Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP2:GA
sudo
sudo-fix_NULL_deref_RunAs.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File sudo-fix_NULL_deref_RunAs.patch of Package sudo
diff --git a/plugins/sudoers/parse.c b/plugins/sudoers/parse.c index 0d6d0eb..ab90945 100644 --- a/plugins/sudoers/parse.c +++ b/plugins/sudoers/parse.c @@ -41,6 +41,23 @@ #include "sudo_lbuf.h" #include <gram.h> +static int +runas_matches_pw(struct sudoers_parse_tree *parse_tree, + const struct cmndspec *cs, const struct passwd *pw) +{ + debug_decl(runas_matches_pw, SUDOERS_DEBUG_PARSER); + + if (cs->runasuserlist != NULL) + debug_return_int(userlist_matches(parse_tree, pw, cs->runasuserlist)); + + if (cs->runasgrouplist == NULL) { + /* No explicit runas user or group, use default. */ + if (userpw_matches(def_runas_default, pw->pw_name, pw)) + debug_return_int(ALLOW); + } + debug_return_int(UNSPEC); +} + /* * Look up the user in the sudoers prase tree for pseudo-commands like * list, verify and kill. @@ -67,6 +84,8 @@ sudoers_lookup_pseudo(struct sudo_nss_list *snl, struct passwd *pw, CLR(validated, FLAG_NO_HOST); if (list_pw != NULL) { root_pw = sudo_getpwuid(ROOT_UID); + if (root_pw == NULL) + log_warningx(SLOG_SEND_MAIL, N_("unknown uid %u"), ROOT_UID); } else { SET(validated, FLAG_NO_CHECK); } @@ -106,13 +125,15 @@ sudoers_lookup_pseudo(struct sudo_nss_list *snl, struct passwd *pw, continue; } /* Runas user must match list user or root. */ - if (userlist_matches(nss->parse_tree, list_pw, - cs->runasuserlist) == DENY || - userlist_matches(nss->parse_tree, root_pw, - cs->runasuserlist) != ALLOW) + if (runas_matches_pw(nss->parse_tree, cs, list_pw) == DENY) + continue; + if (root_pw == NULL || runas_matches_pw(nss->parse_tree, + cs, root_pw) != ALLOW) { continue; - if (cmnd_matches(nss->parse_tree, cs->cmnd) == ALLOW) + } + if (cmnd_matches(nss->parse_tree, cs->cmnd) == ALLOW) { match = ALLOW; + } } } }
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor