97 lines
3.5 KiB
Diff
97 lines
3.5 KiB
Diff
diff -up ./lib/util/regress/atofoo/atofoo_test.c.CVE-strtouid-test ./lib/util/regress/atofoo/atofoo_test.c
|
|
--- ./lib/util/regress/atofoo/atofoo_test.c.CVE-strtouid-test 2018-04-29 21:59:23.000000000 +0200
|
|
+++ ./lib/util/regress/atofoo/atofoo_test.c 2019-10-16 09:38:31.851404545 +0200
|
|
@@ -1,5 +1,5 @@
|
|
/*
|
|
- * Copyright (c) 2014 Todd C. Miller <Todd.Miller@sudo.ws>
|
|
+ * Copyright (c) 2014-2019 Todd C. Miller <Todd.Miller@sudo.ws>
|
|
*
|
|
* Permission to use, copy, modify, and distribute this software for any
|
|
* purpose with or without fee is hereby granted, provided that the above
|
|
@@ -24,6 +24,7 @@
|
|
#else
|
|
# include "compat/stdbool.h"
|
|
#endif
|
|
+#include <errno.h>
|
|
|
|
#include "sudo_compat.h"
|
|
#include "sudo_util.h"
|
|
@@ -78,15 +79,20 @@ static struct strtoid_data {
|
|
id_t id;
|
|
const char *sep;
|
|
const char *ep;
|
|
+ int errnum;
|
|
} strtoid_data[] = {
|
|
- { "0,1", 0, ",", "," },
|
|
- { "10", 10, NULL, NULL },
|
|
- { "-2", -2, NULL, NULL },
|
|
+ { "0,1", 0, ",", ",", 0 },
|
|
+ { "10", 10, NULL, NULL, 0 },
|
|
+ { "-1", 0, NULL, NULL, EINVAL },
|
|
+ { "4294967295", 0, NULL, NULL, EINVAL },
|
|
+ { "4294967296", 0, NULL, NULL, ERANGE },
|
|
+ { "-2147483649", 0, NULL, NULL, ERANGE },
|
|
+ { "-2", -2, NULL, NULL, 0 },
|
|
#if SIZEOF_ID_T != SIZEOF_LONG_LONG
|
|
- { "-2", (id_t)4294967294U, NULL, NULL },
|
|
+ { "-2", (id_t)4294967294U, NULL, NULL, 0 },
|
|
#endif
|
|
- { "4294967294", (id_t)4294967294U, NULL, NULL },
|
|
- { NULL, 0, NULL, NULL }
|
|
+ { "4294967294", (id_t)4294967294U, NULL, NULL, 0 },
|
|
+ { NULL, 0, NULL, NULL, 0 }
|
|
};
|
|
|
|
static int
|
|
@@ -102,11 +108,23 @@ test_strtoid(int *ntests)
|
|
(*ntests)++;
|
|
errstr = "some error";
|
|
value = sudo_strtoid(d->idstr, d->sep, &ep, &errstr);
|
|
- if (errstr != NULL) {
|
|
- if (d->id != (id_t)-1) {
|
|
- sudo_warnx_nodebug("FAIL: %s: %s", d->idstr, errstr);
|
|
+ if (d->errnum != 0) {
|
|
+ if (errstr == NULL) {
|
|
+ sudo_warnx_nodebug("FAIL: %s: missing errstr for errno %d",
|
|
+ d->idstr, d->errnum);
|
|
+ errors++;
|
|
+ } else if (value != 0) {
|
|
+ sudo_warnx_nodebug("FAIL: %s should return 0 on error",
|
|
+ d->idstr);
|
|
+ errors++;
|
|
+ } else if (errno != d->errnum) {
|
|
+ sudo_warnx_nodebug("FAIL: %s: errno mismatch, %d != %d",
|
|
+ d->idstr, errno, d->errnum);
|
|
errors++;
|
|
}
|
|
+ } else if (errstr != NULL) {
|
|
+ sudo_warnx_nodebug("FAIL: %s: %s", d->idstr, errstr);
|
|
+ errors++;
|
|
} else if (value != d->id) {
|
|
sudo_warnx_nodebug("FAIL: %s != %u", d->idstr, (unsigned int)d->id);
|
|
errors++;
|
|
diff -up ./plugins/sudoers/regress/testsudoers/test5.out.ok.CVE-strtouid-test ./plugins/sudoers/regress/testsudoers/test5.out.ok
|
|
--- ./plugins/sudoers/regress/testsudoers/test5.out.ok.CVE-strtouid-test 2018-04-29 21:59:23.000000000 +0200
|
|
+++ ./plugins/sudoers/regress/testsudoers/test5.out.ok 2019-10-16 09:29:50.246761680 +0200
|
|
@@ -4,7 +4,7 @@ Parse error in sudoers near line 1.
|
|
Entries for user root:
|
|
|
|
Command unmatched
|
|
-testsudoers: test5.inc should be owned by gid 4294967295
|
|
+testsudoers: test5.inc should be owned by gid 4294967294
|
|
Parse error in sudoers near line 1.
|
|
|
|
Entries for user root:
|
|
diff -up ./plugins/sudoers/regress/testsudoers/test5.sh.CVE-strtouid-test ./plugins/sudoers/regress/testsudoers/test5.sh
|
|
--- ./plugins/sudoers/regress/testsudoers/test5.sh.CVE-strtouid-test 2018-04-29 21:59:23.000000000 +0200
|
|
+++ ./plugins/sudoers/regress/testsudoers/test5.sh 2019-10-16 09:29:50.246761680 +0200
|
|
@@ -24,7 +24,7 @@ EOF
|
|
|
|
# Test group writable
|
|
chmod 664 $TESTFILE
|
|
-./testsudoers -U $MYUID -G -1 root id <<EOF
|
|
+./testsudoers -U $MYUID -G -2 root id <<EOF
|
|
#include $TESTFILE
|
|
EOF
|
|
|