rpms / sudo

Clone
Source Code
GIT

Files

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s c9 c9-beta
  1.   c7
  2.   SOURCES
  3.   sudo-1.9.12-CVE-2023-22809-whitelist.patch
Blob Blame History Raw 
diff -up ./plugins/sudoers/editor.c.whitelist ./plugins/sudoers/editor.c
--- ./plugins/sudoers/editor.c.whitelist	2023-01-16 17:31:58.108335076 +0100
+++ ./plugins/sudoers/editor.c	2023-01-16 17:33:37.375547672 +0100
@@ -40,7 +40,7 @@
 
 /*
  * Search for the specified editor in the user's PATH, checking
- * the result against whitelist if non-NULL.  An argument vector
+ * the result against allowlist if non-NULL.  An argument vector
  * suitable for execve() is allocated and stored in argv_out.
  * If nfiles is non-zero, files[] is added to the end of argv_out.
  *
@@ -50,7 +50,7 @@
  */
 static char *
 resolve_editor(const char *ed, size_t edlen, int nfiles, char **files,
-    int *argc_out, char ***argv_out, char * const *whitelist)
+    int *argc_out, char ***argv_out, char * const *allowlist)
 {
     char **nargv, *editor, *editor_path = NULL;
     const char *cp, *ep, *tmp;
@@ -74,7 +74,7 @@ resolve_editor(const char *ed, size_t ed
     }
 
     /* If we can't find the editor in the user's PATH, give up. */
-    if (find_path(editor, &editor_path, &user_editor_sb, getenv("PATH"), 0, whitelist) != FOUND) {
+    if (find_path(editor, &editor_path, &user_editor_sb, getenv("PATH"), 0, allowlist) != FOUND) {
 	free(editor);
 	errno = ENOENT;
 	debug_return_str(NULL);
@@ -130,7 +130,7 @@ resolve_editor(const char *ed, size_t ed
  */
 char *
 find_editor(int nfiles, char **files, int *argc_out, char ***argv_out,
-     char * const *whitelist, const char **env_editor, bool env_error)
+     char * const *allowlist, const char **env_editor, bool env_error)
 {
     char *ev[3], *editor_path = NULL;
     unsigned int i;
@@ -149,7 +149,7 @@ find_editor(int nfiles, char **files, in
 	if (editor != NULL && *editor != '\0') {
 	    *env_editor = editor;
 	    editor_path = resolve_editor(editor, strlen(editor),
-		nfiles, files, argc_out, argv_out, whitelist);
+		nfiles, files, argc_out, argv_out, allowlist);
 	    if (editor_path != NULL)
 		break;
 	    if (errno != ENOENT)
@@ -169,7 +169,7 @@ find_editor(int nfiles, char **files, in
 	for (cp = sudo_strsplit(def_editor, def_editor_end, ":", &ep);
 	    cp != NULL; cp = sudo_strsplit(NULL, def_editor_end, ":", &ep)) {
 	    editor_path = resolve_editor(cp, (size_t)(ep - cp), nfiles,
-		files, argc_out, argv_out, whitelist);
+		files, argc_out, argv_out, allowlist);
 	    if (editor_path != NULL)
 		break;
 	    if (errno != ENOENT)

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation