Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP4:GA
sudo
sudo-CVE-2023-22809.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File sudo-CVE-2023-22809.patch of Package sudo
diff --git a/plugins/sudoers/sudoers.c b/plugins/sudoers/sudoers.c index 5b20448..79a0fb7 100644 --- a/plugins/sudoers/sudoers.c +++ b/plugins/sudoers/sudoers.c @@ -983,7 +983,7 @@ static char * resolve_editor(const char *ed, size_t edlen, int nfiles, char **files, char ***argv_out) { char *cp, **nargv, *editor, *editor_path = NULL; - int ac, i, nargc; + int ac, i, nargc = 0; bool wasblank; debug_decl(resolve_editor, SUDO_DEBUG_PLUGIN) @@ -1015,6 +1015,15 @@ resolve_editor(const char *ed, size_t edlen, int nfiles, char **files, char ***a } nargv = (char **) emalloc2(nargc + 1 + nfiles + 1, sizeof(char *)); for (ac = 0; cp != NULL && ac < nargc; ac++) { + /* + * We use "--" to separate the editor and arguments from the files + * to edit. The editor arguments themselves may not contain "--". + */ + if (strcmp(cp, "--") == 0) { + warningx(U_("editor arguments may not contain \"--\"")); + errno = EINVAL; + debug_return_str(NULL); + } nargv[ac] = cp; cp = strtok(NULL, " \t"); } diff --git a/plugins/sudoers/visudo.c b/plugins/sudoers/visudo.c index 79d8df3..d58a4ac 100644 --- a/plugins/sudoers/visudo.c +++ b/plugins/sudoers/visudo.c @@ -928,7 +928,7 @@ open_sudoers(const char *path, bool doedit, bool *keepopen) static char * get_editor(char **args) { - char *Editor, *EditorArgs, *EditorPath, *UserEditor, *UserEditorArgs; + char *Editor = NULL, *EditorArgs, *EditorPath, *UserEditor, *UserEditorArgs; debug_decl(get_editor, SUDO_DEBUG_UTIL) /* @@ -949,7 +949,11 @@ get_editor(char **args) } else { if (def_env_editor) { /* If we are honoring $EDITOR this is a fatal error. */ - fatalx(U_("specified editor (%s) doesn't exist"), UserEditor); + if (errno == ENOENT) { + warningx(U_("specified editor (%s) doesn't exist"), + Editor); + } + exit(EXIT_FAILURE); } else { /* Otherwise, just ignore $EDITOR. */ UserEditor = NULL;
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor