f8883a97a0
- Rebase to 1.9.5p2 - CVE-2023-28486 sudo: Sudo does not escape control characters in log messages Resolves: RHEL-21825 - CVE-2023-28487 sudo: Sudo does not escape control characters in sudoreplay output Resolves: RHEL-21831 - CVE-2023-42465 sudo: Targeted Corruption of Register and Stack Variables Resolves: RHEL-21820 Signed-off-by: Radovan Sroka <rsroka@redhat.com>
23 lines
932 B
Diff
23 lines
932 B
Diff
From 3fc3a07a03ef74fde99db40ce9ef43ccab336205 Mon Sep 17 00:00:00 2001
|
|
From: MertsA <andrewmerts@gmail.com>
|
|
Date: Fri, 23 Jul 2021 03:36:05 -0700
|
|
Subject: [PATCH] Rewind utmp file pointer after searching for entry
|
|
|
|
getutline() advances the file pointer until it matches or reaches EOF. pututline() starts from the current position in utmp. This rewinds the file pointer to the beginning to avoid allocating additional spurious utmp entries.
|
|
---
|
|
src/utmp.c | 1 +
|
|
1 file changed, 1 insertion(+)
|
|
|
|
diff --git a/src/utmp.c b/src/utmp.c
|
|
index 544a37519..952bf3043 100644
|
|
--- a/src/utmp.c
|
|
+++ b/src/utmp.c
|
|
@@ -210,6 +210,7 @@ utmp_login(const char *from_line, const char *to_line, int ttyfd,
|
|
memset(&utbuf, 0, sizeof(utbuf));
|
|
strncpy(utbuf.ut_line, from_line, sizeof(utbuf.ut_line));
|
|
ut_old = sudo_getutline(&utbuf);
|
|
+ sudo_setutent();
|
|
}
|
|
utmp_fill(to_line, user, ut_old, &utbuf);
|
|
if (sudo_pututline(&utbuf) != NULL)
|