From 9b0622b58ff70de7eb95249b69374e15bbdd1f99 Mon Sep 17 00:00:00 2001 From: "Todd C. Miller" Date: Wed, 15 Feb 2017 15:13:37 -0700 Subject: [PATCH] Better error message when the timeout value does not parse. --- plugins/sudoers/gram.c | 205 +++++++++++++++++++++-------------------- plugins/sudoers/gram.y | 7 +- 2 files changed, 107 insertions(+), 105 deletions(-) diff --git a/plugins/sudoers/gram.c b/plugins/sudoers/gram.c index 69776609c..cfe934683 100644 --- a/plugins/sudoers/gram.c +++ b/plugins/sudoers/gram.c @@ -81,9 +81,7 @@ #if defined(YYBISON) && defined(HAVE_ALLOCA_H) && !defined(__GNUC__) # include #endif /* YYBISON && HAVE_ALLOCA_H && !__GNUC__ */ -#include #include -#include #include "sudoers.h" /* XXX */ #include "parse.h" @@ -112,7 +110,7 @@ static bool add_userspec(struct member *, struct privilege *); static struct defaults *new_default(char *, char *, short); static struct member *new_member(char *, int); static struct sudo_digest *new_digest(int, char *); -#line 79 "gram.y" +#line 77 "gram.y" #ifndef YYSTYPE_DEFINED #define YYSTYPE_DEFINED typedef union { @@ -129,7 +127,7 @@ typedef union { int tok; } YYSTYPE; #endif /* YYSTYPE_DEFINED */ -#line 132 "gram.c" +#line 130 "gram.c" #define COMMAND 257 #define ALIAS 258 #define DEFVAR 259 @@ -662,7 +660,7 @@ short *yysslim; YYSTYPE *yyvs; unsigned int yystacksize; int yyparse(void); -#line 862 "gram.y" +#line 863 "gram.y" void sudoerserror(const char *s) { @@ -998,7 +996,7 @@ init_options(struct command_options *opts) opts->limitprivs = NULL; #endif } -#line 949 "gram.c" +#line 947 "gram.c" /* allocate initial stack or double stack size, up to YYMAXDEPTH */ #if defined(__cplusplus) || defined(__STDC__) static int yygrowstack(void) @@ -1207,23 +1205,23 @@ yyreduce: switch (yyn) { case 1: -#line 174 "gram.y" +#line 172 "gram.y" { ; } break; case 5: -#line 182 "gram.y" +#line 180 "gram.y" { ; } break; case 6: -#line 185 "gram.y" +#line 183 "gram.y" { yyerrok; } break; case 7: -#line 188 "gram.y" +#line 186 "gram.y" { if (!add_userspec(yyvsp[-1].member, yyvsp[0].privilege)) { sudoerserror(N_("unable to allocate memory")); @@ -1232,73 +1230,73 @@ case 7: } break; case 8: -#line 194 "gram.y" +#line 192 "gram.y" { ; } break; case 9: -#line 197 "gram.y" +#line 195 "gram.y" { ; } break; case 10: -#line 200 "gram.y" +#line 198 "gram.y" { ; } break; case 11: -#line 203 "gram.y" +#line 201 "gram.y" { ; } break; case 12: -#line 206 "gram.y" +#line 204 "gram.y" { if (!add_defaults(DEFAULTS, NULL, yyvsp[0].defaults)) YYERROR; } break; case 13: -#line 210 "gram.y" +#line 208 "gram.y" { if (!add_defaults(DEFAULTS_USER, yyvsp[-1].member, yyvsp[0].defaults)) YYERROR; } break; case 14: -#line 214 "gram.y" +#line 212 "gram.y" { if (!add_defaults(DEFAULTS_RUNAS, yyvsp[-1].member, yyvsp[0].defaults)) YYERROR; } break; case 15: -#line 218 "gram.y" +#line 216 "gram.y" { if (!add_defaults(DEFAULTS_HOST, yyvsp[-1].member, yyvsp[0].defaults)) YYERROR; } break; case 16: -#line 222 "gram.y" +#line 220 "gram.y" { if (!add_defaults(DEFAULTS_CMND, yyvsp[-1].member, yyvsp[0].defaults)) YYERROR; } break; case 18: -#line 229 "gram.y" +#line 227 "gram.y" { HLTQ_CONCAT(yyvsp[-2].defaults, yyvsp[0].defaults, entries); yyval.defaults = yyvsp[-2].defaults; } break; case 19: -#line 235 "gram.y" +#line 233 "gram.y" { yyval.defaults = new_default(yyvsp[0].string, NULL, true); if (yyval.defaults == NULL) { @@ -1308,7 +1306,7 @@ case 19: } break; case 20: -#line 242 "gram.y" +#line 240 "gram.y" { yyval.defaults = new_default(yyvsp[0].string, NULL, false); if (yyval.defaults == NULL) { @@ -1318,7 +1316,7 @@ case 20: } break; case 21: -#line 249 "gram.y" +#line 247 "gram.y" { yyval.defaults = new_default(yyvsp[-2].string, yyvsp[0].string, true); if (yyval.defaults == NULL) { @@ -1328,7 +1326,7 @@ case 21: } break; case 22: -#line 256 "gram.y" +#line 254 "gram.y" { yyval.defaults = new_default(yyvsp[-2].string, yyvsp[0].string, '+'); if (yyval.defaults == NULL) { @@ -1338,7 +1336,7 @@ case 22: } break; case 23: -#line 263 "gram.y" +#line 261 "gram.y" { yyval.defaults = new_default(yyvsp[-2].string, yyvsp[0].string, '-'); if (yyval.defaults == NULL) { @@ -1348,14 +1346,14 @@ case 23: } break; case 25: -#line 273 "gram.y" +#line 271 "gram.y" { HLTQ_CONCAT(yyvsp[-2].privilege, yyvsp[0].privilege, entries); yyval.privilege = yyvsp[-2].privilege; } break; case 26: -#line 279 "gram.y" +#line 277 "gram.y" { struct privilege *p = calloc(1, sizeof(*p)); if (p == NULL) { @@ -1369,21 +1367,21 @@ case 26: } break; case 27: -#line 292 "gram.y" +#line 290 "gram.y" { yyval.member = yyvsp[0].member; yyval.member->negated = false; } break; case 28: -#line 296 "gram.y" +#line 294 "gram.y" { yyval.member = yyvsp[0].member; yyval.member->negated = true; } break; case 29: -#line 302 "gram.y" +#line 300 "gram.y" { yyval.member = new_member(yyvsp[0].string, ALIAS); if (yyval.member == NULL) { @@ -1393,7 +1391,7 @@ case 29: } break; case 30: -#line 309 "gram.y" +#line 307 "gram.y" { yyval.member = new_member(NULL, ALL); if (yyval.member == NULL) { @@ -1403,7 +1401,7 @@ case 30: } break; case 31: -#line 316 "gram.y" +#line 314 "gram.y" { yyval.member = new_member(yyvsp[0].string, NETGROUP); if (yyval.member == NULL) { @@ -1413,7 +1411,7 @@ case 31: } break; case 32: -#line 323 "gram.y" +#line 321 "gram.y" { yyval.member = new_member(yyvsp[0].string, NTWKADDR); if (yyval.member == NULL) { @@ -1423,7 +1421,7 @@ case 32: } break; case 33: -#line 330 "gram.y" +#line 328 "gram.y" { yyval.member = new_member(yyvsp[0].string, WORD); if (yyval.member == NULL) { @@ -1433,7 +1431,7 @@ case 33: } break; case 35: -#line 340 "gram.y" +#line 338 "gram.y" { struct cmndspec *prev; prev = HLTQ_LAST(yyvsp[-2].cmndspec, cmndspec, entries); @@ -1482,7 +1480,7 @@ case 35: } break; case 36: -#line 388 "gram.y" +#line 386 "gram.y" { struct cmndspec *cs = calloc(1, sizeof(*cs)); if (cs == NULL) { @@ -1532,7 +1530,7 @@ case 36: } break; case 37: -#line 437 "gram.y" +#line 435 "gram.y" { yyval.digest = new_digest(SUDO_DIGEST_SHA224, yyvsp[0].string); if (yyval.digest == NULL) { @@ -1542,7 +1540,7 @@ case 37: } break; case 38: -#line 444 "gram.y" +#line 442 "gram.y" { yyval.digest = new_digest(SUDO_DIGEST_SHA256, yyvsp[0].string); if (yyval.digest == NULL) { @@ -1552,7 +1550,7 @@ case 38: } break; case 39: -#line 451 "gram.y" +#line 449 "gram.y" { yyval.digest = new_digest(SUDO_DIGEST_SHA384, yyvsp[0].string); if (yyval.digest == NULL) { @@ -1562,7 +1560,7 @@ case 39: } break; case 40: -#line 458 "gram.y" +#line 456 "gram.y" { yyval.digest = new_digest(SUDO_DIGEST_SHA512, yyvsp[0].string); if (yyval.digest == NULL) { @@ -1572,13 +1570,13 @@ case 40: } break; case 41: -#line 467 "gram.y" +#line 465 "gram.y" { yyval.member = yyvsp[0].member; } break; case 42: -#line 470 "gram.y" +#line 468 "gram.y" { if (yyvsp[0].member->type != COMMAND) { sudoerserror(N_("a digest requires a path name")); @@ -1590,63 +1588,63 @@ case 42: } break; case 43: -#line 481 "gram.y" +#line 479 "gram.y" { yyval.member = yyvsp[0].member; yyval.member->negated = false; } break; case 44: -#line 485 "gram.y" +#line 483 "gram.y" { yyval.member = yyvsp[0].member; yyval.member->negated = true; } break; case 45: -#line 491 "gram.y" +#line 489 "gram.y" { yyval.string = yyvsp[0].string; } break; case 46: -#line 496 "gram.y" +#line 494 "gram.y" { yyval.string = yyvsp[0].string; } break; case 47: -#line 501 "gram.y" +#line 499 "gram.y" { yyval.string = yyvsp[0].string; } break; case 48: -#line 506 "gram.y" +#line 504 "gram.y" { yyval.string = yyvsp[0].string; } break; case 49: -#line 510 "gram.y" +#line 508 "gram.y" { yyval.string = yyvsp[0].string; } break; case 50: -#line 515 "gram.y" +#line 513 "gram.y" { yyval.runas = NULL; } break; case 51: -#line 518 "gram.y" +#line 516 "gram.y" { yyval.runas = yyvsp[-1].runas; } break; case 52: -#line 523 "gram.y" +#line 521 "gram.y" { yyval.runas = calloc(1, sizeof(struct runascontainer)); if (yyval.runas != NULL) { @@ -1664,7 +1662,7 @@ case 52: } break; case 53: -#line 538 "gram.y" +#line 536 "gram.y" { yyval.runas = calloc(1, sizeof(struct runascontainer)); if (yyval.runas == NULL) { @@ -1676,7 +1674,7 @@ case 53: } break; case 54: -#line 547 "gram.y" +#line 545 "gram.y" { yyval.runas = calloc(1, sizeof(struct runascontainer)); if (yyval.runas == NULL) { @@ -1688,7 +1686,7 @@ case 54: } break; case 55: -#line 556 "gram.y" +#line 554 "gram.y" { yyval.runas = calloc(1, sizeof(struct runascontainer)); if (yyval.runas == NULL) { @@ -1700,7 +1698,7 @@ case 55: } break; case 56: -#line 565 "gram.y" +#line 563 "gram.y" { yyval.runas = calloc(1, sizeof(struct runascontainer)); if (yyval.runas != NULL) { @@ -1718,24 +1716,27 @@ case 56: } break; case 57: -#line 582 "gram.y" +#line 580 "gram.y" { init_options(&yyval.options); } break; case 58: -#line 585 "gram.y" +#line 583 "gram.y" { yyval.options.timeout = parse_timeout(yyvsp[0].string); free(yyvsp[0].string); if (yyval.options.timeout == -1) { - sudoerserror(N_("unable parse timeout value")); + if (errno == ERANGE) + sudoerserror(N_("timeout value too large")); + else + sudoerserror(N_("invalid timeout value")); YYERROR; } } break; case 59: -#line 593 "gram.y" +#line 594 "gram.y" { #ifdef HAVE_SELINUX free(yyval.options.role); @@ -1744,7 +1745,7 @@ case 59: } break; case 60: -#line 599 "gram.y" +#line 600 "gram.y" { #ifdef HAVE_SELINUX free(yyval.options.type); @@ -1753,7 +1754,7 @@ case 60: } break; case 61: -#line 605 "gram.y" +#line 606 "gram.y" { #ifdef HAVE_PRIV_SET free(yyval.options.privs); @@ -1762,7 +1763,7 @@ case 61: } break; case 62: -#line 611 "gram.y" +#line 612 "gram.y" { #ifdef HAVE_PRIV_SET free(yyval.options.limitprivs); @@ -1771,97 +1772,97 @@ case 62: } break; case 63: -#line 619 "gram.y" +#line 620 "gram.y" { TAGS_INIT(yyval.tag); } break; case 64: -#line 622 "gram.y" +#line 623 "gram.y" { yyval.tag.nopasswd = true; } break; case 65: -#line 625 "gram.y" +#line 626 "gram.y" { yyval.tag.nopasswd = false; } break; case 66: -#line 628 "gram.y" +#line 629 "gram.y" { yyval.tag.noexec = true; } break; case 67: -#line 631 "gram.y" +#line 632 "gram.y" { yyval.tag.noexec = false; } break; case 68: -#line 634 "gram.y" +#line 635 "gram.y" { yyval.tag.setenv = true; } break; case 69: -#line 637 "gram.y" +#line 638 "gram.y" { yyval.tag.setenv = false; } break; case 70: -#line 640 "gram.y" +#line 641 "gram.y" { yyval.tag.log_input = true; } break; case 71: -#line 643 "gram.y" +#line 644 "gram.y" { yyval.tag.log_input = false; } break; case 72: -#line 646 "gram.y" +#line 647 "gram.y" { yyval.tag.log_output = true; } break; case 73: -#line 649 "gram.y" +#line 650 "gram.y" { yyval.tag.log_output = false; } break; case 74: -#line 652 "gram.y" +#line 653 "gram.y" { yyval.tag.follow = true; } break; case 75: -#line 655 "gram.y" +#line 656 "gram.y" { yyval.tag.follow = false; } break; case 76: -#line 658 "gram.y" +#line 659 "gram.y" { yyval.tag.send_mail = true; } break; case 77: -#line 661 "gram.y" +#line 662 "gram.y" { yyval.tag.send_mail = false; } break; case 78: -#line 666 "gram.y" +#line 667 "gram.y" { yyval.member = new_member(NULL, ALL); if (yyval.member == NULL) { @@ -1871,7 +1872,7 @@ case 78: } break; case 79: -#line 673 "gram.y" +#line 674 "gram.y" { yyval.member = new_member(yyvsp[0].string, ALIAS); if (yyval.member == NULL) { @@ -1881,7 +1882,7 @@ case 79: } break; case 80: -#line 680 "gram.y" +#line 681 "gram.y" { struct sudo_command *c = calloc(1, sizeof(*c)); if (c == NULL) { @@ -1899,7 +1900,7 @@ case 80: } break; case 83: -#line 701 "gram.y" +#line 702 "gram.y" { const char *s; s = alias_add(yyvsp[-2].string, HOSTALIAS, sudoers, this_lineno, yyvsp[0].member); @@ -1910,14 +1911,14 @@ case 83: } break; case 85: -#line 712 "gram.y" +#line 713 "gram.y" { HLTQ_CONCAT(yyvsp[-2].member, yyvsp[0].member, entries); yyval.member = yyvsp[-2].member; } break; case 88: -#line 722 "gram.y" +#line 723 "gram.y" { const char *s; s = alias_add(yyvsp[-2].string, CMNDALIAS, sudoers, this_lineno, yyvsp[0].member); @@ -1928,14 +1929,14 @@ case 88: } break; case 90: -#line 733 "gram.y" +#line 734 "gram.y" { HLTQ_CONCAT(yyvsp[-2].member, yyvsp[0].member, entries); yyval.member = yyvsp[-2].member; } break; case 93: -#line 743 "gram.y" +#line 744 "gram.y" { const char *s; s = alias_add(yyvsp[-2].string, RUNASALIAS, sudoers, this_lineno, yyvsp[0].member); @@ -1946,7 +1947,7 @@ case 93: } break; case 96: -#line 757 "gram.y" +#line 758 "gram.y" { const char *s; s = alias_add(yyvsp[-2].string, USERALIAS, sudoers, this_lineno, yyvsp[0].member); @@ -1957,28 +1958,28 @@ case 96: } break; case 98: -#line 768 "gram.y" +#line 769 "gram.y" { HLTQ_CONCAT(yyvsp[-2].member, yyvsp[0].member, entries); yyval.member = yyvsp[-2].member; } break; case 99: -#line 774 "gram.y" +#line 775 "gram.y" { yyval.member = yyvsp[0].member; yyval.member->negated = false; } break; case 100: -#line 778 "gram.y" +#line 779 "gram.y" { yyval.member = yyvsp[0].member; yyval.member->negated = true; } break; case 101: -#line 784 "gram.y" +#line 785 "gram.y" { yyval.member = new_member(yyvsp[0].string, ALIAS); if (yyval.member == NULL) { @@ -1988,7 +1989,7 @@ case 101: } break; case 102: -#line 791 "gram.y" +#line 792 "gram.y" { yyval.member = new_member(NULL, ALL); if (yyval.member == NULL) { @@ -1998,7 +1999,7 @@ case 102: } break; case 103: -#line 798 "gram.y" +#line 799 "gram.y" { yyval.member = new_member(yyvsp[0].string, NETGROUP); if (yyval.member == NULL) { @@ -2008,7 +2009,7 @@ case 103: } break; case 104: -#line 805 "gram.y" +#line 806 "gram.y" { yyval.member = new_member(yyvsp[0].string, USERGROUP); if (yyval.member == NULL) { @@ -2018,7 +2019,7 @@ case 104: } break; case 105: -#line 812 "gram.y" +#line 813 "gram.y" { yyval.member = new_member(yyvsp[0].string, WORD); if (yyval.member == NULL) { @@ -2028,28 +2029,28 @@ case 105: } break; case 107: -#line 822 "gram.y" +#line 823 "gram.y" { HLTQ_CONCAT(yyvsp[-2].member, yyvsp[0].member, entries); yyval.member = yyvsp[-2].member; } break; case 108: -#line 828 "gram.y" +#line 829 "gram.y" { yyval.member = yyvsp[0].member; yyval.member->negated = false; } break; case 109: -#line 832 "gram.y" +#line 833 "gram.y" { yyval.member = yyvsp[0].member; yyval.member->negated = true; } break; case 110: -#line 838 "gram.y" +#line 839 "gram.y" { yyval.member = new_member(yyvsp[0].string, ALIAS); if (yyval.member == NULL) { @@ -2059,7 +2060,7 @@ case 110: } break; case 111: -#line 845 "gram.y" +#line 846 "gram.y" { yyval.member = new_member(NULL, ALL); if (yyval.member == NULL) { @@ -2069,7 +2070,7 @@ case 111: } break; case 112: -#line 852 "gram.y" +#line 853 "gram.y" { yyval.member = new_member(yyvsp[0].string, WORD); if (yyval.member == NULL) { @@ -2078,7 +2079,7 @@ case 112: } } break; -#line 2029 "gram.c" +#line 2030 "gram.c" } yyssp -= yym; yystate = *yyssp; diff --git a/plugins/sudoers/gram.y b/plugins/sudoers/gram.y index 8eb1bb913..5f95721af 100644 --- a/plugins/sudoers/gram.y +++ b/plugins/sudoers/gram.y @@ -43,9 +43,7 @@ #if defined(YYBISON) && defined(HAVE_ALLOCA_H) && !defined(__GNUC__) # include #endif /* YYBISON && HAVE_ALLOCA_H && !__GNUC__ */ -#include #include -#include #include "sudoers.h" /* XXX */ #include "parse.h" @@ -586,7 +584,10 @@ options : /* empty */ { $$.timeout = parse_timeout($2); free($2); if ($$.timeout == -1) { - sudoerserror(N_("unable parse timeout value")); + if (errno == ERANGE) + sudoerserror(N_("timeout value too large")); + else + sudoerserror(N_("invalid timeout value")); YYERROR; } } -- 2.40.0