mir/sudo
2
0
Fork 0
mirror of https://github.com/sudo-project/sudo.git synced 2025-08-31 06:15:37 +00:00
Code Issues Releases Wiki Activity

Fix evaluation of a tuple used in "true" boolean context.

Browse Source 
Previously, a tuple in boolean context was always treated as a
negated entry, which doesn't match the documentation.  We assume
that there are at least two tuple entries where the first maps to
boolean false and the second maps to boolean true.

--HG--
branch : 1.9
This commit is contained in:
Todd C. Miller
2023-12-15 14:57:59 -07:00
parent 80a2794b00
commit ae7dc397b4
1 changed files with 18 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
plugins/sudoers/defaults.c
View File

@@ -67,7 +67,7 @@ static int store_str(const char *str, struct sudo_defs_types *def);
static bool store_syslogfac(const char *str, struct sudo_defs_types *def);
static bool store_syslogpri(const char *str, struct sudo_defs_types *def);
static bool store_timeout(const char *str, struct sudo_defs_types *def);
static bool store_tuple(const char *str, struct sudo_defs_types *def);
static bool store_tuple(const char *str, struct sudo_defs_types *def, int op);
static bool store_uint(const char *str, struct sudo_defs_types *def);
static bool store_timespec(const char *str, struct sudo_defs_types *def);
static bool store_rlimit(const char *str, struct sudo_defs_types *def);
@@ -303,7 +303,7 @@ parse_default_entry(const struct sudoers_context *ctx,
rc = store_timeout(val, def);
break;
case T_TUPLE:
rc = store_tuple(val, def);
rc = store_tuple(val, def, op);
break;
case T_TIMESPEC:
rc = store_timespec(val, def);
@@ -593,8 +593,8 @@ init_defaults(void)
#endif
/* Password flags also have a string and integer component. */
(void) store_tuple("any", &sudo_defs_table[I_LISTPW]);
(void) store_tuple("all", &sudo_defs_table[I_VERIFYPW]);
(void) store_tuple("any", &sudo_defs_table[I_LISTPW], 0);
(void) store_tuple("all", &sudo_defs_table[I_VERIFYPW], 0);
/* Then initialize the int-like things. */
#ifdef SUDO_UMASK
@@ -1013,18 +1013,28 @@ store_timespec(const char *str, struct sudo_defs_types *def)
}
static bool
store_tuple(const char *str, struct sudo_defs_types *def)
store_tuple(const char *str, struct sudo_defs_types *def, int op)
{
struct def_values *v;
debug_decl(store_tuple, SUDOERS_DEBUG_DEFAULTS);
/*
* Look up tuple value by name to find enum def_tuple value.
* For negation to work the first element of enum def_tuple
* must be equivalent to boolean false.
* A tuple must have at least two possible values.
*/
if (str == NULL) {
def->sd_un.ival = 0;
/*
* Boolean context: true maps to values[1], false maps to values[0].
*/
if (op == true) {
v = &def->values[1];
def->sd_un.ival = v->nval;
} else if (op == false) {
v = &def->values[0];
def->sd_un.ival = v->nval;
} else {
debug_return_bool(false);
}
} else {
for (v = def->values; v->sval != NULL; v++) {
if (strcmp(v->sval, str) == 0) {