rpms/sudo
3
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

- fixed segfault when #include directive is used in cycles (#561336)

Browse Source
This commit is contained in:
Daniel Kopeček 2010-02-10 12:38:59 +00:00
parent a9a317e7d0
commit 46cc5da5fe
2 changed files with 40 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
sudo-1.7.2p2-loopsegv3.patch Normal file
View File

@ -0,0 +1,33 @@
diff -up sudo-1.7.2p2/toke.c.loop sudo-1.7.2p2/toke.c
--- sudo-1.7.2p2/toke.c.loop 2010-02-09 12:48:33.000000000 +0100
+++ sudo-1.7.2p2/toke.c 2010-02-09 16:54:17.000000000 +0100
@@ -3461,7 +3461,7 @@ init_lexer()
efree(pl);
}
efree(istack[idepth].path);
- if (!istack[idepth].keepopen)
+ if (idepth && !istack[idepth].keepopen)
fclose(istack[idepth].bs->yy_input_file);
yy_delete_buffer(istack[idepth].bs);
}
@@ -3486,7 +3486,7 @@ _push_include(path, isdir)
}
istacksize += SUDOERS_STACK_INCREMENT;
istack = (struct include_stack *) realloc(istack,
- sizeof(istack) * istacksize);
+ sizeof(*istack) * istacksize);
if (istack == NULL) {
yyerror("unable to allocate memory");
return(FALSE);
diff -up sudo-1.7.2p2/toke.l.loop sudo-1.7.2p2/toke.l
--- sudo-1.7.2p2/toke.l.loop 2010-02-09 12:48:30.000000000 +0100
+++ sudo-1.7.2p2/toke.l 2010-02-09 13:18:27.000000000 +0100
@@ -869,7 +869,7 @@ _push_include(path, isdir)
}
istacksize += SUDOERS_STACK_INCREMENT;
istack = (struct include_stack *) realloc(istack,
- sizeof(istack) * istacksize);
+ sizeof(*istack) * istacksize);
if (istack == NULL) {
yyerror("unable to allocate memory");
return(FALSE);

8
sudo.spec
View File

@ -1,7 +1,7 @@
Summary: Allows restricted root access for specified users
Name: sudo
Version: 1.7.2p2
Release: 2%{?dist}
Release: 3%{?dist}
License: BSD
Group: Applications/System
URL: http://www.courtesan.com/sudo/
@ -31,6 +31,8 @@ Patch4: sudo-1.7.1-libtool.patch
Patch5: sudo-1.7.1-getgrouplist.patch
# audit support improvement
Patch6: sudo-1.7.2p1-audit.patch
# segfault when #include directive is used in cycles (#561336)
Patch7: sudo-1.7.2p2-loopsegv3.patch
%description
Sudo (superuser do) allows a system administrator to give certain
@ -51,6 +53,7 @@ on many different machines.
%patch4 -p1 -b .libtool
%patch5 -p1 -b .getgrouplist
%patch6 -p1 -b .audit
%patch7 -p1 -b .loopsegv3
%build
# handle newer autoconf
@ -138,6 +141,9 @@ rm -rf $RPM_BUILD_ROOT
/bin/chmod 0440 /etc/sudoers || :
%changelog
* Wed Feb 10 2010 Daniel Kopecek <dkopecek@redhat.com> - 1.7.2p2-3
- fixed segfault when #include directive is used in cycles (#561336)
* Fri Jan 8 2010 Ville Skyttä <ville.skytta@iki.fi> - 1.7.2p2-2
- Add /etc/sudoers.d dir and use it in default config (#551470).
- Drop *.pod man page duplicates from docs.