blob: 6c48e4cf14cafeca3a4dd8e574d68e8442f549be (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
|
# HG changeset patch
# User Todd C. Miller <Todd.Miller@courtesan.com>
# Date 1452556552 25200
# Node ID 0cd3cc8fa19565d3f7eb7d960f6ba5da0dec4889
# Parent 4d2c1761c75245fb88ce397d68bea10afea9c037
Silence warning in digest_matches() on systems with no fexecve(2).
Reference to upstream patch:
https://www.sudo.ws/repos/sudo/raw-rev/0cd3cc8fa195
CVE: CVE-2015-8239
Upstream-Status: Backport
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
---
diff -r 4d2c1761c752 -r 0cd3cc8fa195 plugins/sudoers/match.c
--- a/plugins/sudoers/match.c Mon Jan 11 16:52:52 2016 -0700
+++ b/plugins/sudoers/match.c Mon Jan 11 16:55:52 2016 -0700
@@ -590,8 +590,10 @@
unsigned char sudoers_digest[SHA512_DIGEST_LENGTH];
unsigned char buf[32 * 1024];
struct digest_function *func = NULL;
+#ifdef HAVE_FEXECVE
bool first = true;
bool is_script = false;
+#endif /* HAVE_FEXECVE */
size_t nread;
SHA2_CTX ctx;
FILE *fp;
@@ -635,12 +637,14 @@
func->init(&ctx);
while ((nread = fread(buf, 1, sizeof(buf), fp)) != 0) {
+#ifdef HAVE_FEXECVE
/* Check for #! cookie and set is_script. */
if (first) {
first = false;
if (nread >= 2 && buf[0] == '#' && buf[1] == '!')
is_script = true;
}
+#endif /* HAVE_FEXECVE */
func->update(&ctx, buf, nread);
}
if (ferror(fp)) {
|
