1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
|
Upstream-Status: Backport [https://www.sudo.ws/repos/sudo/rev/09f98816fc89]
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
CVE: CVE-2021-3156
# HG changeset patch
# User Todd C. Miller <Todd.Miller@sudo.ws>
# Date 1611416640 25200
# Node ID 09f98816fc8978f1d8623a857073d2d5746f0379
# Parent 049ad90590be1e5dfb7df2675d2eb3e37c96ab86
Fix the memset offset when converting a v1 timestamp to TS_LOCKEXCL.
We want to zero the struct starting at flags, not type (which was just set).
Found by Qualys.
diff -r 049ad90590be -r 09f98816fc89 plugins/sudoers/timestamp.c
--- a/plugins/sudoers/timestamp.c Sat Jan 23 08:43:59 2021 -0700
+++ b/plugins/sudoers/timestamp.c Sat Jan 23 08:44:00 2021 -0700
@@ -643,8 +643,8 @@
if (entry.size == sizeof(struct timestamp_entry_v1)) {
/* Old sudo record, convert it to TS_LOCKEXCL. */
entry.type = TS_LOCKEXCL;
- memset((char *)&entry + offsetof(struct timestamp_entry, type), 0,
- nread - offsetof(struct timestamp_entry, type));
+ memset((char *)&entry + offsetof(struct timestamp_entry, flags), 0,
+ nread - offsetof(struct timestamp_entry, flags));
if (ts_write(cookie->fd, cookie->fname, &entry, 0) == -1)
debug_return_bool(false);
} else {
|
