|
 |
28a657 |
diff -up ./lib/util/regress/atofoo/atofoo_test.c.CVE-strtouid-test ./lib/util/regress/atofoo/atofoo_test.c
|
|
 |
28a657 |
--- ./lib/util/regress/atofoo/atofoo_test.c.CVE-strtouid-test 2018-04-29 21:59:23.000000000 +0200
|
|
 |
28a657 |
+++ ./lib/util/regress/atofoo/atofoo_test.c 2019-10-16 09:38:31.851404545 +0200
|
|
 |
28a657 |
@@ -1,5 +1,5 @@
|
|
 |
28a657 |
/*
|
|
 |
28a657 |
- * Copyright (c) 2014 Todd C. Miller <Todd.Miller@sudo.ws>
|
|
 |
28a657 |
+ * Copyright (c) 2014-2019 Todd C. Miller <Todd.Miller@sudo.ws>
|
|
 |
28a657 |
*
|
|
 |
28a657 |
* Permission to use, copy, modify, and distribute this software for any
|
|
 |
28a657 |
* purpose with or without fee is hereby granted, provided that the above
|
|
 |
28a657 |
@@ -24,6 +24,7 @@
|
|
 |
28a657 |
#else
|
|
 |
28a657 |
# include "compat/stdbool.h"
|
|
 |
28a657 |
#endif
|
|
 |
28a657 |
+#include <errno.h>
|
|
 |
28a657 |
|
|
 |
28a657 |
#include "sudo_compat.h"
|
|
 |
28a657 |
#include "sudo_util.h"
|
|
 |
28a657 |
@@ -78,15 +79,20 @@ static struct strtoid_data {
|
|
 |
28a657 |
id_t id;
|
|
 |
28a657 |
const char *sep;
|
|
 |
28a657 |
const char *ep;
|
|
 |
28a657 |
+ int errnum;
|
|
 |
28a657 |
} strtoid_data[] = {
|
|
 |
28a657 |
- { "0,1", 0, ",", "," },
|
|
 |
28a657 |
- { "10", 10, NULL, NULL },
|
|
 |
28a657 |
- { "-2", -2, NULL, NULL },
|
|
 |
28a657 |
+ { "0,1", 0, ",", ",", 0 },
|
|
 |
28a657 |
+ { "10", 10, NULL, NULL, 0 },
|
|
 |
28a657 |
+ { "-1", 0, NULL, NULL, EINVAL },
|
|
 |
28a657 |
+ { "4294967295", 0, NULL, NULL, EINVAL },
|
|
 |
28a657 |
+ { "4294967296", 0, NULL, NULL, ERANGE },
|
|
 |
28a657 |
+ { "-2147483649", 0, NULL, NULL, ERANGE },
|
|
 |
28a657 |
+ { "-2", -2, NULL, NULL, 0 },
|
|
 |
28a657 |
#if SIZEOF_ID_T != SIZEOF_LONG_LONG
|
|
 |
28a657 |
- { "-2", 4294967294U, NULL, NULL },
|
|
 |
28a657 |
+ { "-2", 4294967294U, NULL, NULL, 0 },
|
|
 |
28a657 |
#endif
|
|
 |
28a657 |
- { "4294967294", 4294967294U, NULL, NULL },
|
|
 |
28a657 |
- { NULL, 0, NULL, NULL }
|
|
 |
28a657 |
+ { "4294967294", 4294967294U, NULL, NULL, 0 },
|
|
 |
28a657 |
+ { NULL, 0, NULL, NULL, 0 }
|
|
 |
28a657 |
};
|
|
 |
28a657 |
|
|
 |
28a657 |
static int
|
|
 |
28a657 |
@@ -102,11 +108,23 @@ test_strtoid(int *ntests)
|
|
 |
28a657 |
(*ntests)++;
|
|
 |
28a657 |
errstr = "some error";
|
|
 |
28a657 |
value = sudo_strtoid(d->idstr, d->sep, &ep, &errstr);
|
|
 |
28a657 |
- if (errstr != NULL) {
|
|
 |
28a657 |
- if (d->id != (id_t)-1) {
|
|
 |
28a657 |
- sudo_warnx_nodebug("FAIL: %s: %s", d->idstr, errstr);
|
|
 |
28a657 |
+ if (d->errnum != 0) {
|
|
 |
28a657 |
+ if (errstr == NULL) {
|
|
 |
28a657 |
+ sudo_warnx_nodebug("FAIL: %s: missing errstr for errno %d",
|
|
 |
28a657 |
+ d->idstr, d->errnum);
|
|
 |
28a657 |
+ errors++;
|
|
 |
28a657 |
+ } else if (value != 0) {
|
|
 |
28a657 |
+ sudo_warnx_nodebug("FAIL: %s should return 0 on error",
|
|
 |
28a657 |
+ d->idstr);
|
|
 |
28a657 |
+ errors++;
|
|
 |
28a657 |
+ } else if (errno != d->errnum) {
|
|
 |
28a657 |
+ sudo_warnx_nodebug("FAIL: %s: errno mismatch, %d != %d",
|
|
 |
28a657 |
+ d->idstr, errno, d->errnum);
|
|
 |
28a657 |
errors++;
|
|
 |
28a657 |
}
|
|
 |
28a657 |
+ } else if (errstr != NULL) {
|
|
 |
28a657 |
+ sudo_warnx_nodebug("FAIL: %s: %s", d->idstr, errstr);
|
|
 |
28a657 |
+ errors++;
|
|
 |
28a657 |
} else if (value != d->id) {
|
|
 |
28a657 |
sudo_warnx_nodebug("FAIL: %s != %u", d->idstr, (unsigned int)d->id);
|
|
 |
28a657 |
errors++;
|
|
 |
28a657 |
diff -up ./plugins/sudoers/regress/testsudoers/test5.out.ok.CVE-strtouid-test ./plugins/sudoers/regress/testsudoers/test5.out.ok
|
|
 |
28a657 |
--- ./plugins/sudoers/regress/testsudoers/test5.out.ok.CVE-strtouid-test 2018-04-29 21:59:23.000000000 +0200
|
|
 |
28a657 |
+++ ./plugins/sudoers/regress/testsudoers/test5.out.ok 2019-10-16 09:29:50.246761680 +0200
|
|
 |
28a657 |
@@ -4,7 +4,7 @@ Parse error in sudoers near line 1.
|
|
 |
28a657 |
Entries for user root:
|
|
 |
28a657 |
|
|
 |
28a657 |
Command unmatched
|
|
 |
28a657 |
-testsudoers: test5.inc should be owned by gid 4294967295
|
|
 |
28a657 |
+testsudoers: test5.inc should be owned by gid 4294967294
|
|
 |
28a657 |
Parse error in sudoers near line 1.
|
|
 |
28a657 |
|
|
 |
28a657 |
Entries for user root:
|
|
 |
28a657 |
diff -up ./plugins/sudoers/regress/testsudoers/test5.sh.CVE-strtouid-test ./plugins/sudoers/regress/testsudoers/test5.sh
|
|
 |
28a657 |
--- ./plugins/sudoers/regress/testsudoers/test5.sh.CVE-strtouid-test 2018-04-29 21:59:23.000000000 +0200
|
|
 |
28a657 |
+++ ./plugins/sudoers/regress/testsudoers/test5.sh 2019-10-16 09:29:50.246761680 +0200
|
|
 |
28a657 |
@@ -24,7 +24,7 @@ EOF
|
|
 |
28a657 |
|
|
 |
28a657 |
# Test group writable
|
|
 |
28a657 |
chmod 664 $TESTFILE
|
|
 |
28a657 |
-./testsudoers -U $MYUID -G -1 root id <
|
|
 |
28a657 |
+./testsudoers -U $MYUID -G -2 root id <
|
|
 |
28a657 |
#include $TESTFILE
|
|
 |
28a657 |
EOF
|
|
 |
28a657 |
|