mir/sudo
2
0
Fork 0
mirror of https://github.com/sudo-project/sudo.git synced 2025-09-02 15:25:58 +00:00
Code Issues Releases Wiki Activity

Avoid nested strtok() calls.

Browse Source
This commit is contained in:
Todd C. Miller
2012-10-24 14:24:36 -04:00
parent 2b23d2b12c
commit 4134b24ec2
1 changed files with 23 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

41
plugins/sudoers/sudoers.c
View File

@@ -1,5 +1,5 @@
/* /*
* Copyright (c) 1993-1996, 1998-2011 Todd C. Miller <Todd.Miller@courtesan.com> * Copyright (c) 1993-1996, 1998-2012 Todd C. Miller <Todd.Miller@courtesan.com>
* *
* Permission to use, copy, modify, and distribute this software for any * Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above * purpose with or without fee is hereby granted, provided that the above
@@ -1460,14 +1460,17 @@ deserialize_info(char * const args[], char * const settings[], char * const user
} }
static char * static char *
resolve_editor(char *editor, int nfiles, char **files, char ***argv_out) resolve_editor(const char *ed, size_t edlen, int nfiles, char **files, char ***argv_out)
{ {
char *cp, **nargv, *editor_path = NULL; char *cp, **nargv, *editor, *editor_path = NULL;
int ac, i, nargc; int ac, i, nargc;
bool wasblank; bool wasblank;
debug_decl(resolve_editor, SUDO_DEBUG_PLUGIN) debug_decl(resolve_editor, SUDO_DEBUG_PLUGIN)
editor = estrdup(editor); /* becomes part of argv_out */ /* Note: editor becomes part of argv_out and is not freed. */
editor = emalloc(edlen + 1);
memcpy(editor, ed, edlen);
editor[edlen] = '\0';
/* /*
* Split editor into an argument vector; editor is reused (do not free). * Split editor into an argument vector; editor is reused (do not free).
@@ -1512,7 +1515,9 @@ resolve_editor(char *editor, int nfiles, char **files, char ***argv_out)
static char * static char *
find_editor(int nfiles, char **files, char ***argv_out) find_editor(int nfiles, char **files, char ***argv_out)
{ {
char *cp, *editor, *editor_path = NULL, **ev, *ev0[4]; const char *cp, *ep, *editor;
char *editor_path = NULL, **ev, *ev0[4];
size_t len;
debug_decl(find_editor, SUDO_DEBUG_PLUGIN) debug_decl(find_editor, SUDO_DEBUG_PLUGIN)
/* /*
@@ -1522,23 +1527,23 @@ find_editor(int nfiles, char **files, char ***argv_out)
ev0[1] = "VISUAL"; ev0[1] = "VISUAL";
ev0[2] = "EDITOR"; ev0[2] = "EDITOR";
ev0[3] = NULL; ev0[3] = NULL;
for (ev = ev0; *ev != NULL; ev++) { for (ev = ev0; editor_path == NULL && *ev != NULL; ev++) {
if ((editor = getenv(*ev)) != NULL && *editor != '\0') { if ((editor = getenv(*ev)) != NULL && *editor != '\0') {
editor_path = resolve_editor(editor, nfiles, files, argv_out); editor_path = resolve_editor(editor, strlen(editor), nfiles,
if (editor_path != NULL) files, argv_out);
break;
} }
} }
if (editor_path == NULL) { if (editor_path == NULL) {
/* def_editor could be a path, split it up */ /* def_editor could be a path, split it up, avoiding strtok() */
editor = estrdup(def_editor); cp = editor = def_editor;
cp = strtok(editor, ":"); do {
while (cp != NULL && editor_path == NULL) { if ((ep = strchr(cp, ':')) != NULL)
editor_path = resolve_editor(cp, nfiles, files, argv_out); len = ep - cp;
cp = strtok(NULL, ":"); else
} len = strlen(cp);
if (editor_path) editor_path = resolve_editor(cp, len, nfiles, files, argv_out);
efree(editor); cp = ep + 1;
} while (ep != NULL && editor_path == NULL);
} }
if (!editor_path) { if (!editor_path) {
audit_failure(NewArgv, _("%s: command not found"), editor); audit_failure(NewArgv, _("%s: command not found"), editor);