From: Jeroen van Wolffelaar <jeroen@wolffelaar.nl>
Date: Wed, 29 Jun 2005 01:36:10 +0000 (+0200)
Subject: Imported Debian patch 1.6.8p7-1.1sarge1
X-Git-Tag: debian/1.6.8p7-1.1sarge1^0
X-Git-Url: https://git.gag.com/?a=commitdiff_plain;h=74c4b9717977149460d530497690504fdbba7a47;p=debian%2Fsudo

Imported Debian patch 1.6.8p7-1.1sarge1
---

diff --git a/config.guess b/config.guess
index 9c292ea..45bee13 100644
--- a/config.guess
+++ b/config.guess
@@ -3,7 +3,7 @@
 #   Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
 #   2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation, Inc.
 
-timestamp='2005-03-24'
+timestamp='2005-04-22'
 
 # This file is free software; you can redistribute it and/or modify it
 # under the terms of the GNU General Public License as published by
@@ -1140,6 +1140,10 @@ EOF
 	# From seanf@swdc.stratus.com.
 	echo i860-stratus-sysv4
 	exit 0 ;;
+    i*86:VOS:*:*)
+	# From Paul.Green@stratus.com.
+	echo ${UNAME_MACHINE}-stratus-vos
+	exit 0 ;;
     *:VOS:*:*)
 	# From Paul.Green@stratus.com.
 	echo hppa1.1-stratus-vos
diff --git a/config.sub b/config.sub
index d8fd2f8..87a1ee4 100755
--- a/config.sub
+++ b/config.sub
@@ -3,7 +3,7 @@
 #   Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
 #   2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation, Inc.
 
-timestamp='2005-02-10'
+timestamp='2005-04-22'
 
 # This file is (in principle) common to ALL GNU software.
 # The presence of a machine in this file suggests that SOME GNU software
@@ -231,6 +231,7 @@ case $basic_machine in
 	| alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] | alpha64pca5[67] \
 	| am33_2.0 \
 	| arc | arm | arm[bl]e | arme[lb] | armv[2345] | armv[345][lb] | avr \
+	| bfin \
 	| c4x | clipper \
 	| d10v | d30v | dlx | dsp16xx \
 	| fr30 | frv \
@@ -262,7 +263,8 @@ case $basic_machine in
 	| pyramid \
 	| sh | sh[1234] | sh[23]e | sh[34]eb | shbe | shle | sh[1234]le | sh3ele \
 	| sh64 | sh64le \
-	| sparc | sparc64 | sparc86x | sparclet | sparclite | sparcv8 | sparcv9 | sparcv9b \
+	| sparc | sparc64 | sparc64b | sparc86x | sparclet | sparclite \
+	| sparcv8 | sparcv9 | sparcv9b \
 	| strongarm \
 	| tahoe | thumb | tic4x | tic80 | tron \
 	| v850 | v850e \
@@ -298,7 +300,7 @@ case $basic_machine in
 	| alphapca5[67]-* | alpha64pca5[67]-* | arc-* \
 	| arm-*  | armbe-* | armle-* | armeb-* | armv*-* \
 	| avr-* \
-	| bs2000-* \
+	| bfin-* | bs2000-* \
 	| c[123]* | c30-* | [cjt]90-* | c4x-* | c54x-* | c55x-* | c6x-* \
 	| clipper-* | craynv-* | cydra-* \
 	| d10v-* | d30v-* | dlx-* \
@@ -336,7 +338,8 @@ case $basic_machine in
 	| romp-* | rs6000-* \
 	| sh-* | sh[1234]-* | sh[23]e-* | sh[34]eb-* | shbe-* \
 	| shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \
-	| sparc-* | sparc64-* | sparc86x-* | sparclet-* | sparclite-* \
+	| sparc-* | sparc64-* | sparc64b-* | sparc86x-* | sparclet-* \
+	| sparclite-* \
 	| sparcv8-* | sparcv9-* | sparcv9b-* | strongarm-* | sv1-* | sx?-* \
 	| tahoe-* | thumb-* \
 	| tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* \
diff --git a/debian/changelog b/debian/changelog
index ca5dd56..ef1242a 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+sudo (1.6.8p7-1.1sarge1) stable-security; urgency=high
+
+  * Security upload
+  * Fix race condition in pathname validation [CAN-2005-1993]
+    (Closes: #315115)
+
+ -- Jeroen van Wolffelaar <jeroen@wolffelaar.nl>  Wed, 29 Jun 2005 03:36:10 +0200
+
 sudo (1.6.8p7-1.1) unstable; urgency=high
 
   * Non-maintainer upload.
diff --git a/ldap.c b/ldap.c
index b5ecc44..a202fb2 100644
--- a/ldap.c
+++ b/ldap.c
@@ -278,8 +278,6 @@ int sudo_ldap_check_command(ld,entry)
     /* Match against ALL ? */
     if (!strcasecmp(*p,"ALL")) {
       ret=1;
-      if (safe_cmnd) free (safe_cmnd);
-      safe_cmnd=estrdup(user_cmnd);
       if (ldap_conf.debug>1) printf(" MATCH!\n");
       continue;
     }
diff --git a/parse.yacc b/parse.yacc
index c74125b..46dce22 100644
--- a/parse.yacc
+++ b/parse.yacc
@@ -676,10 +676,6 @@ cmnd		:	ALL {
 			    }
 
 			    $$ = TRUE;
-
-			    if (safe_cmnd)
-				free(safe_cmnd);
-			    safe_cmnd = estrdup(user_cmnd);
 			}
 		|	ALIAS {
 			    aliasinfo *aip;
diff --git a/sudo.c b/sudo.c
index 31edb65..3313b00 100644
--- a/sudo.c
+++ b/sudo.c
@@ -275,6 +275,8 @@ main(argc, argv, envp)
 	/* Validate the user but don't search for pseudo-commands. */
 	validated = sudoers_lookup(pwflag);
     }
+    if (safe_cmnd == NULL)
+	safe_cmnd = user_cmnd;
 
     /*
      * If we are using set_perms_posix() and the stay_setuid flag was not set,
@@ -391,14 +393,6 @@ main(argc, argv, envp)
 	    exit(0);
 	}
 
-	/* This *must* have been set if we got a match but... */
-	if (safe_cmnd == NULL) {
-	    log_error(MSG_ONLY,
-		"internal error, safe_cmnd never got set for %s; %s",
-		user_cmnd,
-		"please report this error at http://courtesan.com/sudo/bugs/");
-	}
-
 	/* Override user's umask if configured to do so. */
 	if (def_umask != 0777)
 	    (void) umask(def_umask);
@@ -901,10 +895,10 @@ check_sudoers()
 	    (statbuf.st_mode & 07777), SUDOERS_MODE);
     else if (statbuf.st_uid != SUDOERS_UID)
 	log_error(0, "%s is owned by uid %lu, should be %lu", _PATH_SUDOERS,
-	    (unsigned long) statbuf.st_uid, SUDOERS_UID);
+	    (unsigned long) statbuf.st_uid, (unsigned long) SUDOERS_UID);
     else if (statbuf.st_gid != SUDOERS_GID)
 	log_error(0, "%s is owned by gid %lu, should be %lu", _PATH_SUDOERS,
-	    (unsigned long) statbuf.st_gid, SUDOERS_GID);
+	    (unsigned long) statbuf.st_gid, (unsigned long) SUDOERS_GID);
     else {
 	/* Solaris sometimes returns EAGAIN so try 10 times */
 	for (i = 0; i < 10 ; i++) {
@@ -1086,7 +1080,7 @@ get_authpw()
     } else if (def_targetpw) {
 	if (runas_pw->pw_name == NULL)
 	    log_error(NO_MAIL|MSG_ONLY, "no passwd entry for %lu!",
-		runas_pw->pw_uid);
+		(unsigned long) runas_pw->pw_uid);
 	pw = runas_pw;
     } else
 	pw = sudo_user.pw;
diff --git a/sudo.tab.c b/sudo.tab.c
index 7ec3357..1bd3a18 100644
--- a/sudo.tab.c
+++ b/sudo.tab.c
@@ -4,7 +4,7 @@ static char yyrcsid[]
 #if __GNUC__ >= 2
   __attribute__ ((unused))
 #endif /* __GNUC__ >= 2 */
-  = "$OpenBSD: skeleton.c,v 1.23 2004/03/12 13:39:50 henning Exp $";
+  = "$OpenBSD: skeleton.c,v 1.24 2005/06/10 16:40:45 pvalchev Exp $";
 #endif
 #include <stdlib.h>
 #define YYBYACC 1
@@ -89,7 +89,7 @@ static char yyrcsid[]
 #endif /* HAVE_LSEARCH */
 
 #ifndef lint
-static const char rcsid[] = "$Sudo: sudo.tab.c,v 1.76 2004/08/11 18:29:36 millert Exp $";
+static const char rcsid[] = "$Sudo: parse.yacc,v 1.204 2004/08/11 18:29:10 millert Exp $";
 #endif /* lint */
 
 /*
@@ -674,7 +674,7 @@ short *yyss;
 short *yysslim;
 YYSTYPE *yyvs;
 int yystacksize;
-#line 890 "parse.yacc"
+#line 886 "parse.yacc"
 
 #define MOREALIASES (32)
 aliasinfo *aliases = NULL;
@@ -1740,14 +1740,10 @@ case 60:
 			    }
 
 			    yyval.BOOLEAN = TRUE;
-
-			    if (safe_cmnd)
-				free(safe_cmnd);
-			    safe_cmnd = estrdup(user_cmnd);
 			}
 break;
 case 61:
-#line 684 "parse.yacc"
+#line 680 "parse.yacc"
 {
 			    aliasinfo *aip;
 
@@ -1779,7 +1775,7 @@ case 61:
 			}
 break;
 case 62:
-#line 713 "parse.yacc"
+#line 709 "parse.yacc"
 {
 			    if (printmatches == TRUE) {
 				if (in_alias == TRUE) {
@@ -1807,11 +1803,11 @@ case 62:
 			}
 break;
 case 65:
-#line 744 "parse.yacc"
+#line 740 "parse.yacc"
 { push; }
 break;
 case 66:
-#line 744 "parse.yacc"
+#line 740 "parse.yacc"
 {
 			    if ((MATCHED(host_matches) || pedantic) &&
 				!add_alias(yyvsp[-3].string, HOST_ALIAS, host_matches)) {
@@ -1822,7 +1818,7 @@ case 66:
 			}
 break;
 case 71:
-#line 762 "parse.yacc"
+#line 758 "parse.yacc"
 {
 			    push;
 			    if (printmatches == TRUE) {
@@ -1835,7 +1831,7 @@ case 71:
 			}
 break;
 case 72:
-#line 771 "parse.yacc"
+#line 767 "parse.yacc"
 {
 			    if ((MATCHED(cmnd_matches) || pedantic) &&
 				!add_alias(yyvsp[-3].string, CMND_ALIAS, cmnd_matches)) {
@@ -1850,11 +1846,11 @@ case 72:
 			}
 break;
 case 73:
-#line 785 "parse.yacc"
+#line 781 "parse.yacc"
 { ; }
 break;
 case 77:
-#line 793 "parse.yacc"
+#line 789 "parse.yacc"
 {
 			    if (printmatches == TRUE) {
 				in_alias = TRUE;
@@ -1866,7 +1862,7 @@ case 77:
 			}
 break;
 case 78:
-#line 801 "parse.yacc"
+#line 797 "parse.yacc"
 {
 			    if ((yyvsp[0].BOOLEAN != NOMATCH || pedantic) &&
 				!add_alias(yyvsp[-3].string, RUNAS_ALIAS, yyvsp[0].BOOLEAN)) {
@@ -1880,11 +1876,11 @@ case 78:
 			}
 break;
 case 81:
-#line 818 "parse.yacc"
+#line 814 "parse.yacc"
 { push; }
 break;
 case 82:
-#line 818 "parse.yacc"
+#line 814 "parse.yacc"
 {
 			    if ((MATCHED(user_matches) || pedantic) &&
 				!add_alias(yyvsp[-3].string, USER_ALIAS, user_matches)) {
@@ -1896,19 +1892,19 @@ case 82:
 			}
 break;
 case 85:
-#line 833 "parse.yacc"
+#line 829 "parse.yacc"
 {
 			    SETMATCH(user_matches, yyvsp[0].BOOLEAN);
 			}
 break;
 case 86:
-#line 836 "parse.yacc"
+#line 832 "parse.yacc"
 {
 			    SETNMATCH(user_matches, yyvsp[0].BOOLEAN);
 			}
 break;
 case 87:
-#line 841 "parse.yacc"
+#line 837 "parse.yacc"
 {
 			    if (userpw_matches(yyvsp[0].string, user_name, sudo_user.pw))
 				yyval.BOOLEAN = TRUE;
@@ -1918,7 +1914,7 @@ case 87:
 			}
 break;
 case 88:
-#line 848 "parse.yacc"
+#line 844 "parse.yacc"
 {
 			    if (usergr_matches(yyvsp[0].string, user_name, sudo_user.pw))
 				yyval.BOOLEAN = TRUE;
@@ -1928,7 +1924,7 @@ case 88:
 			}
 break;
 case 89:
-#line 855 "parse.yacc"
+#line 851 "parse.yacc"
 {
 			    if (netgr_matches(yyvsp[0].string, NULL, NULL, user_name))
 				yyval.BOOLEAN = TRUE;
@@ -1938,7 +1934,7 @@ case 89:
 			}
 break;
 case 90:
-#line 862 "parse.yacc"
+#line 858 "parse.yacc"
 {
 			    aliasinfo *aip = find_alias(yyvsp[0].string, USER_ALIAS);
 
@@ -1963,12 +1959,12 @@ case 90:
 			}
 break;
 case 91:
-#line 884 "parse.yacc"
+#line 880 "parse.yacc"
 {
 			    yyval.BOOLEAN = TRUE;
 			}
 break;
-#line 1920 "sudo.tab.c"
+#line 1916 "sudo.tab.c"
     }
     yyssp -= yym;
     yystate = *yyssp;