[arch-commits] Commit in sudo/trunk (2 files)

Evangelos Foutras via arch-commits Mon, 20 Sep 2021 12:29:59 -0700

    Date: Monday, September 20, 2021 @ 19:29:46
  Author: foutrelis
Revision: 424405


upgpkg: sudo 1.9.8.p1-2: fix sudo -i: missing NULL terminator

https://bugzilla.sudo.ws/show_bug.cgi?id=998

Added:
  sudo/trunk/fix-sudo-login-missing-NULL-terminator.patch
Modified:
  sudo/trunk/PKGBUILD

----------------------------------------------+
 PKGBUILD                                     |    7 ++++++-
 fix-sudo-login-missing-NULL-terminator.patch |   24 ++++++++++++++++++++++++
 2 files changed, 30 insertions(+), 1 deletion(-)

Modified: PKGBUILD
===================================================================
--- PKGBUILD    2021-09-20 18:51:05 UTC (rev 424404)
+++ PKGBUILD    2021-09-20 19:29:46 UTC (rev 424405)
@@ -4,7 +4,7 @@
 
 pkgname=sudo
 _sudover=1.9.8p1
-pkgrel=1
+pkgrel=2
 pkgver=${_sudover/p/.p}
 pkgdesc="Give certain users the ability to run some commands as root"
 arch=('x86_64')
@@ -18,10 +18,12 @@
         'etc/sudoers')
 install=$pkgname.install
 source=(https://www.sudo.ws/sudo/dist/$pkgname-$_sudover.tar.gz{,.sig}
+        fix-sudo-login-missing-NULL-terminator.patch
         sudo_logsrvd.service
         sudo.pam)
 sha256sums=('0939ee24df7095a92e0ca4aa3bd53b2a10965a7b921d51a26ab70cdd24388d69'
             'SKIP'
+            '9b9a304d6d2b1116a5733128f7258e58243607225d829bfe53c710b7bddcfcae'
             '8b91733b73171827c360a3e01f4692772b78e62ceca0cf0fd4b770aba35081a1'
             'd1738818070684a5d2c9b26224906aad69a4fea77aabd960fc2675aee2df1fa2')
 validpgpkeys=('59D1E9CCBA2B376704FDD35BA9F4C021CEA470FB')
@@ -28,6 +30,9 @@
 
 prepare() {
   cd "$srcdir/$pkgname-$_sudover"
+
+  # https://bugzilla.sudo.ws/show_bug.cgi?id=998
+  patch -Np1 -i ../fix-sudo-login-missing-NULL-terminator.patch
 }
 
 build() {

Added: fix-sudo-login-missing-NULL-terminator.patch
===================================================================
--- fix-sudo-login-missing-NULL-terminator.patch                                
(rev 0)
+++ fix-sudo-login-missing-NULL-terminator.patch        2021-09-20 19:29:46 UTC 
(rev 424405)
@@ -0,0 +1,24 @@
+From 7ab66eb3a8c35a1bef2f0b85bde231c91521d04b Mon Sep 17 00:00:00 2001
+From: "Todd C. Miller" <[email protected]>
+Date: Sun, 19 Sep 2021 13:58:56 -0600
+Subject: [PATCH] sudo -i: missing NULL terminator when moving argv to make
+ room for --login Fixes a potential crash for "sudo -i" when the target user
+ has bash as the shell (which needs the --login option).  Bug #998.
+
+---
+ plugins/sudoers/sudoers.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/plugins/sudoers/sudoers.c b/plugins/sudoers/sudoers.c
+index 4fa323975..51376f970 100644
+--- a/plugins/sudoers/sudoers.c
++++ b/plugins/sudoers/sudoers.c
+@@ -725,7 +725,7 @@ sudoers_policy_main(int argc, char * const argv[], int 
pwflag, char *env_add[],
+       if (NewArgc > 1 && strcmp(NewArgv[0], "-bash") == 0 &&
+           strcmp(NewArgv[1], "-c") == 0) {
+           /* We allocated extra space for the --login above. */
+-          memmove(&NewArgv[2], &NewArgv[1], sizeof(char *) * (NewArgc - 1));
++          memmove(&NewArgv[2], &NewArgv[1], sizeof(char *) * NewArgc);
+           NewArgv[1] = "--login";
+           NewArgc++;
+       }

[arch-commits] Commit in sudo/trunk (2 files)

Reply via email to