isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Sanity check struct timespec in timestamp file.

Browse Source 
Coverity CID 220564
This commit is contained in:
Todd C. Miller
2021-04-07 11:10:17 -06:00
parent 394673cbf5
commit c2909e20ee
1 changed files with 12 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
plugins/sudoers/timestamp.c
View File

@@ -752,6 +752,9 @@ timestamp_close(void *vcookie)
debug_return; debug_return;
} }
#define TIMESPEC_VALID(ts) \
((ts)->tv_sec >= 0 && (ts)->tv_nsec >= 0 && (ts)->tv_nsec < 1000000000L)
/* /*
* Check the time stamp file and directory and return their status. * Check the time stamp file and directory and return their status.
* Called with the file position before the locked record to read. * Called with the file position before the locked record to read.
@@ -803,13 +806,21 @@ timestamp_status(void *vcookie, struct passwd *pw)
/* Make sure what we read matched the expected record. */ /* Make sure what we read matched the expected record. */
if (entry.version != TS_VERSION || entry.size != nread) { if (entry.version != TS_VERSION || entry.size != nread) {
/* do something else? */
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"invalid time stamp file @ %lld", (long long)cookie->pos); "invalid time stamp file @ %lld", (long long)cookie->pos);
status = TS_OLD; status = TS_OLD;
goto done; goto done;
} }
/* Sanity check time stamps. */
if (!TIMESPEC_VALID(&entry.start_time) || !TIMESPEC_VALID(&entry.ts)) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"invalid timespec in time stamp file @ %lld",
(long long)cookie->pos);
status = TS_OLD;
goto done;
}
if (ISSET(entry.flags, TS_DISABLED)) { if (ISSET(entry.flags, TS_DISABLED)) {
sudo_debug_printf(SUDO_DEBUG_DEBUG|SUDO_DEBUG_LINENO, sudo_debug_printf(SUDO_DEBUG_DEBUG|SUDO_DEBUG_LINENO,
"time stamp record disabled"); "time stamp record disabled");