isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Limit paths for command, cwd and chroot to PATH_MAX bytes.

Browse Source 
This helps prevent the fuzzer from going off the rails.
This commit is contained in:
Todd C. Miller
2021-09-19 18:13:43 -06:00
parent 7ab66eb3a8
commit 0ea561ca6a
5 changed files with 313 additions and 279 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
plugins/sudoers/policy.c
View File

@@ -202,11 +202,19 @@ sudoers_policy_deserialize_info(void *v, struct defaults_list *defaults)
if (MATCHES(*cur, "cmnd_chroot=")) {
CHECK(*cur, "cmnd_chroot=");
user_runchroot = *cur + sizeof("cmnd_chroot=") - 1;
if (strlen(user_runchroot) >= PATH_MAX) {
sudo_warnx(U_("path name for \"%s\" too long"), "cmnd_chroot");
goto bad;
}
continue;
}
if (MATCHES(*cur, "cmnd_cwd=")) {
CHECK(*cur, "cmnd_cwd=");
user_runcwd = *cur + sizeof("cmnd_cwd=") - 1;
if (strlen(user_runcwd) >= PATH_MAX) {
sudo_warnx(U_("path name for \"%s\" too long"), "cmnd_cwd");
goto bad;
}
continue;
}
if (MATCHES(*cur, "runas_user=")) {