You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

137 lines
5.6 KiB

diff -up sudo-1.8.6p7/common/Makefile.in.strunquote sudo-1.8.6p7/common/Makefile.in
--- sudo-1.8.6p7/common/Makefile.in.strunquote 2013-02-25 20:46:09.000000000 +0100
+++ sudo-1.8.6p7/common/Makefile.in 2015-07-07 14:30:09.267181200 +0200
@@ -63,7 +63,7 @@ SHELL = @SHELL@
LTOBJS = alloc.lo atobool.lo fileops.lo fmt_string.lo lbuf.lo list.lo \
secure_path.lo setgroups.lo sudo_conf.lo sudo_debug.lo term.lo \
- ttysize.lo zero_bytes.lo @COMMON_OBJS@
+ ttysize.lo zero_bytes.lo strunquote.lo @COMMON_OBJS@
all: libcommon.la
@@ -164,3 +164,6 @@ ttysize.lo: $(srcdir)/ttysize.c $(top_bu
zero_bytes.lo: $(srcdir)/zero_bytes.c $(top_builddir)/config.h \
$(incdir)/missing.h
$(LIBTOOL) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/zero_bytes.c
+strunquote.lo: $(srcdir)/strunquote.c $(top_builddir)/config.h \
+ $(incdir)/missing.h
+ $(LIBTOOL) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/strunquote.c
diff -up sudo-1.8.6p7/common/strunquote.c.strunquote sudo-1.8.6p7/common/strunquote.c
--- sudo-1.8.6p7/common/strunquote.c.strunquote 2015-07-07 14:30:09.267181200 +0200
+++ sudo-1.8.6p7/common/strunquote.c 2015-07-07 14:31:05.403649285 +0200
@@ -0,0 +1,45 @@
+/*
+ * Copyright (c) 2015 Daniel Kopecek <dkopecek@redhat.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+#include <string.h>
+#include <ctype.h>
+
+char *strunquote(char *arg)
+{
+ char *str = arg;
+ if (str == NULL) {
+ return NULL;
+ }
+ const size_t len = strlen(str);
+ char *strend = str + len - 1;
+
+ /* Remove blanks */
+ for (; isblank((unsigned char)*str); str++);
+ for (; isblank((unsigned char)*strend) && strend > str; strend--);
+ /*
+ * Check that the string is double-quoted.
+ * If not, we are done.
+ */
+ if (*str != '"' || *strend != '"' || str == strend) {
+ /* Return the original argument if we didn't touch it */
+ return arg;
+ }
+
+ /* Remove the double-quotes */
+ *strend = '\0';
+ ++str;
+
+ return str;
+}
diff -up sudo-1.8.6p7/include/strunquote.h.strunquote sudo-1.8.6p7/include/strunquote.h
--- sudo-1.8.6p7/include/strunquote.h.strunquote 2015-07-07 14:30:09.267181200 +0200
+++ sudo-1.8.6p7/include/strunquote.h 2015-07-07 14:30:09.267181200 +0200
@@ -0,0 +1,17 @@
+/*
+ * Copyright (c) 2015 Daniel Kopecek <dkopecek@redhat.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+char *strunquote(char *arg);
diff -up sudo-1.8.6p7/plugins/sudoers/ldap.c.strunquote sudo-1.8.6p7/plugins/sudoers/ldap.c
--- sudo-1.8.6p7/plugins/sudoers/ldap.c.strunquote 2015-07-07 14:30:09.259181276 +0200
+++ sudo-1.8.6p7/plugins/sudoers/ldap.c 2015-07-07 14:30:09.267181200 +0200
@@ -79,6 +79,7 @@
#include "sudoers.h"
#include "parse.h"
#include "lbuf.h"
+#include "strunquote.h"
/* Older Netscape LDAP SDKs don't prototype ldapssl_set_strength() */
#if defined(HAVE_LDAPSSL_SET_STRENGTH) && !defined(HAVE_LDAP_SSL_H) && !defined(HAVE_MPS_LDAP_SSL_H)
@@ -1004,10 +1005,10 @@ sudo_ldap_parse_options(LDAP *ld, LDAPMe
if (op == '+' || op == '-') {
*(val - 2) = '\0'; /* found, remove extra char */
/* case var+=val or var-=val */
- set_default(var, val, (int) op);
+ set_default(var, strunquote(val), (int) op);
} else {
/* case var=val */
- set_default(var, val, true);
+ set_default(var, strunquote(val), true);
}
} else if (*var == '!') {
/* case !var Boolean False */
diff -up sudo-1.8.6p7/plugins/sudoers/sssd.c.strunquote sudo-1.8.6p7/plugins/sudoers/sssd.c
--- sudo-1.8.6p7/plugins/sudoers/sssd.c.strunquote 2015-07-07 14:30:09.260181267 +0200
+++ sudo-1.8.6p7/plugins/sudoers/sssd.c 2015-07-07 14:30:09.268181191 +0200
@@ -61,6 +61,7 @@
#include "lbuf.h"
#include "sudo_debug.h"
#include "ipa_hostname.h"
+#include "strunquote.h"
/* SSSD <--> SUDO interface - do not change */
struct sss_sudo_attr {
@@ -996,10 +997,10 @@ sudo_sss_parse_options(struct sudo_sss_h
if (op == '+' || op == '-') {
*(val - 2) = '\0'; /* found, remove extra char */
/* case var+=val or var-=val */
- set_default(v, val, (int) op);
+ set_default(v, strunquote(val), (int) op);
} else {
/* case var=val */
- set_default(v, val, true);
+ set_default(v, strunquote(val), true);
}
} else if (*v == '!') {
/* case !var Boolean False */