Overview

File sudo-1.8.10p3-CVE-2017-1000367.patch of Package sudo.18794

Index: sudo-1.8.10p3/src/ttyname.c
===================================================================
--- sudo-1.8.10p3.orig/src/ttyname.c
+++ sudo-1.8.10p3/src/ttyname.c
@@ -176,6 +176,8 @@ static char *search_devs[] = {
 
 static char *ignore_devs[] = {
     "/dev/fd/",
+    "/dev/mqueue/",
+    "/dev/shm/",
     "/dev/stdin",
     "/dev/stdout",
     "/dev/stderr",
@@ -439,25 +441,32 @@ get_process_ttyname(void)
 	len = getline(&line, &linesize, fp);
 	fclose(fp);
 	if (len != -1) {
-	    /* Field 7 is the tty dev (0 if no tty) */
-	    char *cp = line;
-	    char *ep = line;
-	    const char *errstr;
-	    int field = 0;
-	    while (*++ep != '\0') {
-		if (*ep == ' ') {
-		    *ep = '\0';
-		    if (++field == 7) {
-			dev_t tdev = strtonum(cp, INT_MIN, INT_MAX, &errstr);
-			if (errstr) {
-			    sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
-				"%s: tty device %s: %s", path, cp, errstr);
+	    /*
+	     * Field 7 is the tty dev (0 if no tty).
+	     * Since the process name at field 2 "(comm)" may include spaces,
+	     * start at the last ')' found.
+	     */
+	    char *cp = strrchr(line, ')');
+	    if (cp != NULL) {
+		char *ep = cp;
+		const char *errstr;
+		int field = 1;
+
+		while (*++ep != '\0') {
+		    if (*ep == ' ') {
+			*ep = '\0';
+			if (++field == 7) {
+			    dev_t tdev = strtonum(cp, INT_MIN, INT_MAX, &errstr);
+			    if (errstr) {
+				sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
+				    "%s: tty device %s: %s", path, cp, errstr);
+			    }
+			    if (tdev > 0)
+				tty = sudo_ttyname_dev(tdev);
+			    break;
 			}
-			if (tdev > 0)
-			    tty = sudo_ttyname_dev(tdev);
-			break;
+			cp = ep + 1;
 		    }
-		    cp = ep + 1;
 		}
 	    }
 	}
openSUSE Build Service is sponsored by
Places