packages/sudo
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix CVE-2023-27320.

Browse Source
This commit is contained in:
modric 2023-03-10 02:23:52 +00:00
parent 216e1670c3
commit d1aa09d8e4
2 changed files with 44 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
backport-CVE-2023-27320.patch Normal file
View File

@ -0,0 +1,38 @@
diff --git a/plugins/sudoers/match_command.c b/plugins/sudoers/match_command.c
index 37d376d..bda7082 100644
--- a/plugins/sudoers/match_command.c
+++ b/plugins/sudoers/match_command.c
@@ -818,12 +818,16 @@ command_matches(const char *sudoers_cmnd, const char *sudoers_args,
/* Rule-specific runchroot, reset user_cmnd and user_stat. */
int status;
+ /* Save old user_cmnd first, set_cmnd_path() will free it. */
saved_user_cmnd = user_cmnd;
+ user_cmnd = NULL;
if (user_stat != NULL)
saved_user_stat = *user_stat;
status = set_cmnd_path(runchroot);
- if (status != FOUND)
+ if (status != FOUND) {
+ user_cmnd = saved_user_cmnd;
saved_user_cmnd = NULL;
+ }
if (info != NULL)
info->status = status;
}
diff --git a/plugins/sudoers/visudo.c b/plugins/sudoers/visudo.c
index 3f43382..ec8deab 100644
--- a/plugins/sudoers/visudo.c
+++ b/plugins/sudoers/visudo.c
@@ -260,7 +260,9 @@ main(int argc, char *argv[])
}
/* Mock up a fake sudo_user struct. */
- user_cmnd = user_base = (char *)"";
+ user_cmnd = user_base = strdup("true");
+ if (user_cmnd == NULL)
+ sudo_fatalx(U_("%s: %s"), __func__, U_("unable to allocate memory"));
if (geteuid() == 0) {
const char *user = getenv("SUDO_USER");
if (user != NULL && *user != '\0')

7
sudo.spec
View File

@ -1,6 +1,6 @@
Name: sudo Name: sudo
Version: 1.9.12p2 Version: 1.9.12p2
Release: 2 Release: 3
Summary: Allows restricted root access for specified users Summary: Allows restricted root access for specified users
License: ISC License: ISC
URL: https://www.sudo.ws URL: https://www.sudo.ws
@ -10,6 +10,8 @@ Source1: sudoers
Source2: sudo Source2: sudo
Source3: sudo-i Source3: sudo-i
Patch0: backport-CVE-2023-27320.patch
Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
Requires: pam Requires: pam
Recommends: vim-minimal Recommends: vim-minimal
@ -153,6 +155,9 @@ chrpath -d $RPM_BUILD_ROOT/usr/libexec/sudo/*
%exclude %{_pkgdocdir}/ChangeLog %exclude %{_pkgdocdir}/ChangeLog
%changelog %changelog
* Fri Mar 10 2023 wangyu <wangyu283@huawei.com> - 1.9.12p2-3
- Fix CVE-2023-27320.
* Mon Mar 06 2023 wangyu <wangyu283@huawei.com> - 1.9.12p2-2 * Mon Mar 06 2023 wangyu <wangyu283@huawei.com> - 1.9.12p2-2
- Remove -rpath option. - Remove -rpath option.