]> granicus.if.org Git - sudo/commit
projects / sudo / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 15901c9) | patch
A command name may also contain newline characters so read
authorTodd C. Miller <Todd.Miller@courtesan.com>
Wed, 31 May 2017 15:14:31 +0000 (09:14 -0600)
committerTodd C. Miller <Todd.Miller@courtesan.com>
Wed, 31 May 2017 15:14:31 +0000 (09:14 -0600)
commitc13ebffbce208f02c27d8de90a1af95f0aae7fa9
tree18e6f4f7ae2902b98d0b5603c326278b0d2df2b9tree | snapshot
parent15901c94871903f01dcade897106a6920b9d8167commit | diff
A command name may also contain newline characters so read
/proc/self/stat until EOF.  It is not legal for /proc/self/stat to
contain embedded NUL bytes so treat the file as corrupt if we see
any.  With help from Qualys.

This is not exploitable due to the /dev traversal changes in sudo
1.8.20p1 (thanks Solar!).
src/ttyname.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.