From dc86f089aba7ebd2f4001013df7a25727cfa7eef Mon Sep 17 00:00:00 2001 From: "Todd C. Miller" Date: Sat, 13 Feb 2010 14:20:15 +0000 Subject: Update to sudo 1.7.2p3 --- usr.bin/sudo/ChangeLog | 28 ++++++++++++++++++++++++++++ usr.bin/sudo/LICENSE | 2 +- usr.bin/sudo/config.h | 6 +++--- usr.bin/sudo/config.h.in | 3 +++ usr.bin/sudo/configure | 20 ++++++++++---------- usr.bin/sudo/configure.in | 4 ++-- usr.bin/sudo/logging.c | 19 ++++++++++--------- usr.bin/sudo/parse.c | 8 +++++--- 8 files changed, 62 insertions(+), 28 deletions(-) (limited to 'usr.bin/sudo') diff --git a/usr.bin/sudo/ChangeLog b/usr.bin/sudo/ChangeLog index 8a5a0aaf2d5..64bfbf6879f 100644 --- a/usr.bin/sudo/ChangeLog +++ b/usr.bin/sudo/ChangeLog @@ -1,3 +1,31 @@ +2010-02-09 Todd C. Miller + * toke.l: Fix size arg when realloc()ing include stack. + From Daniel Kopecek + + * toke.l: Avoid a duplicate fclose() of the sudoers file. + +2010-02-06 Todd C. Miller + + * aix.c, config.h.in, configure, configure.in: Use setrlimit64(), + if available, instead of setrlimit() when setting AIX resource + limits since rlim_t is 32bits. + + * logging.c: Fix use after free when sending error messages. + From Timo Juhani Lindfors + +2009-12-17 15:02 millert + + * parse.c: Fix printing of entries with multiple host entries on + a single line. + +2009-12-09 16:05 millert + + * logging.c: fix typo in last commit + +2009-12-08 22:19 millert + + * logging.c: Convert fmt_first and fmt_confd into macros. + 2009-11-23 10:56 millert * match.c: cmnd_matches() already deals with negation so diff --git a/usr.bin/sudo/LICENSE b/usr.bin/sudo/LICENSE index 0632e0bf178..2643bc4ba11 100644 --- a/usr.bin/sudo/LICENSE +++ b/usr.bin/sudo/LICENSE @@ -1,6 +1,6 @@ Sudo is distributed under the following ISC-style license: - Copyright (c) 1994-1996, 1998-2009 + Copyright (c) 1994-1996, 1998-2010 Todd C. Miller Permission to use, copy, modify, and distribute this software for any diff --git a/usr.bin/sudo/config.h b/usr.bin/sudo/config.h index cf004eb35fc..a39df114644 100644 --- a/usr.bin/sudo/config.h +++ b/usr.bin/sudo/config.h @@ -1,4 +1,4 @@ -/* $OpenBSD: config.h,v 1.14 2009/12/07 18:43:10 millert Exp $ */ +/* $OpenBSD: config.h,v 1.15 2010/02/13 14:20:14 millert Exp $ */ #ifndef _SUDO_CONFIG_H #define _SUDO_CONFIG_H @@ -10,9 +10,9 @@ #define PACKAGE_BUGREPORT "http://www.sudo.ws/bugs/" #define PACKAGE_NAME "sudo" -#define PACKAGE_STRING "sudo 1.7.2p2" +#define PACKAGE_STRING "sudo 1.7.2p3" #define PACKAGE_TARNAME "sudo" -#define PACKAGE_VERSION "1.7.2p2" +#define PACKAGE_VERSION "1.7.2p3" #define HAVE_ASPRINTF 1 #define HAVE_BSD_AUTH_H 1 diff --git a/usr.bin/sudo/config.h.in b/usr.bin/sudo/config.h.in index 18698f4f92b..950dae59fe5 100644 --- a/usr.bin/sudo/config.h.in +++ b/usr.bin/sudo/config.h.in @@ -366,6 +366,9 @@ /* Define to 1 if you have the `setrlimit' function. */ #undef HAVE_SETRLIMIT +/* Define to 1 if you have the `setrlimit64' function. */ +#undef HAVE_SETRLIMIT64 + /* Define to 1 if you have the `setsid' function. */ #undef HAVE_SETSID diff --git a/usr.bin/sudo/configure b/usr.bin/sudo/configure index b9e0fddbd00..739d22ef17e 100644 --- a/usr.bin/sudo/configure +++ b/usr.bin/sudo/configure @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.61 for sudo 1.7.2p2. +# Generated by GNU Autoconf 2.61 for sudo 1.7.2p3. # # Report bugs to . # @@ -724,8 +724,8 @@ SHELL=${CONFIG_SHELL-/bin/sh} # Identity of this package. PACKAGE_NAME='sudo' PACKAGE_TARNAME='sudo' -PACKAGE_VERSION='1.7.2p2' -PACKAGE_STRING='sudo 1.7.2p2' +PACKAGE_VERSION='1.7.2p3' +PACKAGE_STRING='sudo 1.7.2p3' PACKAGE_BUGREPORT='http://www.sudo.ws/bugs/' # Factoring default headers for most tests. @@ -1417,7 +1417,7 @@ if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures sudo 1.7.2p2 to adapt to many kinds of systems. +\`configure' configures sudo 1.7.2p3 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1482,7 +1482,7 @@ fi if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of sudo 1.7.2p2:";; + short | recursive ) echo "Configuration of sudo 1.7.2p3:";; esac cat <<\_ACEOF @@ -1684,7 +1684,7 @@ fi test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -sudo configure 1.7.2p2 +sudo configure 1.7.2p3 generated by GNU Autoconf 2.61 Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001, @@ -1698,7 +1698,7 @@ cat >config.log <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by sudo $as_me 1.7.2p2, which was +It was created by sudo $as_me 1.7.2p3, which was generated by GNU Autoconf 2.61. Invocation command line was $ $0 $@ @@ -15833,7 +15833,7 @@ LIBS=$ac_save_LIBS for ac_func in strchr strrchr memchr memcpy memset sysconf tzset \ strftime setrlimit initgroups getgroups fstat gettimeofday \ - setlocale getaddrinfo setsid setenv + setlocale getaddrinfo setsid setenv setrlimit64 do as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` { echo "$as_me:$LINENO: checking for $ac_func" >&5 @@ -24558,7 +24558,7 @@ exec 6>&1 # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by sudo $as_me 1.7.2p2, which was +This file was extended by sudo $as_me 1.7.2p3, which was generated by GNU Autoconf 2.61. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -24607,7 +24607,7 @@ Report bugs to ." _ACEOF cat >>$CONFIG_STATUS <<_ACEOF ac_cs_version="\\ -sudo config.status 1.7.2p2 +sudo config.status 1.7.2p3 configured by $0, generated by GNU Autoconf 2.61, with options \\"`echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`\\" diff --git a/usr.bin/sudo/configure.in b/usr.bin/sudo/configure.in index f9a7d31a17f..1bdf03b4b66 100644 --- a/usr.bin/sudo/configure.in +++ b/usr.bin/sudo/configure.in @@ -4,7 +4,7 @@ dnl $Sudo: configure.in,v 1.549 2009/06/13 20:52:50 millert Exp $ dnl dnl Copyright (c) 1994-1996,1998-2009 Todd C. Miller dnl -AC_INIT([sudo], [1.7.2p2], [http://www.sudo.ws/bugs/], [sudo]) +AC_INIT([sudo], [1.7.2p3], [http://www.sudo.ws/bugs/], [sudo]) AC_CONFIG_HEADER(config.h pathnames.h) dnl dnl This won't work before AC_INIT @@ -1841,7 +1841,7 @@ dnl AC_FUNC_GETGROUPS AC_CHECK_FUNCS(strchr strrchr memchr memcpy memset sysconf tzset \ strftime setrlimit initgroups getgroups fstat gettimeofday \ - setlocale getaddrinfo setsid setenv) + setlocale getaddrinfo setsid setenv setrlimit64) AC_CHECK_FUNCS(unsetenv, SUDO_FUNC_UNSETENV_VOID) SUDO_FUNC_PUTENV_CONST if test -z "$SKIP_SETRESUID"; then diff --git a/usr.bin/sudo/logging.c b/usr.bin/sudo/logging.c index 53288e502da..44df374be72 100644 --- a/usr.bin/sudo/logging.c +++ b/usr.bin/sudo/logging.c @@ -122,6 +122,9 @@ mysyslog(pri, fmt, va_alist) closelog(); } +#define FMT_FIRST "%8s : %s" +#define FMT_CONTD "%8s : (command continued) %s" + /* * Log a message to syslog, pre-pending the username and splitting the * message into parts if it is longer than MAXSYSLOGLEN. @@ -134,14 +137,12 @@ do_syslog(pri, msg) size_t len, maxlen; char *p, *tmp, save; const char *fmt; - const char *fmt_first = "%8s : %s"; - const char *fmt_contd = "%8s : (command continued) %s"; /* * Log the full line, breaking into multiple syslog(3) calls if necessary */ - fmt = fmt_first; - maxlen = MAXSYSLOGLEN - (sizeof(fmt_first) - 6 + strlen(user_name)); + fmt = FMT_FIRST; + maxlen = MAXSYSLOGLEN - (sizeof(FMT_FIRST) - 6 + strlen(user_name)); for (p = msg; *p != '\0'; ) { len = strlen(p); if (len > maxlen) { @@ -168,8 +169,8 @@ do_syslog(pri, msg) mysyslog(pri, fmt, user_name, p); p += len; } - fmt = fmt_contd; - maxlen = MAXSYSLOGLEN - (sizeof(fmt_contd) - 6 + strlen(user_name)); + fmt = FMT_CONTD; + maxlen = MAXSYSLOGLEN - (sizeof(FMT_CONTD) - 6 + strlen(user_name)); } } @@ -391,7 +392,8 @@ log_error(flags, fmt, va_alist) else warningx("%s", message); } - efree(message); + if (logline != message) + efree(message); /* * Send a copy of the error via mail. @@ -407,8 +409,7 @@ log_error(flags, fmt, va_alist) if (def_logfile) do_logfile(logline); - if (logline != message) - efree(logline); + efree(logline); if (!ISSET(flags, NO_EXIT)) { cleanup(0); diff --git a/usr.bin/sudo/parse.c b/usr.bin/sudo/parse.c index eeb0511b9fc..818641d6fb7 100644 --- a/usr.bin/sudo/parse.c +++ b/usr.bin/sudo/parse.c @@ -313,6 +313,8 @@ sudo_file_display_priv_short(pw, us, lbuf) int nfound = 0; tq_foreach_fwd(&us->privileges, priv) { + if (hostlist_matches(&priv->hostlist) != ALLOW) + continue; tags.noexec = UNSPEC; tags.setenv = UNSPEC; tags.nopasswd = UNSPEC; @@ -364,6 +366,8 @@ sudo_file_display_priv_long(pw, us, lbuf) int nfound = 0; tq_foreach_fwd(&us->privileges, priv) { + if (hostlist_matches(&priv->hostlist) != ALLOW) + continue; tags.noexec = UNSPEC; tags.setenv = UNSPEC; tags.nopasswd = UNSPEC; @@ -419,9 +423,7 @@ sudo_file_display_privs(nss, pw, lbuf) return(-1); tq_foreach_fwd(&userspecs, us) { - /* XXX - why only check the first privilege here? */ - if (userlist_matches(pw, &us->users) != ALLOW || - hostlist_matches(&us->privileges.first->hostlist) != ALLOW) + if (userlist_matches(pw, &us->users) != ALLOW) continue; if (long_list) -- cgit v1.2.3