Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
Please login to access the resource
openSUSE:Leap:15.6:Update
sudo.17942
sudo-CVE-2021-3156.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File sudo-CVE-2021-3156.patch of Package sudo.17942
# HG changeset patch # Parent 2dbbab94d4b60ae05cb2aebf5bad1b9e18cdbb11 Reset valid_flags to MODE_NONINTERACTIVE for sudoedit. This is consistent with how the -e option is handled. Also reject -H and -P flags for sudoedit as was done in sudo 1.7. Found by Qualys. Index: sudo-1.8.22/src/parse_args.c =================================================================== --- sudo-1.8.22.orig/src/parse_args.c +++ sudo-1.8.22/src/parse_args.c @@ -556,16 +556,16 @@ parse_args(int argc, char **argv, int *n if (argc != 0) { /* shell -c "command" */ char *src, *dst; - size_t cmnd_size = (size_t) (argv[argc - 1] - argv[0]) + - strlen(argv[argc - 1]) + 1; + size_t size = 0; - cmnd = dst = reallocarray(NULL, cmnd_size, 2); - if (cmnd == NULL) + for (av = argv; *av != NULL; av++) + size += strlen(*av) + 1; + if (size == 0 || (cmnd = reallocarray(NULL, size, 2)) == NULL) sudo_fatalx(U_("%s: %s"), __func__, U_("unable to allocate memory")); if (!gc_add(GC_PTR, cmnd)) exit(1); - for (av = argv; *av != NULL; av++) { + for (dst = cmnd, av = argv; *av != NULL; av++) { for (src = *av; *src != '\0'; src++) { /* quote potential meta characters */ if (!isalnum((unsigned char)*src) && *src != '_' && *src != '-' && *src != '$') Index: sudo-1.8.22/plugins/sudoers/policy.c =================================================================== --- sudo-1.8.22.orig/plugins/sudoers/policy.c +++ sudo-1.8.22/plugins/sudoers/policy.c @@ -94,10 +94,11 @@ parse_bool(const char *line, int varlen, int sudoers_policy_deserialize_info(void *v, char **runas_user, char **runas_group) { + const int edit_mask = MODE_EDIT|MODE_IGNORE_TICKET|MODE_NONINTERACTIVE; struct sudoers_policy_open_info *info = v; - char * const *cur; const char *p, *errstr, *groups = NULL; const char *remhost = NULL; + char * const *cur; bool uid_set = false, gid_set = false; int flags = 0; debug_decl(sudoers_policy_deserialize_info, SUDOERS_DEBUG_PLUGIN) @@ -327,6 +328,12 @@ sudoers_policy_deserialize_info(void *v, #endif } + /* Sudo front-end should restrict mode flags for sudoedit. */ + if (ISSET(flags, MODE_EDIT) && (flags & edit_mask) != flags) { + sudo_warnx(U_("invalid mode flags from sudo front end: 0x%x"), flags); + goto bad; + } + user_umask = (mode_t)-1; for (cur = info->user_info; *cur != NULL; cur++) { if (MATCHES(*cur, "user=")) { Index: sudo-1.8.22/plugins/sudoers/sudoers.c =================================================================== --- sudo-1.8.22.orig/plugins/sudoers/sudoers.c +++ sudo-1.8.22/plugins/sudoers/sudoers.c @@ -242,7 +242,7 @@ sudoers_policy_main(int argc, char * con /* Not an audit event. */ sudo_warnx(U_("sudoers specifies that root is not allowed to sudo")); goto bad; - } + } if (!set_perms(PERM_INITIAL)) goto bad; @@ -438,7 +438,7 @@ sudoers_policy_main(int argc, char * con /* If run as root with SUDO_USER set, set sudo_user.pw to that user. */ /* XXX - causes confusion when root is not listed in sudoers */ - if (sudo_mode & (MODE_RUN | MODE_EDIT) && prev_user != NULL) { + if (ISSET(sudo_mode, MODE_RUN|MODE_EDIT) && prev_user != NULL) { if (user_uid == 0 && strcmp(prev_user, "root") != 0) { struct passwd *pw; @@ -816,8 +816,8 @@ set_cmnd(void) if (user_cmnd == NULL) user_cmnd = NewArgv[0]; - if (sudo_mode & (MODE_RUN | MODE_EDIT | MODE_CHECK)) { - if (ISSET(sudo_mode, MODE_RUN | MODE_CHECK)) { + if (ISSET(sudo_mode, MODE_RUN|MODE_EDIT|MODE_CHECK)) { + if (!ISSET(sudo_mode, MODE_EDIT)) { if (def_secure_path && !user_is_exempt()) path = def_secure_path; if (!set_perms(PERM_RUNAS)) @@ -855,7 +855,8 @@ set_cmnd(void) sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); debug_return_int(-1); } - if (ISSET(sudo_mode, MODE_SHELL|MODE_LOGIN_SHELL)) { + if (ISSET(sudo_mode, MODE_SHELL|MODE_LOGIN_SHELL) && + ISSET(sudo_mode, MODE_RUN)) { /* * When running a command via a shell, the sudo front-end * escapes potential meta chars. We unescape non-spaces @@ -863,10 +864,22 @@ set_cmnd(void) */ for (to = user_args, av = NewArgv + 1; (from = *av); av++) { while (*from) { - if (from[0] == '\\' && !isspace((unsigned char)from[1])) + if (from[0] == '\\' && from[1] != '\0' && + !isspace((unsigned char)from[1])) { from++; + } + if (size - (to - user_args) < 1) { + sudo_warnx(U_("internal error, %s overflow"), + __func__); + debug_return_int(NOT_FOUND_ERROR); + } *to++ = *from++; } + if (size - (to - user_args) < 1) { + sudo_warnx(U_("internal error, %s overflow"), + __func__); + debug_return_int(NOT_FOUND_ERROR); + } *to++ = ' '; } *--to = '\0'; Index: sudo-1.8.22/plugins/sudoers/timestamp.c =================================================================== --- sudo-1.8.22.orig/plugins/sudoers/timestamp.c +++ sudo-1.8.22/plugins/sudoers/timestamp.c @@ -165,7 +165,7 @@ ts_mkdirs(char *path, uid_t owner, gid_t /* umask must not be more restrictive than the file modes. */ omask = umask(ACCESSPERMS & ~(mode|parent_mode)); - ret = sudo_mkdir_parents(path, owner, group, parent_mode, quiet); + ret = sudo_mkdir_parents(path, owner, group, parent_mode, quiet); if (ret) { /* Create final path component. */ sudo_debug_printf(SUDO_DEBUG_DEBUG|SUDO_DEBUG_LINENO, @@ -620,8 +620,8 @@ timestamp_lock(void *vcookie, struct pas } else if (entry.type != TS_LOCKEXCL) { /* Old sudo record, convert it to TS_LOCKEXCL. */ entry.type = TS_LOCKEXCL; - memset((char *)&entry + offsetof(struct timestamp_entry, type), 0, - nread - offsetof(struct timestamp_entry, type)); + memset((char *)&entry + offsetof(struct timestamp_entry, flags), 0, + nread - offsetof(struct timestamp_entry, flags)); if (ts_write(cookie->fd, cookie->fname, &entry, 0) == -1) debug_return_bool(false); }
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor