mirror of
https://github.com/sudo-project/sudo.git
synced 2025-08-22 09:57:41 +00:00
Fix use-after-free in check_defaults(), reported by Radovan Sroka
of RedHat.
This commit is contained in:
parent
403b904abe
commit
99b9699793
2
MANIFEST
2
MANIFEST
@ -462,6 +462,8 @@ plugins/sudoers/regress/visudo/test4.out.ok
|
|||||||
plugins/sudoers/regress/visudo/test4.sh
|
plugins/sudoers/regress/visudo/test4.sh
|
||||||
plugins/sudoers/regress/visudo/test5.out.ok
|
plugins/sudoers/regress/visudo/test5.out.ok
|
||||||
plugins/sudoers/regress/visudo/test5.sh
|
plugins/sudoers/regress/visudo/test5.sh
|
||||||
|
plugins/sudoers/regress/visudo/test6.out.ok
|
||||||
|
plugins/sudoers/regress/visudo/test6.sh
|
||||||
plugins/sudoers/set_perms.c
|
plugins/sudoers/set_perms.c
|
||||||
plugins/sudoers/solaris_audit.c
|
plugins/sudoers/solaris_audit.c
|
||||||
plugins/sudoers/solaris_audit.h
|
plugins/sudoers/solaris_audit.h
|
||||||
|
@ -378,6 +378,20 @@ run_early_defaults(void)
|
|||||||
debug_return_bool(rc);
|
debug_return_bool(rc);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static void
|
||||||
|
free_default(struct sudo_defs_types *def)
|
||||||
|
{
|
||||||
|
switch (def->type & T_MASK) {
|
||||||
|
case T_STR:
|
||||||
|
free(def->sd_un.str);
|
||||||
|
break;
|
||||||
|
case T_LIST:
|
||||||
|
(void)list_op(NULL, 0, def, freeall);
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
memset(&def->sd_un, 0, sizeof(def->sd_un));
|
||||||
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Set default options to compiled-in values.
|
* Set default options to compiled-in values.
|
||||||
* Any of these may be overridden at runtime by a "Defaults" file.
|
* Any of these may be overridden at runtime by a "Defaults" file.
|
||||||
@ -391,18 +405,8 @@ init_defaults(void)
|
|||||||
|
|
||||||
/* Clear any old settings. */
|
/* Clear any old settings. */
|
||||||
if (!firsttime) {
|
if (!firsttime) {
|
||||||
for (def = sudo_defs_table; def->name; def++) {
|
for (def = sudo_defs_table; def->name != NULL; def++)
|
||||||
switch (def->type & T_MASK) {
|
free_default(def);
|
||||||
case T_STR:
|
|
||||||
free(def->sd_un.str);
|
|
||||||
def->sd_un.str = NULL;
|
|
||||||
break;
|
|
||||||
case T_LIST:
|
|
||||||
(void)list_op(NULL, 0, def, freeall);
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
memset(&def->sd_un, 0, sizeof(def->sd_un));
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/* First initialize the flags. */
|
/* First initialize the flags. */
|
||||||
@ -714,8 +718,10 @@ check_defaults(int what, bool quiet)
|
|||||||
}
|
}
|
||||||
/* Don't actually set the defaults value, just checking. */
|
/* Don't actually set the defaults value, just checking. */
|
||||||
tmp = *cur;
|
tmp = *cur;
|
||||||
|
memset(&tmp.sd_un, 0, sizeof(&tmp.sd_un));
|
||||||
if (!set_default_entry(&tmp, def->val, def->op, quiet, false))
|
if (!set_default_entry(&tmp, def->val, def->op, quiet, false))
|
||||||
rc = false;
|
rc = false;
|
||||||
|
free_default(&tmp);
|
||||||
}
|
}
|
||||||
debug_return_bool(rc);
|
debug_return_bool(rc);
|
||||||
}
|
}
|
||||||
|
Loading…
x
Reference in New Issue
Block a user