From 31c164dae1d3ff8d24ba6317267dc7fdd98df0b6 Mon Sep 17 00:00:00 2001 From: "Todd C. Miller" Date: Thu, 24 Mar 2011 11:00:30 -0400 Subject: [PATCH] Make an empty group or netgroup a syntax error. --- plugins/sudoers/toke.c | 287 ++++++++++++++++++++++------------------- plugins/sudoers/toke.l | 16 +++ 2 files changed, 169 insertions(+), 134 deletions(-) diff --git a/plugins/sudoers/toke.c b/plugins/sudoers/toke.c index 4f90111ec..535c264c5 100644 --- a/plugins/sudoers/toke.c +++ b/plugins/sudoers/toke.c @@ -289,75 +289,75 @@ static void yy_fatal_error YY_PROTO(( yyconst char msg[] )); *yy_cp = '\0'; \ yy_c_buf_p = yy_cp; -#define YY_NUM_RULES 55 -#define YY_END_OF_BUFFER 56 +#define YY_NUM_RULES 56 +#define YY_END_OF_BUFFER 57 static yyconst short int yy_accept[599] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 56, 43, 51, 50, 49, 42, 54, 43, - 44, 45, 43, 46, 43, 43, 43, 43, 48, 47, - 54, 38, 38, 38, 38, 38, 38, 38, 54, 43, - 43, 51, 54, 38, 38, 38, 38, 38, 2, 54, - 1, 43, 43, 17, 16, 17, 16, 16, 54, 54, - 54, 3, 9, 8, 9, 4, 9, 5, 54, 13, - 13, 13, 11, 12, 43, 0, 51, 49, 0, 53, - 0, 43, 33, 0, 0, 0, 32, 0, 41, 41, - 0, 43, 43, 0, 43, 43, 43, 43, 0, 36, - - 38, 38, 38, 38, 38, 38, 38, 43, 52, 43, - 51, 0, 0, 0, 0, 0, 0, 43, 43, 43, - 43, 43, 2, 1, 0, 1, 39, 39, 0, 43, + 0, 0, 57, 44, 52, 51, 50, 43, 55, 32, + 45, 46, 32, 47, 44, 44, 44, 44, 49, 48, + 55, 39, 39, 39, 39, 39, 39, 39, 55, 44, + 44, 52, 55, 39, 39, 39, 39, 39, 2, 55, + 1, 44, 44, 17, 16, 17, 16, 16, 55, 55, + 55, 3, 9, 8, 9, 4, 9, 5, 55, 13, + 13, 13, 11, 12, 44, 0, 52, 50, 0, 54, + 0, 44, 34, 0, 32, 0, 33, 0, 42, 42, + 0, 44, 44, 0, 44, 44, 44, 44, 0, 37, + + 39, 39, 39, 39, 39, 39, 39, 44, 53, 44, + 52, 0, 0, 0, 0, 0, 0, 44, 44, 44, + 44, 44, 2, 1, 0, 1, 40, 40, 0, 44, 17, 17, 15, 14, 15, 0, 0, 3, 9, 0, 6, 7, 9, 9, 13, 0, 13, 13, 0, 10, - 0, 0, 0, 33, 33, 0, 0, 43, 43, 43, - 43, 43, 0, 0, 36, 36, 38, 38, 38, 38, - 38, 38, 38, 38, 38, 43, 0, 0, 0, 0, - 0, 0, 43, 43, 43, 43, 43, 0, 43, 10, - 0, 43, 43, 43, 43, 43, 43, 0, 37, 37, - - 37, 0, 0, 36, 36, 36, 36, 36, 36, 36, - 38, 38, 38, 38, 38, 38, 38, 38, 38, 43, - 0, 0, 0, 0, 0, 0, 43, 43, 43, 43, - 43, 43, 43, 0, 0, 37, 37, 37, 0, 36, - 36, 0, 36, 36, 36, 36, 36, 36, 36, 36, - 36, 36, 36, 0, 25, 38, 38, 38, 38, 38, - 38, 38, 38, 43, 0, 0, 0, 0, 43, 43, - 43, 43, 43, 43, 43, 43, 0, 37, 0, 36, - 36, 36, 0, 0, 0, 36, 36, 36, 36, 36, - 36, 36, 36, 36, 36, 36, 36, 36, 38, 38, - - 38, 38, 38, 38, 38, 38, 43, 0, 0, 0, - 43, 43, 43, 34, 34, 34, 0, 0, 36, 36, - 36, 36, 36, 36, 36, 0, 0, 0, 0, 0, - 36, 36, 36, 36, 36, 36, 36, 36, 36, 36, - 36, 36, 36, 36, 38, 38, 0, 24, 38, 38, - 38, 38, 0, 23, 0, 26, 43, 0, 0, 0, - 43, 43, 43, 43, 34, 34, 34, 34, 0, 36, - 0, 36, 36, 36, 36, 36, 36, 36, 36, 36, - 36, 36, 0, 0, 0, 36, 36, 36, 36, 36, - 36, 36, 36, 36, 36, 36, 36, 36, 38, 38, - - 38, 38, 38, 38, 40, 0, 0, 0, 43, 20, - 39, 43, 35, 35, 35, 36, 0, 0, 0, 36, - 36, 36, 36, 36, 36, 36, 36, 36, 36, 36, - 36, 36, 0, 0, 0, 0, 0, 36, 36, 36, - 36, 36, 36, 36, 36, 38, 38, 38, 38, 0, - 22, 0, 27, 0, 20, 0, 0, 43, 0, 43, - 43, 43, 35, 35, 35, 35, 35, 0, 0, 0, - 0, 0, 36, 36, 36, 36, 36, 36, 36, 36, - 36, 36, 36, 36, 36, 36, 36, 36, 36, 36, - 36, 36, 0, 30, 38, 38, 38, 0, 0, 0, - - 21, 20, 0, 0, 0, 0, 0, 20, 0, 43, - 43, 43, 35, 35, 0, 0, 0, 36, 36, 36, - 36, 36, 36, 36, 36, 36, 36, 36, 36, 36, - 36, 36, 36, 36, 36, 0, 28, 38, 38, 21, - 0, 18, 0, 0, 20, 43, 43, 43, 43, 43, - 0, 0, 0, 0, 0, 36, 36, 36, 36, 36, - 36, 36, 36, 0, 31, 38, 0, 43, 43, 43, - 36, 36, 36, 36, 36, 36, 0, 29, 0, 43, - 43, 43, 43, 43, 36, 36, 36, 36, 36, 0, - 19, 34, 34, 34, 34, 34, 34, 0 + 0, 0, 0, 34, 34, 0, 0, 44, 44, 44, + 44, 44, 0, 0, 37, 37, 39, 39, 39, 39, + 39, 39, 39, 39, 39, 44, 0, 0, 0, 0, + 0, 0, 44, 44, 44, 44, 44, 0, 44, 10, + 0, 44, 44, 44, 44, 44, 44, 0, 38, 38, + + 38, 0, 0, 37, 37, 37, 37, 37, 37, 37, + 39, 39, 39, 39, 39, 39, 39, 39, 39, 44, + 0, 0, 0, 0, 0, 0, 44, 44, 44, 44, + 44, 44, 44, 0, 0, 38, 38, 38, 0, 37, + 37, 0, 37, 37, 37, 37, 37, 37, 37, 37, + 37, 37, 37, 0, 25, 39, 39, 39, 39, 39, + 39, 39, 39, 44, 0, 0, 0, 0, 44, 44, + 44, 44, 44, 44, 44, 44, 0, 38, 0, 37, + 37, 37, 0, 0, 0, 37, 37, 37, 37, 37, + 37, 37, 37, 37, 37, 37, 37, 37, 39, 39, + + 39, 39, 39, 39, 39, 39, 44, 0, 0, 0, + 44, 44, 44, 35, 35, 35, 0, 0, 37, 37, + 37, 37, 37, 37, 37, 0, 0, 0, 0, 0, + 37, 37, 37, 37, 37, 37, 37, 37, 37, 37, + 37, 37, 37, 37, 39, 39, 0, 24, 39, 39, + 39, 39, 0, 23, 0, 26, 44, 0, 0, 0, + 44, 44, 44, 44, 35, 35, 35, 35, 0, 37, + 0, 37, 37, 37, 37, 37, 37, 37, 37, 37, + 37, 37, 0, 0, 0, 37, 37, 37, 37, 37, + 37, 37, 37, 37, 37, 37, 37, 37, 39, 39, + + 39, 39, 39, 39, 41, 0, 0, 0, 44, 20, + 40, 44, 36, 36, 36, 37, 0, 0, 0, 37, + 37, 37, 37, 37, 37, 37, 37, 37, 37, 37, + 37, 37, 0, 0, 0, 0, 0, 37, 37, 37, + 37, 37, 37, 37, 37, 39, 39, 39, 39, 0, + 22, 0, 27, 0, 20, 0, 0, 44, 0, 44, + 44, 44, 36, 36, 36, 36, 36, 0, 0, 0, + 0, 0, 37, 37, 37, 37, 37, 37, 37, 37, + 37, 37, 37, 37, 37, 37, 37, 37, 37, 37, + 37, 37, 0, 30, 39, 39, 39, 0, 0, 0, + + 21, 20, 0, 0, 0, 0, 0, 20, 0, 44, + 44, 44, 36, 36, 0, 0, 0, 37, 37, 37, + 37, 37, 37, 37, 37, 37, 37, 37, 37, 37, + 37, 37, 37, 37, 37, 0, 28, 39, 39, 21, + 0, 18, 0, 0, 20, 44, 44, 44, 44, 44, + 0, 0, 0, 0, 0, 37, 37, 37, 37, 37, + 37, 37, 37, 0, 31, 39, 0, 44, 44, 44, + 37, 37, 37, 37, 37, 37, 0, 29, 0, 44, + 44, 44, 44, 44, 37, 37, 37, 37, 37, 0, + 19, 35, 35, 35, 35, 35, 35, 0 } ; @@ -1851,9 +1851,19 @@ YY_RULE_SETUP if (prev_state == INITIAL) { switch (yylval.string[0]) { case '%': + if (yylval.string[1] == '\0' || + (yylval.string[1] == ':' && + yylval.string[2] == '\0')) { + LEXTRACE("ERROR "); /* empty group */ + return ERROR; + } LEXTRACE("USERGROUP "); return USERGROUP; case '+': + if (yylval.string[1] == '\0') { + LEXTRACE("ERROR "); /* empty netgroup */ + return ERROR; + } LEXTRACE("NETGROUP "); return NETGROUP; } @@ -1864,7 +1874,7 @@ YY_RULE_SETUP YY_BREAK case 12: YY_RULE_SETUP -#line 202 "toke.l" +#line 212 "toke.l" { LEXTRACE("BACKSLASH "); if (!append(yytext, yyleng)) @@ -1873,7 +1883,7 @@ YY_RULE_SETUP YY_BREAK case 13: YY_RULE_SETUP -#line 208 "toke.l" +#line 218 "toke.l" { LEXTRACE("STRBODY "); if (!append(yytext, yyleng)) @@ -1884,7 +1894,7 @@ YY_RULE_SETUP case 14: YY_RULE_SETUP -#line 216 "toke.l" +#line 226 "toke.l" { /* quoted fnmatch glob char, pass verbatim */ LEXTRACE("QUOTEDCHAR "); @@ -1895,7 +1905,7 @@ YY_RULE_SETUP YY_BREAK case 15: YY_RULE_SETUP -#line 224 "toke.l" +#line 234 "toke.l" { /* quoted sudoers special char, strip backslash */ LEXTRACE("QUOTEDCHAR "); @@ -1906,7 +1916,7 @@ YY_RULE_SETUP YY_BREAK case 16: YY_RULE_SETUP -#line 232 "toke.l" +#line 242 "toke.l" { BEGIN INITIAL; yyless(0); @@ -1915,7 +1925,7 @@ YY_RULE_SETUP YY_BREAK case 17: YY_RULE_SETUP -#line 238 "toke.l" +#line 248 "toke.l" { LEXTRACE("ARG "); if (!fill_args(yytext, yyleng, sawspace)) @@ -1926,7 +1936,7 @@ YY_RULE_SETUP case 18: YY_RULE_SETUP -#line 246 "toke.l" +#line 256 "toke.l" { char *path; @@ -1947,7 +1957,7 @@ YY_RULE_SETUP YY_BREAK case 19: YY_RULE_SETUP -#line 264 "toke.l" +#line 274 "toke.l" { char *path; @@ -1971,7 +1981,7 @@ YY_RULE_SETUP YY_BREAK case 20: YY_RULE_SETUP -#line 285 "toke.l" +#line 295 "toke.l" { char deftype; int n; @@ -2014,7 +2024,7 @@ YY_RULE_SETUP YY_BREAK case 21: YY_RULE_SETUP -#line 325 "toke.l" +#line 335 "toke.l" { int n; @@ -2043,7 +2053,7 @@ YY_RULE_SETUP YY_BREAK case 22: YY_RULE_SETUP -#line 351 "toke.l" +#line 361 "toke.l" { /* cmnd does not require passwd for this user */ LEXTRACE("NOPASSWD "); @@ -2052,7 +2062,7 @@ YY_RULE_SETUP YY_BREAK case 23: YY_RULE_SETUP -#line 357 "toke.l" +#line 367 "toke.l" { /* cmnd requires passwd for this user */ LEXTRACE("PASSWD "); @@ -2061,7 +2071,7 @@ YY_RULE_SETUP YY_BREAK case 24: YY_RULE_SETUP -#line 363 "toke.l" +#line 373 "toke.l" { LEXTRACE("NOEXEC "); return NOEXEC; @@ -2069,7 +2079,7 @@ YY_RULE_SETUP YY_BREAK case 25: YY_RULE_SETUP -#line 368 "toke.l" +#line 378 "toke.l" { LEXTRACE("EXEC "); return EXEC; @@ -2077,7 +2087,7 @@ YY_RULE_SETUP YY_BREAK case 26: YY_RULE_SETUP -#line 373 "toke.l" +#line 383 "toke.l" { LEXTRACE("SETENV "); return SETENV; @@ -2085,7 +2095,7 @@ YY_RULE_SETUP YY_BREAK case 27: YY_RULE_SETUP -#line 378 "toke.l" +#line 388 "toke.l" { LEXTRACE("NOSETENV "); return NOSETENV; @@ -2093,7 +2103,7 @@ YY_RULE_SETUP YY_BREAK case 28: YY_RULE_SETUP -#line 383 "toke.l" +#line 393 "toke.l" { LEXTRACE("LOG_OUTPUT "); return LOG_OUTPUT; @@ -2101,7 +2111,7 @@ YY_RULE_SETUP YY_BREAK case 29: YY_RULE_SETUP -#line 388 "toke.l" +#line 398 "toke.l" { LEXTRACE("NOLOG_OUTPUT "); return NOLOG_OUTPUT; @@ -2109,7 +2119,7 @@ YY_RULE_SETUP YY_BREAK case 30: YY_RULE_SETUP -#line 393 "toke.l" +#line 403 "toke.l" { LEXTRACE("LOG_INPUT "); return LOG_INPUT; @@ -2117,7 +2127,7 @@ YY_RULE_SETUP YY_BREAK case 31: YY_RULE_SETUP -#line 398 "toke.l" +#line 408 "toke.l" { LEXTRACE("NOLOG_INPUT "); return NOLOG_INPUT; @@ -2125,7 +2135,16 @@ YY_RULE_SETUP YY_BREAK case 32: YY_RULE_SETUP -#line 403 "toke.l" +#line 413 "toke.l" +{ + /* empty group or netgroup */ + LEXTRACE("ERROR "); + return ERROR; + } + YY_BREAK +case 33: +YY_RULE_SETUP +#line 419 "toke.l" { /* netgroup */ if (!fill(yytext, yyleng)) @@ -2134,9 +2153,9 @@ YY_RULE_SETUP return NETGROUP; } YY_BREAK -case 33: +case 34: YY_RULE_SETUP -#line 411 "toke.l" +#line 427 "toke.l" { /* group */ if (!fill(yytext, yyleng)) @@ -2145,9 +2164,9 @@ YY_RULE_SETUP return USERGROUP; } YY_BREAK -case 34: +case 35: YY_RULE_SETUP -#line 419 "toke.l" +#line 435 "toke.l" { if (!fill(yytext, yyleng)) yyterminate(); @@ -2155,9 +2174,9 @@ YY_RULE_SETUP return NTWKADDR; } YY_BREAK -case 35: +case 36: YY_RULE_SETUP -#line 426 "toke.l" +#line 442 "toke.l" { if (!fill(yytext, yyleng)) yyterminate(); @@ -2165,9 +2184,9 @@ YY_RULE_SETUP return NTWKADDR; } YY_BREAK -case 36: +case 37: YY_RULE_SETUP -#line 433 "toke.l" +#line 449 "toke.l" { if (!ipv6_valid(yytext)) { LEXTRACE("ERROR "); @@ -2179,9 +2198,9 @@ YY_RULE_SETUP return NTWKADDR; } YY_BREAK -case 37: +case 38: YY_RULE_SETUP -#line 444 "toke.l" +#line 460 "toke.l" { if (!ipv6_valid(yytext)) { LEXTRACE("ERROR "); @@ -2193,9 +2212,9 @@ YY_RULE_SETUP return NTWKADDR; } YY_BREAK -case 38: +case 39: YY_RULE_SETUP -#line 455 "toke.l" +#line 471 "toke.l" { if (strcmp(yytext, "ALL") == 0) { LEXTRACE("ALL "); @@ -2218,9 +2237,9 @@ YY_RULE_SETUP return ALIAS; } YY_BREAK -case 39: +case 40: YY_RULE_SETUP -#line 477 "toke.l" +#line 493 "toke.l" { /* no command args allowed for Defaults!/path */ if (!fill_cmnd(yytext, yyleng)) @@ -2229,9 +2248,9 @@ YY_RULE_SETUP return COMMAND; } YY_BREAK -case 40: +case 41: YY_RULE_SETUP -#line 485 "toke.l" +#line 501 "toke.l" { BEGIN GOTCMND; LEXTRACE("COMMAND "); @@ -2239,9 +2258,9 @@ YY_RULE_SETUP yyterminate(); } /* sudo -e */ YY_BREAK -case 41: +case 42: YY_RULE_SETUP -#line 492 "toke.l" +#line 508 "toke.l" { /* directories can't have args... */ if (yytext[yyleng - 1] == '/') { @@ -2257,9 +2276,9 @@ YY_RULE_SETUP } } /* a pathname */ YY_BREAK -case 42: +case 43: YY_RULE_SETUP -#line 507 "toke.l" +#line 523 "toke.l" { LEXTRACE("BEGINSTR "); yylval.string = NULL; @@ -2267,9 +2286,9 @@ YY_RULE_SETUP BEGIN INSTR; } YY_BREAK -case 43: +case 44: YY_RULE_SETUP -#line 514 "toke.l" +#line 530 "toke.l" { /* a word */ if (!fill(yytext, yyleng)) @@ -2278,57 +2297,57 @@ YY_RULE_SETUP return WORD; } YY_BREAK -case 44: +case 45: YY_RULE_SETUP -#line 522 "toke.l" +#line 538 "toke.l" { LEXTRACE("( "); return '('; } YY_BREAK -case 45: +case 46: YY_RULE_SETUP -#line 527 "toke.l" +#line 543 "toke.l" { LEXTRACE(") "); return ')'; } YY_BREAK -case 46: +case 47: YY_RULE_SETUP -#line 532 "toke.l" +#line 548 "toke.l" { LEXTRACE(", "); return ','; } /* return ',' */ YY_BREAK -case 47: +case 48: YY_RULE_SETUP -#line 537 "toke.l" +#line 553 "toke.l" { LEXTRACE("= "); return '='; } /* return '=' */ YY_BREAK -case 48: +case 49: YY_RULE_SETUP -#line 542 "toke.l" +#line 558 "toke.l" { LEXTRACE(": "); return ':'; } /* return ':' */ YY_BREAK -case 49: +case 50: YY_RULE_SETUP -#line 547 "toke.l" +#line 563 "toke.l" { if (yyleng % 2 == 1) return '!'; /* return '!' */ } YY_BREAK -case 50: +case 51: YY_RULE_SETUP -#line 552 "toke.l" +#line 568 "toke.l" { BEGIN INITIAL; ++sudolineno; @@ -2337,25 +2356,25 @@ YY_RULE_SETUP return COMMENT; } /* return newline */ YY_BREAK -case 51: +case 52: YY_RULE_SETUP -#line 560 "toke.l" +#line 576 "toke.l" { /* throw away space/tabs */ sawspace = TRUE; /* but remember for fill_args */ } YY_BREAK -case 52: +case 53: YY_RULE_SETUP -#line 564 "toke.l" +#line 580 "toke.l" { sawspace = TRUE; /* remember for fill_args */ ++sudolineno; continued = TRUE; } /* throw away EOL after \ */ YY_BREAK -case 53: +case 54: YY_RULE_SETUP -#line 570 "toke.l" +#line 586 "toke.l" { BEGIN INITIAL; ++sudolineno; @@ -2364,9 +2383,9 @@ YY_RULE_SETUP return COMMENT; } /* comment, not uid/gid */ YY_BREAK -case 54: +case 55: YY_RULE_SETUP -#line 578 "toke.l" +#line 594 "toke.l" { LEXTRACE("ERROR "); return ERROR; @@ -2378,7 +2397,7 @@ case YY_STATE_EOF(GOTCMND): case YY_STATE_EOF(STARTDEFS): case YY_STATE_EOF(INDEFS): case YY_STATE_EOF(INSTR): -#line 583 "toke.l" +#line 599 "toke.l" { if (YY_START != INITIAL) { BEGIN INITIAL; @@ -2389,12 +2408,12 @@ case YY_STATE_EOF(INSTR): yyterminate(); } YY_BREAK -case 55: +case 56: YY_RULE_SETUP -#line 593 "toke.l" +#line 609 "toke.l" ECHO; YY_BREAK -#line 2397 "lex.yy.c" +#line 2416 "lex.yy.c" case YY_END_OF_BUFFER: { @@ -3285,7 +3304,7 @@ int main() return 0; } #endif -#line 593 "toke.l" +#line 609 "toke.l" struct path_list { char *path; diff --git a/plugins/sudoers/toke.l b/plugins/sudoers/toke.l index f9a0bddcc..f2c4f48f8 100644 --- a/plugins/sudoers/toke.l +++ b/plugins/sudoers/toke.l @@ -188,9 +188,19 @@ DEFVAR [a-z_]+ if (prev_state == INITIAL) { switch (yylval.string[0]) { case '%': + if (yylval.string[1] == '\0' || + (yylval.string[1] == ':' && + yylval.string[2] == '\0')) { + LEXTRACE("ERROR "); /* empty group */ + return ERROR; + } LEXTRACE("USERGROUP "); return USERGROUP; case '+': + if (yylval.string[1] == '\0') { + LEXTRACE("ERROR "); /* empty netgroup */ + return ERROR; + } LEXTRACE("NETGROUP "); return NETGROUP; } @@ -400,6 +410,12 @@ NOLOG_INPUT[[:blank:]]*: { return NOLOG_INPUT; } +(\+|\%|\%:) { + /* empty group or netgroup */ + LEXTRACE("ERROR "); + return ERROR; + } + \+{WORD} { /* netgroup */ if (!fill(yytext, yyleng)) -- 2.40.0