Hard-code usage() and help() for an 80-column terminal.

Trying to tailor the help and usage output to the terminal width
is simply not worth it and could be abused to mark a socket as
"trusted" on Linux if there are additional kernel bugs like
CVE-2023-2002.

src/parse_args.c

@@ -695,56 +695,31 @@ parse_args(int argc, char **argv, const char *shell, int *old_optind,
     debug_return_int(mode | flags);
 }
 
-static int
-usage_err(const char *buf)
-{
-    return fputs(buf, stderr);
-}
-
-static int
-usage_out(const char *buf)
-{
-    return fputs(buf, stdout);
-}
-
 /*
  * Display usage message.
  * The actual usage strings are in sudo_usage.h for configure substitution.
  */
 static void
-display_usage(int (*output)(const char *), int cols)
+display_usage(FILE *fp)
 {
-    struct sudo_lbuf lbuf;
+    const char * const **uvecs = sudo_usage;
-    const char *uvec[6];
+    const char * const *uvec;
-    int i, ulen;
+    int i, indent;
 
     /*
      * Use usage vectors appropriate to the progname.
      */
-    if (strcmp(getprogname(), "sudoedit") == 0) {
+    if (strcmp(getprogname(), "sudoedit") == 0)
-	uvec[0] = SUDO_USAGE0;
+	uvecs = sudoedit_usage;
-	uvec[1] = &SUDO_USAGE5[3];	/* skip the leading "-e " */
-	uvec[2] = NULL;
-    } else {
-	uvec[0] = SUDO_USAGE1;
-	uvec[1] = SUDO_USAGE2;
-	uvec[2] = SUDO_USAGE3;
-	uvec[3] = SUDO_USAGE4;
-	uvec[4] = SUDO_USAGE5;
-	uvec[5] = NULL;
-    }
 
-    /*
+    indent = strlen(getprogname()) + 8;
-     * Print usage and wrap lines as needed, depending on the
+    while ((uvec = *uvecs) != NULL) {
-     * tty width.
+	(void)fprintf(fp, "usage: %s %s\n", getprogname(), uvec[0]);
-     */
+	for (i = 1; uvec[i] != NULL; i++) {
-    ulen = (int)strlen(getprogname()) + 8;
+	    (void)fprintf(fp, "%*s%s\n", indent, "", uvec[i]);
-    sudo_lbuf_init(&lbuf, output, ulen, NULL, cols);
+	}
-    for (i = 0; uvec[i] != NULL; i++) {
+	uvecs++;
-	sudo_lbuf_append(&lbuf, "usage: %s%s", getprogname(), uvec[i]);
-	sudo_lbuf_print(&lbuf);
     }
-    sudo_lbuf_destroy(&lbuf);
 }
 
 /*
@@ -753,10 +728,7 @@ display_usage(int (*output)(const char *), int cols)
 void
 usage(void)
 {
-    int rows, cols;
+    display_usage(stderr);
-
-    sudo_get_ttysize(STDERR_FILENO, &rows, &cols);
-    display_usage(usage_err, cols);
     exit(EXIT_FAILURE);
 }
 
@@ -786,6 +758,12 @@ usage_excl_ticket(void)
     usage();
 }
 
+static int
+help_out(const char *buf)
+{
+    return fputs(buf, stdout);
+}
+
 static void
 help(void)
 {
@@ -793,21 +771,17 @@ help(void)
     const int indent = 32;
     const char *pname = getprogname();
     bool sudoedit = false;
-    int rows, cols;
     debug_decl(help, SUDO_DEBUG_ARGS);
 
-    sudo_get_ttysize(STDOUT_FILENO, &rows, &cols);
-    sudo_lbuf_init(&lbuf, usage_out, indent, NULL, cols);
     if (strcmp(pname, "sudoedit") == 0) {
 	sudoedit = true;
-	sudo_lbuf_append(&lbuf, _("%s - edit files as another user\n\n"), pname);
+	(void)printf(_("%s - edit files as another user\n\n"), pname);
     } else {
-	sudo_lbuf_append(&lbuf, _("%s - execute a command as another user\n\n"), pname);
+	(void)printf(_("%s - execute a command as another user\n\n"), pname);
     }
-    sudo_lbuf_print(&lbuf);
+    display_usage(stdout);
-
-    display_usage(usage_out, cols);
 
+    sudo_lbuf_init(&lbuf, help_out, indent, NULL, 80);
     sudo_lbuf_append(&lbuf, "%s", _("\nOptions:\n"));
     sudo_lbuf_append(&lbuf, "  -A, --askpass                 %s\n",
 	_("use a helper program for password prompting"));

src/sudo_usage.h.in

@@ -1,7 +1,7 @@
 /*
  * SPDX-License-Identifier: ISC
  *
- * Copyright (c) 2007-2010, 2013, 2015, 2017, 2020-2022
+ * Copyright (c) 2007-2010, 2013, 2015, 2017, 2020-2023
  *	Todd C. Miller <Todd.Miller@sudo.ws>
  *
  * Permission to use, copy, modify, and distribute this software for any
@@ -24,11 +24,55 @@
  * Usage strings for sudo.  These are here because we
  * need to be able to substitute values from configure.
  */
-#define SUDO_USAGE0 " -h | -V"
+static const char *sudo_usage1[] = {
-#define SUDO_USAGE1 " -h | -K | -k | -V"
+    "-h | -K | -k | -V",
-#define SUDO_USAGE2 " -v [-ABkNnS] @BSDAUTH_USAGE@[-g group] [-h host] [-p prompt] [-u user]"
+    NULL
-#define SUDO_USAGE3 " -l [-ABkNnS] @BSDAUTH_USAGE@[-g group] [-h host] [-p prompt] [-U user] [-u user] [command [arg ...]]"
+};
-#define SUDO_USAGE4 " [-ABbEHkNnPS] @BSDAUTH_USAGE@@SELINUX_USAGE@[-C num] [-D directory] @LOGINCAP_USAGE@[-g group] [-h host] [-p prompt] [-R directory] [-T timeout] [-u user] [VAR=value] [-i | -s] [command [arg ...]]"
+static const char *sudo_usage2[] = {
-#define SUDO_USAGE5 " -e [-ABkNnS] @BSDAUTH_USAGE@@SELINUX_USAGE@[-C num] @LOGINCAP_USAGE@[-D directory] [-g group] [-h host] [-p prompt] [-R directory] [-T timeout] [-u user] file ..."
+    "-v [-ABkNnS] @BSDAUTH_USAGE@[-g group] [-h host] [-p prompt] [-u user]",
+    NULL
+};
+static const char *sudo_usage3[] = {
+    "-l [-ABkNnS] @BSDAUTH_USAGE@[-g group] [-h host] [-p prompt] [-U user]",
+    "[-u user] [command [arg ...]]",
+    NULL
+};
+static const char *sudo_usage4[] = {
+    "[-ABbEHkNnPS] @BSDAUTH_USAGE@@SELINUX_USAGE@[-C num] @LOGINCAP_USAGE@[-D directory]",
+    "[-g group] [-h host] [-p prompt] [-R directory] [-T timeout]",
+    "[-u user] [VAR=value] [-i | -s] [command [arg ...]]",
+    NULL
+};
+static const char *sudo_usage5[] = {
+    "-e [-ABkNnS] @BSDAUTH_USAGE@@SELINUX_USAGE@[-C num] @LOGINCAP_USAGE@[-D directory]",
+    "[-g group] [-h host] [-p prompt] [-R directory] [-T timeout]",
+    "[-u user] file ...",
+    NULL
+};
+static const char * const *sudo_usage[] = {
+    sudo_usage1,
+    sudo_usage2,
+    sudo_usage3,
+    sudo_usage4,
+    sudo_usage5,
+    NULL
+};
+
+static const char *sudoedit_usage1[] = {
+    "-h | -V",
+    NULL
+};
+static const char *sudoedit_usage2[] = {
+    /* Same as sudo_usage5 but no -e flag. */
+    "[-ABkNnS] @BSDAUTH_USAGE@@SELINUX_USAGE@[-C num] @LOGINCAP_USAGE@[-D directory]",
+    "[-g group] [-h host] [-p prompt] [-R directory] [-T timeout]",
+    "[-u user] file ...",
+    NULL
+};
+static const char * const *sudoedit_usage[] = {
+    sudoedit_usage1,
+    sudoedit_usage2,
+    NULL
+};
 
 #endif /* SUDO_USAGE_H */