From: Todd C. Miller <Todd.Miller@courtesan.com>
Date: Tue, 26 Aug 2014 18:04:25 +0000 (-0600)
Subject: Add trivial dirty word check to the sample output logging function.
X-Git-Tag: SUDO_1_8_11^2~46
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=136e6e616fab0e50805dfabd0150ebad52788a07;p=sudo

Add trivial dirty word check to the sample output logging function.
---

diff --git a/plugins/sample/sample_plugin.c b/plugins/sample/sample_plugin.c
index 41e39a618..24f057342 100644
--- a/plugins/sample/sample_plugin.c
+++ b/plugins/sample/sample_plugin.c
@@ -226,7 +226,7 @@ build_command_info(const char *command)
 	asprintf(&command_info[i++], "runas_uid=%ld", (long)runas_uid) == -1) {
 	return NULL;
     }
-    if (runas_gid != -1) {
+    if (runas_gid != (gid_t)-1) {
 	if (asprintf(&command_info[i++], "runas_gid=%ld", (long)runas_gid) == -1 ||
 	    asprintf(&command_info[i++], "runas_egid=%ld", (long)runas_gid) == -1) {
 	    return NULL;
@@ -456,8 +456,22 @@ io_log_input(const char *buf, unsigned int len)
 static int
 io_log_output(const char *buf, unsigned int len)
 {
+    const char *cp, *ep;
+    bool rval = true;
+
     ignore_result(fwrite(buf, len, 1, output));
-    return true;
+    /*
+     * If we find the string "honk!" in the buffer, reject it.
+     * In practice we'd want to be able to detect the word
+     * broken across two buffers.
+     */
+    for (cp = buf, ep = buf + len; cp < ep; cp++) {
+	if (cp + 5 < ep && memcmp(cp, "honk!", 5) == 0) {
+	    rval = false;
+	    break;
+	}
+    }
+    return rval;
 }
 
 struct policy_plugin sample_policy = {