]> granicus.if.org Git - sudo/commit
A command name may also contain newline characters so read
authorTodd C. Miller <Todd.Miller@courtesan.com>
Wed, 31 May 2017 15:14:31 +0000 (09:14 -0600)
committerTodd C. Miller <Todd.Miller@courtesan.com>
Wed, 31 May 2017 15:14:31 +0000 (09:14 -0600)
commit88674bae655d53b8d9739a6f64c03d2eeb5f1e8e
treee68417667a5a7527bbdbdbfb1a16f21d03caf61e
parent63a88fde89d92f2aee5062a99bd5c8357d18867c
A command name may also contain newline characters so read
/proc/self/stat until EOF.  It is not legal for /proc/self/stat to
contain embedded NUL bytes so treat the file as corrupt if we see
any.  With help from Qualys.

This is not exploitable due to the /dev traversal changes in sudo
1.8.20p1 (thanks Solar!).

--HG--
branch : 1.8
src/ttyname.c