isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add strlcpy_unescape() function to undo escaping from front-end.

Browse Source 
Includes unit test.
This commit is contained in:
Todd C. Miller
2021-01-27 15:41:54 -07:00
parent aa50aaf8da
commit 2804c2c78e
6 changed files with 223 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

51
plugins/sudoers/sudoers.c
View File

@@ -951,7 +951,7 @@ set_cmnd(void)
/* set user_args */
if (NewArgc > 1) {
char *to, *from, **av;
char *dst, **av;
size_t size, n;
/* Alloc and build up user_args. */
@@ -968,38 +968,31 @@ set_cmnd(void)
* escapes potential meta chars. We unescape non-spaces
* for sudoers matching and logging purposes.
*/
for (to = user_args, av = NewArgv + 1; (from = *av); av++) {
while (*from) {
if (from[0] == '\\' && from[1] != '\0' &&
!isspace((unsigned char)from[1])) {
from++;
}
if (size - (to - user_args) < 1) {
sudo_warnx(U_("internal error, %s overflow"),
__func__);
debug_return_int(NOT_FOUND_ERROR);
}
*to++ = *from++;
}
if (size - (to - user_args) < 1) {
sudo_warnx(U_("internal error, %s overflow"),
__func__);
debug_return_int(NOT_FOUND_ERROR);
}
*to++ = ' ';
}
*--to = '\0';
} else {
for (to = user_args, av = NewArgv + 1; *av; av++) {
n = strlcpy(to, *av, size - (to - user_args));
if (n >= size - (to - user_args)) {
for (dst = user_args, av = NewArgv + 1; *av; av++) {
n = strlcpy_unescape(dst, *av, size);
if (n >= size) {
sudo_warnx(U_("internal error, %s overflow"), __func__);
debug_return_int(NOT_FOUND_ERROR);
}
to += n;
*to++ = ' ';
dst += n;
size -= n;
*dst++ = ' ';
size--;
}
*--to = '\0';
*--dst = '\0';
} else {
for (dst = user_args, av = NewArgv + 1; *av; av++) {
n = strlcpy(dst, *av, size);
if (n >= size) {
sudo_warnx(U_("internal error, %s overflow"), __func__);
debug_return_int(NOT_FOUND_ERROR);
}
dst += n;
size -= n;
*dst++ = ' ';
size--;
}
*--dst = '\0';
}
}
}