From: Todd C. Miller Date: Tue, 24 Apr 2018 02:43:04 +0000 (-0600) Subject: Rewind the fd after calling sudo_filedigest(). Otherwise, when X-Git-Tag: SUDO_1_8_23^2~9 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=64c78a61cb534d8c26a421ffb79836a2b5ab028e;p=sudo Rewind the fd after calling sudo_filedigest(). Otherwise, when running a script via fexecve(), the interpreter may get EOF when reading /dev/fd/N. This only appears to affect BSD systems with fdescfs. Bug #831. --- diff --git a/plugins/sudoers/match.c b/plugins/sudoers/match.c index a5a6a5d55..f9ee3d963 100644 --- a/plugins/sudoers/match.c +++ b/plugins/sudoers/match.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1996, 1998-2005, 2007-2017 + * Copyright (c) 1996, 1998-2005, 2007-2018 * Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any @@ -785,6 +785,7 @@ digest_matches(int fd, const char *file, const struct sudo_digest *sd) debug_decl(digest_matches, SUDOERS_DEBUG_MATCH) file_digest = sudo_filedigest(fd, file, sd->digest_type, &digest_len); + lseek(fd, SEEK_SET, (off_t)0); if (file_digest == NULL) { /* Warning (if any) printed by sudo_filedigest() */ goto done;