f8883a97a0
- Rebase to 1.9.5p2 - CVE-2023-28486 sudo: Sudo does not escape control characters in log messages Resolves: RHEL-21825 - CVE-2023-28487 sudo: Sudo does not escape control characters in sudoreplay output Resolves: RHEL-21831 - CVE-2023-42465 sudo: Targeted Corruption of Register and Stack Variables Resolves: RHEL-21820 Signed-off-by: Radovan Sroka <rsroka@redhat.com>
188 lines
6.0 KiB
Diff
188 lines
6.0 KiB
Diff
From f399c449ad6fc7412588998aa92b52323ef63ee5 Mon Sep 17 00:00:00 2001
|
|
From: "Todd C. Miller" <Todd.Miller@sudo.ws>
|
|
Date: Wed, 24 Feb 2021 13:59:17 -0700
|
|
Subject: [PATCH] Move eventlog_free() into its own file.
|
|
|
|
---
|
|
MANIFEST | 1 +
|
|
lib/eventlog/Makefile.in | 14 ++++++-
|
|
lib/eventlog/eventlog.c | 37 ------------------
|
|
lib/eventlog/eventlog_free.c | 73 ++++++++++++++++++++++++++++++++++++
|
|
4 files changed, 87 insertions(+), 38 deletions(-)
|
|
create mode 100644 lib/eventlog/eventlog_free.c
|
|
|
|
diff --git a/MANIFEST b/MANIFEST
|
|
index 8c5a57ae8..a2bed131d 100644
|
|
--- a/MANIFEST
|
|
+++ b/MANIFEST
|
|
@@ -104,6 +104,7 @@ include/sudo_util.h
|
|
install-sh
|
|
lib/eventlog/Makefile.in
|
|
lib/eventlog/eventlog.c
|
|
+lib/eventlog/eventlog_free.c
|
|
lib/eventlog/logwrap.c
|
|
lib/eventlog/regress/logwrap/check_wrap.c
|
|
lib/eventlog/regress/logwrap/check_wrap.in
|
|
diff --git a/lib/eventlog/Makefile.in b/lib/eventlog/Makefile.in
|
|
index 8790ac1ae..24c2dbce9 100644
|
|
--- a/lib/eventlog/Makefile.in
|
|
+++ b/lib/eventlog/Makefile.in
|
|
@@ -82,7 +82,7 @@ SHELL = @SHELL@
|
|
|
|
TEST_PROGS = check_wrap
|
|
|
|
-LIBEVENTLOG_OBJS = eventlog.lo logwrap.lo
|
|
+LIBEVENTLOG_OBJS = eventlog.lo eventlog_free.lo logwrap.lo
|
|
|
|
IOBJS = $(LIBEVENTLOG_OBJS:.lo=.i)
|
|
|
|
@@ -213,6 +213,18 @@ eventlog.i: $(srcdir)/eventlog.c $(incdir)/compat/stdbool.h \
|
|
$(CC) -E -o $@ $(CPPFLAGS) $<
|
|
eventlog.plog: eventlog.i
|
|
rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/eventlog.c --i-file $< --output-file $@
|
|
+eventlog_free.lo: $(srcdir)/eventlog_free.c $(incdir)/compat/stdbool.h \
|
|
+ $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \
|
|
+ $(incdir)/sudo_eventlog.h $(incdir)/sudo_queue.h \
|
|
+ $(incdir)/sudo_util.h $(top_builddir)/config.h
|
|
+ $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/eventlog_free.c
|
|
+eventlog_free.i: $(srcdir)/eventlog_free.c $(incdir)/compat/stdbool.h \
|
|
+ $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \
|
|
+ $(incdir)/sudo_eventlog.h $(incdir)/sudo_queue.h \
|
|
+ $(incdir)/sudo_util.h $(top_builddir)/config.h
|
|
+ $(CC) -E -o $@ $(CPPFLAGS) $<
|
|
+eventlog_free.plog: eventlog_free.i
|
|
+ rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/eventlog_free.c --i-file $< --output-file $@
|
|
logwrap.lo: $(srcdir)/logwrap.c $(incdir)/compat/stdbool.h \
|
|
$(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \
|
|
$(incdir)/sudo_eventlog.h $(incdir)/sudo_queue.h \
|
|
diff --git a/lib/eventlog/eventlog.c b/lib/eventlog/eventlog.c
|
|
index e6f744da5..c8c9b7ba5 100644
|
|
--- a/lib/eventlog/eventlog.c
|
|
+++ b/lib/eventlog/eventlog.c
|
|
@@ -1256,43 +1256,6 @@ eventlog_alert(const struct eventlog *evlog, int flags,
|
|
debug_return_bool(ret);
|
|
}
|
|
|
|
-/*
|
|
- * Free the strings in a struct eventlog.
|
|
- */
|
|
-void
|
|
-eventlog_free(struct eventlog *evlog)
|
|
-{
|
|
- int i;
|
|
- debug_decl(eventlog_free, SUDO_DEBUG_UTIL);
|
|
-
|
|
- if (evlog != NULL) {
|
|
- free(evlog->iolog_path);
|
|
- free(evlog->command);
|
|
- free(evlog->cwd);
|
|
- free(evlog->runchroot);
|
|
- free(evlog->runcwd);
|
|
- free(evlog->rungroup);
|
|
- free(evlog->runuser);
|
|
- free(evlog->submithost);
|
|
- free(evlog->submituser);
|
|
- free(evlog->submitgroup);
|
|
- free(evlog->ttyname);
|
|
- if (evlog->argv != NULL) {
|
|
- for (i = 0; evlog->argv[i] != NULL; i++)
|
|
- free(evlog->argv[i]);
|
|
- free(evlog->argv);
|
|
- }
|
|
- if (evlog->envp != NULL) {
|
|
- for (i = 0; evlog->envp[i] != NULL; i++)
|
|
- free(evlog->envp[i]);
|
|
- free(evlog->envp);
|
|
- }
|
|
- free(evlog);
|
|
- }
|
|
-
|
|
- debug_return;
|
|
-}
|
|
-
|
|
static FILE *
|
|
eventlog_stub_open_log(int type, const char *logfile)
|
|
{
|
|
diff --git a/lib/eventlog/eventlog_free.c b/lib/eventlog/eventlog_free.c
|
|
new file mode 100644
|
|
index 000000000..49583b61c
|
|
--- /dev/null
|
|
+++ b/lib/eventlog/eventlog_free.c
|
|
@@ -0,0 +1,73 @@
|
|
+/*
|
|
+ * SPDX-License-Identifier: ISC
|
|
+ *
|
|
+ * Copyright (c) 2020 Todd C. Miller <Todd.Miller@sudo.ws>
|
|
+ *
|
|
+ * Permission to use, copy, modify, and distribute this software for any
|
|
+ * purpose with or without fee is hereby granted, provided that the above
|
|
+ * copyright notice and this permission notice appear in all copies.
|
|
+ *
|
|
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
|
|
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
|
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
|
|
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
|
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
|
|
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
|
|
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
|
+ *
|
|
+ * Sponsored in part by the Defense Advanced Research Projects
|
|
+ * Agency (DARPA) and Air Force Research Laboratory, Air Force
|
|
+ * Materiel Command, USAF, under agreement number F39502-99-1-0512.
|
|
+ */
|
|
+
|
|
+/*
|
|
+ * This is an open source non-commercial project. Dear PVS-Studio, please check it.
|
|
+ * PVS-Studio Static Code Analyzer for C, C++ and C#: http://www.viva64.com
|
|
+ */
|
|
+
|
|
+#include <config.h>
|
|
+
|
|
+#include <stdio.h>
|
|
+#include <stdlib.h>
|
|
+
|
|
+#include "sudo_compat.h"
|
|
+#include "sudo_debug.h"
|
|
+#include "sudo_eventlog.h"
|
|
+#include "sudo_util.h"
|
|
+
|
|
+/*
|
|
+ * Free the strings in a struct eventlog.
|
|
+ */
|
|
+void
|
|
+eventlog_free(struct eventlog *evlog)
|
|
+{
|
|
+ int i;
|
|
+ debug_decl(eventlog_free, SUDO_DEBUG_UTIL);
|
|
+
|
|
+ if (evlog != NULL) {
|
|
+ free(evlog->iolog_path);
|
|
+ free(evlog->command);
|
|
+ free(evlog->cwd);
|
|
+ free(evlog->runchroot);
|
|
+ free(evlog->runcwd);
|
|
+ free(evlog->rungroup);
|
|
+ free(evlog->runuser);
|
|
+ free(evlog->submithost);
|
|
+ free(evlog->submituser);
|
|
+ free(evlog->submitgroup);
|
|
+ free(evlog->ttyname);
|
|
+ if (evlog->argv != NULL) {
|
|
+ for (i = 0; evlog->argv[i] != NULL; i++)
|
|
+ free(evlog->argv[i]);
|
|
+ free(evlog->argv);
|
|
+ }
|
|
+ if (evlog->envp != NULL) {
|
|
+ for (i = 0; evlog->envp[i] != NULL; i++)
|
|
+ free(evlog->envp[i]);
|
|
+ free(evlog->envp);
|
|
+ }
|
|
+ free(evlog);
|
|
+ }
|
|
+
|
|
+ debug_return;
|
|
+}
|
|
--
|
|
2.43.0
|
|
|