From 2a290f812e183f7e9cb182bf18a277564da0377b Mon Sep 17 00:00:00 2001 From: "Todd C. Miller" Date: Mon, 7 Apr 2014 05:34:56 -0600 Subject: [PATCH] Return MODE_ERROR from sudoers_policy_deserialize_info() instead of calling fatalx(). --- plugins/sudoers/policy.c | 87 +++++++++++++++++++++++++++------------ plugins/sudoers/sudoers.c | 4 +- plugins/sudoers/sudoers.h | 1 + 3 files changed, 64 insertions(+), 28 deletions(-) diff --git a/plugins/sudoers/policy.c b/plugins/sudoers/policy.c index 1b1078192..46b676a80 100644 --- a/plugins/sudoers/policy.c +++ b/plugins/sudoers/policy.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2010-2013 Todd C. Miller + * Copyright (c) 2010-2014 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -105,22 +105,28 @@ sudoers_policy_deserialize_info(void *v, char **runas_user, char **runas_group) if (MATCHES(*cur, "sudoers_uid=")) { p = *cur + sizeof("sudoers_uid=") - 1; sudoers_uid = (uid_t) atoid(p, NULL, NULL, &errstr); - if (errstr != NULL) - fatalx(U_("%s: %s"), *cur, U_(errstr)); + if (errstr != NULL) { + warningx(U_("%s: %s"), *cur, U_(errstr)); + goto bad; + } continue; } if (MATCHES(*cur, "sudoers_gid=")) { p = *cur + sizeof("sudoers_gid=") - 1; sudoers_gid = (gid_t) atoid(p, NULL, NULL, &errstr); - if (errstr != NULL) - fatalx(U_("%s: %s"), *cur, U_(errstr)); + if (errstr != NULL) { + warningx(U_("%s: %s"), *cur, U_(errstr)); + goto bad; + } continue; } if (MATCHES(*cur, "sudoers_mode=")) { p = *cur + sizeof("sudoers_mode=") - 1; sudoers_mode = atomode(p, &errstr); - if (errstr != NULL) - fatalx(U_("%s: %s"), *cur, U_(errstr)); + if (errstr != NULL) { + warningx(U_("%s: %s"), *cur, U_(errstr)); + goto bad; + } continue; } if (MATCHES(*cur, "ldap_conf=")) { @@ -141,8 +147,10 @@ sudoers_policy_deserialize_info(void *v, char **runas_user, char **runas_group) errno = 0; p = *cur + sizeof("closefrom=") - 1; user_closefrom = strtonum(p, 4, INT_MAX, &errstr); - if (user_closefrom == 0) - fatalx(U_("%s: %s"), *cur, U_(errstr)); + if (user_closefrom == 0) { + warningx(U_("%s: %s"), *cur, U_(errstr)); + goto bad; + } continue; } if (MATCHES(*cur, "debug_flags=")) { @@ -255,8 +263,10 @@ sudoers_policy_deserialize_info(void *v, char **runas_user, char **runas_group) errno = 0; p = *cur + sizeof("max_groups=") - 1; sudo_user.max_groups = strtonum(p, 1, INT_MAX, &errstr); - if (sudo_user.max_groups == 0) - fatalx(U_("%s: %s"), *cur, U_(errstr)); + if (sudo_user.max_groups == 0) { + warningx(U_("%s: %s"), *cur, U_(errstr)); + goto bad; + } continue; } if (MATCHES(*cur, "remote_host=")) { @@ -273,15 +283,19 @@ sudoers_policy_deserialize_info(void *v, char **runas_user, char **runas_group) if (MATCHES(*cur, "uid=")) { p = *cur + sizeof("uid=") - 1; user_uid = (uid_t) atoid(p, NULL, NULL, &errstr); - if (errstr != NULL) - fatalx(U_("%s: %s"), *cur, U_(errstr)); + if (errstr != NULL) { + warningx(U_("%s: %s"), *cur, U_(errstr)); + goto bad; + } continue; } if (MATCHES(*cur, "gid=")) { p = *cur + sizeof("gid=") - 1; user_gid = (gid_t) atoid(p, NULL, NULL, &errstr); - if (errstr != NULL) - fatalx(U_("%s: %s"), *cur, U_(errstr)); + if (errstr != NULL) { + warningx(U_("%s: %s"), *cur, U_(errstr)); + goto bad; + } continue; } if (MATCHES(*cur, "groups=")) { @@ -308,23 +322,29 @@ sudoers_policy_deserialize_info(void *v, char **runas_user, char **runas_group) errno = 0; p = *cur + sizeof("lines=") - 1; sudo_user.lines = strtonum(p, 1, INT_MAX, &errstr); - if (sudo_user.lines == 0) - fatalx(U_("%s: %s"), *cur, U_(errstr)); + if (sudo_user.lines == 0) { + warningx(U_("%s: %s"), *cur, U_(errstr)); + goto bad; + } continue; } if (MATCHES(*cur, "cols=")) { errno = 0; p = *cur + sizeof("cols=") - 1; sudo_user.cols = strtonum(p, 1, INT_MAX, &errstr); - if (sudo_user.lines == 0) - fatalx(U_("%s: %s"), *cur, U_(errstr)); + if (sudo_user.lines == 0) { + warningx(U_("%s: %s"), *cur, U_(errstr)); + goto bad; + } continue; } if (MATCHES(*cur, "sid=")) { p = *cur + sizeof("sid=") - 1; sudo_user.sid = (pid_t) atoid(p, NULL, NULL, &errstr); - if (errstr != NULL) - fatalx(U_("%s: %s"), *cur, U_(errstr)); + if (errstr != NULL) { + warningx(U_("%s: %s"), *cur, U_(errstr)); + goto bad; + } continue; } } @@ -337,8 +357,10 @@ sudoers_policy_deserialize_info(void *v, char **runas_user, char **runas_group) user_tty = estrdup("unknown"); /* user_ttypath remains NULL */ if (groups != NULL && groups[0] != '\0') { - /* parse_gid_list() will call fatalx() on error. */ + /* parse_gid_list() will print a warning on error. */ user_ngids = parse_gid_list(groups, &user_gid, &user_gids); + if (user_ngids == -1) + goto bad; } /* Stash initial umask for later use. */ @@ -356,6 +378,9 @@ sudoers_policy_deserialize_info(void *v, char **runas_user, char **runas_group) #undef MATCHES debug_return_int(flags); + +bad: + debug_return_int(MODE_ERROR); } /* @@ -370,6 +395,7 @@ sudoers_policy_exec_setup(char *argv[], char *envp[], mode_t cmnd_umask, struct sudoers_exec_args *exec_args = v; char **command_info; int info_len = 0; + int rval = -1; debug_decl(sudoers_policy_exec_setup, SUDO_DEBUG_PLUGIN) /* Increase the length of command_info as needed, it is *not* checked. */ @@ -438,15 +464,19 @@ sudoers_policy_exec_setup(char *argv[], char *envp[], mode_t cmnd_umask, egid = runas_gr ? (unsigned int)runas_gr->gr_gid : (unsigned int)runas_pw->pw_gid; len = snprintf(cp, glsize - (cp - gid_list), "%u", egid); - if (len < 0 || (size_t)len >= glsize - (cp - gid_list)) - fatalx(U_("internal error, %s overflow"), __func__); + if (len < 0 || (size_t)len >= glsize - (cp - gid_list)) { + warningx(U_("internal error, %s overflow"), __func__); + goto done; + } cp += len; for (i = 0; i < grlist->ngids; i++) { if (grlist->gids[i] != egid) { len = snprintf(cp, glsize - (cp - gid_list), ",%u", (unsigned int) grlist->gids[i]); - if (len < 0 || (size_t)len >= glsize - (cp - gid_list)) - fatalx(U_("internal error, %s overflow"), __func__); + if (len < 0 || (size_t)len >= glsize - (cp - gid_list)) { + warningx(U_("internal error, %s overflow"), __func__); + goto done; + } cp += len; } } @@ -489,7 +519,10 @@ sudoers_policy_exec_setup(char *argv[], char *envp[], mode_t cmnd_umask, *(exec_args->envp) = envp; *(exec_args->info) = command_info; - debug_return_bool(true); + rval = true; + +done: + debug_return_bool(rval); } static int diff --git a/plugins/sudoers/sudoers.c b/plugins/sudoers/sudoers.c index 13084dec8..3fd0c5b7d 100644 --- a/plugins/sudoers/sudoers.c +++ b/plugins/sudoers/sudoers.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1993-1996, 1998-2013 Todd C. Miller + * Copyright (c) 1993-1996, 1998-2014 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -137,6 +137,8 @@ sudoers_policy_init(void *info, char * const envp[]) /* Parse info from front-end. */ sudo_mode = sudoers_policy_deserialize_info(info, &runas_user, &runas_group); + if (ISSET(sudo_mode, MODE_ERROR)) + debug_return_bool(-1); init_vars(envp); /* XXX - move this later? */ diff --git a/plugins/sudoers/sudoers.h b/plugins/sudoers/sudoers.h index 0780422ea..4b8ff9dfa 100644 --- a/plugins/sudoers/sudoers.h +++ b/plugins/sudoers/sudoers.h @@ -145,6 +145,7 @@ struct sudo_user { #define MODE_HELP 0x00000040 #define MODE_LIST 0x00000080 #define MODE_CHECK 0x00000100 +#define MODE_ERROR 0x00000200 #define MODE_MASK 0x0000ffff /* Mode flags */