diff options
Diffstat (limited to 'meta/recipes-extended/sudo/sudo/CVE-2015-8239-2.patch')
-rw-r--r-- | meta/recipes-extended/sudo/sudo/CVE-2015-8239-2.patch | 45 |
1 files changed, 45 insertions, 0 deletions
diff --git a/meta/recipes-extended/sudo/sudo/CVE-2015-8239-2.patch b/meta/recipes-extended/sudo/sudo/CVE-2015-8239-2.patch new file mode 100644 index 0000000000..6c48e4cf14 --- /dev/null +++ b/meta/recipes-extended/sudo/sudo/CVE-2015-8239-2.patch | |||
@@ -0,0 +1,45 @@ | |||
1 | |||
2 | # HG changeset patch | ||
3 | # User Todd C. Miller <Todd.Miller@courtesan.com> | ||
4 | # Date 1452556552 25200 | ||
5 | # Node ID 0cd3cc8fa19565d3f7eb7d960f6ba5da0dec4889 | ||
6 | # Parent 4d2c1761c75245fb88ce397d68bea10afea9c037 | ||
7 | Silence warning in digest_matches() on systems with no fexecve(2). | ||
8 | |||
9 | Reference to upstream patch: | ||
10 | https://www.sudo.ws/repos/sudo/raw-rev/0cd3cc8fa195 | ||
11 | |||
12 | CVE: CVE-2015-8239 | ||
13 | Upstream-Status: Backport | ||
14 | Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> | ||
15 | --- | ||
16 | diff -r 4d2c1761c752 -r 0cd3cc8fa195 plugins/sudoers/match.c | ||
17 | --- a/plugins/sudoers/match.c Mon Jan 11 16:52:52 2016 -0700 | ||
18 | +++ b/plugins/sudoers/match.c Mon Jan 11 16:55:52 2016 -0700 | ||
19 | @@ -590,8 +590,10 @@ | ||
20 | unsigned char sudoers_digest[SHA512_DIGEST_LENGTH]; | ||
21 | unsigned char buf[32 * 1024]; | ||
22 | struct digest_function *func = NULL; | ||
23 | +#ifdef HAVE_FEXECVE | ||
24 | bool first = true; | ||
25 | bool is_script = false; | ||
26 | +#endif /* HAVE_FEXECVE */ | ||
27 | size_t nread; | ||
28 | SHA2_CTX ctx; | ||
29 | FILE *fp; | ||
30 | @@ -635,12 +637,14 @@ | ||
31 | |||
32 | func->init(&ctx); | ||
33 | while ((nread = fread(buf, 1, sizeof(buf), fp)) != 0) { | ||
34 | +#ifdef HAVE_FEXECVE | ||
35 | /* Check for #! cookie and set is_script. */ | ||
36 | if (first) { | ||
37 | first = false; | ||
38 | if (nread >= 2 && buf[0] == '#' && buf[1] == '!') | ||
39 | is_script = true; | ||
40 | } | ||
41 | +#endif /* HAVE_FEXECVE */ | ||
42 | func->update(&ctx, buf, nread); | ||
43 | } | ||
44 | if (ferror(fp)) { | ||
45 | |||