From: Todd C. Miller <Todd.Miller@courtesan.com>
Date: Fri, 16 Sep 2011 23:59:47 +0000 (-0400)
Subject: Don't assume all editors support the +linenumber command line
X-Git-Tag: SUDO_1_7_8~16
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=ed63637925e30a29497d05294c281beef4885cae;p=sudo

Don't assume all editors support the +linenumber command line
argument, use a whitelist of known good editors.

--HG--
branch : 1.7
---

diff --git a/visudo.c b/visudo.c
index 57cec798d..7cf894f9a 100644
--- a/visudo.c
+++ b/visudo.c
@@ -246,6 +246,30 @@ main(argc, argv)
     exit(0);
 }
 
+/*
+ * List of editors that support the "+lineno" command line syntax.
+ * If an entry starts with '*' the tail end of the string is matched.
+ * No other wild cards are supported.
+ */
+static char *lineno_editors[] = {
+    "ex",
+    "nex",
+    "vi",
+    "nvi",
+    "vim",
+    "elvis",
+    "*macs",
+    "mg",
+    "vile",
+    "jove",
+    "pico",
+    "nano",
+    "ee",
+    "joe",
+    "zile",
+    NULL
+};
+
 /*
  * Edit each sudoers file.
  * Returns TRUE on success, else FALSE.
@@ -303,6 +327,34 @@ edit_sudoers(sp, editor, args, lineno)
     }
     (void) touch(-1, sp->tpath, &orig_mtim);
 
+    /* Does the editor support +lineno? */
+    if (lineno > 0)
+    {
+	char *editor_base = strrchr(editor, '/');
+	if (editor_base != NULL)
+	    editor_base++;
+	else
+	    editor_base = editor;
+	if (*editor_base == 'r')
+	    editor_base++;
+
+	for (av = lineno_editors; (cp = *av) != NULL; av++) {
+	    /* We only handle a leading '*' wildcard. */
+	    if (*cp == '*') {
+		size_t blen = strlen(editor_base);
+		size_t clen = strlen(++cp);
+		if (blen >= clen) {
+		    if (strcmp(cp, editor_base + blen - clen) == 0)
+			break;
+		}
+	    } else if (strcmp(cp, editor_base) == 0)
+		break;
+	}
+	/* Disable +lineno if editor doesn't support it. */
+	if (cp == NULL)
+	    lineno = -1;
+    }
+
     /* Find the length of the argument vector */
     ac = 3 + (lineno > 0);
     if (args) {