[arch-commits] Commit in sudo/trunk (2 files)
Evangelos Foutras
foutrelis at gemini.archlinux.org
Mon Sep 20 19:29:47 UTC 2021
Date: Monday, September 20, 2021 @ 19:29:46
Author: foutrelis
Revision: 424405
upgpkg: sudo 1.9.8.p1-2: fix sudo -i: missing NULL terminator
https://bugzilla.sudo.ws/show_bug.cgi?id=998
Added:
sudo/trunk/fix-sudo-login-missing-NULL-terminator.patch
Modified:
sudo/trunk/PKGBUILD
----------------------------------------------+
PKGBUILD | 7 ++++++-
fix-sudo-login-missing-NULL-terminator.patch | 24 ++++++++++++++++++++++++
2 files changed, 30 insertions(+), 1 deletion(-)
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2021-09-20 18:51:05 UTC (rev 424404)
+++ PKGBUILD 2021-09-20 19:29:46 UTC (rev 424405)
@@ -4,7 +4,7 @@
pkgname=sudo
_sudover=1.9.8p1
-pkgrel=1
+pkgrel=2
pkgver=${_sudover/p/.p}
pkgdesc="Give certain users the ability to run some commands as root"
arch=('x86_64')
@@ -18,10 +18,12 @@
'etc/sudoers')
install=$pkgname.install
source=(https://www.sudo.ws/sudo/dist/$pkgname-$_sudover.tar.gz{,.sig}
+ fix-sudo-login-missing-NULL-terminator.patch
sudo_logsrvd.service
sudo.pam)
sha256sums=('0939ee24df7095a92e0ca4aa3bd53b2a10965a7b921d51a26ab70cdd24388d69'
'SKIP'
+ '9b9a304d6d2b1116a5733128f7258e58243607225d829bfe53c710b7bddcfcae'
'8b91733b73171827c360a3e01f4692772b78e62ceca0cf0fd4b770aba35081a1'
'd1738818070684a5d2c9b26224906aad69a4fea77aabd960fc2675aee2df1fa2')
validpgpkeys=('59D1E9CCBA2B376704FDD35BA9F4C021CEA470FB')
@@ -28,6 +30,9 @@
prepare() {
cd "$srcdir/$pkgname-$_sudover"
+
+ # https://bugzilla.sudo.ws/show_bug.cgi?id=998
+ patch -Np1 -i ../fix-sudo-login-missing-NULL-terminator.patch
}
build() {
Added: fix-sudo-login-missing-NULL-terminator.patch
===================================================================
--- fix-sudo-login-missing-NULL-terminator.patch (rev 0)
+++ fix-sudo-login-missing-NULL-terminator.patch 2021-09-20 19:29:46 UTC (rev 424405)
@@ -0,0 +1,24 @@
+From 7ab66eb3a8c35a1bef2f0b85bde231c91521d04b Mon Sep 17 00:00:00 2001
+From: "Todd C. Miller" <Todd.Miller at sudo.ws>
+Date: Sun, 19 Sep 2021 13:58:56 -0600
+Subject: [PATCH] sudo -i: missing NULL terminator when moving argv to make
+ room for --login Fixes a potential crash for "sudo -i" when the target user
+ has bash as the shell (which needs the --login option). Bug #998.
+
+---
+ plugins/sudoers/sudoers.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/plugins/sudoers/sudoers.c b/plugins/sudoers/sudoers.c
+index 4fa323975..51376f970 100644
+--- a/plugins/sudoers/sudoers.c
++++ b/plugins/sudoers/sudoers.c
+@@ -725,7 +725,7 @@ sudoers_policy_main(int argc, char * const argv[], int pwflag, char *env_add[],
+ if (NewArgc > 1 && strcmp(NewArgv[0], "-bash") == 0 &&
+ strcmp(NewArgv[1], "-c") == 0) {
+ /* We allocated extra space for the --login above. */
+- memmove(&NewArgv[2], &NewArgv[1], sizeof(char *) * (NewArgc - 1));
++ memmove(&NewArgv[2], &NewArgv[1], sizeof(char *) * NewArgc);
+ NewArgv[1] = "--login";
+ NewArgc++;
+ }
More information about the arch-commits
mailing list