Limit paths for command, cwd and chroot to PATH_MAX bytes.

This helps prevent the fuzzer from going off the rails.
2021-09-19 18:13:43 -06:00
parent 7ab66eb3a8
commit 0ea561ca6a
5 changed files with 313 additions and 279 deletions
--- a/plugins/sudoers/defaults.c
+++ b/plugins/sudoers/defaults.c
@@ -1049,6 +1049,18 @@ valid_path(struct sudo_defs_types *def, const char *val,
    bool ret = true;
    debug_decl(valid_path, SUDOERS_DEBUG_DEFAULTS);

+    if (strlen(val) >= PATH_MAX) {
+	if (!quiet) {
+	    if (line > 0) {
+		sudo_warnx(U_("%s:%d:%d: path name for \"%s\" too long"),
+		    file, line, column, def->name);
+	    } else {
+		sudo_warnx(U_("%s: path name for \"%s\" too long"),
+		    file, def->name);
+	    }
+	}
+	ret = false;
+    }
    if (ISSET(def->type, T_CHPATH)) {
 	if (val[0] != '/' && val[0] != '~' && (val[0] != '*' || val[1] != '\0')) {
 	    if (!quiet) {