Do not call the TIOCSETVERAUTH ioctl with a negative number of seconds.

author Todd C. Miller <Todd.Miller@sudo.ws>

Tue, 23 Jan 2018 18:05:41 +0000 (11:05 -0700)

committer Todd C. Miller <Todd.Miller@sudo.ws>

Tue, 23 Jan 2018 18:05:41 +0000 (11:05 -0700)
author Todd C. Miller <Todd.Miller@sudo.ws>
Tue, 23 Jan 2018 18:05:41 +0000 (11:05 -0700)
committer Todd C. Miller <Todd.Miller@sudo.ws>
Tue, 23 Jan 2018 18:05:41 +0000 (11:05 -0700)
diff --git a/plugins/sudoers/timestamp.c b/plugins/sudoers/timestamp.c

index 9e2c4179ad02134924c29e76fe3f673aae79198a..465ff56cd7a80defd29335e3f632575f3fa52f13 100644 (file)
--- a/plugins/sudoers/timestamp.c
+++ b/plugins/sudoers/timestamp.c
@@ -868,7 +868,12 @@ timestamp_update(void *vcookie, struct passwd *pw)
         int fd = open(_PATH_TTY, O_RDWR);
         if (fd != -1) {
             int secs = def_timestamp_timeout.tv_sec;
-           ioctl(fd, TIOCSETVERAUTH, &secs);
+           if (secs > 0) {
+               if (secs > 3600)
+                   secs = 3600;        /* OpenBSD limitation */
+               if (ioctl(fd, TIOCSETVERAUTH, &secs) != 0)
+                   sudo_warn("TIOCSETVERAUTH");
+           }
             close(fd);
         }
  #endif
author	Todd C. Miller <Todd.Miller@sudo.ws>
	Tue, 23 Jan 2018 18:05:41 +0000 (11:05 -0700)
committer	Todd C. Miller <Todd.Miller@sudo.ws>
	Tue, 23 Jan 2018 18:05:41 +0000 (11:05 -0700)