro_id(const char *name);


 // util.c
+int invalid_name(const char *name);
 void errLogExit(char* fmt, ...) __attribute__((noreturn));
 void fwarning(char* fmt, ...);
 void fmessage(char* fmt, ...);
--- a/src/firejail/main.c
+++ b/src/firejail/main.c
@ -2182,16 +2182,8 @@ int main(int argc, char **argv, char **envp) {
 				fprintf(stderr, "Error: please provide a name for sandbox\n");
 				return 1;
 			}
-			const char *c = cfg.name;
-			while (*c) {
-				if (!isdigit(*c)) {
-					only_numbers = 0;
-					break;
-				}
-				++c;
-			}
-			if (only_numbers) {
-				fprintf(stderr, "Error: invalid sandbox name: it only contains digits\n");
+			if (invalid_name(cfg.name)) {
+				fprintf(stderr, "Error: invalid sandbox name\n");
 				return 1;
 			}
 		}
@ -2201,6 +2193,10 @@ int main(int argc, char **argv, char **envp) {
 				fprintf(stderr, "Error: please provide a hostname for sandbox\n");
 				return 1;
 			}
+			if (invalid_name(cfg.hostname)) {
+				fprintf(stderr, "Error: invalid hostname\n");
+				return 1;
+			}
 		}
 		else if (strcmp(argv[i], "--nogroups") == 0)
 			arg_nogroups = 1;
--- a/src/firejail/util.c
+++ b/src/firejail/util.c
@ -1448,6 +1448,29 @@ static int has_link(const char *dir) {
 	return 0;
 }

+// allow strict ASCII letters and numbers; names with only numbers are rejected; spaces are rejected
+int invalid_name(const char *name) {
+	const char *c = name;
+
+	int only_numbers = 1;
+	while (*c) {
+		if (!isalnum(*c))
+			return 1;
+		if (!isdigit(*c))
+			only_numbers = 0;
+		++c;
+	}
+	if (only_numbers)
+		return 1;
+
+	// restrict name to 64 chars max
+	if (strlen(name) > 64)
+		return 1;
+
+	return 0;
+}
+
+
 void check_homedir(const char *dir) {
 	assert(dir);
 	if (dir[0] != '/') {
--- a/src/lib/pid.c
+++ b/src/lib/pid.c
@ -230,14 +230,6 @@ static void print_elem(unsigned index, int nowrap) {
 	}
 	free(fname);

-	char *sandbox_name_escaped = escape_cntrl_chars(sandbox_name);
-	if (sandbox_name_escaped) {
-		if (sandbox_name_allocated)
-			free(sandbox_name_allocated);
-		sandbox_name = sandbox_name_escaped;
-		sandbox_name_allocated = sandbox_name;
-	}
-
 	if (user == NULL)
 		user = "";
 	if (cmd) {