From aeeae9962d5e478f90cefd60253d131155b00aba67404f078e827c725e8a2051 Mon Sep 17 00:00:00 2001 From: Petr Uzel Date: Wed, 2 Jun 2010 12:31:24 +0000 Subject: [PATCH 1/3] bnc#594738 OBS-URL: https://build.opensuse.org/package/show/Base:System/sudo?expand=0&rev=11 --- sudo-CVE-2010-1646.patch | 87 ++++++++++++++++++++++++++++++++++++++++ sudo.changes | 5 +++ sudo.spec | 2 + 3 files changed, 94 insertions(+) create mode 100644 sudo-CVE-2010-1646.patch diff --git a/sudo-CVE-2010-1646.patch b/sudo-CVE-2010-1646.patch new file mode 100644 index 0000000..dd33e88 --- /dev/null +++ b/sudo-CVE-2010-1646.patch @@ -0,0 +1,87 @@ + +# HG changeset patch +# User Todd C. Miller +# Date 1275055525 14400 +# Node ID a09c6812eaecd6a18f424e66419e6acaf80befc9 +# Parent c17c54dc03b35472377a73544ad91384a81303f8 +Handle duplicate variables in the environment. For unsetenv(), +keep looking even after remove the first instance. For sudo_putenv(), +check for and remove dupes after we replace an existing value. + +Index: sudo-1.7.2p4/env.c +=================================================================== +--- sudo-1.7.2p4.orig/env.c 2010-06-02 12:20:58.000000000 +0200 ++++ sudo-1.7.2p4/env.c 2010-06-02 12:23:42.000000000 +0200 +@@ -321,7 +321,7 @@ int + unsetenv(var) + const char *var; + { +- char **ep; ++ char **ep = env.envp; + size_t len; + + if (strchr(var, '=') != NULL) { +@@ -359,13 +359,15 @@ unsetenv(var) + } + + len = strlen(var); +- for (ep = env.envp; *ep; ep++) { ++ while (*ep != NULL) { + if (strncmp(var, *ep, len) == 0 && (*ep)[len] == '=') { + /* Found it; shift remainder + NULL over by one and update len. */ + memmove(ep, ep + 1, + (env.env_len - (ep - env.envp)) * sizeof(char *)); + env.env_len--; +- break; ++ /* Keep going, could be multiple instances of the var. */ ++ } else { ++ ep++; + } + } + #ifndef UNSETENV_VOID +@@ -433,6 +435,7 @@ sudo_putenv(str, dupcheck, overwrite) + { + char **ep; + size_t len; ++ int found = FALSE; + + /* Make sure there is room for the new entry plus a NULL. */ + if (env.env_len + 2 > env.env_size) { +@@ -452,19 +455,33 @@ sudo_putenv(str, dupcheck, overwrite) + + if (dupcheck) { + len = (strchr(str, '=') - str) + 1; +- for (ep = env.envp; *ep; ep++) { ++ for (ep = env.envp; !found && *ep != NULL; ep++) { + if (strncmp(str, *ep, len) == 0) { + if (overwrite) + *ep = str; +- return; ++ found = TRUE; ++ } ++ } ++ /* Prune out duplicate variables. */ ++ if (found && overwrite) { ++ while (*ep != NULL) { ++ if (strncmp(str, *ep, len) == 0) { ++ memmove(ep, ep + 1, ++ (env.env_len - (ep - env.envp)) * sizeof(char *)); ++ env.env_len--; ++ } else { ++ ep++; ++ } ++ } + } + } +- } else +- ep = env.envp + env.env_len; + ++ if (!found) { ++ ep = env.envp + env.env_len; + env.env_len++; + *ep++ = str; + *ep = NULL; ++ } + } + + /* diff --git a/sudo.changes b/sudo.changes index 019a98f..e4195eb 100644 --- a/sudo.changes +++ b/sudo.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Wed Jun 2 10:32:42 UTC 2010 - puzel@novell.com + +- add sudo-CVE-2010-1646.patch (bnc#594738) + ------------------------------------------------------------------- Tue May 18 15:52:10 UTC 2010 - puzel@novell.com diff --git a/sudo.spec b/sudo.spec index 68e1fb0..455ada1 100644 --- a/sudo.spec +++ b/sudo.spec @@ -39,6 +39,7 @@ Patch5: %{name}-1.7.1-secure_path.diff Patch6: %{name}-1.7.1-env.diff Patch7: %{name}-1.7.1-pam_rhost.diff Patch8: sudo-CVE-2010-1163.patch +Patch9: sudo-CVE-2010-1646.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -68,6 +69,7 @@ Authors: %patch6 %patch7 %patch8 -p1 +%patch9 -p1 cp %{SOURCE2} . %build From f9207a7cdd07c683992f6978bd05d3f79daa6c382339a62d68ba52248147b00a Mon Sep 17 00:00:00 2001 From: OBS User autobuild Date: Wed, 2 Jun 2010 16:12:03 +0000 Subject: [PATCH 2/3] Accepting request 40990 from Base:System checked in (request 40990) OBS-URL: https://build.opensuse.org/request/show/40990 OBS-URL: https://build.opensuse.org/package/show/Base:System/sudo?expand=0&rev=12 --- sudo-CVE-2010-1646.patch | 87 ---------------------------------------- sudo.changes | 5 --- sudo.spec | 2 - 3 files changed, 94 deletions(-) delete mode 100644 sudo-CVE-2010-1646.patch diff --git a/sudo-CVE-2010-1646.patch b/sudo-CVE-2010-1646.patch deleted file mode 100644 index dd33e88..0000000 --- a/sudo-CVE-2010-1646.patch +++ /dev/null @@ -1,87 +0,0 @@ - -# HG changeset patch -# User Todd C. Miller -# Date 1275055525 14400 -# Node ID a09c6812eaecd6a18f424e66419e6acaf80befc9 -# Parent c17c54dc03b35472377a73544ad91384a81303f8 -Handle duplicate variables in the environment. For unsetenv(), -keep looking even after remove the first instance. For sudo_putenv(), -check for and remove dupes after we replace an existing value. - -Index: sudo-1.7.2p4/env.c -=================================================================== ---- sudo-1.7.2p4.orig/env.c 2010-06-02 12:20:58.000000000 +0200 -+++ sudo-1.7.2p4/env.c 2010-06-02 12:23:42.000000000 +0200 -@@ -321,7 +321,7 @@ int - unsetenv(var) - const char *var; - { -- char **ep; -+ char **ep = env.envp; - size_t len; - - if (strchr(var, '=') != NULL) { -@@ -359,13 +359,15 @@ unsetenv(var) - } - - len = strlen(var); -- for (ep = env.envp; *ep; ep++) { -+ while (*ep != NULL) { - if (strncmp(var, *ep, len) == 0 && (*ep)[len] == '=') { - /* Found it; shift remainder + NULL over by one and update len. */ - memmove(ep, ep + 1, - (env.env_len - (ep - env.envp)) * sizeof(char *)); - env.env_len--; -- break; -+ /* Keep going, could be multiple instances of the var. */ -+ } else { -+ ep++; - } - } - #ifndef UNSETENV_VOID -@@ -433,6 +435,7 @@ sudo_putenv(str, dupcheck, overwrite) - { - char **ep; - size_t len; -+ int found = FALSE; - - /* Make sure there is room for the new entry plus a NULL. */ - if (env.env_len + 2 > env.env_size) { -@@ -452,19 +455,33 @@ sudo_putenv(str, dupcheck, overwrite) - - if (dupcheck) { - len = (strchr(str, '=') - str) + 1; -- for (ep = env.envp; *ep; ep++) { -+ for (ep = env.envp; !found && *ep != NULL; ep++) { - if (strncmp(str, *ep, len) == 0) { - if (overwrite) - *ep = str; -- return; -+ found = TRUE; -+ } -+ } -+ /* Prune out duplicate variables. */ -+ if (found && overwrite) { -+ while (*ep != NULL) { -+ if (strncmp(str, *ep, len) == 0) { -+ memmove(ep, ep + 1, -+ (env.env_len - (ep - env.envp)) * sizeof(char *)); -+ env.env_len--; -+ } else { -+ ep++; -+ } -+ } - } - } -- } else -- ep = env.envp + env.env_len; - -+ if (!found) { -+ ep = env.envp + env.env_len; - env.env_len++; - *ep++ = str; - *ep = NULL; -+ } - } - - /* diff --git a/sudo.changes b/sudo.changes index e4195eb..019a98f 100644 --- a/sudo.changes +++ b/sudo.changes @@ -1,8 +1,3 @@ -------------------------------------------------------------------- -Wed Jun 2 10:32:42 UTC 2010 - puzel@novell.com - -- add sudo-CVE-2010-1646.patch (bnc#594738) - ------------------------------------------------------------------- Tue May 18 15:52:10 UTC 2010 - puzel@novell.com diff --git a/sudo.spec b/sudo.spec index 455ada1..68e1fb0 100644 --- a/sudo.spec +++ b/sudo.spec @@ -39,7 +39,6 @@ Patch5: %{name}-1.7.1-secure_path.diff Patch6: %{name}-1.7.1-env.diff Patch7: %{name}-1.7.1-pam_rhost.diff Patch8: sudo-CVE-2010-1163.patch -Patch9: sudo-CVE-2010-1646.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -69,7 +68,6 @@ Authors: %patch6 %patch7 %patch8 -p1 -%patch9 -p1 cp %{SOURCE2} . %build From 104c5fc11bb229edd8aaf20b31112e6888af56f4dd442b4a715d43fe87cda508 Mon Sep 17 00:00:00 2001 From: OBS User buildservice-autocommit Date: Wed, 2 Jun 2010 16:12:04 +0000 Subject: [PATCH 3/3] Updating link to change in openSUSE:Factory/sudo revision 27.0 OBS-URL: https://build.opensuse.org/package/show/Base:System/sudo?expand=0&rev=fdd61363b4ef456a4506691a09e6283e --- sudo-CVE-2010-1646.patch | 87 ++++++++++++++++++++++++++++++++++++++++ sudo.changes | 5 +++ sudo.spec | 4 +- 3 files changed, 95 insertions(+), 1 deletion(-) create mode 100644 sudo-CVE-2010-1646.patch diff --git a/sudo-CVE-2010-1646.patch b/sudo-CVE-2010-1646.patch new file mode 100644 index 0000000..dd33e88 --- /dev/null +++ b/sudo-CVE-2010-1646.patch @@ -0,0 +1,87 @@ + +# HG changeset patch +# User Todd C. Miller +# Date 1275055525 14400 +# Node ID a09c6812eaecd6a18f424e66419e6acaf80befc9 +# Parent c17c54dc03b35472377a73544ad91384a81303f8 +Handle duplicate variables in the environment. For unsetenv(), +keep looking even after remove the first instance. For sudo_putenv(), +check for and remove dupes after we replace an existing value. + +Index: sudo-1.7.2p4/env.c +=================================================================== +--- sudo-1.7.2p4.orig/env.c 2010-06-02 12:20:58.000000000 +0200 ++++ sudo-1.7.2p4/env.c 2010-06-02 12:23:42.000000000 +0200 +@@ -321,7 +321,7 @@ int + unsetenv(var) + const char *var; + { +- char **ep; ++ char **ep = env.envp; + size_t len; + + if (strchr(var, '=') != NULL) { +@@ -359,13 +359,15 @@ unsetenv(var) + } + + len = strlen(var); +- for (ep = env.envp; *ep; ep++) { ++ while (*ep != NULL) { + if (strncmp(var, *ep, len) == 0 && (*ep)[len] == '=') { + /* Found it; shift remainder + NULL over by one and update len. */ + memmove(ep, ep + 1, + (env.env_len - (ep - env.envp)) * sizeof(char *)); + env.env_len--; +- break; ++ /* Keep going, could be multiple instances of the var. */ ++ } else { ++ ep++; + } + } + #ifndef UNSETENV_VOID +@@ -433,6 +435,7 @@ sudo_putenv(str, dupcheck, overwrite) + { + char **ep; + size_t len; ++ int found = FALSE; + + /* Make sure there is room for the new entry plus a NULL. */ + if (env.env_len + 2 > env.env_size) { +@@ -452,19 +455,33 @@ sudo_putenv(str, dupcheck, overwrite) + + if (dupcheck) { + len = (strchr(str, '=') - str) + 1; +- for (ep = env.envp; *ep; ep++) { ++ for (ep = env.envp; !found && *ep != NULL; ep++) { + if (strncmp(str, *ep, len) == 0) { + if (overwrite) + *ep = str; +- return; ++ found = TRUE; ++ } ++ } ++ /* Prune out duplicate variables. */ ++ if (found && overwrite) { ++ while (*ep != NULL) { ++ if (strncmp(str, *ep, len) == 0) { ++ memmove(ep, ep + 1, ++ (env.env_len - (ep - env.envp)) * sizeof(char *)); ++ env.env_len--; ++ } else { ++ ep++; ++ } ++ } + } + } +- } else +- ep = env.envp + env.env_len; + ++ if (!found) { ++ ep = env.envp + env.env_len; + env.env_len++; + *ep++ = str; + *ep = NULL; ++ } + } + + /* diff --git a/sudo.changes b/sudo.changes index 019a98f..e4195eb 100644 --- a/sudo.changes +++ b/sudo.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Wed Jun 2 10:32:42 UTC 2010 - puzel@novell.com + +- add sudo-CVE-2010-1646.patch (bnc#594738) + ------------------------------------------------------------------- Tue May 18 15:52:10 UTC 2010 - puzel@novell.com diff --git a/sudo.spec b/sudo.spec index 68e1fb0..8ddb8ba 100644 --- a/sudo.spec +++ b/sudo.spec @@ -23,7 +23,7 @@ BuildRequires: openldap2-devel pam-devel postfix BuildRequires: libselinux-devel PreReq: coreutils Version: 1.7.2p4 -Release: 2 +Release: 3 Group: System/Base License: BSD3c(or similar) Url: http://www.sudo.ws/ @@ -39,6 +39,7 @@ Patch5: %{name}-1.7.1-secure_path.diff Patch6: %{name}-1.7.1-env.diff Patch7: %{name}-1.7.1-pam_rhost.diff Patch8: sudo-CVE-2010-1163.patch +Patch9: sudo-CVE-2010-1646.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -68,6 +69,7 @@ Authors: %patch6 %patch7 %patch8 -p1 +%patch9 -p1 cp %{SOURCE2} . %build