packages/sudo
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix CVE-2023-27320

Browse Source 
(cherry picked from commit ccbe8687f7b9bad06da4d4d4eb65887f7d8828f7)
This commit is contained in:
modric 2023-03-07 11:39:44 +00:00 committed by openeuler-sync-bot
parent 4edbcc5976
commit 6c5cd1b27e
2 changed files with 43 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
backport-CVE-2023-27320.patch Normal file
View File

@ -0,0 +1,38 @@
diff --git a/plugins/sudoers/match_command.c b/plugins/sudoers/match_command.c
index ad9db1e..f1c09bd 100644
--- a/plugins/sudoers/match_command.c
+++ b/plugins/sudoers/match_command.c
@@ -712,12 +712,16 @@ command_matches(const char *sudoers_cmnd, const char *sudoers_args,
/* Rule-specific runchroot, reset user_cmnd and user_stat. */
int status;
+ /* Save old user_cmnd first, set_cmnd_path() will free it. */
saved_user_cmnd = user_cmnd;
+ user_cmnd = NULL;
if (user_stat != NULL)
saved_user_stat = *user_stat;
status = set_cmnd_path(runchroot);
- if (status != FOUND)
+ if (status != FOUND) {
+ user_cmnd = saved_user_cmnd;
saved_user_cmnd = NULL;
+ }
if (info != NULL)
info->status = status;
}
diff --git a/plugins/sudoers/visudo.c b/plugins/sudoers/visudo.c
index 55f44d6..b8b2bc5 100644
--- a/plugins/sudoers/visudo.c
+++ b/plugins/sudoers/visudo.c
@@ -230,7 +230,9 @@ main(int argc, char *argv[])
}
/* Mock up a fake sudo_user struct. */
- user_cmnd = user_base = "";
+ user_cmnd = user_base = strdup("true");
+ if (user_cmnd == NULL)
+ sudo_fatalx(U_("%s: %s"), __func__, U_("unable to allocate memory"));
if (geteuid() == 0) {
const char *user = getenv("SUDO_USER");
if (user != NULL && *user != '\0')

6
sudo.spec
View File

@ -1,6 +1,6 @@
Name: sudo Name: sudo
Version: 1.9.8p2 Version: 1.9.8p2
Release: 9 Release: 10
Summary: Allows restricted root access for specified users Summary: Allows restricted root access for specified users
License: ISC License: ISC
URL: http://www.courtesan.com/sudo/ URL: http://www.courtesan.com/sudo/
@ -29,6 +29,7 @@ Patch15: backport-sudo_passwd_cleanup-Set-auth-data-to-NULL-after-free.patch
Patch16: backport-sudo_rcstr_dup-Fix-potential-NULL-pointer-deref.patch Patch16: backport-sudo_rcstr_dup-Fix-potential-NULL-pointer-deref.patch
Patch17: backport-CVE-2023-22809.patch Patch17: backport-CVE-2023-22809.patch
Patch18: backport-Fix-a-NOPASSWD-issue-with-a-non-existent-command-whe.patch Patch18: backport-Fix-a-NOPASSWD-issue-with-a-non-existent-command-whe.patch
Patch19: backport-CVE-2023-27320.patch
Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
Requires: pam Requires: pam
@ -179,6 +180,9 @@ install -p -c -m 0644 %{SOURCE3} $RPM_BUILD_ROOT/etc/pam.d/sudo-i
%exclude %{_pkgdocdir}/ChangeLog %exclude %{_pkgdocdir}/ChangeLog
%changelog %changelog
* Tue Mar 07 2023 wangyu <wangyu283@huawei.com> - 1.9.8p2-10
- Fix CVE-2023-27320.
* Wed Feb 01 2023 wangyu <wangyu283@huawei.com> - 1.9.8p2-9 * Wed Feb 01 2023 wangyu <wangyu283@huawei.com> - 1.9.8p2-9
- For "sudo ALL" a non-existent command is not an error. - For "sudo ALL" a non-existent command is not an error.