isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix truncation of the last char of the sudoRole cn passed to append_default().

Browse Source 
This string is primarily used for warning messages.
Also check the snprintf() return value to avoid silent truncation.
GitHub issue #115
This commit is contained in:
Todd C. Miller
2021-09-21 12:49:18 -06:00
parent 4fef09e1c2
commit e23874d0fa
1 changed files with 6 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
plugins/sudoers/ldap_util.c
View File

@@ -478,10 +478,13 @@ sudo_ldap_role_to_priv(const char *cn, void *hosts, void *runasusers,
if (store_options) { if (store_options) {
/* Use sudoRole in place of file name in defaults. */ /* Use sudoRole in place of file name in defaults. */
size_t slen = sizeof("sudoRole") + strlen(priv->ldap_role); size_t slen = sizeof("sudoRole ") + strlen(priv->ldap_role);
if ((source = sudo_rcstr_alloc(slen)) == NULL) if ((source = sudo_rcstr_alloc(slen)) == NULL)
goto oom; goto oom;
(void)snprintf(source, slen, "sudoRole %s", priv->ldap_role); if ((size_t)snprintf(source, slen, "sudoRole %s", priv->ldap_role) >= slen) {
sudo_warnx(U_("internal error, %s overflow"), __func__);
goto bad;
}
} }
while ((opt = iter(&opts)) != NULL) { while ((opt = iter(&opts)) != NULL) {
@@ -607,6 +610,7 @@ sudo_ldap_role_to_priv(const char *cn, void *hosts, void *runasusers,
oom: oom:
sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory"));
bad:
if (priv != NULL) { if (priv != NULL) {
TAILQ_CONCAT(&priv->hostlist, &negated_hosts, entries); TAILQ_CONCAT(&priv->hostlist, &negated_hosts, entries);
TAILQ_CONCAT(&priv->cmndlist, &negated_cmnds, entries); TAILQ_CONCAT(&priv->cmndlist, &negated_cmnds, entries);