isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Make hexchar() return -1 on invalid input instead of calling fatalx().

Browse Source 
Callers used to check that the string was hex before calling hexchar().
Now callers must check for a -1 return value instead.
This commit is contained in:
Todd C. Miller
2014-03-26 13:50:51 -06:00
parent 2220f55aef
commit 9ff3b1b570
3 changed files with 13 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
plugins/sudoers/hexchar.c
View File

@@ -21,8 +21,11 @@
#include "missing.h" #include "missing.h"
#include "sudo_debug.h" #include "sudo_debug.h"
#include "fatal.h"
/*
* Converts a two-byte hex string to decimal.
* Returns the decimal value or -1 for invalid input.
*/
int int
hexchar(const char *s) hexchar(const char *s)
{ {
@@ -87,8 +90,8 @@ hexchar(const char *s)
result[i] = 15; result[i] = 15;
break; break;
default: default:
/* Should not happen. */ /* Invalid input. */
fatalx("internal error, \\x%s not in proper hex format", s); debug_return_int(-1);
} }
} }
debug_return_int((result[0] << 4) | result[1]); debug_return_int((result[0] << 4) | result[1]);

9
plugins/sudoers/match.c
View File

@@ -81,7 +81,6 @@
# include <ndir.h> # include <ndir.h>
# endif # endif
#endif #endif
#include <ctype.h>
#include <pwd.h> #include <pwd.h>
#include <grp.h> #include <grp.h>
#include <errno.h> #include <errno.h>
@@ -605,6 +604,7 @@ digest_matches(const char *file, const struct sudo_digest *sd)
SHA2_CTX ctx; SHA2_CTX ctx;
FILE *fp; FILE *fp;
unsigned int i; unsigned int i;
int h;
debug_decl(digest_matches, SUDO_DEBUG_MATCH) debug_decl(digest_matches, SUDO_DEBUG_MATCH)
for (i = 0; digest_functions[i].digest_name != NULL; i++) { for (i = 0; digest_functions[i].digest_name != NULL; i++) {
@@ -620,11 +620,10 @@ digest_matches(const char *file, const struct sudo_digest *sd)
if (strlen(sd->digest_str) == func->digest_len * 2) { if (strlen(sd->digest_str) == func->digest_len * 2) {
/* Convert the command digest from ascii hex to binary. */ /* Convert the command digest from ascii hex to binary. */
for (i = 0; i < func->digest_len; i++) { for (i = 0; i < func->digest_len; i++) {
if (!isxdigit((unsigned char)sd->digest_str[i + i]) || h = hexchar(&sd->digest_str[i + i]);
!isxdigit((unsigned char)sd->digest_str[i + i + 1])) { if (h == -1)
goto bad_format; goto bad_format;
} sudoers_digest[i] = (unsigned char)h;
sudoers_digest[i] = hexchar(&sd->digest_str[i + i]);
} }
} else { } else {
size_t len = base64_decode(sd->digest_str, sudoers_digest, size_t len = base64_decode(sd->digest_str, sudoers_digest,

8
plugins/sudoers/toke_util.c
View File

@@ -46,7 +46,6 @@
#if defined(HAVE_MALLOC_H) && !defined(STDC_HEADERS) #if defined(HAVE_MALLOC_H) && !defined(STDC_HEADERS)
# include <malloc.h> # include <malloc.h>
#endif /* HAVE_MALLOC_H && !STDC_HEADERS */ #endif /* HAVE_MALLOC_H && !STDC_HEADERS */
#include <ctype.h>
#include <errno.h> #include <errno.h>
#include "sudoers.h" #include "sudoers.h"
@@ -61,6 +60,7 @@ bool
fill_txt(const char *src, int len, int olen) fill_txt(const char *src, int len, int olen)
{ {
char *dst; char *dst;
int h;
debug_decl(fill_txt, SUDO_DEBUG_PARSER) debug_decl(fill_txt, SUDO_DEBUG_PARSER)
dst = olen ? realloc(sudoerslval.string, olen + len + 1) : malloc(len + 1); dst = olen ? realloc(sudoerslval.string, olen + len + 1) : malloc(len + 1);
@@ -75,10 +75,8 @@ fill_txt(const char *src, int len, int olen)
dst += olen; dst += olen;
while (len--) { while (len--) {
if (*src == '\\' && len) { if (*src == '\\' && len) {
if (src[1] == 'x' && len >= 3 && if (src[1] == 'x' && len >= 3 && (h = hexchar(src + 2)) != -1) {
isxdigit((unsigned char) src[2]) && *dst++ = h;
isxdigit((unsigned char) src[3])) {
*dst++ = hexchar(src + 2);
src += 4; src += 4;
len -= 3; len -= 3;
} else { } else {