Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE
firejail.13682
fix-CVE-2020-17367.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File fix-CVE-2020-17367.patch of Package firejail.13682
From 2c734d6350ad321fccbefc5ef0382199ac331b37 Mon Sep 17 00:00:00 2001 From: Reiner Herrmann <reiner@reiner-h.de> Date: Wed, 29 Jul 2020 20:16:16 +0200 Subject: [PATCH] firejail: don't interpret output arguments after end-of-options tag Firejail was parsing --output and --output-stderr options even after the end-of-options separator ("--"), which would allow someone who has control over command line options of the sandboxed application, to write data to a specified file. Fixes: CVE-2020-17367 Reported-by: Tim Starling <tstarling@wikimedia.org> --- src/firejail/output.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/firejail/output.c b/src/firejail/output.c index d4a7f464a..6e678afd3 100644 --- a/src/firejail/output.c +++ b/src/firejail/output.c @@ -30,6 +30,12 @@ void check_output(int argc, char **argv) { int enable_stderr = 0; for (i = 1; i < argc; i++) { + if (strncmp(argv[i], "--", 2) != 0) { + return; + } + if (strcmp(argv[i], "--") == 0) { + return; + } if (strncmp(argv[i], "--output=", 9) == 0) { outindex = i; break;
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor