This patch will upgrade Sudo version 1.9.7 patchlevel 1 to Sudo version 1.9.7 patchlevel 2. To apply: $ cd sudo-1.9.7p1 $ patch -p1 < sudo-1.9.7p2.patch diff -urNa sudo-1.9.7p1/ChangeLog sudo-1.9.7p2/ChangeLog --- sudo-1.9.7p1/ChangeLog Fri Jun 11 13:06:19 2021 +++ sudo-1.9.7p2/ChangeLog Mon Jul 26 18:05:25 2021 @@ -1,7 +1,110 @@ +2021-07-26 Todd C. Miller + + * .hgtags: + Added tag SUDO_1_9_7p2 for changeset 590e06825ec4 + [cf3865846c94] [tip] <1.9> + + * configure, configure.ac: + Bump version to 1.9.7p2 + [590e06825ec4] [SUDO_1_9_7p2] <1.9> + + * NEWS: + Sudo 1.9.7p2 + [c3bd2eb0d779] <1.9> + + * config.h.in, configure, configure.ac, include/sudo_compat.h, + logsrvd/tls_client.c, logsrvd/tls_init.c, + plugins/sudoers/log_client.c: + Use TLS_method() instead of TLS_client_method() throughout. OpenSSL + returns an error for SSL_accept() if TLS_client_method() was used to + generate the context (LibreSSL doesn't care). + + Prior to sudo 1.9.7, TLS_client_method() and TLS_server_method() + were used in the TLS client and server initialization code + respectively. This was refactored in sudo 1.9.7 to allow the code to + be shared. Bug #988 + [f2bf4aca30d4] <1.9> + + * plugins/sudoers/regress/fuzz/fuzz_policy.c: + Only replace getaddrinfo for + FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION. This works around an issue + on SCO which uses inline functions in the header files which call + the actual, versioned, library function. + [f010d83f0168] <1.9> + +2021-07-26 MertsA + + * src/utmp.c: + Rewind utmp file pointer after searching for entry (#108) + + getutline() advances the file pointer until it matches or reaches + EOF. pututline() starts from the current position in utmp. This + rewinds the file pointer to the beginning to avoid allocating + additional spurious utmp entries. + [af1463026fd1] <1.9> + +2021-07-25 Todd C. Miller + + * config.h.in, configure, configure.ac, include/sudo_compat.h: + Add configure check for va_copy instead of using #ifdef This + prevents the va_copy compat #define from being used if sudo_compat.h + is somehow included before stdarg.h. + [6d283753e47b] <1.9> + +2021-07-23 Todd C. Miller + + * src/limits.c: + Avoid using RLIM_INFINITY for the nofile soft limit to prevent + closefrom_fallback() from closing too many file descriptors. + [edbcd5c82d4d] <1.9> + +2021-07-08 Todd C. Miller + + * plugins/python/python_plugin_common.c: + Check that the python module we actually loaded is what we intended. + This is intended to provide a more useful error message if the user + defines a module which conflicts with a system python module. For + example, a module called test.py would conflicts with the system + python test module. + [345523b6e87d] <1.9> + +2021-06-26 Todd C. Miller + + * src/sesh.c, src/sudo.c, src/sudo_edit.c: + Don't assume that the number of groups returned by getgroups() is + static. On systems where getgroups() returns results based on more + than just the per-process group vector in the kernel it is possible + for the number of groups to change in between invocations. Based on + GitHub PR #106 from Pierre-Olivier Martel. + [832fa2480024] <1.9> + +2021-06-21 Todd C. Miller + + * lib/fuzzstub/fuzzstub.c: + Change ms from size_t to long. Avoids a spurious test failure on + Solaris 9 + [5e204b959000] <1.9> + + * plugins/sudoers/interfaces.c, src/net_ifs.c: + Move definition of INADDR_NONE from interfaces.c to net_ifs.c. Fixes + compilation on Solaris 9. + [d05bca21f145] <1.9> + +2021-06-16 Todd C. Miller + + * plugins/audit_json/audit_json.c: + Make sure we store an octal number (like umask) as a string. JSON + doesn't (portably) support octal numbers with a leading zero. + [a0c8392f2f7a] <1.9> + 2021-06-11 Todd C. Miller + * .hgtags: + Added tag SUDO_1_9_7p1 for changeset d936a99e842d + [9bc246c519f3] <1.9> + * Merge sudo 1.9.7p1 from tip - [d936a99e842d] [tip] <1.9> + [d936a99e842d] [SUDO_1_9_7p1] <1.9> * NEWS, configure, configure.ac: Sudo 1.9.7p1 diff -urNa sudo-1.9.7p1/NEWS sudo-1.9.7p2/NEWS --- sudo-1.9.7p1/NEWS Fri Jun 11 13:04:29 2021 +++ sudo-1.9.7p2/NEWS Mon Jul 26 17:58:53 2021 @@ -1,3 +1,35 @@ +What's new in Sudo 1.9.7p2 + + * When formatting JSON output, octal numbers are now stored as + strings, not numbers. The JSON spec does not actually support + octal numbers with a '0' prefix. + + * Fixed a compilation issue on Solaris 9. + + * Sudo now can handle the getgroups() function returning a different + number of groups for subsequent invocations. GitHub PR #106. + + * When loading a Python plugin, python_plugin.so now verifies + that the module loaded matches the one we tried to load. This + allows sudo to display a more useful error message when trying + to load a plugin with a name that conflicts with a Python module + installed in the system location. + + * Sudo no longer sets the the open files resource limit to "unlimited" + while it runs. This avoids a problem where sudo's closefrom() + emulation would need to close a very large number of descriptors + on systems without a way to determine which ones are actually open. + + * Sudo now includes a configure check for va_copy or __va_copy and + only defines its own version if the configure test fails. + + * Fixed a bug in sudo's utmp file handling which prevented old + entries from being reused. As a result, the utmp (or utmpx) + file was appended to unnecessarily. GitHub PR #108. + + * Fixed a bug introduced in sudo 1.9.7 that prevented sudo_logsrvd + from accepting TLS connections when OpenSSL is used. Bug #988. + What's new in Sudo 1.9.7p1 * Fixed an SELinux sudoedit bug when the edited temporary file diff -urNa sudo-1.9.7p1/config.h.in sudo-1.9.7p2/config.h.in --- sudo-1.9.7p1/config.h.in Tue May 11 14:54:52 2021 +++ sudo-1.9.7p2/config.h.in Mon Jul 26 17:37:31 2021 @@ -928,12 +928,9 @@ /* Define to 1 if you have the header file. */ #undef HAVE_SYS_TYPES_H -/* Define to 1 if you have the `TLS_client_method' function. */ -#undef HAVE_TLS_CLIENT_METHOD +/* Define to 1 if you have the `TLS_method' function. */ +#undef HAVE_TLS_METHOD -/* Define to 1 if you have the `TLS_server_method' function. */ -#undef HAVE_TLS_SERVER_METHOD - /* Define to 1 if you have the `ttyslot' function. */ #undef HAVE_TTYSLOT @@ -967,6 +964,9 @@ /* Define to 1 if you have the `vasprintf' function. */ #undef HAVE_VASPRINTF +/* Define to 1 if you have the `va_copy' function. */ +#undef HAVE_VA_COPY + /* Define to 1 if you have the `vsnprintf' function. */ #undef HAVE_VSNPRINTF @@ -1020,6 +1020,9 @@ /* Define to 1 if your crt0.o defines the __progname symbol for you. */ #undef HAVE___PROGNAME + +/* Define to 1 if you have the `__va_copy' function. */ +#undef HAVE___VA_COPY /* Define to 1 if you want the hostname to be entered into the log file. */ #undef HOST_IN_LOG diff -urNa sudo-1.9.7p1/configure sudo-1.9.7p2/configure --- sudo-1.9.7p1/configure Fri Jun 11 13:04:29 2021 +++ sudo-1.9.7p2/configure Mon Jul 26 18:03:37 2021 @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.71 for sudo 1.9.7p1. +# Generated by GNU Autoconf 2.71 for sudo 1.9.7p2. # # Report bugs to . # @@ -621,8 +621,8 @@ # Identity of this package. PACKAGE_NAME='sudo' PACKAGE_TARNAME='sudo' -PACKAGE_VERSION='1.9.7p1' -PACKAGE_STRING='sudo 1.9.7p1' +PACKAGE_VERSION='1.9.7p2' +PACKAGE_STRING='sudo 1.9.7p2' PACKAGE_BUGREPORT='https://bugzilla.sudo.ws/' PACKAGE_URL='' @@ -1617,7 +1617,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures sudo 1.9.7p1 to adapt to many kinds of systems. +\`configure' configures sudo 1.9.7p2 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1683,7 +1683,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of sudo 1.9.7p1:";; + short | recursive ) echo "Configuration of sudo 1.9.7p2:";; esac cat <<\_ACEOF @@ -1967,7 +1967,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -sudo configure 1.9.7p1 +sudo configure 1.9.7p2 generated by GNU Autoconf 2.71 Copyright (C) 2021 Free Software Foundation, Inc. @@ -2624,7 +2624,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by sudo $as_me 1.9.7p1, which was +It was created by sudo $as_me 1.9.7p2, which was generated by GNU Autoconf 2.71. Invocation command line was $ $0$ac_configure_args_raw @@ -22461,19 +22461,13 @@ printf "%s\n" "#define HAVE_SSL_CTX_GET0_CERTIFICATE 1" >>confdefs.h fi -ac_fn_c_check_func "$LINENO" "TLS_client_method" "ac_cv_func_TLS_client_method" -if test "x$ac_cv_func_TLS_client_method" = xyes +ac_fn_c_check_func "$LINENO" "TLS_method" "ac_cv_func_TLS_method" +if test "x$ac_cv_func_TLS_method" = xyes then : - printf "%s\n" "#define HAVE_TLS_CLIENT_METHOD 1" >>confdefs.h + printf "%s\n" "#define HAVE_TLS_METHOD 1" >>confdefs.h fi -ac_fn_c_check_func "$LINENO" "TLS_server_method" "ac_cv_func_TLS_server_method" -if test "x$ac_cv_func_TLS_server_method" = xyes -then : - printf "%s\n" "#define HAVE_TLS_SERVER_METHOD 1" >>confdefs.h -fi - # SSL_CTX_set_min_proto_version may be a macro ac_fn_check_decl "$LINENO" "SSL_CTX_set_min_proto_version" "ac_cv_have_decl_SSL_CTX_set_min_proto_version" " $ac_includes_default @@ -23343,7 +23337,79 @@ esac LIBS="$OLIBS" +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for va_copy" >&5 +printf %s "checking for va_copy... " >&6; } +if test ${sudo_cv_func_va_copy+y} +then : + printf %s "(cached) " >&6 +else $as_nop + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + va_list ap1, ap2; +int +main (void) +{ +va_copy(ap1, ap2); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO" +then : + sudo_cv_func_va_copy=yes +else $as_nop + sudo_cv_func_va_copy=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam \ + conftest$ac_exeext conftest.$ac_ext + +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $sudo_cv_func_va_copy" >&5 +printf "%s\n" "$sudo_cv_func_va_copy" >&6; } +if test "$sudo_cv_func_va_copy" = "yes"; then + printf "%s\n" "#define HAVE_VA_COPY 1" >>confdefs.h + +else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for __va_copy" >&5 +printf %s "checking for __va_copy... " >&6; } +if test ${sudo_cv_func___va_copy+y} +then : + printf %s "(cached) " >&6 +else $as_nop + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + va_list ap1, ap2; +int +main (void) +{ +__va_copy(ap1, ap2); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO" +then : + sudo_cv_func___va_copy=yes +else $as_nop + sudo_cv_func___va_copy=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam \ + conftest$ac_exeext conftest.$ac_ext + +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $sudo_cv_func___va_copy" >&5 +printf "%s\n" "$sudo_cv_func___va_copy" >&6; } + if test "$sudo_cv_func___va_copy" = "yes"; then + printf "%s\n" "#define HAVE___VA_COPY 1" >>confdefs.h + + fi +fi + + for ac_func in getprogname do : ac_fn_c_check_func "$LINENO" "getprogname" "ac_cv_func_getprogname" @@ -29854,7 +29920,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by sudo $as_me 1.9.7p1, which was +This file was extended by sudo $as_me 1.9.7p2, which was generated by GNU Autoconf 2.71. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -29922,7 +29988,7 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config='$ac_cs_config_escaped' ac_cs_version="\\ -sudo config.status 1.9.7p1 +sudo config.status 1.9.7p2 configured by $0, generated by GNU Autoconf 2.71, with options \\"\$ac_cs_config\\" @@ -31692,6 +31758,8 @@ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: You may need to create a startup item to do this." >&5 printf "%s\n" "$as_me: You may need to create a startup item to do this." >&6;} fi + + diff -urNa sudo-1.9.7p1/configure.ac sudo-1.9.7p2/configure.ac --- sudo-1.9.7p1/configure.ac Fri Jun 11 13:04:29 2021 +++ sudo-1.9.7p2/configure.ac Mon Jul 26 18:03:37 2021 @@ -18,7 +18,7 @@ dnl OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. dnl AC_PREREQ([2.70]) -AC_INIT([sudo], [1.9.7p1], [https://bugzilla.sudo.ws/], [sudo]) +AC_INIT([sudo], [1.9.7p2], [https://bugzilla.sudo.ws/], [sudo]) AC_CONFIG_HEADERS([config.h pathnames.h]) AC_CONFIG_SRCDIR([src/sudo.c]) AC_CONFIG_AUX_DIR([scripts]) @@ -2999,7 +2999,7 @@ if test "${enable_openssl-no}" != no; then OLIBS="$LIBS" LIBS="$LIBS $LIBTLS" - AC_CHECK_FUNCS([X509_STORE_CTX_get0_cert ASN1_STRING_get0_data SSL_CTX_get0_certificate TLS_client_method TLS_server_method]) + AC_CHECK_FUNCS([X509_STORE_CTX_get0_cert ASN1_STRING_get0_data SSL_CTX_get0_certificate TLS_method]) # SSL_CTX_set_min_proto_version may be a macro AC_CHECK_DECL([SSL_CTX_set_min_proto_version], [AC_DEFINE(HAVE_SSL_CTX_SET_MIN_PROTO_VERSION)], [], [ AC_INCLUDES_DEFAULT @@ -3232,6 +3232,27 @@ LIBS="$OLIBS" dnl +dnl Check for va_copy or __va_copy in stdarg.h +dnl +AC_CACHE_CHECK([for va_copy], sudo_cv_func_va_copy, [ + AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include + va_list ap1, ap2;]], [[va_copy(ap1, ap2);]])], + [sudo_cv_func_va_copy=yes], [sudo_cv_func_va_copy=no]) +]) +if test "$sudo_cv_func_va_copy" = "yes"; then + AC_DEFINE(HAVE_VA_COPY) +else + AC_CACHE_CHECK([for __va_copy], sudo_cv_func___va_copy, [ + AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include + va_list ap1, ap2;]], [[__va_copy(ap1, ap2);]])], + [sudo_cv_func___va_copy=yes], [sudo_cv_func___va_copy=no]) + ]) + if test "$sudo_cv_func___va_copy" = "yes"; then + AC_DEFINE(HAVE___VA_COPY) + fi +fi + +dnl dnl Check for getprogname()/setprogname() or __progname dnl AC_CHECK_FUNCS([getprogname], [ @@ -5133,6 +5154,8 @@ AH_TEMPLATE(HAVE_SSL_CTX_SET_CIPHERSUITES, [Define to 1 if you have the `SSL_CTX_set_ciphersuites' function or macro.]) AH_TEMPLATE(SUDOERS_LOG_CLIENT, [Define to 1 to compile support for sudo_logsrvd in the sudoers plugin.]) AH_TEMPLATE(HAVE_FALLTHROUGH_ATTRIBUTE, [Define to 1 if the compiler supports the fallthrough attribute.]) +AH_TEMPLATE(HAVE_VA_COPY, [Define to 1 if you have the `va_copy' function.]) +AH_TEMPLATE(HAVE___VA_COPY, [Define to 1 if you have the `__va_copy' function.]) dnl dnl Bits to copy verbatim into config.h.in diff -urNa sudo-1.9.7p1/include/sudo_compat.h sudo-1.9.7p2/include/sudo_compat.h --- sudo-1.9.7p1/include/sudo_compat.h Sat Mar 13 08:47:23 2021 +++ sudo-1.9.7p2/include/sudo_compat.h Mon Jul 26 17:36:51 2021 @@ -91,8 +91,8 @@ /* * Pre-C99 compilers may lack a va_copy macro. */ -#ifndef va_copy -# ifdef __va_copy +#ifndef HAVE_VA_COPY +# ifdef HAVE___VA_COPY # define va_copy(d, s) __va_copy(d, s) # else # define va_copy(d, s) memcpy(&(d), &(s), sizeof(d)); @@ -358,11 +358,8 @@ # ifndef HAVE_ASN1_STRING_GET0_DATA # define ASN1_STRING_get0_data(x) ASN1_STRING_data(x) # endif -# ifndef HAVE_TLS_CLIENT_METHOD -# define TLS_client_method() SSLv23_client_method() -# endif -# ifndef HAVE_TLS_SERVER_METHOD -# define TLS_server_method() SSLv23_server_method() +# ifndef HAVE_TLS_METHOD +# define TLS_method() SSLv23_method() # endif #endif /* HAVE_OPENSSL */ diff -urNa sudo-1.9.7p1/lib/fuzzstub/fuzzstub.c sudo-1.9.7p2/lib/fuzzstub/fuzzstub.c --- sudo-1.9.7p1/lib/fuzzstub/fuzzstub.c Fri Jun 11 13:04:29 2021 +++ sudo-1.9.7p2/lib/fuzzstub/fuzzstub.c Mon Jul 26 17:35:15 2021 @@ -57,10 +57,11 @@ { struct timespec start_time, stop_time; size_t filesize, bufsize = 0; - ssize_t nread, ms; + ssize_t nread; struct stat sb; uint8_t *buf = NULL; int fd, i, errors = 0; + long ms; /* Test provided input files. */ for (i = 1; i < argc; i++) { @@ -112,7 +113,7 @@ sudo_gettime_mono(&stop_time); sudo_timespecsub(&stop_time, &start_time, &stop_time); ms = (stop_time.tv_sec * 1000) + (stop_time.tv_nsec / 1000000); - fprintf(stderr, "Executed %s in %zd ms\n", argv[i], ms); + fprintf(stderr, "Executed %s in %ld ms\n", argv[i], ms); } free(buf); diff -urNa sudo-1.9.7p1/logsrvd/tls_client.c sudo-1.9.7p2/logsrvd/tls_client.c --- sudo-1.9.7p1/logsrvd/tls_client.c Tue May 11 14:54:52 2021 +++ sudo-1.9.7p2/logsrvd/tls_client.c Mon Jul 26 17:36:50 2021 @@ -231,7 +231,7 @@ debug_decl(tls_client_setup, SUDO_DEBUG_UTIL); ssl_ctx = init_tls_context(ca_bundle_file, cert_file, key_file, - dhparam_file, ciphers_v12,ciphers_v13, verify_server); + dhparam_file, ciphers_v12, ciphers_v13, verify_server); if (ssl_ctx == NULL) { sudo_warnx(U_("unable to initialize TLS context")); debug_return_bool(false); diff -urNa sudo-1.9.7p1/logsrvd/tls_init.c sudo-1.9.7p2/logsrvd/tls_init.c --- sudo-1.9.7p1/logsrvd/tls_init.c Tue May 11 14:54:52 2021 +++ sudo-1.9.7p2/logsrvd/tls_init.c Mon Jul 26 17:36:51 2021 @@ -195,7 +195,7 @@ } /* Create the ssl context and enforce TLS 1.2 or higher. */ - if ((ctx = SSL_CTX_new(TLS_client_method())) == NULL) { + if ((ctx = SSL_CTX_new(TLS_method())) == NULL) { errstr = ERR_reason_error_string(ERR_get_error()); sudo_warnx(U_("unable to create TLS context: %s"), errstr); goto bad; diff -urNa sudo-1.9.7p1/plugins/audit_json/audit_json.c sudo-1.9.7p2/plugins/audit_json/audit_json.c --- sudo-1.9.7p1/plugins/audit_json/audit_json.c Fri Jun 11 13:04:29 2021 +++ sudo-1.9.7p2/plugins/audit_json/audit_json.c Mon Jul 26 17:34:20 2021 @@ -216,9 +216,22 @@ /* Check for bool or number. */ json_value.type = JSON_NULL; - switch (*cp) { - case '+': case '-': case '0': case '1': case '2': case '3': - case '4': case '5': case '6': case '7': case '8': case '9': + switch (cp[0]) { + case '0': + if (cp[1] == '\0') { + /* Only treat a plain "0" as number 0. */ + json_value.u.number = 0; + json_value.type = JSON_NUMBER; + } + break; + case '+': case '-': + if (cp[1] == '0') { + /* Encode octal numbers as strings. */ + break; + } + FALLTHROUGH; + case '1': case '2': case '3': case '4': case '5': + case '6': case '7': case '8': case '9': json_value.u.number = sudo_strtonum(cp, INT_MIN, INT_MAX, &errstr); if (errstr == NULL) json_value.type = JSON_NUMBER; diff -urNa sudo-1.9.7p1/plugins/python/python_plugin_common.c sudo-1.9.7p2/plugins/python/python_plugin_common.c --- sudo-1.9.7p1/plugins/python/python_plugin_common.c Sat Mar 13 08:46:13 2021 +++ sudo-1.9.7p2/plugins/python/python_plugin_common.c Mon Jul 26 17:35:41 2021 @@ -59,7 +59,7 @@ } CPYCHECKER_NEGATIVE_RESULT_SETS_EXCEPTION -int +static int _append_python_path(const char *module_dir) { debug_decl(_append_python_path, PYTHON_DEBUG_PLUGIN_LOAD); @@ -92,6 +92,7 @@ static PyObject * _import_module(const char *path) { + PyObject *module; debug_decl(_import_module, PYTHON_DEBUG_PLUGIN_LOAD); sudo_debug_printf(SUDO_DEBUG_DIAG, "importing module: %s\n", path); @@ -118,7 +119,22 @@ if (_append_python_path(module_dir) < 0) debug_return_ptr(NULL); - debug_return_ptr(PyImport_ImportModule(module_name)); + module = PyImport_ImportModule(module_name); + if (module != NULL) { + PyObject *py_loaded_path = PyObject_GetAttrString(module, "__file__"); + if (py_loaded_path != NULL) { + const char *loaded_path = PyUnicode_AsUTF8(py_loaded_path); + /* If path is a directory, loaded_path may be a file inside it. */ + if (strncmp(loaded_path, path, strlen(path)) != 0) { + PyErr_Format(PyExc_Exception, + "module name conflict, tried to load %s, got %s", + path, loaded_path); + Py_CLEAR(module); + } + Py_DECREF(py_loaded_path); + } + } + debug_return_ptr(module); } static PyThreadState * diff -urNa sudo-1.9.7p1/plugins/sudoers/interfaces.c sudo-1.9.7p2/plugins/sudoers/interfaces.c --- sudo-1.9.7p1/plugins/sudoers/interfaces.c Sat Mar 13 08:46:13 2021 +++ sudo-1.9.7p2/plugins/sudoers/interfaces.c Mon Jul 26 17:35:09 2021 @@ -40,10 +40,6 @@ #include "sudoers.h" #include "interfaces.h" -#ifndef INADDR_NONE -# define INADDR_NONE ((unsigned int)-1) -#endif - static struct interface_list interfaces = SLIST_HEAD_INITIALIZER(interfaces); /* diff -urNa sudo-1.9.7p1/plugins/sudoers/log_client.c sudo-1.9.7p2/plugins/sudoers/log_client.c --- sudo-1.9.7p1/plugins/sudoers/log_client.c Fri Jun 11 13:04:29 2021 +++ sudo-1.9.7p2/plugins/sudoers/log_client.c Mon Jul 26 17:36:50 2021 @@ -188,7 +188,7 @@ SSL_load_error_strings(); /* Create the ssl context and enforce TLS 1.2 or higher. */ - if ((closure->ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL) { + if ((closure->ssl_ctx = SSL_CTX_new(TLS_method())) == NULL) { errstr = ERR_reason_error_string(ERR_get_error()); sudo_warnx(U_("Creation of new SSL_CTX object failed: %s"), errstr); goto bad; diff -urNa sudo-1.9.7p1/plugins/sudoers/regress/fuzz/fuzz_policy.c sudo-1.9.7p2/plugins/sudoers/regress/fuzz/fuzz_policy.c --- sudo-1.9.7p1/plugins/sudoers/regress/fuzz/fuzz_policy.c Tue May 11 14:54:52 2021 +++ sudo-1.9.7p2/plugins/sudoers/regress/fuzz/fuzz_policy.c Mon Jul 26 17:36:44 2021 @@ -148,12 +148,18 @@ return 0; } +/* + * The fuzzing environment may not have DNS available, this may result + * in long delays that cause a timeout when fuzzing. This getaddrinfo() + * can look up "localhost" and returns an error for anything else. + */ +#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION int -#ifdef HAVE_GETADDRINFO +# ifdef HAVE_GETADDRINFO getaddrinfo( -#else +# else sudo_getaddrinfo( -#endif +# endif const char *nodename, const char *servname, const struct addrinfo *hints, struct addrinfo **res) { @@ -185,11 +191,11 @@ } void -#ifdef HAVE_GETADDRINFO +# ifdef HAVE_GETADDRINFO freeaddrinfo(struct addrinfo *ai) -#else +# else sudo_freeaddrinfo(struct addrinfo *ai) -#endif +# endif { struct addrinfo *next; @@ -200,6 +206,7 @@ ai = next; } } +#endif /* FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION */ enum fuzz_policy_pass { PASS_NONE, diff -urNa sudo-1.9.7p1/src/limits.c sudo-1.9.7p2/src/limits.c --- sudo-1.9.7p1/src/limits.c Tue May 11 14:54:52 2021 +++ sudo-1.9.7p2/src/limits.c Mon Jul 26 17:36:17 2021 @@ -1,7 +1,7 @@ /* * SPDX-License-Identifier: ISC * - * Copyright (c) 1999-2020 Todd C. Miller + * Copyright (c) 1999-2021 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -35,6 +35,10 @@ #include "sudo.h" +/* + * Avoid using RLIM_INFINITY for the nofile soft limit to prevent + * closefrom_fallback() from closing too many file descriptors. + */ #if defined(OPEN_MAX) && OPEN_MAX > 256 # define SUDO_OPEN_MAX OPEN_MAX #else @@ -66,7 +70,6 @@ * the stack hard limit to be infinite. * Linux containers have a problem with an infinite stack soft limit. */ -static struct rlimit nofile_fallback = { SUDO_OPEN_MAX, RLIM_INFINITY }; static struct rlimit stack_fallback = { SUDO_STACK_MIN, 65532 * 1024 }; static struct saved_limit { @@ -141,9 +144,9 @@ RLIMIT_NOFILE, true, /* override */ false, /* saved */ - RLIM_INFINITY, /* minlimit */ - &nofile_fallback, - { RLIM_INFINITY, RLIM_INFINITY } + SUDO_OPEN_MAX, /* minlimit */ + NULL, + { SUDO_OPEN_MAX, RLIM_INFINITY } }, #ifdef RLIMIT_NPROC { diff -urNa sudo-1.9.7p1/src/net_ifs.c sudo-1.9.7p2/src/net_ifs.c --- sudo-1.9.7p1/src/net_ifs.c Tue May 11 14:54:52 2021 +++ sudo-1.9.7p2/src/net_ifs.c Mon Jul 26 17:35:09 2021 @@ -82,6 +82,10 @@ # define INET6_ADDRSTRLEN 46 #endif +#ifndef INADDR_NONE +# define INADDR_NONE 0xffffffffU +#endif + #if defined(STUB_LOAD_INTERFACES) || \ !(defined(HAVE_GETIFADDRS) || defined(SIOCGIFCONF) || defined(SIOCGLIFCONF)) diff -urNa sudo-1.9.7p1/src/sesh.c sudo-1.9.7p2/src/sesh.c --- sudo-1.9.7p1/src/sesh.c Sat Mar 13 08:47:23 2021 +++ sudo-1.9.7p2/src/sesh.c Mon Jul 26 17:35:27 2021 @@ -408,8 +408,10 @@ U_("unable to allocate memory")); debug_return_int(SESH_ERR_FAILURE); } - if (getgroups(run_cred.ngroups, run_cred.groups) < 0) { + run_cred.ngroups = getgroups(run_cred.ngroups, run_cred.groups); + if (run_cred.ngroups < 0) { sudo_warn("%s", U_("unable to get group list")); + free(run_cred.groups); debug_return_int(SESH_ERR_FAILURE); } } else { diff -urNa sudo-1.9.7p1/src/sudo.c sudo-1.9.7p2/src/sudo.c --- sudo-1.9.7p1/src/sudo.c Sat Mar 13 08:47:23 2021 +++ sudo-1.9.7p2/src/sudo.c Mon Jul 26 17:35:27 2021 @@ -443,7 +443,8 @@ cred->groups = reallocarray(NULL, cred->ngroups, sizeof(GETGROUPS_T)); if (cred->groups == NULL) goto done; - if (getgroups(cred->ngroups, cred->groups) < 0) { + cred->ngroups = getgroups(cred->ngroups, cred->groups); + if (cred->ngroups < 0) { sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO, "%s: unable to get %d groups via getgroups()", __func__, cred->ngroups); diff -urNa sudo-1.9.7p1/src/sudo_edit.c sudo-1.9.7p2/src/sudo_edit.c --- sudo-1.9.7p1/src/sudo_edit.c Fri Jun 11 13:04:29 2021 +++ sudo-1.9.7p2/src/sudo_edit.c Mon Jul 26 17:35:27 2021 @@ -89,7 +89,8 @@ sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); debug_return_bool(false); } - if (getgroups(saved_cred.ngroups, saved_cred.groups) < 0) { + saved_cred.ngroups = getgroups(saved_cred.ngroups, saved_cred.groups); + if (saved_cred.ngroups < 0) { sudo_warn("%s", U_("unable to get group list")); free(saved_cred.groups); debug_return_bool(false); diff -urNa sudo-1.9.7p1/src/utmp.c sudo-1.9.7p2/src/utmp.c --- sudo-1.9.7p1/src/utmp.c Sat Mar 13 08:46:14 2021 +++ sudo-1.9.7p2/src/utmp.c Mon Jul 26 17:36:34 2021 @@ -210,6 +210,7 @@ memset(&utbuf, 0, sizeof(utbuf)); strncpy(utbuf.ut_line, from_line, sizeof(utbuf.ut_line)); ut_old = sudo_getutline(&utbuf); + sudo_setutent(); } utmp_fill(to_line, user, ut_old, &utbuf); if (sudo_pututline(&utbuf) != NULL)