isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Use atoid() instead of atoi() when parsing uids/gids so we get

Browse Source 
proper range checking.
This commit is contained in:
Todd C. Miller
2013-12-03 14:33:26 -07:00
parent f56eca8051
commit 878ddb1788
1 changed files with 8 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
plugins/sudoers/match.c
View File

@@ -781,11 +781,13 @@ hostname_matches(char *shost, char *lhost, char *pattern)
bool bool
userpw_matches(char *sudoers_user, char *user, struct passwd *pw) userpw_matches(char *sudoers_user, char *user, struct passwd *pw)
{ {
const char *errstr;
uid_t uid;
debug_decl(userpw_matches, SUDO_DEBUG_MATCH) debug_decl(userpw_matches, SUDO_DEBUG_MATCH)
if (pw != NULL && *sudoers_user == '#') { if (pw != NULL && *sudoers_user == '#') {
uid_t uid = (uid_t) atoi(sudoers_user + 1); uid = (uid_t) atoid(sudoers_user + 1, NULL, NULL, &errstr);
if (uid == pw->pw_uid) if (errstr != NULL && uid == pw->pw_uid)
debug_return_bool(true); debug_return_bool(true);
} }
debug_return_bool(strcmp(sudoers_user, user) == 0); debug_return_bool(strcmp(sudoers_user, user) == 0);
@@ -798,11 +800,13 @@ userpw_matches(char *sudoers_user, char *user, struct passwd *pw)
bool bool
group_matches(char *sudoers_group, struct group *gr) group_matches(char *sudoers_group, struct group *gr)
{ {
const char *errstr;
gid_t gid;
debug_decl(group_matches, SUDO_DEBUG_MATCH) debug_decl(group_matches, SUDO_DEBUG_MATCH)
if (*sudoers_group == '#') { if (*sudoers_group == '#') {
gid_t gid = (gid_t) atoi(sudoers_group + 1); gid = (gid_t) atoid(sudoers_group + 1, NULL, NULL, &errstr);
if (gid == gr->gr_gid) if (errstr != NULL && gid == gr->gr_gid)
debug_return_bool(true); debug_return_bool(true);
} }
debug_return_bool(strcmp(gr->gr_name, sudoers_group) == 0); debug_return_bool(strcmp(gr->gr_name, sudoers_group) == 0);