138 lines
5.6 KiB
138 lines
5.6 KiB
7 years ago
|
diff -up sudo-1.8.6p7/common/Makefile.in.strunquote sudo-1.8.6p7/common/Makefile.in
|
||
|
--- sudo-1.8.6p7/common/Makefile.in.strunquote 2013-02-25 20:46:09.000000000 +0100
|
||
|
+++ sudo-1.8.6p7/common/Makefile.in 2015-07-07 14:30:09.267181200 +0200
|
||
|
@@ -63,7 +63,7 @@ SHELL = @SHELL@
|
||
|
|
||
|
LTOBJS = alloc.lo atobool.lo fileops.lo fmt_string.lo lbuf.lo list.lo \
|
||
|
secure_path.lo setgroups.lo sudo_conf.lo sudo_debug.lo term.lo \
|
||
|
- ttysize.lo zero_bytes.lo @COMMON_OBJS@
|
||
|
+ ttysize.lo zero_bytes.lo strunquote.lo @COMMON_OBJS@
|
||
|
|
||
|
all: libcommon.la
|
||
|
|
||
|
@@ -164,3 +164,6 @@ ttysize.lo: $(srcdir)/ttysize.c $(top_bu
|
||
|
zero_bytes.lo: $(srcdir)/zero_bytes.c $(top_builddir)/config.h \
|
||
|
$(incdir)/missing.h
|
||
|
$(LIBTOOL) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/zero_bytes.c
|
||
|
+strunquote.lo: $(srcdir)/strunquote.c $(top_builddir)/config.h \
|
||
|
+ $(incdir)/missing.h
|
||
|
+ $(LIBTOOL) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/strunquote.c
|
||
|
diff -up sudo-1.8.6p7/common/strunquote.c.strunquote sudo-1.8.6p7/common/strunquote.c
|
||
|
--- sudo-1.8.6p7/common/strunquote.c.strunquote 2015-07-07 14:30:09.267181200 +0200
|
||
|
+++ sudo-1.8.6p7/common/strunquote.c 2015-07-07 14:31:05.403649285 +0200
|
||
|
@@ -0,0 +1,45 @@
|
||
|
+/*
|
||
|
+ * Copyright (c) 2015 Daniel Kopecek <dkopecek@redhat.com>
|
||
|
+ *
|
||
|
+ * Permission to use, copy, modify, and distribute this software for any
|
||
|
+ * purpose with or without fee is hereby granted, provided that the above
|
||
|
+ * copyright notice and this permission notice appear in all copies.
|
||
|
+ *
|
||
|
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
|
||
|
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
||
|
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
|
||
|
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
||
|
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
|
||
|
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
|
||
|
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
||
|
+ */
|
||
|
+#include <string.h>
|
||
|
+#include <ctype.h>
|
||
|
+
|
||
|
+char *strunquote(char *arg)
|
||
|
+{
|
||
|
+ char *str = arg;
|
||
|
+ if (str == NULL) {
|
||
|
+ return NULL;
|
||
|
+ }
|
||
|
+ const size_t len = strlen(str);
|
||
|
+ char *strend = str + len - 1;
|
||
|
+
|
||
|
+ /* Remove blanks */
|
||
|
+ for (; isblank((unsigned char)*str); str++);
|
||
|
+ for (; isblank((unsigned char)*strend) && strend > str; strend--);
|
||
|
+ /*
|
||
|
+ * Check that the string is double-quoted.
|
||
|
+ * If not, we are done.
|
||
|
+ */
|
||
|
+ if (*str != '"' || *strend != '"' || str == strend) {
|
||
|
+ /* Return the original argument if we didn't touch it */
|
||
|
+ return arg;
|
||
|
+ }
|
||
|
+
|
||
|
+ /* Remove the double-quotes */
|
||
|
+ *strend = '\0';
|
||
|
+ ++str;
|
||
|
+
|
||
|
+ return str;
|
||
|
+}
|
||
|
diff -up sudo-1.8.6p7/include/strunquote.h.strunquote sudo-1.8.6p7/include/strunquote.h
|
||
|
--- sudo-1.8.6p7/include/strunquote.h.strunquote 2015-07-07 14:30:09.267181200 +0200
|
||
|
+++ sudo-1.8.6p7/include/strunquote.h 2015-07-07 14:30:09.267181200 +0200
|
||
|
@@ -0,0 +1,17 @@
|
||
|
+/*
|
||
|
+ * Copyright (c) 2015 Daniel Kopecek <dkopecek@redhat.com>
|
||
|
+ *
|
||
|
+ * Permission to use, copy, modify, and distribute this software for any
|
||
|
+ * purpose with or without fee is hereby granted, provided that the above
|
||
|
+ * copyright notice and this permission notice appear in all copies.
|
||
|
+ *
|
||
|
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
|
||
|
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
||
|
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
|
||
|
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
||
|
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
|
||
|
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
|
||
|
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
||
|
+ */
|
||
|
+
|
||
|
+char *strunquote(char *arg);
|
||
|
diff -up sudo-1.8.6p7/plugins/sudoers/ldap.c.strunquote sudo-1.8.6p7/plugins/sudoers/ldap.c
|
||
|
--- sudo-1.8.6p7/plugins/sudoers/ldap.c.strunquote 2015-07-07 14:30:09.259181276 +0200
|
||
|
+++ sudo-1.8.6p7/plugins/sudoers/ldap.c 2015-07-07 14:30:09.267181200 +0200
|
||
|
@@ -79,6 +79,7 @@
|
||
|
#include "sudoers.h"
|
||
|
#include "parse.h"
|
||
|
#include "lbuf.h"
|
||
|
+#include "strunquote.h"
|
||
|
|
||
|
/* Older Netscape LDAP SDKs don't prototype ldapssl_set_strength() */
|
||
|
#if defined(HAVE_LDAPSSL_SET_STRENGTH) && !defined(HAVE_LDAP_SSL_H) && !defined(HAVE_MPS_LDAP_SSL_H)
|
||
|
@@ -1004,10 +1005,10 @@ sudo_ldap_parse_options(LDAP *ld, LDAPMe
|
||
|
if (op == '+' || op == '-') {
|
||
|
*(val - 2) = '\0'; /* found, remove extra char */
|
||
|
/* case var+=val or var-=val */
|
||
|
- set_default(var, val, (int) op);
|
||
|
+ set_default(var, strunquote(val), (int) op);
|
||
|
} else {
|
||
|
/* case var=val */
|
||
|
- set_default(var, val, true);
|
||
|
+ set_default(var, strunquote(val), true);
|
||
|
}
|
||
|
} else if (*var == '!') {
|
||
|
/* case !var Boolean False */
|
||
|
diff -up sudo-1.8.6p7/plugins/sudoers/sssd.c.strunquote sudo-1.8.6p7/plugins/sudoers/sssd.c
|
||
|
--- sudo-1.8.6p7/plugins/sudoers/sssd.c.strunquote 2015-07-07 14:30:09.260181267 +0200
|
||
|
+++ sudo-1.8.6p7/plugins/sudoers/sssd.c 2015-07-07 14:30:09.268181191 +0200
|
||
|
@@ -61,6 +61,7 @@
|
||
|
#include "lbuf.h"
|
||
|
#include "sudo_debug.h"
|
||
|
#include "ipa_hostname.h"
|
||
|
+#include "strunquote.h"
|
||
|
|
||
|
/* SSSD <--> SUDO interface - do not change */
|
||
|
struct sss_sudo_attr {
|
||
|
@@ -996,10 +997,10 @@ sudo_sss_parse_options(struct sudo_sss_h
|
||
|
if (op == '+' || op == '-') {
|
||
|
*(val - 2) = '\0'; /* found, remove extra char */
|
||
|
/* case var+=val or var-=val */
|
||
|
- set_default(v, val, (int) op);
|
||
|
+ set_default(v, strunquote(val), (int) op);
|
||
|
} else {
|
||
|
/* case var=val */
|
||
|
- set_default(v, val, true);
|
||
|
+ set_default(v, strunquote(val), true);
|
||
|
}
|
||
|
} else if (*v == '!') {
|
||
|
/* case !var Boolean False */
|