fix arg-max-count and arg-max-len options in firejail.config

2026-05-16 14:16:16 -06:00 · 2025-11-30 08:26:56 -05:00 · 2025-11-30 08:26:56 -05:00 · ee879a2f26
commit ee879a2f26
parent a517fa91a2
3 changed files with 12 additions and 15 deletions
--- a/src/firejail/checkcfg.c
+++ b/src/firejail/checkcfg.c
@ -34,8 +34,8 @@ char *xpra_extra_params = "";
 char *xvfb_screen = "800x600x24";
 char *xvfb_extra_params = "";
 char *netfilter_default = NULL;
-int arg_max_count = 128; // maximum number of command arguments (argc)
-unsigned long arg_max_len = 4096; // --foobar=PATH
+int arg_max_count = MAX_ARGS; // maximum number of command arguments (argc)
+unsigned long arg_max_len = MAX_ARG_LEN; // --foobar=PATH
 int env_max_count = 256; // some sane maximum number of environment variables
 unsigned long env_max_len = (PATH_MAX + 32); // FOOBAR=SOME_PATH, only applied to Firejail's own sandboxed apps
 unsigned long join_timeout = 5000000; // microseconds
@ -73,13 +73,9 @@ int checkcfg(int val) {
 		const char *fname = SYSCONFDIR "/firejail.config";
 		fp = fopen(fname, "re");
 		if (!fp) {
-#ifdef HAVE_GLOBALCFG
-			fprintf(stderr, "Error: Firejail configuration file %s not found\n", fname);
-			exit(1);
-#else
+			fprintf(stderr, "Warning: Firejail configuration file %s not found, using defaults\n", fname);
 			initialized = 1;
 			return	cfg_val[val];
-#endif
 		}

 		// read configuration file
@ -225,12 +221,12 @@ int checkcfg(int val) {
 			// arg max count
 			else if (strncmp(ptr, "arg-max-count ", 14) == 0) {
 				long tmp = strtol(ptr + 14, NULL, 10);
-				if (tmp < 0 || tmp >= INT_MAX) {
+				if (tmp > ARG_MAX) { // ARG_MAX defined in glibc limits.h
 					if (arg_debug) {
 						printf("arg-max-count out of range: %ld, using %d\n",
-						       tmp, INT_MAX);
+						       tmp, ARG_MAX);
 					}
-					arg_max_count = INT_MAX;
+					arg_max_count = ARG_MAX;
 				}
 				else {
 					arg_max_count = (int)tmp;
--- a/src/firejail/firejail.h
+++ b/src/firejail/firejail.h
@ -397,6 +397,10 @@ extern pid_t sandbox_pid;
 extern mode_t orig_umask;
 extern unsigned long long start_timestamp;

+#define MAX_ARGS 128		// maximum number of command arguments (argc)
+#define MAX_ARG_LEN (PATH_MAX + 32) // --foobar=PATH
+extern int arg_max_count;
+extern unsigned long arg_max_len;
 extern char **fullargv;
 extern int fullargc;

@ -875,8 +879,6 @@ extern char *xpra_extra_params;
 extern char *xvfb_screen;
 extern char *xvfb_extra_params;
 extern char *netfilter_default;
-extern int arg_max_count;
-extern unsigned long arg_max_len;
 extern int env_max_count;
 extern unsigned long env_max_len;
 extern unsigned long join_timeout;
--- a/src/firejail/main.c
+++ b/src/firejail/main.c
@ -1093,9 +1093,8 @@ int main(int argc, char **argv, char **envp) {
 	}

 	// initialize values from firejail.config (needed for arg/env checks)
-	//maxarg rework: fix in progress
-	//	checkcfg(0);
-
+	checkcfg(0);
+	
 	// sanity check for arguments
 	if (argc >= arg_max_count) {
 		fprintf(stderr, "Error: too many arguments: argc (%d) >= arg-max-count (%d)\n",