Skip to content
GitLab
Explore
Sign in
Register
Primary navigation
Search or go to…
Project
aports
Manage
Activity
Members
Labels
Plan
Issues
Issue boards
Milestones
Code
Merge requests
Repository
Branches
Commits
Tags
Repository graph
Compare revisions
Build
Pipelines
Jobs
Pipeline schedules
Artifacts
Deploy
Releases
Package Registry
Container Registry
Model registry
Operate
Environments
Terraform modules
Monitor
Incidents
Service Desk
Analyze
Value stream analytics
Contributor analytics
CI/CD analytics
Repository analytics
Model experiments
Help
Help
Support
GitLab documentation
Compare GitLab plans
Community forum
Contribute to GitLab
Provide feedback
Terms and privacy
Keyboard shortcuts
?
Snippets
Groups
Projects
Show more breadcrumbs
Dominika Liberda
aports
Commits
335b4338
Commit
335b4338
authored
5 years ago
by
Jakub Jirutka
Browse files
Options
Downloads
Patches
Plain Diff
main/sudo: fix CVE-2019-18634
parent
3646eb84
No related branches found
Branches containing commit
No related tags found
Tags containing commit
No related merge requests found
Changes
2
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
main/sudo/APKBUILD
+6
-2
6 additions, 2 deletions
main/sudo/APKBUILD
main/sudo/CVE-2019-18634.patch
+95
-0
95 additions, 0 deletions
main/sudo/CVE-2019-18634.patch
with
101 additions
and
2 deletions
main/sudo/APKBUILD
+
6
−
2
View file @
335b4338
...
...
@@ -8,7 +8,7 @@ if [ "${pkgver%_*}" != "$pkgver" ]; then
else
_realver
=
$pkgver
fi
pkgrel
=
1
pkgrel
=
2
pkgdesc
=
"Give certain users the ability to run some commands as root"
url
=
"https://www.sudo.ws/sudo/"
arch
=
"all"
...
...
@@ -22,10 +22,13 @@ source="https://www.sudo.ws/dist/sudo-${_realver}.tar.gz
libcrypt.patch
sudo-cvtsudoers.patch
CVE-2019-14287.patch
CVE-2019-18634.patch
"
options
=
"suid"
# secfixes:
# 1.8.27-r2:
# - CVE-2019-18634
# 1.8.27-r1:
# - CVE-2019-14287
# 1.8.20_p2-r0:
...
...
@@ -70,4 +73,5 @@ f0f462f40502da2194310fe4a72ec1a16ba40f95a821ba9aa6aabaa423d28c4ab26b684afa7fb81c
b2d7816d334826545420c578114e5af361ced65c00e5bfc2e0b16f3c9325aa9d2b902defeebb181da3cf7bc6aba3a59a496293d2f11d83c9793f11138ba50343 fix-tests.patch
0fa06d13d202ee5ab58596413a7498b3e9b6925e87385bb876f5e0b29b22010a84918686a5974de87392ab18158e883da343fe6a14448a4e273eaa1bb81f5995 libcrypt.patch
a4a219c16cd353b54f69b74ce7383b90f89745351776bd91bfccb63a2211fa84177719634d4e7e753cf22a8b175d797a474416ffac66d4aee31d3b8e28bfabd1 sudo-cvtsudoers.patch
bad0eda3a7473e4b13d2d9744c41d37bd1c2f4a50491e7e6c6e2cdb67f98eea5d595ead70ab7ac93444d41d1c9f65d83e67f905614869b9df0bd59365fefae1f CVE-2019-14287.patch"
bad0eda3a7473e4b13d2d9744c41d37bd1c2f4a50491e7e6c6e2cdb67f98eea5d595ead70ab7ac93444d41d1c9f65d83e67f905614869b9df0bd59365fefae1f CVE-2019-14287.patch
2e701aecd05f2a9b77e77f43e91d748794661dabfc7a0826bea41a9668220a1889f273568b67632829df7dba66ad3d2e0e73513ca59753c1c8e64967f0e705f8 CVE-2019-18634.patch"
This diff is collapsed.
Click to expand it.
main/sudo/CVE-2019-18634.patch
0 → 100644
+
95
−
0
View file @
335b4338
From: "Todd C. Miller" <Todd.Miller@sudo.ws>
Date: Wed, 29 Jan 2020 20:15:21 -0700
Subject: Fix a buffer overflow when pwfeedback is enabled and input is a not a
tty. In getln() if the user enters ^U (erase line) and the write(2) fails,
the remaining buffer size is reset but the current pointer is not. While
here, fix an incorrect break for erase when write(2) fails. Also disable
pwfeedback when input is not a tty as it cannot work. CVE-2019-18634 Credit:
Joe Vennix from Apple Information Security.
Origin: https://github.com/sudo-project/sudo/commit/b5d2010b6514ff45693509273bb07df3abb0bf0a
Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2019-18634
Bug-Debian: https://bugs.debian.org/950371
--HG--
branch : 1.8
[Salvatore Bonaccorso: Backport to 1.8.27 for context changes]
---
src/tgetpass.c | 20 ++++++++++++--------
1 file changed, 12 insertions(+), 8 deletions(-)
--- a/src/tgetpass.c
+++ b/src/tgetpass.c
@@ -60,7 +60,7 @@
static volatile sig_atomic_t signo[NSIG]
static bool tty_present(void);
static void tgetpass_handler(int);
-static char *getln(int, char *, size_t, int, enum tgetpass_errval *);
+static char *getln(int, char *, size_t, bool, enum tgetpass_errval *);
static char *sudo_askpass(const char *, const char *);
static int
@@ -123,6 +123,7 @@
tgetpass(const char *prompt, int timeout
static const char *askpass;
static char buf[SUDO_CONV_REPL_MAX + 1];
int i, input, output, save_errno, neednl = 0, need_restart;
+ bool feedback = ISSET(flags, TGP_MASK);
enum tgetpass_errval errval;
debug_decl(tgetpass, SUDO_DEBUG_CONV)
@@ -170,7 +171,7 @@
restart:
*/
if (!ISSET(flags, TGP_ECHO)) {
for (;;) {
- if (ISSET(flags, TGP_MASK))
+ if (feedback)
neednl = sudo_term_cbreak(input);
else
neednl = sudo_term_noecho(input);
@@ -184,6 +185,9 @@
restart:
}
}
}
+ /* Only use feedback mode when we can disable echo. */
+ if (!neednl)
+ feedback = false;
/*
* Catch signals that would otherwise cause the user to end
@@ -209,7 +213,7 @@
restart:
if (timeout > 0)
alarm(timeout);
- pass = getln(input, buf, sizeof(buf), ISSET(flags, TGP_MASK), &errval);
+ pass = getln(input, buf, sizeof(buf), feedback, &errval);
alarm(0);
save_errno = errno;
@@ -345,7 +349,7 @@
sudo_askpass(const char *askpass, const
extern int sudo_term_eof, sudo_term_erase, sudo_term_kill;
static char *
-getln(int fd, char *buf, size_t bufsiz, int feedback,
+getln(int fd, char *buf, size_t bufsiz, bool feedback,
enum tgetpass_errval *errval)
{
size_t left = bufsiz;
@@ -374,15 +378,15 @@
getln(int fd, char *buf, size_t bufsiz,
while (cp > buf) {
if (write(fd, "\b \b", 3) == -1)
break;
- --cp;
+ cp--;
}
+ cp = buf;
left = bufsiz;
continue;
} else if (c == sudo_term_erase) {
if (cp > buf) {
- if (write(fd, "\b \b", 3) == -1)
- break;
- --cp;
+ ignore_result(write(fd, "\b \b", 3));
+ cp--;
left++;
}
continue;
This diff is collapsed.
Click to expand it.
Preview
0%
Loading
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Save comment
Cancel
Please
register
or
sign in
to comment
