From b2d0bdee2056e349a4bf60a140a2543d0f2f3264 Mon Sep 17 00:00:00 2001 From: "Todd C. Miller" Date: Tue, 3 Sep 2013 09:39:35 -0600 Subject: [PATCH] Work around a bug in sudo 1.8.7 timing files where the indexes are off by two. --- NEWS | 6 +++++- plugins/sudoers/sudoreplay.c | 12 +++++++++--- 2 files changed, 14 insertions(+), 4 deletions(-) diff --git a/NEWS b/NEWS index 294526762..9c62f8352 100644 --- a/NEWS +++ b/NEWS @@ -62,6 +62,10 @@ What's new in Sudo 1.8.8? * Root may no longer change its SELinux role without entering a password. + * Fixed a bug introduced in Sudo 1.8.7 where the indexes written + to the I/O log timing file are two greater than they should be. + Sudoreplay now contains a work-around to parse those files. + What's new in Sudo 1.8.7? * The non-Unix group plugin is now supported when sudoers data @@ -109,7 +113,7 @@ What's new in Sudo 1.8.7? * There is now a standalone sudo.conf manual page. - * Sudo now stores its libexec files in a "sudo" subdirectory instead + * Sudo now stores its libexec files in a "sudo" sub-directory instead of in libexec itself. For backwards compatibility, if the plugin is not found in the default plugin directory, sudo will check the parent directory if the default directory ends in "/sudo". diff --git a/plugins/sudoers/sudoreplay.c b/plugins/sudoers/sudoreplay.c index 8cefbbd8b..21254b1cd 100644 --- a/plugins/sudoers/sudoreplay.c +++ b/plugins/sudoers/sudoreplay.c @@ -163,6 +163,8 @@ static struct search_node { static struct search_node *node_stack[32]; static int stack_top; +static int timing_idx_adj = 0; + static const char *session_dir = _PATH_SUDO_IO_LOGDIR; static const char short_opts[] = "d:f:hlm:s:V"; @@ -1124,9 +1126,13 @@ parse_timing(buf, decimal, idx, seconds, nbytes) /* Parse index */ ul = strtoul(buf, &ep, 10); - if (ul > IOFD_MAX) - goto bad; - *idx = (int)ul; + if (ul >= IOFD_TIMING) { + if (ul != 6) + goto bad; + /* work around a bug in timing files generated by sudo 1.8.7 */ + timing_idx_adj = 2; + } + *idx = (int)ul - timing_idx_adj; for (cp = ep + 1; isspace((unsigned char) *cp); cp++) continue; -- 2.40.0