From c0063cebde36c95e2d7b0aabb2ebc4f83475e789 Mon Sep 17 00:00:00 2001 From: Daniel Kopecek Date: Thu, 12 May 2016 09:33:11 +0200 Subject: [PATCH] fixed invalid sesh argument array construction --- sudo-1.8.16-seshargsfix.patch | 41 +++++++++++++++++++++++++++++++++++ sudo.spec | 8 ++++++- 2 files changed, 48 insertions(+), 1 deletion(-) create mode 100644 sudo-1.8.16-seshargsfix.patch diff --git a/sudo-1.8.16-seshargsfix.patch b/sudo-1.8.16-seshargsfix.patch new file mode 100644 index 0000000..43418bc --- /dev/null +++ b/sudo-1.8.16-seshargsfix.patch @@ -0,0 +1,41 @@ +diff -up sudo-1.8.16/src/selinux.c.seshargsfix sudo-1.8.16/src/selinux.c +--- sudo-1.8.16/src/selinux.c.seshargsfix 2016-03-17 17:13:10.000000000 +0100 ++++ sudo-1.8.16/src/selinux.c 2016-05-12 09:29:14.687014460 +0200 +@@ -378,7 +378,7 @@ selinux_execve(int fd, const char *path, + { + char **nargv; + const char *sesh; +- int argc, serrno; ++ int argc, nargc, serrno; + debug_decl(selinux_execve, SUDO_DEBUG_SELINUX) + + sesh = sudo_conf_sesh_path(); +@@ -409,9 +409,7 @@ selinux_execve(int fd, const char *path, + */ + for (argc = 0; argv[argc] != NULL; argc++) + continue; +- if (fd != -1) +- argc++; +- nargv = reallocarray(NULL, argc + 2, sizeof(char *)); ++ nargv = reallocarray(NULL, argc + 3, sizeof(char *)); + if (nargv == NULL) { + sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); + debug_return; +@@ -420,13 +418,13 @@ selinux_execve(int fd, const char *path, + nargv[0] = *argv[0] == '-' ? "-sesh-noexec" : "sesh-noexec"; + else + nargv[0] = *argv[0] == '-' ? "-sesh" : "sesh"; +- argc = 1; +- if (fd != -1 && asprintf(&nargv[argc++], "--execfd=%d", fd) == -1) { ++ nargc = 1; ++ if (fd != -1 && asprintf(&nargv[nargc++], "--execfd=%d", fd) == -1) { + sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); + debug_return; + } +- nargv[argc] = (char *)path; +- memcpy(&nargv[argc + 1], &argv[argc], argc * sizeof(char *)); /* copies NULL */ ++ nargv[nargc++] = (char *)path; ++ memcpy(&nargv[nargc], &argv[argc], argc * sizeof(char *)); /* copies NULL */ + + /* sesh will handle noexec for us. */ + sudo_execve(-1, sesh, nargv, envp, false); diff --git a/sudo.spec b/sudo.spec index 7f54c1f..3b7ffdb 100644 --- a/sudo.spec +++ b/sudo.spec @@ -1,7 +1,7 @@ Summary: Allows restricted root access for specified users Name: sudo Version: 1.8.16 -Release: 1%{?dist} +Release: 2%{?dist} License: ISC Group: Applications/System URL: http://www.courtesan.com/sudo/ @@ -32,6 +32,8 @@ Patch2: sudo-1.8.14p1-ldapconfpatch.patch Patch3: sudo-1.8.14p1-docpassexpire.patch # Patch initialize variable before executing sudo_strsplit Patch4: sudo-1.8.14p3-initialization.patch +# 1328735 - Weird sudo issue that seems to be selinux related +Patch5: sudo-1.8.16-seshargsfix.patch %description Sudo (superuser do) allows a system administrator to give certain @@ -60,6 +62,7 @@ plugins that use %{name}. %patch2 -p1 -b .ldapconfpatch %patch3 -p1 -b .docpassexpire %patch4 -p1 -b .initialization +%patch5 -p1 -b .seshargsfix %build # Remove bundled copy of zlib @@ -198,6 +201,9 @@ rm -rf $RPM_BUILD_ROOT %{_libexecdir}/sudo/libsudo_util.so %changelog +* Thu May 12 2016 Daniel Kopecek 1.8.16-2 +- fixed invalid sesh argument array construction + * Mon Apr 04 2016 Daniel Kopecek 1.8.16-1 - update to 1.8.16