Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
home:Alexander_Naumov:SLE-12:Update
sudo.1638
sudo-1.8.10p3-CVE-2014-9680.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File sudo-1.8.10p3-CVE-2014-9680.patch of Package sudo.1638
Index: sudo-1.8.10p3/plugins/sudoers/env.c =================================================================== --- sudo-1.8.10p3.orig/plugins/sudoers/env.c +++ sudo-1.8.10p3/plugins/sudoers/env.c @@ -197,6 +197,7 @@ static const char *initial_checkenv_tabl "LC_*", "LINGUAS", "TERM", + "TZ", NULL }; @@ -212,7 +213,6 @@ static const char *initial_keepenv_table "PATH", "PS1", "PS2", - "TZ", "XAUTHORITY", "XAUTHORIZATION", NULL @@ -576,6 +576,54 @@ matches_env_delete(const char *var) } /* + * Sanity-check the TZ environment variable. + * On many systems it is possible to set this to a pathname. + */ +static bool +tz_is_sane(const char *tzval) +{ + const char *cp; + char lastch; + debug_decl(tz_is_sane, SUDO_DEBUG_ENV) + + /* tzcode treats a value beginning with a ':' as a path. */ + if (tzval[0] == ':') + tzval++; + + /* Reject fully-qualified TZ that doesn't being with the zoneinfo dir. */ + if (tzval[0] == '/') { +#ifdef _PATH_ZONEINFO + if (strncmp(tzval, _PATH_ZONEINFO, sizeof(_PATH_ZONEINFO) - 1) != 0 || + tzval[sizeof(_PATH_ZONEINFO) - 1] != '/') + debug_return_bool(false); +#else + /* Assume the worst. */ + debug_return_bool(false); +#endif + } + + /* + * Make sure TZ only contains printable non-space characters + * and does not contain a '..' path element. + */ + lastch = '/'; + for (cp = tzval; *cp != '\0'; cp++) { + if (isspace((unsigned char)*cp) || !isprint((unsigned char)*cp)) + debug_return_bool(false); + if (lastch == '/' && cp[0] == '.' && cp[1] == '.' && + (cp[2] == '/' || cp[2] == '\0')) + debug_return_bool(false); + lastch = *cp; + } + + /* Reject extra long TZ values (even if not a path). */ + if ((size_t)(cp - tzval) >= PATH_MAX) + debug_return_bool(false); + + debug_return_bool(true); +} + +/* * Apply the env_check list. * Returns true if the variable is allowed, false if denied * or -1 if no match. @@ -599,7 +647,12 @@ matches_env_check(const char *var) iswild = false; if (strncmp(cur->value, var, len) == 0 && (iswild || var[len] == '=')) { - keepit = !strpbrk(var, "/%"); + if (strncmp(var, "TZ=", 3) == 0) { + /* Special case for TZ */ + keepit = tz_is_sane(var + 3); + } else { + keepit = !strpbrk(var, "/%"); + } break; } } Index: sudo-1.8.10p3/pathnames.h.in =================================================================== --- sudo-1.8.10p3.orig/pathnames.h.in +++ sudo-1.8.10p3/pathnames.h.in @@ -178,3 +178,7 @@ #ifndef _PATH_NETSVC_CONF #undef _PATH_NETSVC_CONF #endif /* _PATH_NETSVC_CONF */ + +#ifndef _PATH_ZONEINFO +#define _PATH_ZONEINFO "/usr/share/zoneinfo" +#endif /* _PATH_ZONEINFO */
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor