From 4933b8941dba8ad0d3e1c8f7a848f84446056f54 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20Kope=C4=8Dek?= Date: Wed, 2 Jun 2010 09:06:33 +0000 Subject: [PATCH] - added patch that fixes insufficient environment sanitization issue (#598154) --- sudo-1.7.2p2-envsanitize.patch | 83 ++++++++++++++++++++++++++++++++++ sudo.spec | 8 +++- 2 files changed, 90 insertions(+), 1 deletion(-) create mode 100644 sudo-1.7.2p2-envsanitize.patch diff --git a/sudo-1.7.2p2-envsanitize.patch b/sudo-1.7.2p2-envsanitize.patch new file mode 100644 index 0000000..37dc38c --- /dev/null +++ b/sudo-1.7.2p2-envsanitize.patch @@ -0,0 +1,83 @@ +diff -up sudo-1.7.2p2/env.c.orig sudo-1.7.2p2/env.c +--- sudo-1.7.2p2/env.c.orig 2010-06-01 13:19:54.000000000 +0200 ++++ sudo-1.7.2p2/env.c 2010-06-01 13:26:22.000000000 +0200 +@@ -321,7 +321,7 @@ int + unsetenv(var) + const char *var; + { +- char **ep; ++ char **ep = env.envp; + size_t len; + + if (strchr(var, '=') != NULL) { +@@ -359,13 +359,15 @@ unsetenv(var) + } + + len = strlen(var); +- for (ep = env.envp; *ep; ep++) { ++ while (*ep != NULL) { + if (strncmp(var, *ep, len) == 0 && (*ep)[len] == '=') { + /* Found it; shift remainder + NULL over by one and update len. */ + memmove(ep, ep + 1, + (env.env_len - (ep - env.envp)) * sizeof(char *)); + env.env_len--; +- break; ++ /* Keep going, could be multiple instances of the var. */ ++ } else { ++ ep++; + } + } + #ifndef UNSETENV_VOID +@@ -433,6 +435,7 @@ sudo_putenv(str, dupcheck, overwrite) + { + char **ep; + size_t len; ++ int found = FALSE; + + /* Make sure there is room for the new entry plus a NULL. */ + if (env.env_len + 2 > env.env_size) { +@@ -451,20 +454,34 @@ sudo_putenv(str, dupcheck, overwrite) + #endif + + if (dupcheck) { +- len = (strchr(str, '=') - str) + 1; +- for (ep = env.envp; *ep; ep++) { ++ len = (strchr(str, '=') - str) + 1; ++ for (ep = env.envp; !found && *ep != NULL; ep++) { ++ if (strncmp(str, *ep, len) == 0) { ++ if (overwrite) ++ *ep = str; ++ found = TRUE; ++ } ++ } ++ /* Prune out duplicate variables. */ ++ if (found && overwrite) { ++ while (*ep != NULL) { + if (strncmp(str, *ep, len) == 0) { +- if (overwrite) +- *ep = str; +- return; ++ memmove(ep, ep + 1, ++ (env.env_len - (ep - env.envp)) * sizeof(char *)); ++ env.env_len--; ++ } else { ++ ep++; + } + } +- } else +- ep = env.envp + env.env_len; ++ } ++ } + +- env.env_len++; +- *ep++ = str; +- *ep = NULL; ++ if (!found) { ++ ep = env.envp + env.env_len; ++ env.env_len++; ++ *ep++ = str; ++ *ep = NULL; ++ } + } + + /* diff --git a/sudo.spec b/sudo.spec index 4f6090f..c234515 100644 --- a/sudo.spec +++ b/sudo.spec @@ -1,7 +1,7 @@ Summary: Allows restricted root access for specified users Name: sudo Version: 1.7.2p6 -Release: 1%{?dist} +Release: 2%{?dist} License: BSD Group: Applications/System URL: http://www.courtesan.com/sudo/ @@ -31,6 +31,8 @@ Patch4: sudo-1.7.1-libtool.patch Patch5: sudo-1.7.2p4-getgrouplist.patch # audit support improvement Patch6: sudo-1.7.2p6-audit.patch +# insufficient environment sanitization issue (#598154) +Patch7: sudo-1.7.2p2-envsanitize.patch %description Sudo (superuser do) allows a system administrator to give certain @@ -51,6 +53,7 @@ on many different machines. %patch4 -p1 -b .libtool %patch5 -p1 -b .getgrouplist %patch6 -p1 -b .audit +%patch7 -p1 -b .envsanitize %build # handle newer autoconf @@ -142,6 +145,9 @@ rm -rf $RPM_BUILD_ROOT /bin/chmod 0440 /etc/sudoers || : %changelog +* Wed Jun 2 2010 Daniel Kopecek - 1.7.2p6-2 +- added patch that fixes insufficient environment sanitization issue (#598154) + * Wed Apr 14 2010 Daniel Kopecek - 1.7.2p6-1 - update to new upstream version - merged .audit and .libaudit patch