This patch will upgrade Sudo version 1.7.2 patchlevel 2 to Sudo version 1.7.2 patchlevel 3. To apply: $ cd sudo-1.7.2p2 $ patch -p1 < sudo-1.7.2p3.patch diff -urNa sudo-1.7.2p2/ChangeLog sudo-1.7.2p3/ChangeLog --- sudo-1.7.2p2/ChangeLog Tue Nov 24 20:52:46 2009 +++ sudo-1.7.2p3/ChangeLog Sat Feb 13 07:50:56 2010 @@ -1,3 +1,31 @@ +2010-02-09 Todd C. Miller + * toke.l: Fix size arg when realloc()ing include stack. + From Daniel Kopecek + + * toke.l: Avoid a duplicate fclose() of the sudoers file. + +2010-02-06 Todd C. Miller + + * aix.c, config.h.in, configure, configure.in: Use setrlimit64(), + if available, instead of setrlimit() when setting AIX resource + limits since rlim_t is 32bits. + + * logging.c: Fix use after free when sending error messages. + From Timo Juhani Lindfors + +2009-12-17 15:02 millert + + * parse.c: Fix printing of entries with multiple host entries on + a single line. + +2009-12-09 16:05 millert + + * logging.c: fix typo in last commit + +2009-12-08 22:19 millert + + * logging.c: Convert fmt_first and fmt_confd into macros. + 2009-11-23 10:56 millert * match.c: cmnd_matches() already deals with negation so diff -urNa sudo-1.7.2p2/LICENSE sudo-1.7.2p3/LICENSE --- sudo-1.7.2p2/LICENSE Mon May 25 08:02:41 2009 +++ sudo-1.7.2p3/LICENSE Sat Feb 6 15:17:17 2010 @@ -1,6 +1,6 @@ Sudo is distributed under the following ISC-style license: - Copyright (c) 1994-1996, 1998-2009 + Copyright (c) 1994-1996, 1998-2010 Todd C. Miller Permission to use, copy, modify, and distribute this software for any diff -urNa sudo-1.7.2p2/aix.c sudo-1.7.2p3/aix.c --- sudo-1.7.2p2/aix.c Wed Nov 5 19:42:37 2008 +++ sudo-1.7.2p3/aix.c Sat Feb 6 15:17:40 2010 @@ -38,8 +38,15 @@ #ifdef HAVE_GETUSERATTR +#ifndef HAVE_SETRLIMIT64 +# define setrlimit64(a, b) setrlimit(a, b) +# define rlimit64 rlimit +# define rlim64_t rlim_t +# define RLIM64_INFINITY RLIM_INFINITY +#endif /* HAVE_SETRLIMIT64 */ + #ifndef RLIM_SAVED_MAX -# define RLIM_SAVED_MAX RLIM_INFINITY +# define RLIM_SAVED_MAX RLIM64_INFINITY #endif struct aix_limit { @@ -63,10 +70,15 @@ aix_getlimit(user, lim, valp) char *user; char *lim; - int *valp; + rlim64_t *valp; { - if (getuserattr(user, lim, valp, SEC_INT) != 0) - return getuserattr("default", lim, valp, SEC_INT); + int val; + + if (getuserattr(user, lim, &val, SEC_INT) != 0 && + getuserattr("default", lim, &val, SEC_INT) != 0) { + return(-1); + } + *valp = val; return(0); } @@ -74,28 +86,29 @@ aix_setlimits(user) char *user; { - struct rlimit rlim; - int i, n; + struct rlimit64 rlim; + rlim64_t val; + int n; /* * For each resource limit, get the soft/hard values for the user - * and set those values via setrlimit(). Must be run as euid 0. + * and set those values via setrlimit64(). Must be run as euid 0. */ for (n = 0; n < sizeof(aix_limits) / sizeof(aix_limits[0]); n++) { /* * We have two strategies, depending on whether or not the * hard limit has been defined. */ - if (aix_getlimit(user, aix_limits[n].hard, &i) == 0) { - rlim.rlim_max = i == -1 ? RLIM_INFINITY : i * aix_limits[n].factor; - if (aix_getlimit(user, aix_limits[n].soft, &i) == 0) - rlim.rlim_cur = i == -1 ? RLIM_INFINITY : i * aix_limits[n].factor; + if (aix_getlimit(user, aix_limits[n].hard, &val) == 0) { + rlim.rlim_max = val == -1 ? RLIM64_INFINITY : val * aix_limits[n].factor; + if (aix_getlimit(user, aix_limits[n].soft, &val) == 0) + rlim.rlim_cur = val == -1 ? RLIM64_INFINITY : val * aix_limits[n].factor; else rlim.rlim_cur = rlim.rlim_max; /* soft not specd, use hard */ } else { /* No hard limit set, try soft limit. */ - if (aix_getlimit(user, aix_limits[n].soft, &i) == 0) - rlim.rlim_cur = i == -1 ? RLIM_INFINITY : i * aix_limits[n].factor; + if (aix_getlimit(user, aix_limits[n].soft, &val) == 0) + rlim.rlim_cur = val == -1 ? RLIM64_INFINITY : val * aix_limits[n].factor; /* Set hard limit per AIX /etc/security/limits documentation. */ switch (aix_limits[n].resource) { @@ -107,11 +120,11 @@ rlim.rlim_max = RLIM_SAVED_MAX; break; default: - rlim.rlim_max = RLIM_INFINITY; + rlim.rlim_max = RLIM64_INFINITY; break; } } - (void)setrlimit(aix_limits[n].resource, &rlim); + (void)setrlimit64(aix_limits[n].resource, &rlim); } } diff -urNa sudo-1.7.2p2/config.h.in sudo-1.7.2p3/config.h.in --- sudo-1.7.2p2/config.h.in Tue May 19 17:24:04 2009 +++ sudo-1.7.2p3/config.h.in Sat Feb 6 15:17:40 2010 @@ -366,6 +366,9 @@ /* Define to 1 if you have the `setrlimit' function. */ #undef HAVE_SETRLIMIT +/* Define to 1 if you have the `setrlimit64' function. */ +#undef HAVE_SETRLIMIT64 + /* Define to 1 if you have the `setsid' function. */ #undef HAVE_SETSID diff -urNa sudo-1.7.2p2/configure sudo-1.7.2p3/configure --- sudo-1.7.2p2/configure Tue Nov 24 20:57:27 2009 +++ sudo-1.7.2p3/configure Sat Feb 6 15:18:15 2010 @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.61 for sudo 1.7.2p2. +# Generated by GNU Autoconf 2.61 for sudo 1.7.2p3. # # Report bugs to . # @@ -724,8 +724,8 @@ # Identity of this package. PACKAGE_NAME='sudo' PACKAGE_TARNAME='sudo' -PACKAGE_VERSION='1.7.2p2' -PACKAGE_STRING='sudo 1.7.2p2' +PACKAGE_VERSION='1.7.2p3' +PACKAGE_STRING='sudo 1.7.2p3' PACKAGE_BUGREPORT='http://www.sudo.ws/bugs/' # Factoring default headers for most tests. @@ -1417,7 +1417,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures sudo 1.7.2p2 to adapt to many kinds of systems. +\`configure' configures sudo 1.7.2p3 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1482,7 +1482,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of sudo 1.7.2p2:";; + short | recursive ) echo "Configuration of sudo 1.7.2p3:";; esac cat <<\_ACEOF @@ -1684,7 +1684,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -sudo configure 1.7.2p2 +sudo configure 1.7.2p3 generated by GNU Autoconf 2.61 Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001, @@ -1698,7 +1698,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by sudo $as_me 1.7.2p2, which was +It was created by sudo $as_me 1.7.2p3, which was generated by GNU Autoconf 2.61. Invocation command line was $ $0 $@ @@ -15833,7 +15833,7 @@ for ac_func in strchr strrchr memchr memcpy memset sysconf tzset \ strftime setrlimit initgroups getgroups fstat gettimeofday \ - setlocale getaddrinfo setsid setenv + setlocale getaddrinfo setsid setenv setrlimit64 do as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` { echo "$as_me:$LINENO: checking for $ac_func" >&5 @@ -24558,7 +24558,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by sudo $as_me 1.7.2p2, which was +This file was extended by sudo $as_me 1.7.2p3, which was generated by GNU Autoconf 2.61. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -24607,7 +24607,7 @@ _ACEOF cat >>$CONFIG_STATUS <<_ACEOF ac_cs_version="\\ -sudo config.status 1.7.2p2 +sudo config.status 1.7.2p3 configured by $0, generated by GNU Autoconf 2.61, with options \\"`echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`\\" diff -urNa sudo-1.7.2p2/configure.in sudo-1.7.2p3/configure.in --- sudo-1.7.2p2/configure.in Tue Nov 24 20:55:34 2009 +++ sudo-1.7.2p3/configure.in Sat Feb 6 15:18:01 2010 @@ -4,7 +4,7 @@ dnl dnl Copyright (c) 1994-1996,1998-2009 Todd C. Miller dnl -AC_INIT([sudo], [1.7.2p2], [http://www.sudo.ws/bugs/], [sudo]) +AC_INIT([sudo], [1.7.2p3], [http://www.sudo.ws/bugs/], [sudo]) AC_CONFIG_HEADER(config.h pathnames.h) dnl dnl This won't work before AC_INIT @@ -1841,7 +1841,7 @@ AC_FUNC_GETGROUPS AC_CHECK_FUNCS(strchr strrchr memchr memcpy memset sysconf tzset \ strftime setrlimit initgroups getgroups fstat gettimeofday \ - setlocale getaddrinfo setsid setenv) + setlocale getaddrinfo setsid setenv setrlimit64) AC_CHECK_FUNCS(unsetenv, SUDO_FUNC_UNSETENV_VOID) SUDO_FUNC_PUTENV_CONST if test -z "$SKIP_SETRESUID"; then diff -urNa sudo-1.7.2p2/logging.c sudo-1.7.2p3/logging.c --- sudo-1.7.2p2/logging.c Mon May 25 08:02:41 2009 +++ sudo-1.7.2p3/logging.c Sat Feb 6 13:40:13 2010 @@ -122,6 +122,9 @@ closelog(); } +#define FMT_FIRST "%8s : %s" +#define FMT_CONTD "%8s : (command continued) %s" + /* * Log a message to syslog, pre-pending the username and splitting the * message into parts if it is longer than MAXSYSLOGLEN. @@ -134,14 +137,12 @@ size_t len, maxlen; char *p, *tmp, save; const char *fmt; - const char *fmt_first = "%8s : %s"; - const char *fmt_contd = "%8s : (command continued) %s"; /* * Log the full line, breaking into multiple syslog(3) calls if necessary */ - fmt = fmt_first; - maxlen = MAXSYSLOGLEN - (sizeof(fmt_first) - 6 + strlen(user_name)); + fmt = FMT_FIRST; + maxlen = MAXSYSLOGLEN - (sizeof(FMT_FIRST) - 6 + strlen(user_name)); for (p = msg; *p != '\0'; ) { len = strlen(p); if (len > maxlen) { @@ -168,8 +169,8 @@ mysyslog(pri, fmt, user_name, p); p += len; } - fmt = fmt_contd; - maxlen = MAXSYSLOGLEN - (sizeof(fmt_contd) - 6 + strlen(user_name)); + fmt = FMT_CONTD; + maxlen = MAXSYSLOGLEN - (sizeof(FMT_CONTD) - 6 + strlen(user_name)); } } @@ -391,7 +392,8 @@ else warningx("%s", message); } - efree(message); + if (logline != message) + efree(message); /* * Send a copy of the error via mail. @@ -407,8 +409,7 @@ if (def_logfile) do_logfile(logline); - if (logline != message) - efree(logline); + efree(logline); if (!ISSET(flags, NO_EXIT)) { cleanup(0); diff -urNa sudo-1.7.2p2/parse.c sudo-1.7.2p3/parse.c --- sudo-1.7.2p2/parse.c Mon May 25 08:02:41 2009 +++ sudo-1.7.2p3/parse.c Thu Dec 17 10:03:27 2009 @@ -313,6 +313,8 @@ int nfound = 0; tq_foreach_fwd(&us->privileges, priv) { + if (hostlist_matches(&priv->hostlist) != ALLOW) + continue; tags.noexec = UNSPEC; tags.setenv = UNSPEC; tags.nopasswd = UNSPEC; @@ -364,6 +366,8 @@ int nfound = 0; tq_foreach_fwd(&us->privileges, priv) { + if (hostlist_matches(&priv->hostlist) != ALLOW) + continue; tags.noexec = UNSPEC; tags.setenv = UNSPEC; tags.nopasswd = UNSPEC; @@ -419,9 +423,7 @@ return(-1); tq_foreach_fwd(&userspecs, us) { - /* XXX - why only check the first privilege here? */ - if (userlist_matches(pw, &us->users) != ALLOW || - hostlist_matches(&us->privileges.first->hostlist) != ALLOW) + if (userlist_matches(pw, &us->users) != ALLOW) continue; if (long_list) diff -urNa sudo-1.7.2p2/sudo.cat sudo-1.7.2p3/sudo.cat --- sudo-1.7.2p2/sudo.cat Tue Nov 24 21:09:15 2009 +++ sudo-1.7.2p3/sudo.cat Thu Dec 17 10:05:02 2009 @@ -61,7 +61,7 @@ -1.7.2p2 November 24, 2009 1 +1.7.2p3 November 24, 2009 1 @@ -127,7 +127,7 @@ -1.7.2p2 November 24, 2009 2 +1.7.2p3 November 24, 2009 2 @@ -193,7 +193,7 @@ -1.7.2p2 November 24, 2009 3 +1.7.2p3 November 24, 2009 3 @@ -259,7 +259,7 @@ -1.7.2p2 November 24, 2009 4 +1.7.2p3 November 24, 2009 4 @@ -325,7 +325,7 @@ -1.7.2p2 November 24, 2009 5 +1.7.2p3 November 24, 2009 5 @@ -391,7 +391,7 @@ -1.7.2p2 November 24, 2009 6 +1.7.2p3 November 24, 2009 6 @@ -457,7 +457,7 @@ -1.7.2p2 November 24, 2009 7 +1.7.2p3 November 24, 2009 7 @@ -523,7 +523,7 @@ -1.7.2p2 November 24, 2009 8 +1.7.2p3 November 24, 2009 8 @@ -589,7 +589,7 @@ -1.7.2p2 November 24, 2009 9 +1.7.2p3 November 24, 2009 9 @@ -655,6 +655,6 @@ -1.7.2p2 November 24, 2009 10 +1.7.2p3 November 24, 2009 10 diff -urNa sudo-1.7.2p2/sudo.man.in sudo-1.7.2p3/sudo.man.in --- sudo-1.7.2p2/sudo.man.in Tue Nov 24 21:09:14 2009 +++ sudo-1.7.2p3/sudo.man.in Thu Dec 17 10:04:16 2009 @@ -145,7 +145,7 @@ .\" ======================================================================== .\" .IX Title "SUDO @mansectsu@" -.TH SUDO @mansectsu@ "November 24, 2009" "1.7.2p2" "MAINTENANCE COMMANDS" +.TH SUDO @mansectsu@ "November 24, 2009" "1.7.2p3" "MAINTENANCE COMMANDS" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff -urNa sudo-1.7.2p2/sudoers.cat sudo-1.7.2p3/sudoers.cat --- sudo-1.7.2p2/sudoers.cat Tue Nov 24 21:09:16 2009 +++ sudo-1.7.2p3/sudoers.cat Thu Dec 17 10:05:06 2009 @@ -61,7 +61,7 @@ -1.7.2p2 November 24, 2009 1 +1.7.2p3 November 24, 2009 1 @@ -127,7 +127,7 @@ -1.7.2p2 November 24, 2009 2 +1.7.2p3 November 24, 2009 2 @@ -193,7 +193,7 @@ -1.7.2p2 November 24, 2009 3 +1.7.2p3 November 24, 2009 3 @@ -259,7 +259,7 @@ -1.7.2p2 November 24, 2009 4 +1.7.2p3 November 24, 2009 4 @@ -325,7 +325,7 @@ -1.7.2p2 November 24, 2009 5 +1.7.2p3 November 24, 2009 5 @@ -391,7 +391,7 @@ -1.7.2p2 November 24, 2009 6 +1.7.2p3 November 24, 2009 6 @@ -457,7 +457,7 @@ -1.7.2p2 November 24, 2009 7 +1.7.2p3 November 24, 2009 7 @@ -523,7 +523,7 @@ -1.7.2p2 November 24, 2009 8 +1.7.2p3 November 24, 2009 8 @@ -589,7 +589,7 @@ -1.7.2p2 November 24, 2009 9 +1.7.2p3 November 24, 2009 9 @@ -655,7 +655,7 @@ -1.7.2p2 November 24, 2009 10 +1.7.2p3 November 24, 2009 10 @@ -721,7 +721,7 @@ -1.7.2p2 November 24, 2009 11 +1.7.2p3 November 24, 2009 11 @@ -787,7 +787,7 @@ -1.7.2p2 November 24, 2009 12 +1.7.2p3 November 24, 2009 12 @@ -853,7 +853,7 @@ -1.7.2p2 November 24, 2009 13 +1.7.2p3 November 24, 2009 13 @@ -919,7 +919,7 @@ -1.7.2p2 November 24, 2009 14 +1.7.2p3 November 24, 2009 14 @@ -985,7 +985,7 @@ -1.7.2p2 November 24, 2009 15 +1.7.2p3 November 24, 2009 15 @@ -1051,7 +1051,7 @@ -1.7.2p2 November 24, 2009 16 +1.7.2p3 November 24, 2009 16 @@ -1117,7 +1117,7 @@ -1.7.2p2 November 24, 2009 17 +1.7.2p3 November 24, 2009 17 @@ -1183,7 +1183,7 @@ -1.7.2p2 November 24, 2009 18 +1.7.2p3 November 24, 2009 18 @@ -1249,7 +1249,7 @@ -1.7.2p2 November 24, 2009 19 +1.7.2p3 November 24, 2009 19 @@ -1315,7 +1315,7 @@ -1.7.2p2 November 24, 2009 20 +1.7.2p3 November 24, 2009 20 @@ -1381,7 +1381,7 @@ -1.7.2p2 November 24, 2009 21 +1.7.2p3 November 24, 2009 21 @@ -1447,7 +1447,7 @@ -1.7.2p2 November 24, 2009 22 +1.7.2p3 November 24, 2009 22 @@ -1513,7 +1513,7 @@ -1.7.2p2 November 24, 2009 23 +1.7.2p3 November 24, 2009 23 @@ -1579,7 +1579,7 @@ -1.7.2p2 November 24, 2009 24 +1.7.2p3 November 24, 2009 24 @@ -1645,6 +1645,6 @@ -1.7.2p2 November 24, 2009 25 +1.7.2p3 November 24, 2009 25 diff -urNa sudo-1.7.2p2/sudoers.ldap.cat sudo-1.7.2p3/sudoers.ldap.cat --- sudo-1.7.2p2/sudoers.ldap.cat Tue Nov 24 21:09:16 2009 +++ sudo-1.7.2p3/sudoers.ldap.cat Thu Dec 17 10:05:11 2009 @@ -61,7 +61,7 @@ -1.7.2p1 June 11, 2009 1 +1.7.2p3 June 11, 2009 1 @@ -127,7 +127,7 @@ -1.7.2p1 June 11, 2009 2 +1.7.2p3 June 11, 2009 2 @@ -193,7 +193,7 @@ -1.7.2p1 June 11, 2009 3 +1.7.2p3 June 11, 2009 3 @@ -259,7 +259,7 @@ -1.7.2p1 June 11, 2009 4 +1.7.2p3 June 11, 2009 4 @@ -325,7 +325,7 @@ -1.7.2p1 June 11, 2009 5 +1.7.2p3 June 11, 2009 5 @@ -391,7 +391,7 @@ -1.7.2p1 June 11, 2009 6 +1.7.2p3 June 11, 2009 6 @@ -457,7 +457,7 @@ -1.7.2p1 June 11, 2009 7 +1.7.2p3 June 11, 2009 7 @@ -523,7 +523,7 @@ -1.7.2p1 June 11, 2009 8 +1.7.2p3 June 11, 2009 8 @@ -589,7 +589,7 @@ -1.7.2p1 June 11, 2009 9 +1.7.2p3 June 11, 2009 9 @@ -655,7 +655,7 @@ -1.7.2p1 June 11, 2009 10 +1.7.2p3 June 11, 2009 10 @@ -721,7 +721,7 @@ -1.7.2p1 June 11, 2009 11 +1.7.2p3 June 11, 2009 11 @@ -787,6 +787,6 @@ -1.7.2p1 June 11, 2009 12 +1.7.2p3 June 11, 2009 12 diff -urNa sudo-1.7.2p2/sudoers.ldap.man.in sudo-1.7.2p3/sudoers.ldap.man.in --- sudo-1.7.2p2/sudoers.ldap.man.in Mon Jul 20 09:35:04 2009 +++ sudo-1.7.2p3/sudoers.ldap.man.in Thu Dec 17 10:04:35 2009 @@ -149,7 +149,7 @@ .\" ======================================================================== .\" .IX Title "SUDOERS.LDAP @mansectform@" -.TH SUDOERS.LDAP @mansectform@ "June 11, 2009" "1.7.2p1" "MAINTENANCE COMMANDS" +.TH SUDOERS.LDAP @mansectform@ "June 11, 2009" "1.7.2p3" "MAINTENANCE COMMANDS" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff -urNa sudo-1.7.2p2/sudoers.man.in sudo-1.7.2p3/sudoers.man.in --- sudo-1.7.2p2/sudoers.man.in Tue Nov 24 21:09:16 2009 +++ sudo-1.7.2p3/sudoers.man.in Thu Dec 17 10:04:40 2009 @@ -145,7 +145,7 @@ .\" ======================================================================== .\" .IX Title "SUDOERS @mansectform@" -.TH SUDOERS @mansectform@ "November 24, 2009" "1.7.2p2" "MAINTENANCE COMMANDS" +.TH SUDOERS @mansectform@ "November 24, 2009" "1.7.2p3" "MAINTENANCE COMMANDS" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff -urNa sudo-1.7.2p2/toke.c sudo-1.7.2p3/toke.c --- sudo-1.7.2p2/toke.c Mon Jul 20 09:33:58 2009 +++ sudo-1.7.2p3/toke.c Sat Feb 13 07:51:42 2010 @@ -3,7 +3,7 @@ /* A lexical scanner generated by flex */ /* Scanner skeleton version: - * $Header: /home/cvs/courtesan/sudo/toke.c,v 1.37 2009/07/18 13:55:37 millert Exp $ + * $Header: /home/cvs/openbsd/src/usr.bin/lex/flex.skl,v 1.10 2007/01/26 14:38:19 tsi Exp $ */ #define FLEX_SCANNER @@ -1417,10 +1417,11 @@ #include #ifndef lint -__unused static const char rcsid[] = "$Sudo: toke.c,v 1.37 2009/07/18 13:55:37 millert Exp $"; +__unused static const char rcsid[] = "$Sudo: toke.l,v 1.40 2009/11/22 14:54:04 millert Exp $"; #endif /* lint */ extern YYSTYPE yylval; +extern int parse_error; int sudolineno = 1; char *sudoers; static int sawspace = 0; @@ -1461,7 +1462,7 @@ #define INSTR 5 -#line 1465 "lex.yy.c" +#line 1466 "lex.yy.c" /* Macros after this point can all be overridden by user definitions in * section 1. @@ -1615,9 +1616,9 @@ register char *yy_cp, *yy_bp; register int yy_act; -#line 131 "toke.l" +#line 132 "toke.l" -#line 1621 "lex.yy.c" +#line 1622 "lex.yy.c" if ( yy_init ) { @@ -1703,12 +1704,12 @@ case 1: YY_RULE_SETUP -#line 132 "toke.l" +#line 133 "toke.l" BEGIN STARTDEFS; YY_BREAK case 2: YY_RULE_SETUP -#line 134 "toke.l" +#line 135 "toke.l" { BEGIN INDEFS; LEXTRACE("DEFVAR "); @@ -1720,7 +1721,7 @@ case 3: YY_RULE_SETUP -#line 143 "toke.l" +#line 144 "toke.l" { BEGIN STARTDEFS; LEXTRACE(", "); @@ -1729,7 +1730,7 @@ YY_BREAK case 4: YY_RULE_SETUP -#line 149 "toke.l" +#line 150 "toke.l" { LEXTRACE("= "); return('='); @@ -1737,7 +1738,7 @@ YY_BREAK case 5: YY_RULE_SETUP -#line 154 "toke.l" +#line 155 "toke.l" { LEXTRACE("+= "); return('+'); @@ -1745,7 +1746,7 @@ YY_BREAK case 6: YY_RULE_SETUP -#line 159 "toke.l" +#line 160 "toke.l" { LEXTRACE("-= "); return('-'); @@ -1753,7 +1754,7 @@ YY_BREAK case 7: YY_RULE_SETUP -#line 164 "toke.l" +#line 165 "toke.l" { LEXTRACE("BEGINSTR "); yylval.string = NULL; @@ -1762,7 +1763,7 @@ YY_BREAK case 8: YY_RULE_SETUP -#line 170 "toke.l" +#line 171 "toke.l" { LEXTRACE("WORD(2) "); if (!fill(yytext, yyleng)) @@ -1774,7 +1775,7 @@ case 9: YY_RULE_SETUP -#line 179 "toke.l" +#line 180 "toke.l" { /* Line continuation char followed by newline. */ ++sudolineno; @@ -1783,7 +1784,7 @@ YY_BREAK case 10: YY_RULE_SETUP -#line 185 "toke.l" +#line 186 "toke.l" { LEXTRACE("ENDSTR "); BEGIN INDEFS; @@ -1792,7 +1793,7 @@ YY_BREAK case 11: YY_RULE_SETUP -#line 191 "toke.l" +#line 192 "toke.l" { LEXTRACE("BACKSLASH "); if (!append(yytext, yyleng)) @@ -1801,7 +1802,7 @@ YY_BREAK case 12: YY_RULE_SETUP -#line 197 "toke.l" +#line 198 "toke.l" { LEXTRACE("STRBODY "); if (!append(yytext, yyleng)) @@ -1812,7 +1813,7 @@ case 13: YY_RULE_SETUP -#line 205 "toke.l" +#line 206 "toke.l" { /* quoted fnmatch glob char, pass verbatim */ LEXTRACE("QUOTEDCHAR "); @@ -1823,7 +1824,7 @@ YY_BREAK case 14: YY_RULE_SETUP -#line 213 "toke.l" +#line 214 "toke.l" { /* quoted sudoers special char, strip backslash */ LEXTRACE("QUOTEDCHAR "); @@ -1834,7 +1835,7 @@ YY_BREAK case 15: YY_RULE_SETUP -#line 221 "toke.l" +#line 222 "toke.l" { BEGIN INITIAL; yyless(0); @@ -1843,7 +1844,7 @@ YY_BREAK case 16: YY_RULE_SETUP -#line 227 "toke.l" +#line 228 "toke.l" { LEXTRACE("ARG "); if (!fill_args(yytext, yyleng, sawspace)) @@ -1854,7 +1855,7 @@ case 17: YY_RULE_SETUP -#line 235 "toke.l" +#line 236 "toke.l" { char *path; @@ -1870,7 +1871,7 @@ YY_BREAK case 18: YY_RULE_SETUP -#line 248 "toke.l" +#line 249 "toke.l" { char *path; @@ -1879,14 +1880,17 @@ LEXTRACE("INCLUDEDIR\n"); - /* Push current buffer and switch to include file */ - if (!push_includedir(path)) + /* + * Push current buffer and switch to include file. + * We simply ignore empty directories. + */ + if (!push_includedir(path) && parse_error) yyterminate(); } YY_BREAK case 19: YY_RULE_SETUP -#line 261 "toke.l" +#line 265 "toke.l" { int n; for (n = 0; isblank((unsigned char)yytext[n]); n++) @@ -1918,7 +1922,7 @@ YY_BREAK case 20: YY_RULE_SETUP -#line 290 "toke.l" +#line 294 "toke.l" { int n; for (n = 0; isblank((unsigned char)yytext[n]); n++) @@ -1941,7 +1945,7 @@ YY_BREAK case 21: YY_RULE_SETUP -#line 310 "toke.l" +#line 314 "toke.l" { /* cmnd does not require passwd for this user */ LEXTRACE("NOPASSWD "); @@ -1950,7 +1954,7 @@ YY_BREAK case 22: YY_RULE_SETUP -#line 316 "toke.l" +#line 320 "toke.l" { /* cmnd requires passwd for this user */ LEXTRACE("PASSWD "); @@ -1959,7 +1963,7 @@ YY_BREAK case 23: YY_RULE_SETUP -#line 322 "toke.l" +#line 326 "toke.l" { LEXTRACE("NOEXEC "); return(NOEXEC); @@ -1967,7 +1971,7 @@ YY_BREAK case 24: YY_RULE_SETUP -#line 327 "toke.l" +#line 331 "toke.l" { LEXTRACE("EXEC "); return(EXEC); @@ -1975,7 +1979,7 @@ YY_BREAK case 25: YY_RULE_SETUP -#line 332 "toke.l" +#line 336 "toke.l" { LEXTRACE("SETENV "); return(SETENV); @@ -1983,7 +1987,7 @@ YY_BREAK case 26: YY_RULE_SETUP -#line 337 "toke.l" +#line 341 "toke.l" { LEXTRACE("NOSETENV "); return(NOSETENV); @@ -1991,7 +1995,7 @@ YY_BREAK case 27: YY_RULE_SETUP -#line 342 "toke.l" +#line 346 "toke.l" { /* netgroup */ if (!fill(yytext, yyleng)) @@ -2002,7 +2006,7 @@ YY_BREAK case 28: YY_RULE_SETUP -#line 350 "toke.l" +#line 354 "toke.l" { /* UN*X group */ if (!fill(yytext, yyleng)) @@ -2013,7 +2017,7 @@ YY_BREAK case 29: YY_RULE_SETUP -#line 358 "toke.l" +#line 362 "toke.l" { if (!fill(yytext, yyleng)) yyterminate(); @@ -2023,7 +2027,7 @@ YY_BREAK case 30: YY_RULE_SETUP -#line 365 "toke.l" +#line 369 "toke.l" { if (!fill(yytext, yyleng)) yyterminate(); @@ -2033,7 +2037,7 @@ YY_BREAK case 31: YY_RULE_SETUP -#line 372 "toke.l" +#line 376 "toke.l" { if (!ipv6_valid(yytext)) { LEXTRACE("ERROR "); @@ -2047,7 +2051,7 @@ YY_BREAK case 32: YY_RULE_SETUP -#line 383 "toke.l" +#line 387 "toke.l" { if (!ipv6_valid(yytext)) { LEXTRACE("ERROR "); @@ -2061,7 +2065,7 @@ YY_BREAK case 33: YY_RULE_SETUP -#line 394 "toke.l" +#line 398 "toke.l" { if (strcmp(yytext, "ALL") == 0) { LEXTRACE("ALL "); @@ -2086,7 +2090,7 @@ YY_BREAK case 34: YY_RULE_SETUP -#line 416 "toke.l" +#line 420 "toke.l" { /* no command args allowed for Defaults!/path */ if (!fill_cmnd(yytext, yyleng)) @@ -2097,7 +2101,7 @@ YY_BREAK case 35: YY_RULE_SETUP -#line 424 "toke.l" +#line 428 "toke.l" { BEGIN GOTCMND; LEXTRACE("COMMAND "); @@ -2107,7 +2111,7 @@ YY_BREAK case 36: YY_RULE_SETUP -#line 431 "toke.l" +#line 435 "toke.l" { /* directories can't have args... */ if (yytext[yyleng - 1] == '/') { @@ -2125,7 +2129,7 @@ YY_BREAK case 37: YY_RULE_SETUP -#line 446 "toke.l" +#line 450 "toke.l" { /* a quoted user/group name */ if (!fill(yytext + 1, yyleng - 2)) @@ -2145,7 +2149,7 @@ YY_BREAK case 38: YY_RULE_SETUP -#line 463 "toke.l" +#line 467 "toke.l" { /* a word */ if (!fill(yytext, yyleng)) @@ -2156,7 +2160,7 @@ YY_BREAK case 39: YY_RULE_SETUP -#line 471 "toke.l" +#line 475 "toke.l" { LEXTRACE("( "); return ('('); @@ -2164,7 +2168,7 @@ YY_BREAK case 40: YY_RULE_SETUP -#line 476 "toke.l" +#line 480 "toke.l" { LEXTRACE(") "); return(')'); @@ -2172,7 +2176,7 @@ YY_BREAK case 41: YY_RULE_SETUP -#line 481 "toke.l" +#line 485 "toke.l" { LEXTRACE(", "); return(','); @@ -2180,7 +2184,7 @@ YY_BREAK case 42: YY_RULE_SETUP -#line 486 "toke.l" +#line 490 "toke.l" { LEXTRACE("= "); return('='); @@ -2188,7 +2192,7 @@ YY_BREAK case 43: YY_RULE_SETUP -#line 491 "toke.l" +#line 495 "toke.l" { LEXTRACE(": "); return(':'); @@ -2196,7 +2200,7 @@ YY_BREAK case 44: YY_RULE_SETUP -#line 496 "toke.l" +#line 500 "toke.l" { if (yyleng % 2 == 1) return('!'); /* return '!' */ @@ -2204,7 +2208,7 @@ YY_BREAK case 45: YY_RULE_SETUP -#line 501 "toke.l" +#line 505 "toke.l" { BEGIN INITIAL; ++sudolineno; @@ -2214,14 +2218,14 @@ YY_BREAK case 46: YY_RULE_SETUP -#line 508 "toke.l" +#line 512 "toke.l" { /* throw away space/tabs */ sawspace = TRUE; /* but remember for fill_args */ } YY_BREAK case 47: YY_RULE_SETUP -#line 512 "toke.l" +#line 516 "toke.l" { sawspace = TRUE; /* remember for fill_args */ ++sudolineno; @@ -2230,7 +2234,7 @@ YY_BREAK case 48: YY_RULE_SETUP -#line 518 "toke.l" +#line 522 "toke.l" { BEGIN INITIAL; ++sudolineno; @@ -2240,7 +2244,7 @@ YY_BREAK case 49: YY_RULE_SETUP -#line 525 "toke.l" +#line 529 "toke.l" { LEXTRACE("ERROR "); return(ERROR); @@ -2252,7 +2256,7 @@ case YY_STATE_EOF(STARTDEFS): case YY_STATE_EOF(INDEFS): case YY_STATE_EOF(INSTR): -#line 530 "toke.l" +#line 534 "toke.l" { if (YY_START != INITIAL) { BEGIN INITIAL; @@ -2265,10 +2269,10 @@ YY_BREAK case 50: YY_RULE_SETUP -#line 540 "toke.l" +#line 544 "toke.l" ECHO; YY_BREAK -#line 2272 "lex.yy.c" +#line 2276 "lex.yy.c" case YY_END_OF_BUFFER: { @@ -3157,7 +3161,7 @@ return 0; } #endif -#line 540 "toke.l" +#line 544 "toke.l" static unsigned char hexchar(s) @@ -3369,7 +3373,7 @@ if (!(dir = opendir(dirpath))) { yyerror(dirpath); - return(FALSE); + return(NULL); } while ((dent = readdir(dir))) { /* Ignore files that end in '~' or have a '.' in them. */ @@ -3494,12 +3498,12 @@ } if (isdir) { if (!(path = switch_dir(&istack[idepth], path))) { - yyerror(path); + /* switch_dir() called yyerror() for us */ return(FALSE); } if ((fp = open_sudoers(path, FALSE, &keepopen)) == NULL) { yyerror(path); - return(FALSE); /* XXX - just to go next one? */ + return(FALSE); /* XXX - just to go next one */ } } else { if ((fp = open_sudoers(path, TRUE, &keepopen)) == NULL) { @@ -3539,7 +3543,7 @@ istack[idepth - 1].more = pl->next; if ((fp = open_sudoers(pl->path, FALSE, &keepopen)) == NULL) { yyerror(pl->path); - return(FALSE); /* XXX - just to go next one? */ + return(FALSE); /* XXX - just to go next one */ } efree(sudoers); sudoers = pl->path; diff -urNa sudo-1.7.2p2/visudo.cat sudo-1.7.2p3/visudo.cat --- sudo-1.7.2p2/visudo.cat Tue Nov 24 21:09:16 2009 +++ sudo-1.7.2p3/visudo.cat Thu Dec 17 10:05:14 2009 @@ -61,7 +61,7 @@ -1.7.2p1 June 11, 2009 1 +1.7.2p3 June 11, 2009 1 @@ -127,7 +127,7 @@ -1.7.2p1 June 11, 2009 2 +1.7.2p3 June 11, 2009 2 @@ -193,6 +193,6 @@ -1.7.2p1 June 11, 2009 3 +1.7.2p3 June 11, 2009 3 diff -urNa sudo-1.7.2p2/visudo.man.in sudo-1.7.2p3/visudo.man.in --- sudo-1.7.2p2/visudo.man.in Mon Jul 20 09:35:09 2009 +++ sudo-1.7.2p3/visudo.man.in Thu Dec 17 10:04:58 2009 @@ -153,7 +153,7 @@ .\" ======================================================================== .\" .IX Title "VISUDO @mansectsu@" -.TH VISUDO @mansectsu@ "June 11, 2009" "1.7.2p1" "MAINTENANCE COMMANDS" +.TH VISUDO @mansectsu@ "June 11, 2009" "1.7.2p3" "MAINTENANCE COMMANDS" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l