isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

If getdelim() returns a string with embedded NULs, truncate on first one.

Browse Source 
This should avoid some issues with the fuzzer.
This commit is contained in:
Todd C. Miller
2021-02-03 15:13:18 -07:00
parent 10e37223b5
commit f5fc5d6417
2 changed files with 32 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
plugins/sudoers/toke.c
View File

@@ -5455,9 +5455,16 @@ sudoers_trace_print(const char *msg)
} }
#endif /* TRACELEXER */ #endif /* TRACELEXER */
/*
* Custom input function that uses getdelim(3) and stores the buffer
* where the error functions can access it for better reporting.
* On success, buf is guaranteed to end in a newline and not contain
* embedded NULs. Calls YY_FATAL_ERROR on error.
*/
static yy_size_t static yy_size_t
sudoers_input(char *buf, yy_size_t max_size) sudoers_input(char *buf, yy_size_t max_size)
{ {
char *cp;
size_t avail = sudolinebuf.len - sudolinebuf.off; size_t avail = sudolinebuf.len - sudolinebuf.off;
/* Refill line buffer if needed. */ /* Refill line buffer if needed. */
@@ -5470,10 +5477,18 @@ sudoers_input(char *buf, yy_size_t max_size)
return 0; return 0;
} }
/* getdelim() can return embedded NULs, truncate if we find one. */
cp = memchr(sudolinebuf.buf, '\0', avail);
if (cp != NULL) {
*cp++ = '\n';
*cp = '\0';
avail = (size_t)(cp - sudolinebuf.buf);
}
/* Add trailing newline if it is missing. */ /* Add trailing newline if it is missing. */
if (sudolinebuf.buf[avail - 1] != '\n') { if (sudolinebuf.buf[avail - 1] != '\n') {
if (avail + 2 >= sudolinebuf.size) { if (avail + 2 >= sudolinebuf.size) {
char *cp = realloc(sudolinebuf.buf, avail + 2); cp = realloc(sudolinebuf.buf, avail + 2);
if (cp == NULL) { if (cp == NULL) {
YY_FATAL_ERROR("unable to allocate memory"); YY_FATAL_ERROR("unable to allocate memory");
return 0; return 0;

17
plugins/sudoers/toke.l
View File

@@ -1260,9 +1260,16 @@ sudoers_trace_print(const char *msg)
} }
#endif /* TRACELEXER */ #endif /* TRACELEXER */
/*
* Custom input function that uses getdelim(3) and stores the buffer
* where the error functions can access it for better reporting.
* On success, buf is guaranteed to end in a newline and not contain
* embedded NULs. Calls YY_FATAL_ERROR on error.
*/
static yy_size_t static yy_size_t
sudoers_input(char *buf, yy_size_t max_size) sudoers_input(char *buf, yy_size_t max_size)
{ {
char *cp;
size_t avail = sudolinebuf.len - sudolinebuf.off; size_t avail = sudolinebuf.len - sudolinebuf.off;
/* Refill line buffer if needed. */ /* Refill line buffer if needed. */
@@ -1275,10 +1282,18 @@ sudoers_input(char *buf, yy_size_t max_size)
return 0; return 0;
} }
/* getdelim() can return embedded NULs, truncate if we find one. */
cp = memchr(sudolinebuf.buf, '\0', avail);
if (cp != NULL) {
*cp++ = '\n';
*cp = '\0';
avail = (size_t)(cp - sudolinebuf.buf);
}
/* Add trailing newline if it is missing. */ /* Add trailing newline if it is missing. */
if (sudolinebuf.buf[avail - 1] != '\n') { if (sudolinebuf.buf[avail - 1] != '\n') {
if (avail + 2 >= sudolinebuf.size) { if (avail + 2 >= sudolinebuf.size) {
char *cp = realloc(sudolinebuf.buf, avail + 2); cp = realloc(sudolinebuf.buf, avail + 2);
if (cp == NULL) { if (cp == NULL) {
YY_FATAL_ERROR("unable to allocate memory"); YY_FATAL_ERROR("unable to allocate memory");
return 0; return 0;