mir/sudo
2
0
Fork 0
mirror of https://github.com/sudo-project/sudo.git synced 2025-08-31 22:35:10 +00:00
Code Issues Releases Wiki Activity

Limit max_groups in sudo.conf to 1024.

Browse Source 
The max_groups setting should no longer be needed anyway.
This commit is contained in:
Todd C. Miller
2021-02-16 12:37:23 -07:00
parent df91e15b82
commit a18b2a9ddf
4 changed files with 8 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
doc/sudo.conf.man.in
View File

@@ -2,7 +2,7 @@
.\" .\"
.\" SPDX-License-Identifier: ISC .\" SPDX-License-Identifier: ISC
.\" .\"
.\" Copyright (c) 2010-2020 Todd C. Miller <Todd.Miller@sudo.ws> .\" Copyright (c) 2010-2021 Todd C. Miller <Todd.Miller@sudo.ws>
.\" .\"
.\" Permission to use, copy, modify, and distribute this software for any .\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above .\" purpose with or without fee is hereby granted, provided that the above
@@ -17,7 +17,7 @@
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\" .\"
.nr SL @SEMAN@ .nr SL @SEMAN@
.TH "SUDO.CONF" "@mansectform@" "December 5, 2020" "Sudo @PACKAGE_VERSION@" "File Formats Manual" .TH "SUDO.CONF" "@mansectform@" "February 16, 2021" "Sudo @PACKAGE_VERSION@" "File Formats Manual"
.nh .nh
.if n .ad l .if n .ad l
.SH "NAME" .SH "NAME"
@@ -496,7 +496,7 @@ version 1.8.7 and higher.
.TP 10n .TP 10n
max_groups max_groups
The maximum number of user groups to retrieve from the group database. The maximum number of user groups to retrieve from the group database.
Values less than one will be ignored. Values less than one or larger than 1024 will be ignored.
This setting is only used when querying the group database directly. This setting is only used when querying the group database directly.
It is intended to be used on systems where it is not possible to detect It is intended to be used on systems where it is not possible to detect
when the array to be populated with group entries is not sufficiently large. when the array to be populated with group entries is not sufficiently large.

6
doc/sudo.conf.mdoc.in
View File

@@ -1,7 +1,7 @@
.\" .\"
.\" SPDX-License-Identifier: ISC .\" SPDX-License-Identifier: ISC
.\" .\"
.\" Copyright (c) 2010-2020 Todd C. Miller <Todd.Miller@sudo.ws> .\" Copyright (c) 2010-2021 Todd C. Miller <Todd.Miller@sudo.ws>
.\" .\"
.\" Permission to use, copy, modify, and distribute this software for any .\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above .\" purpose with or without fee is hereby granted, provided that the above
@@ -16,7 +16,7 @@
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\" .\"
.nr SL @SEMAN@ .nr SL @SEMAN@
.Dd December 5, 2020 .Dd February 16, 2021
.Dt SUDO.CONF @mansectform@ .Dt SUDO.CONF @mansectform@
.Os Sudo @PACKAGE_VERSION@ .Os Sudo @PACKAGE_VERSION@
.Sh NAME .Sh NAME
@@ -453,7 +453,7 @@ This setting is only available in
version 1.8.7 and higher. version 1.8.7 and higher.
.It max_groups .It max_groups
The maximum number of user groups to retrieve from the group database. The maximum number of user groups to retrieve from the group database.
Values less than one will be ignored. Values less than one or larger than 1024 will be ignored.
This setting is only used when querying the group database directly. This setting is only used when querying the group database directly.
It is intended to be used on systems where it is not possible to detect It is intended to be used on systems where it is not possible to detect
when the array to be populated with group entries is not sufficiently large. when the array to be populated with group entries is not sufficiently large.

2
lib/util/sudo_conf.c
View File

@@ -431,7 +431,7 @@ set_var_max_groups(const char *strval, const char *conf_file,
int max_groups; int max_groups;
debug_decl(set_var_max_groups, SUDO_DEBUG_UTIL); debug_decl(set_var_max_groups, SUDO_DEBUG_UTIL);
max_groups = sudo_strtonum(strval, 1, INT_MAX, NULL); max_groups = sudo_strtonum(strval, 1, 1024, NULL);
if (max_groups <= 0) { if (max_groups <= 0) {
sudo_warnx(U_("invalid max groups \"%s\" in %s, line %u"), strval, sudo_warnx(U_("invalid max groups \"%s\" in %s, line %u"), strval,
conf_file, lineno); conf_file, lineno);

2
plugins/sudoers/policy.c
View File

@@ -319,7 +319,7 @@ sudoers_policy_deserialize_info(void *v)
if (MATCHES(*cur, "max_groups=")) { if (MATCHES(*cur, "max_groups=")) {
errno = 0; errno = 0;
p = *cur + sizeof("max_groups=") - 1; p = *cur + sizeof("max_groups=") - 1;
sudo_user.max_groups = sudo_strtonum(p, 1, INT_MAX, &errstr); sudo_user.max_groups = sudo_strtonum(p, 1, 1024, &errstr);
if (sudo_user.max_groups == 0) { if (sudo_user.max_groups == 0) {
sudo_warnx(U_("%s: %s"), *cur, U_(errstr)); sudo_warnx(U_("%s: %s"), *cur, U_(errstr));
goto bad; goto bad;