Blame SOURCES/sudo-1.9.12-CVE-2023-22809-whitelist.patch

f864d0
diff -up ./plugins/sudoers/editor.c.whitelist ./plugins/sudoers/editor.c
f864d0
--- ./plugins/sudoers/editor.c.whitelist	2023-01-16 17:31:58.108335076 +0100
f864d0
+++ ./plugins/sudoers/editor.c	2023-01-16 17:33:37.375547672 +0100
f864d0
@@ -40,7 +40,7 @@
f864d0
 
f864d0
 /*
f864d0
  * Search for the specified editor in the user's PATH, checking
f864d0
- * the result against whitelist if non-NULL.  An argument vector
f864d0
+ * the result against allowlist if non-NULL.  An argument vector
f864d0
  * suitable for execve() is allocated and stored in argv_out.
f864d0
  * If nfiles is non-zero, files[] is added to the end of argv_out.
f864d0
  *
f864d0
@@ -50,7 +50,7 @@
f864d0
  */
f864d0
 static char *
f864d0
 resolve_editor(const char *ed, size_t edlen, int nfiles, char **files,
f864d0
-    int *argc_out, char ***argv_out, char * const *whitelist)
f864d0
+    int *argc_out, char ***argv_out, char * const *allowlist)
f864d0
 {
f864d0
     char **nargv, *editor, *editor_path = NULL;
f864d0
     const char *cp, *ep, *tmp;
f864d0
@@ -74,7 +74,7 @@ resolve_editor(const char *ed, size_t ed
f864d0
     }
f864d0
 
f864d0
     /* If we can't find the editor in the user's PATH, give up. */
f864d0
-    if (find_path(editor, &editor_path, &user_editor_sb, getenv("PATH"), 0, whitelist) != FOUND) {
f864d0
+    if (find_path(editor, &editor_path, &user_editor_sb, getenv("PATH"), 0, allowlist) != FOUND) {
f864d0
 	free(editor);
f864d0
 	errno = ENOENT;
f864d0
 	debug_return_str(NULL);
f864d0
@@ -130,7 +130,7 @@ resolve_editor(const char *ed, size_t ed
f864d0
  */
f864d0
 char *
f864d0
 find_editor(int nfiles, char **files, int *argc_out, char ***argv_out,
f864d0
-     char * const *whitelist, const char **env_editor, bool env_error)
f864d0
+     char * const *allowlist, const char **env_editor, bool env_error)
f864d0
 {
f864d0
     char *ev[3], *editor_path = NULL;
f864d0
     unsigned int i;
f864d0
@@ -149,7 +149,7 @@ find_editor(int nfiles, char **files, in
f864d0
 	if (editor != NULL && *editor != '\0') {
f864d0
 	    *env_editor = editor;
f864d0
 	    editor_path = resolve_editor(editor, strlen(editor),
f864d0
-		nfiles, files, argc_out, argv_out, whitelist);
f864d0
+		nfiles, files, argc_out, argv_out, allowlist);
f864d0
 	    if (editor_path != NULL)
f864d0
 		break;
f864d0
 	    if (errno != ENOENT)
f864d0
@@ -169,7 +169,7 @@ find_editor(int nfiles, char **files, in
f864d0
 	for (cp = sudo_strsplit(def_editor, def_editor_end, ":", &ep);
f864d0
 	    cp != NULL; cp = sudo_strsplit(NULL, def_editor_end, ":", &ep)) {
f864d0
 	    editor_path = resolve_editor(cp, (size_t)(ep - cp), nfiles,
f864d0
-		files, argc_out, argv_out, whitelist);
f864d0
+		files, argc_out, argv_out, allowlist);
f864d0
 	    if (editor_path != NULL)
f864d0
 		break;
f864d0
 	    if (errno != ENOENT)