sudo: backport patch to address CVE 2012-0809
This is a format string vulnerability "that can be used to crash sudo or potentially allow an unauthorized user to elevate privileges." (From OE-Core rev: 286cdd5db60b4f668e75cd9e05efb97acb08b7a6) Signed-off-by: Joshua Lock <josh@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
parent
e6ea83fece
commit
eaec7e9624
|
@ -0,0 +1,33 @@
|
|||
This patch, extracted from upstreams sudo-1.8.3p2.patch.gz addresses the
|
||||
recent Sudo format string vulnerability CVE 2012-0809.
|
||||
|
||||
http://www.sudo.ws/sudo/alerts/sudo_debug.html
|
||||
|
||||
Signed-off-by: Joshua Lock <josh@linux.intel.com>
|
||||
|
||||
Upstream-Status: Backport
|
||||
|
||||
diff -urNa sudo-1.8.3p1/src/sudo.c sudo-1.8.3p2/src/sudo.c
|
||||
--- sudo-1.8.3p1/src/sudo.c Fri Oct 21 09:01:26 2011
|
||||
+++ sudo-1.8.3p2/src/sudo.c Tue Jan 24 15:59:03 2012
|
||||
@@ -1208,15 +1208,15 @@
|
||||
sudo_debug(int level, const char *fmt, ...)
|
||||
{
|
||||
va_list ap;
|
||||
- char *fmt2;
|
||||
+ char *buf;
|
||||
|
||||
if (level > debug_level)
|
||||
return;
|
||||
|
||||
- /* Backet fmt with program name and a newline to make it a single write */
|
||||
- easprintf(&fmt2, "%s: %s\n", getprogname(), fmt);
|
||||
+ /* Bracket fmt with program name and a newline to make it a single write */
|
||||
va_start(ap, fmt);
|
||||
- vfprintf(stderr, fmt2, ap);
|
||||
+ evasprintf(&buf, fmt, ap);
|
||||
va_end(ap);
|
||||
- efree(fmt2);
|
||||
+ fprintf(stderr, "%s: %s\n", getprogname(), buf);
|
||||
+ efree(buf);
|
||||
}
|
|
@ -1,10 +1,11 @@
|
|||
require sudo.inc
|
||||
|
||||
PR = "r3"
|
||||
PR = "r4"
|
||||
|
||||
SRC_URI = "http://ftp.sudo.ws/sudo/dist/sudo-${PV}.tar.gz \
|
||||
file://libtool.patch \
|
||||
file://sudo-parallel-build.patch \
|
||||
file://format-string.patch \
|
||||
${@base_contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)}"
|
||||
|
||||
PAM_SRC_URI = "file://sudo.pam"
|
||||
|
|
Loading…
Reference in New Issue