isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add sigsetjmp() calls to all plugin entry points just to be safe.

Browse Source
This commit is contained in:
Todd C. Miller
2010-12-28 11:02:12 -05:00
parent 5966b67dda
commit bff14f60e6
2 changed files with 36 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
plugins/sudoers/iolog.c
View File

@@ -386,6 +386,11 @@ sudoers_io_close(int exit_status, int error)
{ {
int i; int i;
if (sigsetjmp(error_jmp, 1)) {
/* called via error(), errorx() or log_error() */
return;
}
for (i = 0; i < IOFD_MAX; i++) { for (i = 0; i < IOFD_MAX; i++) {
if (io_fds[i].v == NULL) if (io_fds[i].v == NULL)
continue; continue;
@@ -401,6 +406,11 @@ sudoers_io_close(int exit_status, int error)
static int static int
sudoers_io_version(int verbose) sudoers_io_version(int verbose)
{ {
if (sigsetjmp(error_jmp, 1)) {
/* called via error(), errorx() or log_error() */
return -1;
}
sudo_printf(SUDO_CONV_INFO_MSG, "Sudoers I/O plugin version %s\n", sudo_printf(SUDO_CONV_INFO_MSG, "Sudoers I/O plugin version %s\n",
PACKAGE_VERSION); PACKAGE_VERSION);
@@ -414,6 +424,11 @@ sudoers_io_log(const char *buf, unsigned int len, int idx)
gettimeofday(&now, NULL); gettimeofday(&now, NULL);
if (sigsetjmp(error_jmp, 1)) {
/* called via error(), errorx() or log_error() */
return -1;
}
#ifdef HAVE_ZLIB_H #ifdef HAVE_ZLIB_H
if (def_compress_io) if (def_compress_io)
gzwrite(io_fds[idx].g, buf, len); gzwrite(io_fds[idx].g, buf, len);

27
plugins/sudoers/sudoers.c
View File

@@ -247,6 +247,11 @@ sudoers_policy_open(unsigned int version, sudo_conv_t conversation,
static void static void
sudoers_policy_close(int exit_status, int error_code) sudoers_policy_close(int exit_status, int error_code)
{ {
if (sigsetjmp(error_jmp, 1)) {
/* called via error(), errorx() or log_error() */
return;
}
/* We do not currently log the exit status. */ /* We do not currently log the exit status. */
if (error_code) if (error_code)
warningx("unable to execute %s: %s", safe_cmnd, strerror(error_code)); warningx("unable to execute %s: %s", safe_cmnd, strerror(error_code));
@@ -269,6 +274,11 @@ sudoers_policy_close(int exit_status, int error_code)
static int static int
sudoers_policy_init_session(struct passwd *pwd) sudoers_policy_init_session(struct passwd *pwd)
{ {
if (sigsetjmp(error_jmp, 1)) {
/* called via error(), errorx() or log_error() */
return -1;
}
return auth_begin_session(pwd); return auth_begin_session(pwd);
} }
@@ -283,6 +293,12 @@ sudoers_policy_main(int argc, char * const argv[], int pwflag, char *env_add[],
volatile int info_len = 0; volatile int info_len = 0;
volatile int rval = FALSE; volatile int rval = FALSE;
if (sigsetjmp(error_jmp, 1)) {
/* error recovery via error(), errorx() or log_error() */
rewind_perms();
return -1;
}
/* Is root even allowed to run sudo? */ /* Is root even allowed to run sudo? */
if (user_uid == 0 && !def_root_sudo) { if (user_uid == 0 && !def_root_sudo) {
warningx("sudoers specifies that root is not allowed to sudo"); warningx("sudoers specifies that root is not allowed to sudo");
@@ -298,12 +314,6 @@ sudoers_policy_main(int argc, char * const argv[], int pwflag, char *env_add[],
def_closefrom = user_closefrom; def_closefrom = user_closefrom;
} }
if (sigsetjmp(error_jmp, 1)) {
/* error recovery via error(), errorx() or log_error() */
rewind_perms();
return -1;
}
set_perms(PERM_INITIAL); set_perms(PERM_INITIAL);
/* Environment variables specified on the command line. */ /* Environment variables specified on the command line. */
@@ -1064,6 +1074,11 @@ plugin_cleanup(int gotsignal)
static int static int
sudoers_policy_version(int verbose) sudoers_policy_version(int verbose)
{ {
if (sigsetjmp(error_jmp, 1)) {
/* error recovery via error(), errorx() or log_error() */
return -1;
}
sudo_printf(SUDO_CONV_INFO_MSG, "Sudoers policy plugin version %s\n", sudo_printf(SUDO_CONV_INFO_MSG, "Sudoers policy plugin version %s\n",
PACKAGE_VERSION); PACKAGE_VERSION);