packages/sudo
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update to 1.9.8p2

Browse Source
This commit is contained in:
panxiaohe 2022-02-15 09:30:17 +08:00
parent 4c57aa9b0f
commit 34e5c787aa
4 changed files with 9 additions and 53 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
backport-In-json_stack_push-treat-stack-exhaustion-like-memory-allocation-failure.patch
View File

@ -1,42 +0,0 @@
From 8781560e1bf30e2b7fa564865d138f663bbfa125 Mon Sep 17 00:00:00 2001
From: "Todd C. Miller" <Todd.Miller@sudo.ws>
Date: Fri, 29 Jan 2021 09:23:51 -0700
Subject: [PATCH] In json_stack_push() treat stack exhaustion like memory
allocation failure. Return NULL instead of treating as a fatal error. This
should make life a little easier for oss-fuzz.
---
lib/iolog/iolog_json.c | 10 +++++++---
1 file changed, 7 insertions(+), 3 deletions(-)
diff --git a/lib/iolog/iolog_json.c b/lib/iolog/iolog_json.c
index 684f938..9c7754f 100644
--- a/lib/iolog/iolog_json.c
+++ b/lib/iolog/iolog_json.c
@@ -548,6 +548,12 @@ json_stack_push(struct json_stack *stack, struct json_item_list *items,
struct json_item *item;
debug_decl(iolog_parse_loginfo_json, SUDO_DEBUG_UTIL);
+ /* We limit the stack size rather than expanding it. */
+ if (stack->depth >= stack->maxdepth) {
+ sudo_warnx(U_("json stack exhausted (max %u frames)"), stack->maxdepth);
+ debug_return_ptr(NULL);
+ }
+
/* Allocate a new item and insert it into the list. */
if ((item = new_json_item(type, name, lineno)) == NULL)
debug_return_ptr(NULL);
@@ -555,9 +561,7 @@ json_stack_push(struct json_stack *stack, struct json_item_list *items,
item->u.child.parent = item;
TAILQ_INSERT_TAIL(items, item, entries);
- /* Push the current frame onto the stack. */
- if (stack->depth == stack->maxdepth)
- sudo_fatalx(U_("internal error, %s overflow"), __func__);
+ /* Push the current frame onto the stack (depth check performed above). */
stack->frames[stack->depth++] = frame;
/* Return the new frame */
--
1.8.3.1

BIN
sudo-1.9.5p2.tar.gz
View File

Binary file not shown.

BIN
sudo-1.9.8p2.tar.gz Normal file
View File

Binary file not shown.

20
sudo.spec
View File

@ -1,6 +1,6 @@
Name: sudo Name: sudo
Version: 1.9.5p2 Version: 1.9.8p2
Release: 3 Release: 1
Summary: Allows restricted root access for specified users Summary: Allows restricted root access for specified users
License: ISC License: ISC
URL: http://www.courtesan.com/sudo/ URL: http://www.courtesan.com/sudo/
@ -10,8 +10,6 @@ Source1: sudoers
Source2: sudo Source2: sudo
Source3: sudo-i Source3: sudo-i
Patch0: backport-In-json_stack_push-treat-stack-exhaustion-like-memory-allocation-failure.patch
Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
Requires: pam Requires: pam
Recommends: vim-minimal Recommends: vim-minimal
@ -19,7 +17,7 @@ Requires(post): coreutils
BuildRequires: pam-devel groff openldap-devel flex bison automake autoconf libtool BuildRequires: pam-devel groff openldap-devel flex bison automake autoconf libtool
BuildRequires: audit-libs-devel libcap-devel libselinux-devel sendmail gettext zlib-devel BuildRequires: audit-libs-devel libcap-devel libselinux-devel sendmail gettext zlib-devel
BuildRequires: chrpath openssl-devel python3-devel BuildRequires: chrpath
%description %description
Sudo is a program designed to allow a sysadmin to give limited root privileges Sudo is a program designed to allow a sysadmin to give limited root privileges
@ -47,8 +45,10 @@ export CFLAGS="$RPM_OPT_FLAGS -fpie" LDFLAGS="-pie -Wl,-z,relro -Wl,-z,now"
--sbindir=%{_sbindir} \ --sbindir=%{_sbindir} \
--libdir=%{_libdir} \ --libdir=%{_libdir} \
--docdir=%{_pkgdocdir} \ --docdir=%{_pkgdocdir} \
--enable-openssl \
--disable-root-mailer \ --disable-root-mailer \
--disable-intercept \
--disable-log-server \
--disable-log-client \
--with-logging=syslog \ --with-logging=syslog \
--with-logfac=authpriv \ --with-logfac=authpriv \
--with-pam \ --with-pam \
@ -60,7 +60,6 @@ export CFLAGS="$RPM_OPT_FLAGS -fpie" LDFLAGS="-pie -Wl,-z,relro -Wl,-z,now"
--with-ldap \ --with-ldap \
--with-selinux \ --with-selinux \
--with-passprompt="[sudo] password for %p: " \ --with-passprompt="[sudo] password for %p: " \
--enable-python \
--with-linux-audit \ --with-linux-audit \
--with-sssd --with-sssd
@ -130,10 +129,6 @@ install -p -c -m 0644 %{SOURCE3} $RPM_BUILD_ROOT/etc/pam.d/sudo-i
%attr(0644,root,root) %{_libexecdir}/sudo/audit_json.so %attr(0644,root,root) %{_libexecdir}/sudo/audit_json.so
%attr(0644,root,root) %{_libexecdir}/sudo/sample_approval.so %attr(0644,root,root) %{_libexecdir}/sudo/sample_approval.so
%attr(0644,root,root) %{_libexecdir}/sudo/libsudo_util.so* %attr(0644,root,root) %{_libexecdir}/sudo/libsudo_util.so*
%attr(0644,root,root) %{_libexecdir}/sudo/python_plugin.so
%attr(0640,root,root) %config(noreplace) /etc/sudo_logsrvd.conf
%attr(0755,root,root) %{_sbindir}/sudo_logsrvd
%attr(0755,root,root) %{_sbindir}/sudo_sendlog
%dir /var/db/sudo %dir /var/db/sudo
%dir /var/db/sudo/lectured %dir /var/db/sudo/lectured
%dir %{_libexecdir}/sudo %dir %{_libexecdir}/sudo
@ -155,6 +150,9 @@ install -p -c -m 0644 %{SOURCE3} $RPM_BUILD_ROOT/etc/pam.d/sudo-i
%exclude %{_pkgdocdir}/ChangeLog %exclude %{_pkgdocdir}/ChangeLog
%changelog %changelog
* Tue Feb 15 2022 panxiaohe <panxh.life@foxmail.com> - 1.9.8p2-1
- Update to 1.9.8p2
* Thu Sep 16 2021 yixiangzhike <zhangxingliang3@huawei.com> - 1.9.5p2-3 * Thu Sep 16 2021 yixiangzhike <zhangxingliang3@huawei.com> - 1.9.5p2-3
- DESC: treat stack exhaustion like memory allocation failure - DESC: treat stack exhaustion like memory allocation failure