rpms/sudo/F-11 sudo-1.7.2p2-envsanitize.patch, NONE, 1.1 sudo.spec, 1.81, 1.82
Daniel Kopeček
mildew at fedoraproject.org
Wed Jun 2 09:18:34 UTC 2010
Author: mildew
Update of /cvs/pkgs/rpms/sudo/F-11
In directory cvs01.phx2.fedoraproject.org:/tmp/cvs-serv24519
Modified Files:
sudo.spec
Added Files:
sudo-1.7.2p2-envsanitize.patch
Log Message:
- added patch that fixes insufficient environment sanitization issue (#598154)
sudo-1.7.2p2-envsanitize.patch:
env.c | 43 ++++++++++++++++++++++++++++++-------------
1 file changed, 30 insertions(+), 13 deletions(-)
--- NEW FILE sudo-1.7.2p2-envsanitize.patch ---
diff -up sudo-1.7.2p2/env.c.orig sudo-1.7.2p2/env.c
--- sudo-1.7.2p2/env.c.orig 2010-06-01 13:19:54.000000000 +0200
+++ sudo-1.7.2p2/env.c 2010-06-01 13:26:22.000000000 +0200
@@ -321,7 +321,7 @@ int
unsetenv(var)
const char *var;
{
- char **ep;
+ char **ep = env.envp;
size_t len;
if (strchr(var, '=') != NULL) {
@@ -359,13 +359,15 @@ unsetenv(var)
}
len = strlen(var);
- for (ep = env.envp; *ep; ep++) {
+ while (*ep != NULL) {
if (strncmp(var, *ep, len) == 0 && (*ep)[len] == '=') {
/* Found it; shift remainder + NULL over by one and update len. */
memmove(ep, ep + 1,
(env.env_len - (ep - env.envp)) * sizeof(char *));
env.env_len--;
- break;
+ /* Keep going, could be multiple instances of the var. */
+ } else {
+ ep++;
}
}
#ifndef UNSETENV_VOID
@@ -433,6 +435,7 @@ sudo_putenv(str, dupcheck, overwrite)
{
char **ep;
size_t len;
+ int found = FALSE;
/* Make sure there is room for the new entry plus a NULL. */
if (env.env_len + 2 > env.env_size) {
@@ -451,20 +454,34 @@ sudo_putenv(str, dupcheck, overwrite)
#endif
if (dupcheck) {
- len = (strchr(str, '=') - str) + 1;
- for (ep = env.envp; *ep; ep++) {
+ len = (strchr(str, '=') - str) + 1;
+ for (ep = env.envp; !found && *ep != NULL; ep++) {
+ if (strncmp(str, *ep, len) == 0) {
+ if (overwrite)
+ *ep = str;
+ found = TRUE;
+ }
+ }
+ /* Prune out duplicate variables. */
+ if (found && overwrite) {
+ while (*ep != NULL) {
if (strncmp(str, *ep, len) == 0) {
- if (overwrite)
- *ep = str;
- return;
+ memmove(ep, ep + 1,
+ (env.env_len - (ep - env.envp)) * sizeof(char *));
+ env.env_len--;
+ } else {
+ ep++;
}
}
- } else
- ep = env.envp + env.env_len;
+ }
+ }
- env.env_len++;
- *ep++ = str;
- *ep = NULL;
+ if (!found) {
+ ep = env.envp + env.env_len;
+ env.env_len++;
+ *ep++ = str;
+ *ep = NULL;
+ }
}
/*
Index: sudo.spec
===================================================================
RCS file: /cvs/pkgs/rpms/sudo/F-11/sudo.spec,v
retrieving revision 1.81
retrieving revision 1.82
diff -u -p -r1.81 -r1.82
--- sudo.spec 14 Apr 2010 14:24:45 -0000 1.81
+++ sudo.spec 2 Jun 2010 09:18:34 -0000 1.82
@@ -1,7 +1,7 @@
Summary: Allows restricted root access for specified users
Name: sudo
Version: 1.7.2p6
-Release: 1%{?dist}
+Release: 2%{?dist}
License: BSD
Group: Applications/System
URL: http://www.courtesan.com/sudo/
@@ -31,6 +31,8 @@ Patch4: sudo-1.7.1-libtool.patch
Patch5: sudo-1.7.2p4-getgrouplist.patch
# audit support improvement
Patch6: sudo-1.7.2p6-audit.patch
+# insufficient environment sanitization issue (#598154)
+Patch7: sudo-1.7.2p2-envsanitize.patch
%description
Sudo (superuser do) allows a system administrator to give certain
@@ -51,6 +53,7 @@ on many different machines.
%patch4 -p1 -b .libtool
%patch5 -p1 -b .getgrouplist
%patch6 -p1 -b .audit
+%patch7 -p1 -b .envsanitize
%build
# handle newer autoconf
@@ -142,6 +145,9 @@ rm -rf $RPM_BUILD_ROOT
/bin/chmod 0440 /etc/sudoers || :
%changelog
+* Wed Jun 2 2010 Daniel Kopecek <dkopecek at redhat.com> - 1.7.2p6-2
+- added patch that fixes insufficient environment sanitization issue (#598154)
+
* Wed Apr 14 2010 Daniel Kopecek <dkopecek at redhat.com> - 1.7.2p6-1
- update to new upstream version
- merged .audit and .libaudit patch
More information about the scm-commits
mailing list