Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP2:GA
sudo.4933
sudo-1.8.10p3-CVE-2017-1000367.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File sudo-1.8.10p3-CVE-2017-1000367.patch of Package sudo.4933
Index: sudo-1.8.10p3/src/ttyname.c =================================================================== --- sudo-1.8.10p3.orig/src/ttyname.c +++ sudo-1.8.10p3/src/ttyname.c @@ -176,6 +176,8 @@ static char *search_devs[] = { static char *ignore_devs[] = { "/dev/fd/", + "/dev/mqueue/", + "/dev/shm/", "/dev/stdin", "/dev/stdout", "/dev/stderr", @@ -439,25 +441,32 @@ get_process_ttyname(void) len = getline(&line, &linesize, fp); fclose(fp); if (len != -1) { - /* Field 7 is the tty dev (0 if no tty) */ - char *cp = line; - char *ep = line; - const char *errstr; - int field = 0; - while (*++ep != '\0') { - if (*ep == ' ') { - *ep = '\0'; - if (++field == 7) { - dev_t tdev = strtonum(cp, INT_MIN, INT_MAX, &errstr); - if (errstr) { - sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, - "%s: tty device %s: %s", path, cp, errstr); + /* + * Field 7 is the tty dev (0 if no tty). + * Since the process name at field 2 "(comm)" may include spaces, + * start at the last ')' found. + */ + char *cp = strrchr(line, ')'); + if (cp != NULL) { + char *ep = cp; + const char *errstr; + int field = 1; + + while (*++ep != '\0') { + if (*ep == ' ') { + *ep = '\0'; + if (++field == 7) { + dev_t tdev = strtonum(cp, INT_MIN, INT_MAX, &errstr); + if (errstr) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "%s: tty device %s: %s", path, cp, errstr); + } + if (tdev > 0) + tty = sudo_ttyname_dev(tdev); + break; } - if (tdev > 0) - tty = sudo_ttyname_dev(tdev); - break; + cp = ep + 1; } - cp = ep + 1; } } }
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor