pool/sudo
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
c942c5ab82
sudo/sudo-1.8.6p3-CVE-2013-1775.patch
Vítězslav Čížek c942c5ab82 Accepting request 156969 from home:vitezslav_cizek:branches:Base:System 
- added two security fixes:
  * CVE-2013-1775 (bnc#806919)
    + sudo-1.8.6p3-CVE-2013-1775.patch
  * CVE-2013-1776 (bnc#806921)
    + sudo-1.8.6p3-CVE-2013-1776.patch

OBS-URL: https://build.opensuse.org/request/show/156969
OBS-URL: https://build.opensuse.org/package/show/Base:System/sudo?expand=0&rev=51
2013-03-01 12:07:40 +00:00

69 lines
2.4 KiB
Diff
Raw Blame History

63210a2b8f2f199b521f6c8213bb29775c09375c
plugins/sudoers/check.c | 53 +++++++++++++++++++++++++----------------------
1 file changed, 28 insertions(+), 25 deletions(-)
Index: sudo-1.8.6p3/plugins/sudoers/check.c
===================================================================
--- sudo-1.8.6p3.orig/plugins/sudoers/check.c 2012-09-18 15:56:29.000000000 +0200
+++ sudo-1.8.6p3/plugins/sudoers/check.c 2013-03-01 12:10:34.285863069 +0100
@@ -627,31 +627,34 @@ timestamp_status(char *timestampdir, cha
*/
if (status == TS_OLD && !ISSET(flags, TS_REMOVE)) {
mtim_get(&sb, &mtime);
- /* Negative timeouts only expire manually (sudo -k). */
- if (def_timestamp_timeout < 0 && mtime.tv_sec != 0)
- status = TS_CURRENT;
- else {
- now = time(NULL);
- if (def_timestamp_timeout &&
- now - mtime.tv_sec < 60 * def_timestamp_timeout) {
- /*
- * Check for bogus time on the stampfile. The clock may
- * have been set back or someone could be trying to spoof us.
- */
- if (mtime.tv_sec > now + 60 * def_timestamp_timeout * 2) {
- time_t tv_sec = (time_t)mtime.tv_sec;
- log_error(0,
- _("timestamp too far in the future: %20.20s"),
- 4 + ctime(&tv_sec));
- if (timestampfile)
- (void) unlink(timestampfile);
- else
- (void) rmdir(timestampdir);
- status = TS_MISSING;
- } else if (get_boottime(&boottime) && timevalcmp(&mtime, &boottime, <)) {
- status = TS_OLD;
- } else {
- status = TS_CURRENT;
+ if (timevalisset(&mtime)) {
+ /* Negative timeouts only expire manually (sudo -k). */
+ if (def_timestamp_timeout < 0) {
+ status = TS_CURRENT;
+ } else {
+ now = time(NULL);
+ if (def_timestamp_timeout &&
+ now - mtime.tv_sec < 60 * def_timestamp_timeout) {
+ /*
+ * Check for bogus time on the stampfile. The clock may
+ * have been set back or user could be trying to spoof us.
+ */
+ if (mtime.tv_sec > now + 60 * def_timestamp_timeout * 2) {
+ time_t tv_sec = (time_t)mtime.tv_sec;
+ log_error(0,
+ _("timestamp too far in the future: %20.20s"),
+ 4 + ctime(&tv_sec));
+ if (timestampfile)
+ (void) unlink(timestampfile);
+ else
+ (void) rmdir(timestampdir);
+ status = TS_MISSING;
+ } else if (get_boottime(&boottime) &&
+ timevalcmp(&mtime, &boottime, <)) {
+ status = TS_OLD;
+ } else {
+ status = TS_CURRENT;
+ }
}
}
}
Reference in New Issue View Git Blame Copy Permalink