isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Go back to escaping the command args for "sudo -i" and "sudo -s"

Browse Source 
before calling the plugin.  Otherwise, spaces in the command args
are not treated properly.  The sudoers plugin will unescape non-spaces
to make matching easier.
This commit is contained in:
Todd C. Miller
2011-07-29 10:10:40 -04:00
parent 4f9a93f658
commit 8255ed69b9
3 changed files with 45 additions and 48 deletions
Download Patch File Download Diff File Expand all files Collapse all files

37
plugins/sudoers/sudoers.c
View File

@@ -861,21 +861,38 @@ set_cmnd(void)
/* set user_args */ /* set user_args */
if (NewArgc > 1) { if (NewArgc > 1) {
char *to, **from; char *to, *from, **av;
size_t size, n; size_t size, n;
/* Alloc and build up user_args. */ /* Alloc and build up user_args. */
for (size = 0, from = NewArgv + 1; *from; from++) for (size = 0, av = NewArgv + 1; *av; av++)
size += strlen(*from) + 1; size += strlen(*av) + 1;
user_args = emalloc(size); user_args = emalloc(size);
for (to = user_args, from = NewArgv + 1; *from; from++) { if (ISSET(sudo_mode, MODE_SHELL|MODE_LOGIN_SHELL)) {
n = strlcpy(to, *from, size - (to - user_args)); /*
if (n >= size - (to - user_args)) * When running a command via a shell, the sudo front-end
errorx(1, _("internal error, set_cmnd() overflow")); * escapes potential meta chars. We unescape non-spaces
to += n; * for sudoers matching and logging purposes.
*to++ = ' '; */
for (to = user_args, av = NewArgv + 1; (from = *av); av++) {
while (*from) {
if (from[0] == '\\' && !isspace((unsigned char)from[1]))
from++;
*to++ = *from++;
}
*to++ = ' ';
}
*--to = '\0';
} else {
for (to = user_args, av = NewArgv + 1; *av; av++) {
n = strlcpy(to, *av, size - (to - user_args));
if (n >= size - (to - user_args))
errorx(1, _("internal error, set_cmnd() overflow"));
to += n;
*to++ = ' ';
}
*--to = '\0';
} }
*--to = '\0';
} }
} }
if (strlen(user_cmnd) >= PATH_MAX) if (strlen(user_cmnd) >= PATH_MAX)

25
src/parse_args.c
View File

@@ -385,17 +385,28 @@ parse_args(int argc, char **argv, int *nargc, char ***nargv, char ***settingsp,
memcpy(av + 1, argv, argc * sizeof(char *)); memcpy(av + 1, argv, argc * sizeof(char *));
} else { } else {
/* shell -c "command" */ /* shell -c "command" */
char *src, *dst, *end; char *cmnd, *src, *dst;
size_t cmnd_size = (size_t) (argv[argc - 1] - argv[0]) + size_t cmnd_size = (size_t) (argv[argc - 1] - argv[0]) +
strlen(argv[argc - 1]) + 1; strlen(argv[argc - 1]) + 1;
cmnd = dst = emalloc2(cmnd_size, 2);
for (av = argv; *av != NULL; av++) {
for (src = *av; *src != '\0'; src++) {
/* quote potential meta characters */
if (!isalnum((unsigned char)*src) && *src != '_' && *src != '-')
*dst++ = '\\';
*dst++ = *src;
}
*dst++ = ' ';
}
if (cmnd != dst)
dst--; /* replace last space with a NUL */
*dst = '\0';
ac = 3; ac = 3;
av = emalloc2(ac + 1, sizeof(char *)); av = emalloc2(ac + 1, sizeof(char *));
av[1] = "-c"; av[1] = "-c";
av[2] = dst = emalloc(cmnd_size); av[2] = cmnd;
src = argv[0];
for (end = src + cmnd_size - 1; src < end; src++, dst++)
*dst = *src == '\0' ? ' ' : *src;
*dst = '\0';
} }
av[0] = (char *)user_details.shell; /* plugin may override shell */ av[0] = (char *)user_details.shell; /* plugin may override shell */
av[ac] = NULL; av[ac] = NULL;

31
src/sudo.c
View File

@@ -121,7 +121,6 @@ static int iolog_open(struct plugin_container *plugin, char * const settings[],
int argc, char * const argv[], char * const user_env[]); int argc, char * const argv[], char * const user_env[]);
static void iolog_close(struct plugin_container *plugin, int exit_status, static void iolog_close(struct plugin_container *plugin, int exit_status,
int error); int error);
static char *escape_cmnd(const char *src);
/* Policy plugin convenience functions. */ /* Policy plugin convenience functions. */
static int policy_open(struct plugin_container *plugin, char * const settings[], static int policy_open(struct plugin_container *plugin, char * const settings[],
@@ -293,12 +292,6 @@ main(int argc, char *argv[], char *envp[])
if (ISSET(command_details.flags, CD_SUDOEDIT)) { if (ISSET(command_details.flags, CD_SUDOEDIT)) {
exitcode = sudo_edit(&command_details); exitcode = sudo_edit(&command_details);
} else { } else {
if (ISSET(sudo_mode, MODE_SHELL)) {
/* Escape meta chars if running a shell with args. */
if (argv_out[1] != NULL && strcmp(argv_out[1], "-c") == 0 &&
argv_out[2] != NULL && argv_out[3] == NULL)
argv_out[2] = escape_cmnd(argv_out[2]);
}
exitcode = run_command(&command_details); exitcode = run_command(&command_details);
} }
/* The close method was called by sudo_edit/run_command. */ /* The close method was called by sudo_edit/run_command. */
@@ -1054,30 +1047,6 @@ done:
return rval; return rval;
} }
/*
* Escape any non-alpha numeric or blank characters to make sure
* they are not interpreted specially by the shell.
*/
static char *
escape_cmnd(const char *src)
{
char *cmnd, *dst;
/* Worst case scenario, we have to escape everything. */
cmnd = dst = emalloc((2 * strlen(src)) + 1);
while (*src != '\0') {
if (!isalnum((unsigned char)*src) && !isspace((unsigned char)*src) &&
*src != '_' && *src != '-') {
/* quote potential meta character */
*dst++ = '\\';
}
*dst++ = *src++;
}
*dst++ = '\0';
return cmnd;
}
/* /*
* Run the command and wait for it to complete. * Run the command and wait for it to complete.
*/ */