rpms/sudo
7
0
Fork 0
Code Issues Pull Requests Releases Activity

- added patch that fixes insufficient environment sanitization issue

Browse Source 
(#598154)
This commit is contained in:
Daniel Kopeček 2010-06-02 09:06:33 +00:00
parent ac43db5783
commit 4933b8941d
2 changed files with 90 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

83
sudo-1.7.2p2-envsanitize.patch Normal file
View File

@ -0,0 +1,83 @@
diff -up sudo-1.7.2p2/env.c.orig sudo-1.7.2p2/env.c
--- sudo-1.7.2p2/env.c.orig 2010-06-01 13:19:54.000000000 +0200
+++ sudo-1.7.2p2/env.c 2010-06-01 13:26:22.000000000 +0200
@@ -321,7 +321,7 @@ int
unsetenv(var)
const char *var;
{
- char **ep;
+ char **ep = env.envp;
size_t len;
if (strchr(var, '=') != NULL) {
@@ -359,13 +359,15 @@ unsetenv(var)
}
len = strlen(var);
- for (ep = env.envp; *ep; ep++) {
+ while (*ep != NULL) {
if (strncmp(var, *ep, len) == 0 && (*ep)[len] == '=') {
/* Found it; shift remainder + NULL over by one and update len. */
memmove(ep, ep + 1,
(env.env_len - (ep - env.envp)) * sizeof(char *));
env.env_len--;
- break;
+ /* Keep going, could be multiple instances of the var. */
+ } else {
+ ep++;
}
}
#ifndef UNSETENV_VOID
@@ -433,6 +435,7 @@ sudo_putenv(str, dupcheck, overwrite)
{
char **ep;
size_t len;
+ int found = FALSE;
/* Make sure there is room for the new entry plus a NULL. */
if (env.env_len + 2 > env.env_size) {
@@ -451,20 +454,34 @@ sudo_putenv(str, dupcheck, overwrite)
#endif
if (dupcheck) {
- len = (strchr(str, '=') - str) + 1;
- for (ep = env.envp; *ep; ep++) {
+ len = (strchr(str, '=') - str) + 1;
+ for (ep = env.envp; !found && *ep != NULL; ep++) {
+ if (strncmp(str, *ep, len) == 0) {
+ if (overwrite)
+ *ep = str;
+ found = TRUE;
+ }
+ }
+ /* Prune out duplicate variables. */
+ if (found && overwrite) {
+ while (*ep != NULL) {
if (strncmp(str, *ep, len) == 0) {
- if (overwrite)
- *ep = str;
- return;
+ memmove(ep, ep + 1,
+ (env.env_len - (ep - env.envp)) * sizeof(char *));
+ env.env_len--;
+ } else {
+ ep++;
}
}
- } else
- ep = env.envp + env.env_len;
+ }
+ }
- env.env_len++;
- *ep++ = str;
- *ep = NULL;
+ if (!found) {
+ ep = env.envp + env.env_len;
+ env.env_len++;
+ *ep++ = str;
+ *ep = NULL;
+ }
}
/*

8
sudo.spec
View File

@ -1,7 +1,7 @@
Summary: Allows restricted root access for specified users Summary: Allows restricted root access for specified users
Name: sudo Name: sudo
Version: 1.7.2p6 Version: 1.7.2p6
Release: 1%{?dist} Release: 2%{?dist}
License: BSD License: BSD
Group: Applications/System Group: Applications/System
URL: http://www.courtesan.com/sudo/ URL: http://www.courtesan.com/sudo/
@ -31,6 +31,8 @@ Patch4: sudo-1.7.1-libtool.patch
Patch5: sudo-1.7.2p4-getgrouplist.patch Patch5: sudo-1.7.2p4-getgrouplist.patch
# audit support improvement # audit support improvement
Patch6: sudo-1.7.2p6-audit.patch Patch6: sudo-1.7.2p6-audit.patch
# insufficient environment sanitization issue (#598154)
Patch7: sudo-1.7.2p2-envsanitize.patch
%description %description
Sudo (superuser do) allows a system administrator to give certain Sudo (superuser do) allows a system administrator to give certain
@ -51,6 +53,7 @@ on many different machines.
%patch4 -p1 -b .libtool %patch4 -p1 -b .libtool
%patch5 -p1 -b .getgrouplist %patch5 -p1 -b .getgrouplist
%patch6 -p1 -b .audit %patch6 -p1 -b .audit
%patch7 -p1 -b .envsanitize
%build %build
# handle newer autoconf # handle newer autoconf
@ -142,6 +145,9 @@ rm -rf $RPM_BUILD_ROOT
/bin/chmod 0440 /etc/sudoers || : /bin/chmod 0440 /etc/sudoers || :
%changelog %changelog
* Wed Jun 2 2010 Daniel Kopecek <dkopecek@redhat.com> - 1.7.2p6-2
- added patch that fixes insufficient environment sanitization issue (#598154)
* Wed Apr 14 2010 Daniel Kopecek <dkopecek@redhat.com> - 1.7.2p6-1 * Wed Apr 14 2010 Daniel Kopecek <dkopecek@redhat.com> - 1.7.2p6-1
- update to new upstream version - update to new upstream version
- merged .audit and .libaudit patch - merged .audit and .libaudit patch