From e1e704e581269e6f353071e6efe6cf766644c207 Mon Sep 17 00:00:00 2001 From: Bdale Garbee Date: Thu, 11 Mar 2010 11:49:48 -0700 Subject: [PATCH] Imported Upstream version 1.7.2p5 --- ChangeLog | 35 +++++++++++++++++++++++ LICENSE | 2 +- aix.c | 43 ++++++++++++++++++---------- config.h.in | 3 ++ configure | 20 ++++++------- configure.in | 6 ++-- logging.c | 19 +++++++------ match.c | 2 +- parse.c | 8 ++++-- sudo.cat | 20 ++++++------- sudo.man.in | 2 +- sudoers.cat | 50 ++++++++++++++++----------------- sudoers.ldap.cat | 24 ++++++++-------- sudoers.ldap.man.in | 2 +- sudoers.man.in | 2 +- toke.c | 68 ++++++++++++++++++++++----------------------- toke.l | 8 ++---- visudo.cat | 6 ++-- visudo.man.in | 2 +- 19 files changed, 186 insertions(+), 136 deletions(-) diff --git a/ChangeLog b/ChangeLog index 8a5a0aa..6ed7972 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,38 @@ +2010-02-22 Todd C. Miller + + * match.c: Check for pseudo-command by looking at the first + character of the command in sudoers instead of checking the + user-supplied command for a slash. + +2010-02-09 Todd C. Miller + + * toke.l: Fix size arg when realloc()ing include stack. + From Daniel Kopecek + + * toke.l: Avoid a duplicate fclose() of the sudoers file. + +2010-02-06 Todd C. Miller + + * aix.c, config.h.in, configure, configure.in: Use setrlimit64(), + if available, instead of setrlimit() when setting AIX resource + limits since rlim_t is 32bits. + + * logging.c: Fix use after free when sending error messages. + From Timo Juhani Lindfors + +2009-12-17 15:02 millert + + * parse.c: Fix printing of entries with multiple host entries on + a single line. + +2009-12-09 16:05 millert + + * logging.c: fix typo in last commit + +2009-12-08 22:19 millert + + * logging.c: Convert fmt_first and fmt_confd into macros. + 2009-11-23 10:56 millert * match.c: cmnd_matches() already deals with negation so diff --git a/LICENSE b/LICENSE index 0632e0b..2643bc4 100644 --- a/LICENSE +++ b/LICENSE @@ -1,6 +1,6 @@ Sudo is distributed under the following ISC-style license: - Copyright (c) 1994-1996, 1998-2009 + Copyright (c) 1994-1996, 1998-2010 Todd C. Miller Permission to use, copy, modify, and distribute this software for any diff --git a/aix.c b/aix.c index 5897b6f..0b604f5 100644 --- a/aix.c +++ b/aix.c @@ -38,8 +38,15 @@ __unused static const char rcsid[] = "$Sudo: aix.c,v 1.7 2008/11/06 00:42:37 mil #ifdef HAVE_GETUSERATTR +#ifndef HAVE_SETRLIMIT64 +# define setrlimit64(a, b) setrlimit(a, b) +# define rlimit64 rlimit +# define rlim64_t rlim_t +# define RLIM64_INFINITY RLIM_INFINITY +#endif /* HAVE_SETRLIMIT64 */ + #ifndef RLIM_SAVED_MAX -# define RLIM_SAVED_MAX RLIM_INFINITY +# define RLIM_SAVED_MAX RLIM64_INFINITY #endif struct aix_limit { @@ -63,10 +70,15 @@ static int aix_getlimit(user, lim, valp) char *user; char *lim; - int *valp; + rlim64_t *valp; { - if (getuserattr(user, lim, valp, SEC_INT) != 0) - return getuserattr("default", lim, valp, SEC_INT); + int val; + + if (getuserattr(user, lim, &val, SEC_INT) != 0 && + getuserattr("default", lim, &val, SEC_INT) != 0) { + return(-1); + } + *valp = val; return(0); } @@ -74,28 +86,29 @@ void aix_setlimits(user) char *user; { - struct rlimit rlim; - int i, n; + struct rlimit64 rlim; + rlim64_t val; + int n; /* * For each resource limit, get the soft/hard values for the user - * and set those values via setrlimit(). Must be run as euid 0. + * and set those values via setrlimit64(). Must be run as euid 0. */ for (n = 0; n < sizeof(aix_limits) / sizeof(aix_limits[0]); n++) { /* * We have two strategies, depending on whether or not the * hard limit has been defined. */ - if (aix_getlimit(user, aix_limits[n].hard, &i) == 0) { - rlim.rlim_max = i == -1 ? RLIM_INFINITY : i * aix_limits[n].factor; - if (aix_getlimit(user, aix_limits[n].soft, &i) == 0) - rlim.rlim_cur = i == -1 ? RLIM_INFINITY : i * aix_limits[n].factor; + if (aix_getlimit(user, aix_limits[n].hard, &val) == 0) { + rlim.rlim_max = val == -1 ? RLIM64_INFINITY : val * aix_limits[n].factor; + if (aix_getlimit(user, aix_limits[n].soft, &val) == 0) + rlim.rlim_cur = val == -1 ? RLIM64_INFINITY : val * aix_limits[n].factor; else rlim.rlim_cur = rlim.rlim_max; /* soft not specd, use hard */ } else { /* No hard limit set, try soft limit. */ - if (aix_getlimit(user, aix_limits[n].soft, &i) == 0) - rlim.rlim_cur = i == -1 ? RLIM_INFINITY : i * aix_limits[n].factor; + if (aix_getlimit(user, aix_limits[n].soft, &val) == 0) + rlim.rlim_cur = val == -1 ? RLIM64_INFINITY : val * aix_limits[n].factor; /* Set hard limit per AIX /etc/security/limits documentation. */ switch (aix_limits[n].resource) { @@ -107,11 +120,11 @@ aix_setlimits(user) rlim.rlim_max = RLIM_SAVED_MAX; break; default: - rlim.rlim_max = RLIM_INFINITY; + rlim.rlim_max = RLIM64_INFINITY; break; } } - (void)setrlimit(aix_limits[n].resource, &rlim); + (void)setrlimit64(aix_limits[n].resource, &rlim); } } diff --git a/config.h.in b/config.h.in index 18698f4..950dae5 100644 --- a/config.h.in +++ b/config.h.in @@ -366,6 +366,9 @@ /* Define to 1 if you have the `setrlimit' function. */ #undef HAVE_SETRLIMIT +/* Define to 1 if you have the `setrlimit64' function. */ +#undef HAVE_SETRLIMIT64 + /* Define to 1 if you have the `setsid' function. */ #undef HAVE_SETSID diff --git a/configure b/configure index b9e0fdd..06d55dc 100755 --- a/configure +++ b/configure @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.61 for sudo 1.7.2p2. +# Generated by GNU Autoconf 2.61 for sudo 1.7.2p5. # # Report bugs to . # @@ -724,8 +724,8 @@ SHELL=${CONFIG_SHELL-/bin/sh} # Identity of this package. PACKAGE_NAME='sudo' PACKAGE_TARNAME='sudo' -PACKAGE_VERSION='1.7.2p2' -PACKAGE_STRING='sudo 1.7.2p2' +PACKAGE_VERSION='1.7.2p5' +PACKAGE_STRING='sudo 1.7.2p5' PACKAGE_BUGREPORT='http://www.sudo.ws/bugs/' # Factoring default headers for most tests. @@ -1417,7 +1417,7 @@ if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures sudo 1.7.2p2 to adapt to many kinds of systems. +\`configure' configures sudo 1.7.2p5 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1482,7 +1482,7 @@ fi if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of sudo 1.7.2p2:";; + short | recursive ) echo "Configuration of sudo 1.7.2p5:";; esac cat <<\_ACEOF @@ -1684,7 +1684,7 @@ fi test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -sudo configure 1.7.2p2 +sudo configure 1.7.2p5 generated by GNU Autoconf 2.61 Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001, @@ -1698,7 +1698,7 @@ cat >config.log <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by sudo $as_me 1.7.2p2, which was +It was created by sudo $as_me 1.7.2p5, which was generated by GNU Autoconf 2.61. Invocation command line was $ $0 $@ @@ -15833,7 +15833,7 @@ LIBS=$ac_save_LIBS for ac_func in strchr strrchr memchr memcpy memset sysconf tzset \ strftime setrlimit initgroups getgroups fstat gettimeofday \ - setlocale getaddrinfo setsid setenv + setlocale getaddrinfo setsid setenv setrlimit64 do as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` { echo "$as_me:$LINENO: checking for $ac_func" >&5 @@ -24558,7 +24558,7 @@ exec 6>&1 # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by sudo $as_me 1.7.2p2, which was +This file was extended by sudo $as_me 1.7.2p5, which was generated by GNU Autoconf 2.61. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -24607,7 +24607,7 @@ Report bugs to ." _ACEOF cat >>$CONFIG_STATUS <<_ACEOF ac_cs_version="\\ -sudo config.status 1.7.2p2 +sudo config.status 1.7.2p5 configured by $0, generated by GNU Autoconf 2.61, with options \\"`echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`\\" diff --git a/configure.in b/configure.in index f9a7d31..81302b5 100644 --- a/configure.in +++ b/configure.in @@ -2,9 +2,9 @@ dnl dnl Process this file with GNU autoconf to produce a configure script. dnl $Sudo: configure.in,v 1.549 2009/06/13 20:52:50 millert Exp $ dnl -dnl Copyright (c) 1994-1996,1998-2009 Todd C. Miller +dnl Copyright (c) 1994-1996,1998-2010 Todd C. Miller dnl -AC_INIT([sudo], [1.7.2p2], [http://www.sudo.ws/bugs/], [sudo]) +AC_INIT([sudo], [1.7.2p5], [http://www.sudo.ws/bugs/], [sudo]) AC_CONFIG_HEADER(config.h pathnames.h) dnl dnl This won't work before AC_INIT @@ -1841,7 +1841,7 @@ dnl AC_FUNC_GETGROUPS AC_CHECK_FUNCS(strchr strrchr memchr memcpy memset sysconf tzset \ strftime setrlimit initgroups getgroups fstat gettimeofday \ - setlocale getaddrinfo setsid setenv) + setlocale getaddrinfo setsid setenv setrlimit64) AC_CHECK_FUNCS(unsetenv, SUDO_FUNC_UNSETENV_VOID) SUDO_FUNC_PUTENV_CONST if test -z "$SKIP_SETRESUID"; then diff --git a/logging.c b/logging.c index 53288e5..44df374 100644 --- a/logging.c +++ b/logging.c @@ -122,6 +122,9 @@ mysyslog(pri, fmt, va_alist) closelog(); } +#define FMT_FIRST "%8s : %s" +#define FMT_CONTD "%8s : (command continued) %s" + /* * Log a message to syslog, pre-pending the username and splitting the * message into parts if it is longer than MAXSYSLOGLEN. @@ -134,14 +137,12 @@ do_syslog(pri, msg) size_t len, maxlen; char *p, *tmp, save; const char *fmt; - const char *fmt_first = "%8s : %s"; - const char *fmt_contd = "%8s : (command continued) %s"; /* * Log the full line, breaking into multiple syslog(3) calls if necessary */ - fmt = fmt_first; - maxlen = MAXSYSLOGLEN - (sizeof(fmt_first) - 6 + strlen(user_name)); + fmt = FMT_FIRST; + maxlen = MAXSYSLOGLEN - (sizeof(FMT_FIRST) - 6 + strlen(user_name)); for (p = msg; *p != '\0'; ) { len = strlen(p); if (len > maxlen) { @@ -168,8 +169,8 @@ do_syslog(pri, msg) mysyslog(pri, fmt, user_name, p); p += len; } - fmt = fmt_contd; - maxlen = MAXSYSLOGLEN - (sizeof(fmt_contd) - 6 + strlen(user_name)); + fmt = FMT_CONTD; + maxlen = MAXSYSLOGLEN - (sizeof(FMT_CONTD) - 6 + strlen(user_name)); } } @@ -391,7 +392,8 @@ log_error(flags, fmt, va_alist) else warningx("%s", message); } - efree(message); + if (logline != message) + efree(message); /* * Send a copy of the error via mail. @@ -407,8 +409,7 @@ log_error(flags, fmt, va_alist) if (def_logfile) do_logfile(logline); - if (logline != message) - efree(logline); + efree(logline); if (!ISSET(flags, NO_EXIT)) { cleanup(0); diff --git a/match.c b/match.c index c0f917b..7d707a4 100644 --- a/match.c +++ b/match.c @@ -379,7 +379,7 @@ command_matches(sudoers_cmnd, sudoers_args) char *sudoers_args; { /* Check for pseudo-commands */ - if (strchr(user_cmnd, '/') == NULL) { + if (sudoers_cmnd[0] != '/') { /* * Return true if both sudoers_cmnd and user_cmnd are "sudoedit" AND * a) there are no args in sudoers OR diff --git a/parse.c b/parse.c index eeb0511..818641d 100644 --- a/parse.c +++ b/parse.c @@ -313,6 +313,8 @@ sudo_file_display_priv_short(pw, us, lbuf) int nfound = 0; tq_foreach_fwd(&us->privileges, priv) { + if (hostlist_matches(&priv->hostlist) != ALLOW) + continue; tags.noexec = UNSPEC; tags.setenv = UNSPEC; tags.nopasswd = UNSPEC; @@ -364,6 +366,8 @@ sudo_file_display_priv_long(pw, us, lbuf) int nfound = 0; tq_foreach_fwd(&us->privileges, priv) { + if (hostlist_matches(&priv->hostlist) != ALLOW) + continue; tags.noexec = UNSPEC; tags.setenv = UNSPEC; tags.nopasswd = UNSPEC; @@ -419,9 +423,7 @@ sudo_file_display_privs(nss, pw, lbuf) return(-1); tq_foreach_fwd(&userspecs, us) { - /* XXX - why only check the first privilege here? */ - if (userlist_matches(pw, &us->users) != ALLOW || - hostlist_matches(&us->privileges.first->hostlist) != ALLOW) + if (userlist_matches(pw, &us->users) != ALLOW) continue; if (long_list) diff --git a/sudo.cat b/sudo.cat index 24e18e3..8ec4445 100644 --- a/sudo.cat +++ b/sudo.cat @@ -61,7 +61,7 @@ DDEESSCCRRIIPPTTIIOONN -1.7.2p2 November 24, 2009 1 +1.7.2p5 February 22, 2010 1 @@ -127,7 +127,7 @@ OOPPTTIIOONNSS -1.7.2p2 November 24, 2009 2 +1.7.2p5 February 22, 2010 2 @@ -193,7 +193,7 @@ SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) -1.7.2p2 November 24, 2009 3 +1.7.2p5 February 22, 2010 3 @@ -259,7 +259,7 @@ SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) -1.7.2p2 November 24, 2009 4 +1.7.2p5 February 22, 2010 4 @@ -325,7 +325,7 @@ SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) -1.7.2p2 November 24, 2009 5 +1.7.2p5 February 22, 2010 5 @@ -391,7 +391,7 @@ SSEECCUURRIITTYY NNOOTTEESS -1.7.2p2 November 24, 2009 6 +1.7.2p5 February 22, 2010 6 @@ -457,7 +457,7 @@ EENNVVIIRROONNMMEENNTT -1.7.2p2 November 24, 2009 7 +1.7.2p5 February 22, 2010 7 @@ -523,7 +523,7 @@ EEXXAAMMPPLLEESS -1.7.2p2 November 24, 2009 8 +1.7.2p5 February 22, 2010 8 @@ -589,7 +589,7 @@ CCAAVVEEAATTSS -1.7.2p2 November 24, 2009 9 +1.7.2p5 February 22, 2010 9 @@ -655,6 +655,6 @@ DDIISSCCLLAAIIMMEERR -1.7.2p2 November 24, 2009 10 +1.7.2p5 February 22, 2010 10 diff --git a/sudo.man.in b/sudo.man.in index dc40aa8..c0f9f1f 100644 --- a/sudo.man.in +++ b/sudo.man.in @@ -145,7 +145,7 @@ .\" ======================================================================== .\" .IX Title "SUDO @mansectsu@" -.TH SUDO @mansectsu@ "November 24, 2009" "1.7.2p2" "MAINTENANCE COMMANDS" +.TH SUDO @mansectsu@ "February 22, 2010" "1.7.2p5" "MAINTENANCE COMMANDS" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/sudoers.cat b/sudoers.cat index 5889d22..1187fb4 100644 --- a/sudoers.cat +++ b/sudoers.cat @@ -61,7 +61,7 @@ DDEESSCCRRIIPPTTIIOONN -1.7.2p2 November 24, 2009 1 +1.7.2p5 February 22, 2010 1 @@ -127,7 +127,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.7.2p2 November 24, 2009 2 +1.7.2p5 February 22, 2010 2 @@ -193,7 +193,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.7.2p2 November 24, 2009 3 +1.7.2p5 February 22, 2010 3 @@ -259,7 +259,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.7.2p2 November 24, 2009 4 +1.7.2p5 February 22, 2010 4 @@ -325,7 +325,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.7.2p2 November 24, 2009 5 +1.7.2p5 February 22, 2010 5 @@ -391,7 +391,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.7.2p2 November 24, 2009 6 +1.7.2p5 February 22, 2010 6 @@ -457,7 +457,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.7.2p2 November 24, 2009 7 +1.7.2p5 February 22, 2010 7 @@ -523,7 +523,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.7.2p2 November 24, 2009 8 +1.7.2p5 February 22, 2010 8 @@ -589,7 +589,7 @@ SSUUDDOOEERRSS OOPPTTIIOONNSS -1.7.2p2 November 24, 2009 9 +1.7.2p5 February 22, 2010 9 @@ -655,7 +655,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.7.2p2 November 24, 2009 10 +1.7.2p5 February 22, 2010 10 @@ -721,7 +721,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.7.2p2 November 24, 2009 11 +1.7.2p5 February 22, 2010 11 @@ -787,7 +787,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.7.2p2 November 24, 2009 12 +1.7.2p5 February 22, 2010 12 @@ -853,7 +853,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.7.2p2 November 24, 2009 13 +1.7.2p5 February 22, 2010 13 @@ -919,7 +919,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.7.2p2 November 24, 2009 14 +1.7.2p5 February 22, 2010 14 @@ -985,7 +985,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.7.2p2 November 24, 2009 15 +1.7.2p5 February 22, 2010 15 @@ -1051,7 +1051,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.7.2p2 November 24, 2009 16 +1.7.2p5 February 22, 2010 16 @@ -1117,7 +1117,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.7.2p2 November 24, 2009 17 +1.7.2p5 February 22, 2010 17 @@ -1183,7 +1183,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.7.2p2 November 24, 2009 18 +1.7.2p5 February 22, 2010 18 @@ -1249,7 +1249,7 @@ EEXXAAMMPPLLEESS -1.7.2p2 November 24, 2009 19 +1.7.2p5 February 22, 2010 19 @@ -1315,7 +1315,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.7.2p2 November 24, 2009 20 +1.7.2p5 February 22, 2010 20 @@ -1381,7 +1381,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.7.2p2 November 24, 2009 21 +1.7.2p5 February 22, 2010 21 @@ -1447,7 +1447,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.7.2p2 November 24, 2009 22 +1.7.2p5 February 22, 2010 22 @@ -1513,7 +1513,7 @@ PPRREEVVEENNTTIINNGG SSHHEELLLL EESSCCAAPPEESS -1.7.2p2 November 24, 2009 23 +1.7.2p5 February 22, 2010 23 @@ -1579,7 +1579,7 @@ DDIISSCCLLAAIIMMEERR -1.7.2p2 November 24, 2009 24 +1.7.2p5 February 22, 2010 24 @@ -1645,6 +1645,6 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.7.2p2 November 24, 2009 25 +1.7.2p5 February 22, 2010 25 diff --git a/sudoers.ldap.cat b/sudoers.ldap.cat index e95ffc0..16955c5 100644 --- a/sudoers.ldap.cat +++ b/sudoers.ldap.cat @@ -61,7 +61,7 @@ DDEESSCCRRIIPPTTIIOONN -1.7.2p1 June 11, 2009 1 +1.7.2p5 February 22, 2010 1 @@ -127,7 +127,7 @@ SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4) -1.7.2p1 June 11, 2009 2 +1.7.2p5 February 22, 2010 2 @@ -193,7 +193,7 @@ SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4) -1.7.2p1 June 11, 2009 3 +1.7.2p5 February 22, 2010 3 @@ -259,7 +259,7 @@ SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4) -1.7.2p1 June 11, 2009 4 +1.7.2p5 February 22, 2010 4 @@ -325,7 +325,7 @@ SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4) -1.7.2p1 June 11, 2009 5 +1.7.2p5 February 22, 2010 5 @@ -391,7 +391,7 @@ SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4) -1.7.2p1 June 11, 2009 6 +1.7.2p5 February 22, 2010 6 @@ -457,7 +457,7 @@ SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4) -1.7.2p1 June 11, 2009 7 +1.7.2p5 February 22, 2010 7 @@ -523,7 +523,7 @@ SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4) -1.7.2p1 June 11, 2009 8 +1.7.2p5 February 22, 2010 8 @@ -589,7 +589,7 @@ EEXXAAMMPPLLEESS -1.7.2p1 June 11, 2009 9 +1.7.2p5 February 22, 2010 9 @@ -655,7 +655,7 @@ SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4) -1.7.2p1 June 11, 2009 10 +1.7.2p5 February 22, 2010 10 @@ -721,7 +721,7 @@ SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4) -1.7.2p1 June 11, 2009 11 +1.7.2p5 February 22, 2010 11 @@ -787,6 +787,6 @@ DDIISSCCLLAAIIMMEERR -1.7.2p1 June 11, 2009 12 +1.7.2p5 February 22, 2010 12 diff --git a/sudoers.ldap.man.in b/sudoers.ldap.man.in index 331dbdb..f182c4a 100644 --- a/sudoers.ldap.man.in +++ b/sudoers.ldap.man.in @@ -149,7 +149,7 @@ .\" ======================================================================== .\" .IX Title "SUDOERS.LDAP @mansectform@" -.TH SUDOERS.LDAP @mansectform@ "June 11, 2009" "1.7.2p1" "MAINTENANCE COMMANDS" +.TH SUDOERS.LDAP @mansectform@ "February 22, 2010" "1.7.2p5" "MAINTENANCE COMMANDS" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/sudoers.man.in b/sudoers.man.in index 97c577a..b56b1c4 100644 --- a/sudoers.man.in +++ b/sudoers.man.in @@ -145,7 +145,7 @@ .\" ======================================================================== .\" .IX Title "SUDOERS @mansectform@" -.TH SUDOERS @mansectform@ "November 24, 2009" "1.7.2p2" "MAINTENANCE COMMANDS" +.TH SUDOERS @mansectform@ "February 22, 2010" "1.7.2p5" "MAINTENANCE COMMANDS" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/toke.c b/toke.c index 96eaf51..5f2b639 100644 --- a/toke.c +++ b/toke.c @@ -3,7 +3,7 @@ /* A lexical scanner generated by flex */ /* Scanner skeleton version: - * $Header: /home/cvs/courtesan/sudo/toke.c,v 1.37 2009/07/18 13:55:37 millert Exp $ + * $Header: /home/cvs/openbsd/src/usr.bin/lex/flex.skl,v 1.10 2007/01/26 14:38:19 tsi Exp $ */ #define FLEX_SCANNER @@ -1416,11 +1416,8 @@ char *yytext; #include "parse.h" #include -#ifndef lint -__unused static const char rcsid[] = "$Sudo: toke.c,v 1.37 2009/07/18 13:55:37 millert Exp $"; -#endif /* lint */ - extern YYSTYPE yylval; +extern int parse_error; int sudolineno = 1; char *sudoers; static int sawspace = 0; @@ -1461,7 +1458,7 @@ extern void yyerror __P((const char *)); #define INSTR 5 -#line 1465 "lex.yy.c" +#line 1462 "lex.yy.c" /* Macros after this point can all be overridden by user definitions in * section 1. @@ -1615,9 +1612,9 @@ YY_DECL register char *yy_cp, *yy_bp; register int yy_act; -#line 131 "toke.l" +#line 128 "toke.l" -#line 1621 "lex.yy.c" +#line 1618 "lex.yy.c" if ( yy_init ) { @@ -1703,12 +1700,12 @@ do_action: /* This label is used only to access EOF actions. */ case 1: YY_RULE_SETUP -#line 132 "toke.l" +#line 129 "toke.l" BEGIN STARTDEFS; YY_BREAK case 2: YY_RULE_SETUP -#line 134 "toke.l" +#line 131 "toke.l" { BEGIN INDEFS; LEXTRACE("DEFVAR "); @@ -1720,7 +1717,7 @@ YY_RULE_SETUP case 3: YY_RULE_SETUP -#line 143 "toke.l" +#line 140 "toke.l" { BEGIN STARTDEFS; LEXTRACE(", "); @@ -1729,7 +1726,7 @@ YY_RULE_SETUP YY_BREAK case 4: YY_RULE_SETUP -#line 149 "toke.l" +#line 146 "toke.l" { LEXTRACE("= "); return('='); @@ -1737,7 +1734,7 @@ YY_RULE_SETUP YY_BREAK case 5: YY_RULE_SETUP -#line 154 "toke.l" +#line 151 "toke.l" { LEXTRACE("+= "); return('+'); @@ -1745,7 +1742,7 @@ YY_RULE_SETUP YY_BREAK case 6: YY_RULE_SETUP -#line 159 "toke.l" +#line 156 "toke.l" { LEXTRACE("-= "); return('-'); @@ -1753,7 +1750,7 @@ YY_RULE_SETUP YY_BREAK case 7: YY_RULE_SETUP -#line 164 "toke.l" +#line 161 "toke.l" { LEXTRACE("BEGINSTR "); yylval.string = NULL; @@ -1762,7 +1759,7 @@ YY_RULE_SETUP YY_BREAK case 8: YY_RULE_SETUP -#line 170 "toke.l" +#line 167 "toke.l" { LEXTRACE("WORD(2) "); if (!fill(yytext, yyleng)) @@ -1774,7 +1771,7 @@ YY_RULE_SETUP case 9: YY_RULE_SETUP -#line 179 "toke.l" +#line 176 "toke.l" { /* Line continuation char followed by newline. */ ++sudolineno; @@ -1783,7 +1780,7 @@ YY_RULE_SETUP YY_BREAK case 10: YY_RULE_SETUP -#line 185 "toke.l" +#line 182 "toke.l" { LEXTRACE("ENDSTR "); BEGIN INDEFS; @@ -1792,7 +1789,7 @@ YY_RULE_SETUP YY_BREAK case 11: YY_RULE_SETUP -#line 191 "toke.l" +#line 188 "toke.l" { LEXTRACE("BACKSLASH "); if (!append(yytext, yyleng)) @@ -1801,7 +1798,7 @@ YY_RULE_SETUP YY_BREAK case 12: YY_RULE_SETUP -#line 197 "toke.l" +#line 194 "toke.l" { LEXTRACE("STRBODY "); if (!append(yytext, yyleng)) @@ -1812,7 +1809,7 @@ YY_RULE_SETUP case 13: YY_RULE_SETUP -#line 205 "toke.l" +#line 202 "toke.l" { /* quoted fnmatch glob char, pass verbatim */ LEXTRACE("QUOTEDCHAR "); @@ -1823,7 +1820,7 @@ YY_RULE_SETUP YY_BREAK case 14: YY_RULE_SETUP -#line 213 "toke.l" +#line 210 "toke.l" { /* quoted sudoers special char, strip backslash */ LEXTRACE("QUOTEDCHAR "); @@ -1834,7 +1831,7 @@ YY_RULE_SETUP YY_BREAK case 15: YY_RULE_SETUP -#line 221 "toke.l" +#line 218 "toke.l" { BEGIN INITIAL; yyless(0); @@ -1843,7 +1840,7 @@ YY_RULE_SETUP YY_BREAK case 16: YY_RULE_SETUP -#line 227 "toke.l" +#line 224 "toke.l" { LEXTRACE("ARG "); if (!fill_args(yytext, yyleng, sawspace)) @@ -1854,7 +1851,7 @@ YY_RULE_SETUP case 17: YY_RULE_SETUP -#line 235 "toke.l" +#line 232 "toke.l" { char *path; @@ -1870,7 +1867,7 @@ YY_RULE_SETUP YY_BREAK case 18: YY_RULE_SETUP -#line 248 "toke.l" +#line 245 "toke.l" { char *path; @@ -1879,8 +1876,11 @@ YY_RULE_SETUP LEXTRACE("INCLUDEDIR\n"); - /* Push current buffer and switch to include file */ - if (!push_includedir(path)) + /* + * Push current buffer and switch to include file. + * We simply ignore empty directories. + */ + if (!push_includedir(path) && parse_error) yyterminate(); } YY_BREAK @@ -3369,7 +3369,7 @@ switch_dir(stack, dirpath) if (!(dir = opendir(dirpath))) { yyerror(dirpath); - return(FALSE); + return(NULL); } while ((dent = readdir(dir))) { /* Ignore files that end in '~' or have a '.' in them. */ @@ -3461,7 +3461,7 @@ init_lexer() efree(pl); } efree(istack[idepth].path); - if (!istack[idepth].keepopen) + if (idepth && !istack[idepth].keepopen) fclose(istack[idepth].bs->yy_input_file); yy_delete_buffer(istack[idepth].bs); } @@ -3486,7 +3486,7 @@ _push_include(path, isdir) } istacksize += SUDOERS_STACK_INCREMENT; istack = (struct include_stack *) realloc(istack, - sizeof(istack) * istacksize); + sizeof(*istack) * istacksize); if (istack == NULL) { yyerror("unable to allocate memory"); return(FALSE); @@ -3494,12 +3494,12 @@ _push_include(path, isdir) } if (isdir) { if (!(path = switch_dir(&istack[idepth], path))) { - yyerror(path); + /* switch_dir() called yyerror() for us */ return(FALSE); } if ((fp = open_sudoers(path, FALSE, &keepopen)) == NULL) { yyerror(path); - return(FALSE); /* XXX - just to go next one? */ + return(FALSE); /* XXX - just to go next one */ } } else { if ((fp = open_sudoers(path, TRUE, &keepopen)) == NULL) { @@ -3539,7 +3539,7 @@ pop_include() istack[idepth - 1].more = pl->next; if ((fp = open_sudoers(pl->path, FALSE, &keepopen)) == NULL) { yyerror(pl->path); - return(FALSE); /* XXX - just to go next one? */ + return(FALSE); /* XXX - just to go next one */ } efree(sudoers); sudoers = pl->path; diff --git a/toke.l b/toke.l index bb89a2f..d5fc724 100644 --- a/toke.l +++ b/toke.l @@ -71,10 +71,6 @@ #include "parse.h" #include -#ifndef lint -__unused static const char rcsid[] = "$Sudo: toke.l,v 1.40 2009/11/22 14:54:04 millert Exp $"; -#endif /* lint */ - extern YYSTYPE yylval; extern int parse_error; int sudolineno = 1; @@ -844,7 +840,7 @@ init_lexer() efree(pl); } efree(istack[idepth].path); - if (!istack[idepth].keepopen) + if (idepth && !istack[idepth].keepopen) fclose(istack[idepth].bs->yy_input_file); yy_delete_buffer(istack[idepth].bs); } @@ -869,7 +865,7 @@ _push_include(path, isdir) } istacksize += SUDOERS_STACK_INCREMENT; istack = (struct include_stack *) realloc(istack, - sizeof(istack) * istacksize); + sizeof(*istack) * istacksize); if (istack == NULL) { yyerror("unable to allocate memory"); return(FALSE); diff --git a/visudo.cat b/visudo.cat index db6aa53..c33296e 100644 --- a/visudo.cat +++ b/visudo.cat @@ -61,7 +61,7 @@ OOPPTTIIOONNSS -1.7.2p1 June 11, 2009 1 +1.7.2p5 February 22, 2010 1 @@ -127,7 +127,7 @@ AAUUTTHHOORR -1.7.2p1 June 11, 2009 2 +1.7.2p5 February 22, 2010 2 @@ -193,6 +193,6 @@ DDIISSCCLLAAIIMMEERR -1.7.2p1 June 11, 2009 3 +1.7.2p5 February 22, 2010 3 diff --git a/visudo.man.in b/visudo.man.in index 2f7becb..0125e2c 100644 --- a/visudo.man.in +++ b/visudo.man.in @@ -153,7 +153,7 @@ .\" ======================================================================== .\" .IX Title "VISUDO @mansectsu@" -.TH VISUDO @mansectsu@ "June 11, 2009" "1.7.2p1" "MAINTENANCE COMMANDS" +.TH VISUDO @mansectsu@ "February 22, 2010" "1.7.2p5" "MAINTENANCE COMMANDS" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l -- 2.30.2