From: Todd C. Miller Date: Mon, 21 Nov 2016 16:37:23 +0000 (-1000) Subject: Add SUDO_DEBUG_INSTANCE_ERROR return value for sudo_debug_register() X-Git-Tag: SUDO_1_8_19^2~21 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=6c5936296f783462f6f2666603124feecd15ffd5;p=sudo Add SUDO_DEBUG_INSTANCE_ERROR return value for sudo_debug_register() and check for it in places where we check the return value of sudo_debug_register(). --- diff --git a/include/sudo_debug.h b/include/sudo_debug.h index 353a8257b..658e48d05 100644 --- a/include/sudo_debug.h +++ b/include/sudo_debug.h @@ -84,6 +84,9 @@ struct sudo_conf_debug_file_list; #define SUDO_DEBUG_UTMP (14<<6) /* utmp file ops */ #define SUDO_DEBUG_ALL 0xffff0000 /* all subsystems */ +/* Error return for sudo_debug_register(). */ +#define SUDO_DEBUG_INSTANCE_ERROR -2 + /* Initializer for instance index to indicate that debugging is not setup. */ #define SUDO_DEBUG_INSTANCE_INITIALIZER -1 diff --git a/lib/util/sudo_debug.c b/lib/util/sudo_debug.c index 967a762c9..a65b7ddcf 100644 --- a/lib/util/sudo_debug.c +++ b/lib/util/sudo_debug.c @@ -243,8 +243,9 @@ bad: * If subsystem names are specified they override the default values. * NOTE: subsystems must not be freed by caller unless deregistered. * Sets the active instance to the newly registered instance. - * Returns instance index on success or SUDO_DEBUG_INSTANCE_INITIALIZER - * on failure. + * Returns instance index on success, SUDO_DEBUG_INSTANCE_INITIALIZER + * if no debug files are specified and SUDO_DEBUG_INSTANCE_ERROR + * on error. */ int sudo_debug_register_v1(const char *program, const char *const subsystems[], @@ -264,7 +265,7 @@ sudo_debug_register_v1(const char *program, const char *const subsystems[], subsystems = sudo_debug_default_subsystems; } else if (ids == NULL) { /* If subsystems are specified we must have ids[] too. */ - return SUDO_DEBUG_INSTANCE_INITIALIZER; + return SUDO_DEBUG_INSTANCE_ERROR; } /* Search for existing instance. */ @@ -302,17 +303,17 @@ sudo_debug_register_v1(const char *program, const char *const subsystems[], if (idx == SUDO_DEBUG_INSTANCE_MAX) { /* XXX - realloc? */ sudo_warnx_nodebug("too many debug instances (max %d)", SUDO_DEBUG_INSTANCE_MAX); - return SUDO_DEBUG_INSTANCE_INITIALIZER; + return SUDO_DEBUG_INSTANCE_ERROR; } if (idx != sudo_debug_last_instance + 1 && idx != free_idx) { sudo_warnx_nodebug("%s: instance number mismatch: expected %d or %d, got %d", __func__, sudo_debug_last_instance + 1, free_idx, idx); - return SUDO_DEBUG_INSTANCE_INITIALIZER; + return SUDO_DEBUG_INSTANCE_ERROR; } if ((instance = malloc(sizeof(*instance))) == NULL) - return SUDO_DEBUG_INSTANCE_INITIALIZER; + return SUDO_DEBUG_INSTANCE_ERROR; if ((instance->program = strdup(program)) == NULL) { free(instance); - return SUDO_DEBUG_INSTANCE_INITIALIZER; + return SUDO_DEBUG_INSTANCE_ERROR; } instance->subsystems = subsystems; instance->subsystem_ids = ids; diff --git a/plugins/sudoers/iolog.c b/plugins/sudoers/iolog.c index 20a2776d3..e292036b9 100644 --- a/plugins/sudoers/iolog.c +++ b/plugins/sudoers/iolog.c @@ -784,7 +784,10 @@ sudoers_io_open(unsigned int version, sudo_conv_t conversation, continue; } } - sudoers_debug_register(plugin_path, &debug_files); + if (!sudoers_debug_register(plugin_path, &debug_files)) { + ret = -1; + goto done; + } /* * Pull iolog settings out of command_info. diff --git a/plugins/sudoers/policy.c b/plugins/sudoers/policy.c index d6066c83a..4ee1e284e 100644 --- a/plugins/sudoers/policy.c +++ b/plugins/sudoers/policy.c @@ -669,7 +669,8 @@ sudoers_policy_open(unsigned int version, sudo_conv_t conversation, continue; } } - sudoers_debug_register(plugin_path, &debug_files); + if (!sudoers_debug_register(plugin_path, &debug_files)) + debug_return_int(-1); /* Call the sudoers init function. */ info.settings = settings; diff --git a/plugins/sudoers/sudoers.h b/plugins/sudoers/sudoers.h index 1971ac82a..cfd5abb70 100644 --- a/plugins/sudoers/sudoers.h +++ b/plugins/sudoers/sudoers.h @@ -369,7 +369,7 @@ extern sudo_printf_t sudo_printf; /* sudoers_debug.c */ bool sudoers_debug_parse_flags(struct sudo_conf_debug_file_list *debug_files, const char *entry); -void sudoers_debug_register(const char *plugin_path, struct sudo_conf_debug_file_list *debug_files); +bool sudoers_debug_register(const char *plugin_path, struct sudo_conf_debug_file_list *debug_files); void sudoers_debug_deregister(void); /* policy.c */ diff --git a/plugins/sudoers/sudoers_debug.c b/plugins/sudoers/sudoers_debug.c index 9de8df2fc..c6b8e17ea 100644 --- a/plugins/sudoers/sudoers_debug.c +++ b/plugins/sudoers/sudoers_debug.c @@ -113,7 +113,7 @@ oom: * debug subsystem, freeing the debug list when done. * Sets the active debug instance as a side effect. */ -void +bool sudoers_debug_register(const char *program, struct sudo_conf_debug_file_list *debug_files) { @@ -129,6 +129,8 @@ sudoers_debug_register(const char *program, if (program != NULL) { sudoers_debug_instance = sudo_debug_register(program, sudoers_subsystem_names, sudoers_subsystem_ids, debug_files); + if (sudoers_debug_instance == SUDO_DEBUG_INSTANCE_ERROR) + return false; } TAILQ_FOREACH_SAFE(debug_file, debug_files, entries, debug_next) { TAILQ_REMOVE(debug_files, debug_file, entries); @@ -137,6 +139,7 @@ sudoers_debug_register(const char *program, free(debug_file); } } + return true; } /* diff --git a/plugins/sudoers/visudo.c b/plugins/sudoers/visudo.c index ecb8f1f02..a6d429bbd 100644 --- a/plugins/sudoers/visudo.c +++ b/plugins/sudoers/visudo.c @@ -168,7 +168,8 @@ main(int argc, char *argv[]) exit(EXIT_FAILURE); /* Initialize the debug subsystem. */ - sudoers_debug_register(getprogname(), sudo_conf_debug_files(getprogname())); + if (!sudoers_debug_register(getprogname(), sudo_conf_debug_files(getprogname()))) + exit(EXIT_FAILURE); /* Parse sudoers plugin options, if any. */ parse_sudoers_options(); diff --git a/src/sudo.c b/src/sudo.c index c618b9e81..8d36b3df0 100644 --- a/src/sudo.c +++ b/src/sudo.c @@ -179,6 +179,8 @@ main(int argc, char *argv[], char *envp[]) exit(EXIT_FAILURE); sudo_debug_instance = sudo_debug_register(getprogname(), NULL, NULL, sudo_conf_debug_files(getprogname())); + if (sudo_debug_instance == SUDO_DEBUG_INSTANCE_ERROR) + exit(EXIT_FAILURE); /* Make sure we are setuid root. */ sudo_check_suid(argc > 0 ? argv[0] : "sudo");