isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

Don't memcpy() the preserved_fds TAILQ as the pointers into the

Browse Source 
head will be wrong.  All we need to do is save the old command
details and restore them after calling run_command().  Fixes a hang
with sudoedit when debugging is enabled.
This commit is contained in:
Todd C. Miller
2014-07-26 06:06:18 -06:00
parent 32a837623e
commit 6f77ffd7c7
1 changed files with 20 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
src/sudo_edit.c
View File

@@ -85,7 +85,7 @@ switch_user(uid_t euid, gid_t egid, int ngroups, GETGROUPS_T *groups)
int int
sudo_edit(struct command_details *command_details) sudo_edit(struct command_details *command_details)
{ {
struct command_details editor_details; struct command_details saved_command_details;
ssize_t nread, nwritten; ssize_t nread, nwritten;
const char *tmpdir; const char *tmpdir;
char *cp, *suff, **nargv, **ap, **files = NULL; char *cp, *suff, **nargv, **ap, **files = NULL;
@@ -248,18 +248,27 @@ sudo_edit(struct command_details *command_details)
* keeping track of the time spent in the editor. * keeping track of the time spent in the editor.
*/ */
gettimeofday(&times[0], NULL); gettimeofday(&times[0], NULL);
memcpy(&editor_details, command_details, sizeof(editor_details)); memcpy(&saved_command_details, command_details, sizeof(struct command_details));
editor_details.uid = user_details.uid; command_details->uid = user_details.uid;
editor_details.euid = user_details.uid; command_details->euid = user_details.uid;
editor_details.gid = user_details.gid; command_details->gid = user_details.gid;
editor_details.egid = user_details.gid; command_details->egid = user_details.gid;
editor_details.ngroups = user_details.ngroups; command_details->ngroups = user_details.ngroups;
editor_details.groups = user_details.groups; command_details->groups = user_details.groups;
editor_details.argv = nargv; command_details->argv = nargv;
rval = run_command(&editor_details); rval = run_command(command_details);
gettimeofday(&times[1], NULL); gettimeofday(&times[1], NULL);
/* Copy contents of temp files to real ones */ /* Restore saved command_details. */
command_details->uid = saved_command_details.uid;
command_details->euid = saved_command_details.uid;
command_details->gid = saved_command_details.gid;
command_details->egid = saved_command_details.gid;
command_details->ngroups = saved_command_details.ngroups;
command_details->groups = saved_command_details.groups;
command_details->argv = saved_command_details.argv;
/* Copy contents of temp files to real ones. */
for (i = 0; i < nfiles; i++) { for (i = 0; i < nfiles; i++) {
rc = -1; rc = -1;
if (seteuid(user_details.uid) != 0) if (seteuid(user_details.uid) != 0)