|
|
f864d0 |
diff -up ./plugins/sudoers/editor.c.other ./plugins/sudoers/editor.c
|
|
|
f864d0 |
--- ./plugins/sudoers/editor.c.other 2023-01-16 17:37:04.659967300 +0100
|
|
|
f864d0 |
+++ ./plugins/sudoers/editor.c 2023-01-16 17:40:35.944400376 +0100
|
|
|
f864d0 |
@@ -39,6 +39,82 @@
|
|
|
f864d0 |
#include "sudoers.h"
|
|
|
f864d0 |
|
|
|
f864d0 |
/*
|
|
|
f864d0 |
+ * Non-destructive word-split that handles single and double quotes and
|
|
|
f864d0 |
+ * escaped white space. Quotes are only recognized at the start of a word.
|
|
|
f864d0 |
+ * They are treated as normal characters inside a word.
|
|
|
f864d0 |
+ */
|
|
|
f864d0 |
+static const char *
|
|
|
f864d0 |
+wordsplit(const char *str, const char *endstr, const char **last)
|
|
|
f864d0 |
+{
|
|
|
f864d0 |
+ const char *cp;
|
|
|
f864d0 |
+ debug_decl(wordsplit, SUDO_DEBUG_UTIL);
|
|
|
f864d0 |
+
|
|
|
f864d0 |
+ /* If no str specified, use last ptr (if any). */
|
|
|
f864d0 |
+ if (str == NULL) {
|
|
|
f864d0 |
+ str = *last;
|
|
|
f864d0 |
+ /* Consume end quote if present. */
|
|
|
f864d0 |
+ if (*str == '"' || *str == '\'')
|
|
|
f864d0 |
+ str++;
|
|
|
f864d0 |
+ }
|
|
|
f864d0 |
+
|
|
|
f864d0 |
+ /* Skip leading white space characters. */
|
|
|
f864d0 |
+ while (str < endstr && (*str == ' ' || *str == '\t'))
|
|
|
f864d0 |
+ str++;
|
|
|
f864d0 |
+
|
|
|
f864d0 |
+ /* Empty string? */
|
|
|
f864d0 |
+ if (str >= endstr) {
|
|
|
f864d0 |
+ *last = endstr;
|
|
|
f864d0 |
+ debug_return_ptr(NULL);
|
|
|
f864d0 |
+ }
|
|
|
f864d0 |
+
|
|
|
f864d0 |
+ /* If word is quoted, skip to end quote and return. */
|
|
|
f864d0 |
+ if (*str == '"' || *str == '\'') {
|
|
|
f864d0 |
+ const char *endquote = memchr(str + 1, *str, endstr - str);
|
|
|
f864d0 |
+ if (endquote != NULL) {
|
|
|
f864d0 |
+ *last = endquote;
|
|
|
f864d0 |
+ debug_return_const_ptr(str + 1);
|
|
|
f864d0 |
+ }
|
|
|
f864d0 |
+ }
|
|
|
f864d0 |
+
|
|
|
f864d0 |
+ /* Scan str until we encounter white space. */
|
|
|
f864d0 |
+ for (cp = str; cp < endstr; cp++) {
|
|
|
f864d0 |
+ if (*cp == '\\') {
|
|
|
f864d0 |
+ /* quoted char, do not interpret */
|
|
|
f864d0 |
+ cp++;
|
|
|
f864d0 |
+ continue;
|
|
|
f864d0 |
+ }
|
|
|
f864d0 |
+ if (*cp == ' ' || *cp == '\t') {
|
|
|
f864d0 |
+ /* end of word */
|
|
|
f864d0 |
+ break;
|
|
|
f864d0 |
+ }
|
|
|
f864d0 |
+ }
|
|
|
f864d0 |
+ *last = cp;
|
|
|
f864d0 |
+ debug_return_const_ptr(str);
|
|
|
f864d0 |
+}
|
|
|
f864d0 |
+
|
|
|
f864d0 |
+/* Copy len chars from string, collapsing chars escaped with a backslash. */
|
|
|
f864d0 |
+static char *
|
|
|
f864d0 |
+copy_arg(const char *src, size_t len)
|
|
|
f864d0 |
+{
|
|
|
f864d0 |
+ const char *src_end = src + len;
|
|
|
f864d0 |
+ char *copy, *dst;
|
|
|
f864d0 |
+ debug_decl(copy_arg, SUDOERS_DEBUG_UTIL);
|
|
|
f864d0 |
+
|
|
|
f864d0 |
+ if ((copy = malloc(len + 1)) != NULL) {
|
|
|
f864d0 |
+ for (dst = copy; src < src_end; ) {
|
|
|
f864d0 |
+ if (*src == '\\') {
|
|
|
f864d0 |
+ src++;
|
|
|
f864d0 |
+ continue;
|
|
|
f864d0 |
+ }
|
|
|
f864d0 |
+ *dst++ = *src++;
|
|
|
f864d0 |
+ }
|
|
|
f864d0 |
+ *dst = '\0';
|
|
|
f864d0 |
+ }
|
|
|
f864d0 |
+
|
|
|
f864d0 |
+ debug_return_ptr(copy);
|
|
|
f864d0 |
+}
|
|
|
f864d0 |
+
|
|
|
f864d0 |
+/*
|
|
|
f864d0 |
* Search for the specified editor in the user's PATH, checking
|
|
|
f864d0 |
* the result against allowlist if non-NULL. An argument vector
|
|
|
f864d0 |
* suitable for execve() is allocated and stored in argv_out.
|
|
|
f864d0 |
@@ -52,7 +128,7 @@ static char *
|
|
|
f864d0 |
resolve_editor(const char *ed, size_t edlen, int nfiles, char **files,
|
|
|
f864d0 |
int *argc_out, char ***argv_out, char * const *allowlist)
|
|
|
f864d0 |
{
|
|
|
f864d0 |
- char **nargv, *editor, *editor_path = NULL;
|
|
|
f864d0 |
+ char **nargv = NULL, *editor = NULL, *editor_path = NULL;
|
|
|
f864d0 |
const char *cp, *ep, *tmp;
|
|
|
f864d0 |
const char *edend = ed + edlen;
|
|
|
f864d0 |
struct stat user_editor_sb;
|
|
|
f864d0 |
@@ -64,14 +140,12 @@ resolve_editor(const char *ed, size_t ed
|
|
|
f864d0 |
* The EDITOR and VISUAL environment variables may contain command
|
|
|
f864d0 |
* line args so look for those and alloc space for them too.
|
|
|
f864d0 |
*/
|
|
|
f864d0 |
- cp = sudo_strsplit(ed, edend, " \t", &ep);
|
|
|
f864d0 |
+ cp = wordsplit(ed, edend, &ep);
|
|
|
f864d0 |
if (cp == NULL)
|
|
|
f864d0 |
debug_return_str(NULL);
|
|
|
f864d0 |
- editor = strndup(cp, (size_t)(ep - cp));
|
|
|
f864d0 |
- if (editor == NULL) {
|
|
|
f864d0 |
- sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory"));
|
|
|
f864d0 |
- debug_return_str(NULL);
|
|
|
f864d0 |
- }
|
|
|
f864d0 |
+ editor = copy_arg(cp, ep - cp);
|
|
|
f864d0 |
+ if (editor == NULL)
|
|
|
f864d0 |
+ goto oom;
|
|
|
f864d0 |
|
|
|
f864d0 |
/* If we can't find the editor in the user's PATH, give up. */
|
|
|
f864d0 |
if (find_path(editor, &editor_path, &user_editor_sb, getenv("PATH"), 0, allowlist) != FOUND) {
|
|
|
f864d0 |
@@ -81,30 +155,22 @@ resolve_editor(const char *ed, size_t ed
|
|
|
f864d0 |
}
|
|
|
f864d0 |
|
|
|
f864d0 |
/* Count rest of arguments and allocate editor argv. */
|
|
|
f864d0 |
- for (nargc = 1, tmp = ep; sudo_strsplit(NULL, edend, " \t", &tmp) != NULL; )
|
|
|
f864d0 |
+ for (nargc = 1, tmp = ep; wordsplit(NULL, edend, &tmp) != NULL; )
|
|
|
f864d0 |
nargc++;
|
|
|
f864d0 |
if (nfiles != 0)
|
|
|
f864d0 |
nargc += nfiles + 1;
|
|
|
f864d0 |
nargv = reallocarray(NULL, nargc + 1, sizeof(char *));
|
|
|
f864d0 |
- if (nargv == NULL) {
|
|
|
f864d0 |
- sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory"));
|
|
|
f864d0 |
- free(editor);
|
|
|
f864d0 |
- free(editor_path);
|
|
|
f864d0 |
- debug_return_str(NULL);
|
|
|
f864d0 |
- }
|
|
|
f864d0 |
+ if (nargv == NULL)
|
|
|
f864d0 |
+ goto oom;
|
|
|
f864d0 |
|
|
|
f864d0 |
/* Fill in editor argv (assumes files[] is NULL-terminated). */
|
|
|
f864d0 |
nargv[0] = editor;
|
|
|
f864d0 |
- for (nargc = 1; (cp = sudo_strsplit(NULL, edend, " \t", &ep)) != NULL; nargc++) {
|
|
|
f864d0 |
- nargv[nargc] = strndup(cp, (size_t)(ep - cp));
|
|
|
f864d0 |
- if (nargv[nargc] == NULL) {
|
|
|
f864d0 |
- sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory"));
|
|
|
f864d0 |
- free(editor_path);
|
|
|
f864d0 |
- while (nargc--)
|
|
|
f864d0 |
- free(nargv[nargc]);
|
|
|
f864d0 |
- free(nargv);
|
|
|
f864d0 |
- debug_return_str(NULL);
|
|
|
f864d0 |
- }
|
|
|
f864d0 |
+ editor = NULL;
|
|
|
f864d0 |
+ for (nargc = 1; (cp = wordsplit(NULL, edend, &ep)) != NULL; nargc++) {
|
|
|
f864d0 |
+ /* Copy string, collapsing chars escaped with a backslash. */
|
|
|
f864d0 |
+ nargv[nargc] = copy_arg(cp, ep - cp);
|
|
|
f864d0 |
+ if (nargv[nargc] == NULL)
|
|
|
f864d0 |
+ goto oom;
|
|
|
f864d0 |
}
|
|
|
f864d0 |
if (nfiles != 0) {
|
|
|
f864d0 |
nargv[nargc++] = "--";
|
|
|
f864d0 |
@@ -116,6 +182,16 @@ resolve_editor(const char *ed, size_t ed
|
|
|
f864d0 |
*argc_out = nargc;
|
|
|
f864d0 |
*argv_out = nargv;
|
|
|
f864d0 |
debug_return_str(editor_path);
|
|
|
f864d0 |
+oom:
|
|
|
f864d0 |
+ sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory"));
|
|
|
f864d0 |
+ free(editor);
|
|
|
f864d0 |
+ free(editor_path);
|
|
|
f864d0 |
+ if (nargv != NULL) {
|
|
|
f864d0 |
+ while (nargc--)
|
|
|
f864d0 |
+ free(nargv[nargc]);
|
|
|
f864d0 |
+ free(nargv);
|
|
|
f864d0 |
+ }
|
|
|
f864d0 |
+ debug_return_str(NULL);
|
|
|
f864d0 |
}
|
|
|
f864d0 |
|
|
|
f864d0 |
/*
|