diff --git a/logsrvd/eventlog.c b/logsrvd/eventlog.c index 227b90b19..9b138631e 100644 --- a/logsrvd/eventlog.c +++ b/logsrvd/eventlog.c @@ -114,7 +114,7 @@ new_logline(const char *message, const char *errstr, len += strlen(errstr) + 3; len += sizeof(LL_HOST_STR) + 2 + strlen(details->submithost); len += sizeof(LL_TTY_STR) + 2 + strlen(details->ttyname); - len += sizeof(LL_CWD_STR) + 2 + strlen(details->cwd); + len += sizeof(LL_CWD_STR) + 2 + strlen(details->runcwd); if (details->runuser != NULL) len += sizeof(LL_USER_STR) + 2 + strlen(details->runuser); if (details->rungroup != NULL) @@ -175,7 +175,7 @@ new_logline(const char *message, const char *errstr, strlcat(line, " ; ", len) >= len) goto toobig; if (strlcat(line, LL_CWD_STR, len) >= len || - strlcat(line, details->cwd, len) >= len || + strlcat(line, details->runcwd, len) >= len || strlcat(line, " ; ", len) >= len) goto toobig; if (details->runuser != NULL) { diff --git a/logsrvd/iolog_writer.c b/logsrvd/iolog_writer.c index 050d79255..c1128f8c6 100644 --- a/logsrvd/iolog_writer.c +++ b/logsrvd/iolog_writer.c @@ -422,6 +422,14 @@ iolog_details_fill(struct iolog_details *details, TimeSpec *submit_time, goto done; } } + if (details->runcwd == NULL) { + if ((details->runcwd = strdup(details->cwd)) == NULL) { + sudo_debug_printf( + SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO, + "strdup"); + goto done; + } + } if (details->submitgroup == NULL) { /* TODO: make submitgroup required */ if ((details->submitgroup = strdup("unknown")) == NULL) { diff --git a/plugins/sudoers/logging.c b/plugins/sudoers/logging.c index 4a04be0b9..0bbcb831f 100644 --- a/plugins/sudoers/logging.c +++ b/plugins/sudoers/logging.c @@ -978,7 +978,7 @@ new_logline(const char *message, const char *errstr) if (errstr != NULL) len += strlen(errstr) + 3; len += sizeof(LL_TTY_STR) + 2 + strlen(user_tty); - len += sizeof(LL_CWD_STR) + 2 + strlen(user_cwd); + len += sizeof(LL_CWD_STR) + 2 + strlen(user_runcwd); if (runas_pw != NULL) len += sizeof(LL_USER_STR) + 2 + strlen(runas_pw->pw_name); if (runas_gr != NULL) @@ -1033,7 +1033,7 @@ new_logline(const char *message, const char *errstr) strlcat(line, " ; ", len) >= len) goto toobig; if (strlcat(line, LL_CWD_STR, len) >= len || - strlcat(line, user_cwd, len) >= len || + strlcat(line, user_runcwd, len) >= len || strlcat(line, " ; ", len) >= len) goto toobig; if (runas_pw != NULL) { diff --git a/plugins/sudoers/policy.c b/plugins/sudoers/policy.c index bf85891c2..c4749a604 100644 --- a/plugins/sudoers/policy.c +++ b/plugins/sudoers/policy.c @@ -476,6 +476,10 @@ sudoers_policy_deserialize_info(void *v, char **runas_user, char **runas_group) if ((user_cwd = strdup("unknown")) == NULL) goto oom; } + if (user_runcwd == NULL) { + if ((user_runcwd = strdup(user_cwd)) == NULL) + goto oom; + } if (user_tty == NULL) { if ((user_tty = strdup("unknown")) == NULL) goto oom; diff --git a/plugins/sudoers/sudoers.c b/plugins/sudoers/sudoers.c index c7f78f8af..593c4ff59 100644 --- a/plugins/sudoers/sudoers.c +++ b/plugins/sudoers/sudoers.c @@ -405,9 +405,12 @@ sudoers_policy_main(int argc, char * const argv[], int pwflag, char *env_add[], goto bad; } free(def_runchroot); - def_runchroot = user_runchroot; + if ((def_runchroot = strdup(user_runchroot)) == NULL) { + sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); + goto done; + } } - if (user_runcwd != NULL) { + if (strcmp(user_cwd, user_runcwd) != 0) { if (def_runcwd == NULL || strcmp(def_runcwd, "*") != 0) { audit_failure(NewArgv, N_("user not allowed to change directory to %s"), user_runcwd); @@ -415,7 +418,10 @@ sudoers_policy_main(int argc, char * const argv[], int pwflag, char *env_add[], goto bad; } free(def_runcwd); - def_runcwd = user_runcwd; + if ((def_runcwd = strdup(user_runcwd)) == NULL) { + sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); + goto done; + } } /* diff --git a/plugins/sudoers/sudoers.h b/plugins/sudoers/sudoers.h index d86e65e5e..0c493cc82 100644 --- a/plugins/sudoers/sudoers.h +++ b/plugins/sudoers/sudoers.h @@ -82,6 +82,7 @@ struct sudo_user { struct passwd *_runas_pw; struct group *_runas_gr; struct stat *cmnd_stat; + char *cwd; char *name; char *path; char *tty; @@ -109,7 +110,6 @@ struct sudo_user { char *privs; char *limitprivs; #endif - const char *cwd; char *iolog_file; GETGROUPS_T *gids; int execfd;