github-starred/firejail

Fork 0

mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 14:16:14 -06:00

[PR #6840] [MERGED] bugfix: add NULL check for cmdline in find_child() #6190

New issue

Closed

opened 2026-05-05 10:52:23 -06:00 by gitea-mirror · 0 comments

gitea-mirror commented

2026-05-05 10:52:23 -06:00

Owner

📋 Pull Request Information

Original PR: https://github.com/netblue30/firejail/pull/6840
Author: @lhywk
Created: 7/28/2025
Status: ✅ Merged
Merged: 7/29/2025
Merged by: @kmk3

Base: master ← Head: fix-null-deref-find_child

📝 Commits (1)

9347da4 fix: add NULL check for cmdline to prevent NULL dereference

📊 Changes

1 file changed (+2 additions, -0 deletions)

View changed files

📝 src/jailcheck/utils.c (+2 -0)

📄 Description

Describe

Add a NULL check for cmdline returned by pid_proc_cmdline() in the find_child() function.

This prevents a possible NULL pointer dereference when accessing strncmp(cmdline, ...).

Version

Firejail version: 0.9.66
Distribution: Ubuntu 24.04.2 LTS

Expected Behavior

When a process has level == 2 and is a child of the given id,

Firejail should safely check the command line and continue without crashing,

even if pid_proc_cmdline() fails and returns NULL.

Actual Behavior

If pid_proc_cmdline() returns NULL (e.g. due to missing /proc/[pid]/cmdline),

strncmp(cmdline, ...) dereferences a NULL pointer, which may lead to a crash.

This is a small bugfix patch to improve robustness.

Not a security vulnerability, but aligns with NULL Pointer Dereference.

Thanks for reviewing.

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/netblue30/firejail/pull/6840 **Author:** [@lhywk](https://github.com/lhywk) **Created:** 7/28/2025 **Status:** ✅ Merged **Merged:** 7/29/2025 **Merged by:** [@kmk3](https://github.com/kmk3) **Base:** `master` ← **Head:** `fix-null-deref-find_child` --- ### 📝 Commits (1) - [`9347da4`](https://github.com/netblue30/firejail/commit/9347da49291974a3f55ff2895dc2c61e13b11f26) fix: add NULL check for cmdline to prevent NULL dereference ### 📊 Changes **1 file changed** (+2 additions, -0 deletions) <details> <summary>View changed files</summary> 📝 `src/jailcheck/utils.c` (+2 -0) </details> ### 📄 Description ### Describe Add a NULL check for `cmdline` returned by `pid_proc_cmdline()` in the `find_child()` function. This prevents a possible NULL pointer dereference when accessing `strncmp(cmdline, ...)`. ### Version - **Firejail version**: 0.9.66 - **Distribution**: Ubuntu 24.04.2 LTS ### Expected Behavior When a process has `level == 2` and is a child of the given `id`, Firejail should safely check the command line and continue without crashing, even if `pid_proc_cmdline()` fails and returns NULL. ### Actual Behavior If `pid_proc_cmdline()` returns NULL (e.g. due to missing `/proc/[pid]/cmdline`), `strncmp(cmdline, ...)` dereferences a NULL pointer, which may lead to a crash. This is a small bugfix patch to improve robustness. Not a security vulnerability, but aligns with NULL Pointer Dereference. Thanks for reviewing. --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>

gitea-mirror

2026-05-05 10:52:23 -06:00

closed this issue
added the
pull-request
label

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#6190

No description provided.

Rows
Columns