isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Do not call the TIOCSETVERAUTH ioctl with a negative number of seconds.

Browse Source 
Also cap the max number of seconds at 3600 to avoid getting EINVAL
from TIOCSETVERAUTH.
This commit is contained in:
Todd C. Miller
2018-01-23 11:05:41 -07:00
parent 2e37959fec
commit 52409b9c72
1 changed files with 6 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
plugins/sudoers/timestamp.c
View File

@@ -868,7 +868,12 @@ timestamp_update(void *vcookie, struct passwd *pw)
int fd = open(_PATH_TTY, O_RDWR); int fd = open(_PATH_TTY, O_RDWR);
if (fd != -1) { if (fd != -1) {
int secs = def_timestamp_timeout.tv_sec; int secs = def_timestamp_timeout.tv_sec;
ioctl(fd, TIOCSETVERAUTH, &secs); if (secs > 0) {
if (secs > 3600)
secs = 3600; /* OpenBSD limitation */
if (ioctl(fd, TIOCSETVERAUTH, &secs) != 0)
sudo_warn("TIOCSETVERAUTH");
}
close(fd); close(fd);
} }
#endif #endif