isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Replace MAX_UID_T_LEN with calls to STRLEN_MAX_UNSIGNED.

Browse Source
This commit is contained in:
Todd C. Miller
2023-09-19 15:16:30 -06:00
parent d53bbb54b2
commit 94b80e3ad4
11 changed files with 35 additions and 128 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
config.h.in
View File

@@ -1174,10 +1174,6 @@
/* The max number of chars per log file line (for line wrapping). */ /* The max number of chars per log file line (for line wrapping). */
#undef MAXLOGFILELEN #undef MAXLOGFILELEN
/* Define to the max length of a uid_t in string context (excluding the NUL).
*/
#undef MAX_UID_T_LEN
/* Define to 1 if resolv.h must be included to get the 'inet_ntop' or /* Define to 1 if resolv.h must be included to get the 'inet_ntop' or
'inet_pton' function prototypes. */ 'inet_pton' function prototypes. */
#undef NEED_RESOLV_H #undef NEED_RESOLV_H

101
configure vendored
View File

@@ -20843,85 +20843,6 @@ printf "%s\n" "#define HAVE_SOCKLEN_T 1" >>confdefs.h
fi fi
ac_fn_c_check_type "$LINENO" "uid_t" "ac_cv_type_uid_t" "$ac_includes_default"
if test "x$ac_cv_type_uid_t" = xyes
then :
else case e in #(
e)
printf "%s\n" "#define uid_t int" >>confdefs.h
;;
esac
fi
ac_fn_c_check_type "$LINENO" "gid_t" "ac_cv_type_gid_t" "$ac_includes_default"
if test "x$ac_cv_type_gid_t" = xyes
then :
else case e in #(
e)
printf "%s\n" "#define gid_t int" >>confdefs.h
;;
esac
fi
{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking max length of uid_t" >&5
printf %s "checking max length of uid_t... " >&6; }
if test ${sudo_cv_uid_t_len+y}
then :
printf %s "(cached) " >&6
else case e in #(
e)
rm -f conftestdata
if test "$cross_compiling" = yes
then :
sudo_cv_uid_t_len=10
else case e in #(
e) cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
#include <stdio.h>
#include <string.h>
#include <pwd.h>
#include <limits.h>
#include <sys/types.h>
int main() {
FILE *f;
char b[1024];
uid_t u = (uid_t) -1;
if ((f = fopen("conftestdata", "w")) == NULL)
return(1);
(void) sprintf(b, "%lu", (unsigned long) u);
(void) fprintf(f, "%d\n", (int)strlen(b));
(void) fclose(f);
return(0);
}
_ACEOF
if ac_fn_c_try_run "$LINENO"
then :
sudo_cv_uid_t_len=`cat conftestdata`
else case e in #(
e) sudo_cv_uid_t_len=10 ;;
esac
fi
rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
conftest.$ac_objext conftest.beam conftest.$ac_ext ;;
esac
fi
;;
esac
fi
{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $sudo_cv_uid_t_len" >&5
printf "%s\n" "$sudo_cv_uid_t_len" >&6; }
rm -f conftestdata
printf "%s\n" "#define MAX_UID_T_LEN $sudo_cv_uid_t_len" >>confdefs.h
ac_fn_c_check_member "$LINENO" "struct sockaddr" "sa_len" "ac_cv_member_struct_sockaddr_sa_len" " ac_fn_c_check_member "$LINENO" "struct sockaddr" "sa_len" "ac_cv_member_struct_sockaddr_sa_len" "
# include <sys/types.h> # include <sys/types.h>
@@ -21947,6 +21868,28 @@ fi
fi fi
ac_fn_c_check_type "$LINENO" "uid_t" "ac_cv_type_uid_t" "$ac_includes_default"
if test "x$ac_cv_type_uid_t" = xyes
then :
else case e in #(
e)
printf "%s\n" "#define uid_t int" >>confdefs.h
;;
esac
fi
ac_fn_c_check_type "$LINENO" "gid_t" "ac_cv_type_gid_t" "$ac_includes_default"
if test "x$ac_cv_type_gid_t" = xyes
then :
else case e in #(
e)
printf "%s\n" "#define gid_t int" >>confdefs.h
;;
esac
fi
{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking type of array argument to getgroups" >&5 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking type of array argument to getgroups" >&5
printf %s "checking type of array argument to getgroups... " >&6; } printf %s "checking type of array argument to getgroups... " >&6; }
if test ${ac_cv_type_getgroups+y} if test ${ac_cv_type_getgroups+y}

1
configure.ac
View File

@@ -2501,7 +2501,6 @@ AC_CHECK_TYPES([struct in6_addr], [], [], [#include <sys/types.h>
AC_CHECK_TYPES(socklen_t, [], [], [ AC_CHECK_TYPES(socklen_t, [], [], [
AC_INCLUDES_DEFAULT AC_INCLUDES_DEFAULT
#include <sys/socket.h>]) #include <sys/socket.h>])
SUDO_UID_T_LEN
SUDO_SOCK_SA_LEN SUDO_SOCK_SA_LEN
SUDO_SOCK_SIN_LEN SUDO_SOCK_SIN_LEN
AC_CHECK_SIZEOF([long]) AC_CHECK_SIZEOF([long])

33
m4/sudo.m4
View File

@@ -454,39 +454,6 @@ AC_DEFUN([SUDO_SOCK_SIN_LEN], [
)] )]
) )
dnl
dnl check for max length of uid_t in string representation.
dnl we can't really trust UID_MAX or MAXUID since they may exist
dnl only for backward compatibility.
dnl
AC_DEFUN([SUDO_UID_T_LEN],
[AC_REQUIRE([AC_TYPE_UID_T])
AC_CACHE_CHECK([max length of uid_t], sudo_cv_uid_t_len, [
rm -f conftestdata
AC_RUN_IFELSE([AC_LANG_SOURCE([[
#include <stdio.h>
#include <string.h>
#include <pwd.h>
#include <limits.h>
#include <sys/types.h>
int main() {
FILE *f;
char b[1024];
uid_t u = (uid_t) -1;
if ((f = fopen("conftestdata", "w")) == NULL)
return(1);
(void) sprintf(b, "%lu", (unsigned long) u);
(void) fprintf(f, "%d\n", (int)strlen(b));
(void) fclose(f);
return(0);
}]])], [sudo_cv_uid_t_len=`cat conftestdata`], [sudo_cv_uid_t_len=10], [sudo_cv_uid_t_len=10])
])
rm -f conftestdata
AC_DEFINE_UNQUOTED(MAX_UID_T_LEN, $sudo_cv_uid_t_len, [Define to the max length of a uid_t in string context (excluding the NUL).])
])
dnl dnl
dnl There are three different utmp variants we need to check for. dnl There are three different utmp variants we need to check for.
dnl SUDO_CHECK_UTMP_MEMBERS(utmp_type) dnl SUDO_CHECK_UTMP_MEMBERS(utmp_type)

4
plugins/sudoers/cvtsudoers_pwutil.c
View File

@@ -82,7 +82,7 @@ do { \
struct cache_item * struct cache_item *
cvtsudoers_make_pwitem(uid_t uid, const char *name) cvtsudoers_make_pwitem(uid_t uid, const char *name)
{ {
char *cp, uidstr[MAX_UID_T_LEN + 2]; char *cp, uidstr[STRLEN_MAX_UNSIGNED(uid_t) + 2];
size_t nsize, psize, gsize, dsize, ssize, total; size_t nsize, psize, gsize, dsize, ssize, total;
#ifdef HAVE_LOGIN_CAP_H #ifdef HAVE_LOGIN_CAP_H
size_t csize; size_t csize;
@@ -191,7 +191,7 @@ cvtsudoers_make_pwitem(uid_t uid, const char *name)
struct cache_item * struct cache_item *
cvtsudoers_make_gritem(gid_t gid, const char *name) cvtsudoers_make_gritem(gid_t gid, const char *name)
{ {
char *cp, gidstr[MAX_UID_T_LEN + 2]; char *cp, gidstr[STRLEN_MAX_UNSIGNED(gid_t) + 2];
size_t nsize, psize, total, len, nmem = 0; size_t nsize, psize, total, len, nmem = 0;
struct cache_item_gr *gritem; struct cache_item_gr *gritem;
struct group gr, *newgr; struct group gr, *newgr;

2
plugins/sudoers/env.c
View File

@@ -854,7 +854,7 @@ bool
rebuild_env(const struct sudoers_context *ctx) rebuild_env(const struct sudoers_context *ctx)
{ {
char **ep, *cp, *ps1; char **ep, *cp, *ps1;
char idbuf[MAX_UID_T_LEN + 1]; char idbuf[STRLEN_MAX_UNSIGNED(uid_t) + 1];
unsigned int didvar; unsigned int didvar;
bool reset_home = false; bool reset_home = false;
int len; int len;

2
plugins/sudoers/iolog.c
View File

@@ -296,7 +296,7 @@ iolog_deserialize_info(struct log_details *details, char * const user_info[],
const char *runas_uid_str = "0", *runas_euid_str = NULL; const char *runas_uid_str = "0", *runas_euid_str = NULL;
const char *runas_gid_str = "0", *runas_egid_str = NULL; const char *runas_gid_str = "0", *runas_egid_str = NULL;
const char *errstr; const char *errstr;
char idbuf[MAX_UID_T_LEN + 2]; char idbuf[STRLEN_MAX_UNSIGNED(uid_t) + 2];
char * const *cur; char * const *cur;
struct passwd *pw; struct passwd *pw;
struct group *gr; struct group *gr;

9
plugins/sudoers/ldap.c
View File

@@ -804,7 +804,8 @@ done:
static char * static char *
sudo_ldap_build_pass1(struct sudoers_context *ctx, LDAP *ld, struct passwd *pw) sudo_ldap_build_pass1(struct sudoers_context *ctx, LDAP *ld, struct passwd *pw)
{ {
char timebuffer[TIMEFILTER_LENGTH + 1], idbuf[MAX_UID_T_LEN + 1]; char idbuf[STRLEN_MAX_UNSIGNED(uid_t) + 1];
char timebuffer[TIMEFILTER_LENGTH + 1];
char *buf, *notbuf; char *buf, *notbuf;
struct ldap_netgroup_list netgroups; struct ldap_netgroup_list netgroups;
struct ldap_netgroup *ng = NULL; struct ldap_netgroup *ng = NULL;
@@ -835,14 +836,14 @@ sudo_ldap_build_pass1(struct sudoers_context *ctx, LDAP *ld, struct passwd *pw)
/* Add space for username and uid, including the negated versions. */ /* Add space for username and uid, including the negated versions. */
sz += ((sizeof("(sudoUser=)(sudoUser=#)") - 1 + sz += ((sizeof("(sudoUser=)(sudoUser=#)") - 1 +
sudo_ldap_value_len(pw->pw_name) + MAX_UID_T_LEN) * 2) + 2; sudo_ldap_value_len(pw->pw_name) + sizeof(idbuf) - 1) * 2) + 2;
/* Add space for primary and supplementary groups and gids */ /* Add space for primary and supplementary groups and gids */
if ((grp = sudo_getgrgid(pw->pw_gid)) != NULL) { if ((grp = sudo_getgrgid(pw->pw_gid)) != NULL) {
sz += ((sizeof("(sudoUser=%)") - 1 + sz += ((sizeof("(sudoUser=%)") - 1 +
sudo_ldap_value_len(grp->gr_name)) * 2) + 1; sudo_ldap_value_len(grp->gr_name)) * 2) + 1;
} }
sz += ((sizeof("(sudoUser=%#)") - 1 + MAX_UID_T_LEN) * 2) + 1; sz += ((sizeof("(sudoUser=%#)") - 1 + sizeof(idbuf) - 1) * 2) + 1;
if ((grlist = sudo_get_grlist(pw)) != NULL) { if ((grlist = sudo_get_grlist(pw)) != NULL) {
for (i = 0; i < grlist->ngroups; i++) { for (i = 0; i < grlist->ngroups; i++) {
if (grp != NULL && strcasecmp(grlist->groups[i], grp->gr_name) == 0) if (grp != NULL && strcasecmp(grlist->groups[i], grp->gr_name) == 0)
@@ -855,7 +856,7 @@ sudo_ldap_build_pass1(struct sudoers_context *ctx, LDAP *ld, struct passwd *pw)
for (i = 0; i < gidlist->ngids; i++) { for (i = 0; i < gidlist->ngids; i++) {
if (pw->pw_gid == gidlist->gids[i]) if (pw->pw_gid == gidlist->gids[i])
continue; continue;
sz += ((sizeof("(sudoUser=%#)") - 1 + MAX_UID_T_LEN) * 2) + 1; sz += ((sizeof("(sudoUser=%#)") - 1 + sizeof(idbuf) - 1) * 2) + 1;
} }
} }

2
plugins/sudoers/policy.c
View File

@@ -810,7 +810,7 @@ sudoers_policy_store_result(struct sudoers_context *ctx, bool accepted,
/* We reserve an extra spot in the list for the effective gid. */ /* We reserve an extra spot in the list for the effective gid. */
glsize = sizeof("runas_groups=") - 1 + glsize = sizeof("runas_groups=") - 1 +
(((size_t)gidlist->ngids + 1) * (MAX_UID_T_LEN + 1)); (((size_t)gidlist->ngids + 1) * (STRLEN_MAX_UNSIGNED(gid_t) + 1));
gid_list = malloc(glsize); gid_list = malloc(glsize);
if (gid_list == NULL) { if (gid_list == NULL) {
sudo_gidlist_delref(gidlist); sudo_gidlist_delref(gidlist);

3
src/sudo.c
View File

@@ -479,7 +479,8 @@ get_user_groups(const char *user, struct sudo_cred *cred)
/* /*
* Format group list as a comma-separated string of gids. * Format group list as a comma-separated string of gids.
*/ */
glsize = sizeof("groups=") - 1 + ((size_t)cred->ngroups * (MAX_UID_T_LEN + 1)); glsize = sizeof("groups=") - 1 +
((size_t)cred->ngroups * (STRLEN_MAX_UNSIGNED(gid_t) + 1));
if ((gid_list = malloc(glsize)) == NULL) if ((gid_list = malloc(glsize)) == NULL)
goto done; goto done;
memcpy(gid_list, "groups=", sizeof("groups=") - 1); memcpy(gid_list, "groups=", sizeof("groups=") - 1);

2
src/sudo_edit.c
View File

@@ -387,7 +387,7 @@ selinux_fmt_sudo_user(const struct sudo_cred *user_cred)
int i, len; int i, len;
debug_decl(selinux_fmt_sudo_user, SUDO_DEBUG_EDIT); debug_decl(selinux_fmt_sudo_user, SUDO_DEBUG_EDIT);
user_size = (MAX_UID_T_LEN + 1) * (2 + user_cred->ngroups); user_size = (STRLEN_MAX_UNSIGNED(uid_t) + 1) * (2 + user_cred->ngroups);
if ((user_str = malloc(user_size)) == NULL) if ((user_str = malloc(user_size)) == NULL)
debug_return_ptr(NULL); debug_return_ptr(NULL);