isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Check for dup2() failure.

Browse Source
This commit is contained in:
Todd C. Miller
2010-06-15 09:02:23 -04:00
parent 59718c32e4
commit c2f8d24f20
5 changed files with 40 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
plugins/sudoers/logging.c
View File

@@ -463,7 +463,7 @@ send_mail(const char *fmt, ...)
} }
# endif # endif
#endif #endif
chdir("/"); (void) chdir("/");
if ((fd = open(_PATH_DEVNULL, O_RDWR, 0644)) != -1) { if ((fd = open(_PATH_DEVNULL, O_RDWR, 0644)) != -1) {
(void) dup2(fd, STDIN_FILENO); (void) dup2(fd, STDIN_FILENO);
(void) dup2(fd, STDOUT_FILENO); (void) dup2(fd, STDOUT_FILENO);
@@ -501,12 +501,15 @@ send_mail(const char *fmt, ...)
/* Child, set stdin to output side of the pipe */ /* Child, set stdin to output side of the pipe */
if (pfd[0] != STDIN_FILENO) { if (pfd[0] != STDIN_FILENO) {
(void) dup2(pfd[0], STDIN_FILENO); if (dup2(pfd[0], STDIN_FILENO) != -1) {
mysyslog(LOG_ERR, "cannot dup stdin: %m");
_exit(127);
}
(void) close(pfd[0]); (void) close(pfd[0]);
} }
(void) close(pfd[1]); (void) close(pfd[1]);
/* Build up an argv based the mailer path and flags */ /* Build up an argv based on the mailer path and flags */
mflags = estrdup(def_mailerflags); mflags = estrdup(def_mailerflags);
mpath = estrdup(def_mailerpath); mpath = estrdup(def_mailerpath);
if ((argv[0] = strrchr(mpath, ' '))) if ((argv[0] = strrchr(mpath, ' ')))

7
src/exec_pty.c
View File

@@ -1096,9 +1096,10 @@ exec_pty(struct command_details *details, char *argv[], char *envp[])
setpgid(0, self); setpgid(0, self);
/* Wire up standard fds, note that stdout/stderr may be pipes. */ /* Wire up standard fds, note that stdout/stderr may be pipes. */
dup2(io_fds[SFD_STDIN], STDIN_FILENO); if (dup2(io_fds[SFD_STDIN], STDIN_FILENO) == -1 ||
dup2(io_fds[SFD_STDOUT], STDOUT_FILENO); dup2(io_fds[SFD_STDOUT], STDOUT_FILENO) == -1 ||
dup2(io_fds[SFD_STDERR], STDERR_FILENO); dup2(io_fds[SFD_STDERR], STDERR_FILENO) == -1)
error(1, "dup2");
/* Wait for parent to grant us the tty if we are foreground. */ /* Wait for parent to grant us the tty if we are foreground. */
if (foreground) { if (foreground) {

23
src/selinux.c
View File

@@ -114,6 +114,7 @@ relabel_tty(const char *ttyn, int ptyfd)
{ {
security_context_t tty_con = NULL; security_context_t tty_con = NULL;
security_context_t new_tty_con = NULL; security_context_t new_tty_con = NULL;
int fd;
se_state.ttyfd = ptyfd; se_state.ttyfd = ptyfd;
@@ -162,22 +163,26 @@ relabel_tty(const char *ttyn, int ptyfd)
if (se_state.enforcing) if (se_state.enforcing)
goto bad; goto bad;
} }
dup2(se_state.ttyfd, ptyfd); if (dup2(se_state.ttyfd, ptyfd) == -1) {
warning("dup2");
goto bad;
}
} else { } else {
/* Re-open tty to get new label and reset std{in,out,err} */ /* Re-open tty to get new label and reset std{in,out,err} */
close(se_state.ttyfd); close(se_state.ttyfd);
se_state.ttyfd = open(ttyn, O_RDWR|O_NONBLOCK); se_state.ttyfd = open(ttyn, O_RDWR|O_NONBLOCK);
if (se_state.ttyfd == -1) if (se_state.ttyfd == -1) {
warning("unable to open %s", ttyn); warning("unable to open %s", ttyn);
else goto bad;
}
(void)fcntl(se_state.ttyfd, F_SETFL, (void)fcntl(se_state.ttyfd, F_SETFL,
fcntl(se_state.ttyfd, F_GETFL, 0) & ~O_NONBLOCK); fcntl(se_state.ttyfd, F_GETFL, 0) & ~O_NONBLOCK);
if (isatty(STDIN_FILENO)) for (fd = STDIN_FILENO; fd <= STDERR_FILENO; fd++) {
dup2(se_state.ttyfd, STDIN_FILENO); if (isatty(fd) && dup2(se_state.ttyfd, fd) == -1) {
if (isatty(STDOUT_FILENO)) warning("dup2");
dup2(se_state.ttyfd, STDOUT_FILENO); goto bad;
if (isatty(STDERR_FILENO)) }
dup2(se_state.ttyfd, STDERR_FILENO); }
} }
/* Retain se_state.ttyfd so we can restore label when command finishes. */ /* Retain se_state.ttyfd so we can restore label when command finishes. */
(void)fcntl(se_state.ttyfd, F_SETFD, FD_CLOEXEC); (void)fcntl(se_state.ttyfd, F_SETFD, FD_CLOEXEC);

16
src/sudo.c
View File

@@ -271,18 +271,18 @@ fix_fds(void)
miss[STDOUT_FILENO] = fcntl(STDOUT_FILENO, F_GETFL, 0) == -1; miss[STDOUT_FILENO] = fcntl(STDOUT_FILENO, F_GETFL, 0) == -1;
miss[STDERR_FILENO] = fcntl(STDERR_FILENO, F_GETFL, 0) == -1; miss[STDERR_FILENO] = fcntl(STDERR_FILENO, F_GETFL, 0) == -1;
if (miss[STDIN_FILENO] || miss[STDOUT_FILENO] || miss[STDERR_FILENO]) { if (miss[STDIN_FILENO] || miss[STDOUT_FILENO] || miss[STDERR_FILENO]) {
if ((devnull = open(_PATH_DEVNULL, O_RDWR, 0644)) != -1) { if ((devnull = open(_PATH_DEVNULL, O_RDWR, 0644)) == -1)
if (miss[STDIN_FILENO]) error(1, "unable to open %s", _PATH_DEVNULL);
(void) dup2(devnull, STDIN_FILENO); if (miss[STDIN_FILENO] && dup2(devnull, STDIN_FILENO) == -1)
if (miss[STDOUT_FILENO]) error(1, "dup2");
(void) dup2(devnull, STDOUT_FILENO); if (miss[STDOUT_FILENO] && dup2(devnull, STDOUT_FILENO) == -1)
if (miss[STDERR_FILENO]) error(1, "dup2");
(void) dup2(devnull, STDERR_FILENO); if (miss[STDERR_FILENO] && dup2(devnull, STDERR_FILENO) == -1)
error(1, "dup2");
if (devnull > STDERR_FILENO) if (devnull > STDERR_FILENO)
close(devnull); close(devnull);
} }
} }
}
static char * static char *
get_user_groups(struct user_details *ud) get_user_groups(struct user_details *ud)

5
src/tgetpass.c
View File

@@ -222,7 +222,10 @@ sudo_askpass(const char *askpass, const char *prompt)
if (pid == 0) { if (pid == 0) {
/* child, point stdout to output side of the pipe and exec askpass */ /* child, point stdout to output side of the pipe and exec askpass */
(void) dup2(pfd[1], STDOUT_FILENO); if (dup2(pfd[1], STDOUT_FILENO) == -1) {
warning("dup2");
_exit(255);
}
(void) setuid(ROOT_UID); (void) setuid(ROOT_UID);
if (setgid(user_details.gid)) { if (setgid(user_details.gid)) {
warning("unable to set gid to %u", (unsigned int)user_details.gid); warning("unable to set gid to %u", (unsigned int)user_details.gid);