diff options
author | Todd C. Miller <Todd.Miller@sudo.ws> | 2023-04-18 07:33:12 -0600 |
---|---|---|
committer | Todd C. Miller <Todd.Miller@sudo.ws> | 2023-04-18 07:33:12 -0600 |
commit | 5579d3f2ba7c666149bd660bb1687f402996194a (patch) | |
tree | 63443214283d34b5ffd0c0e369c4011e39b9031c | |
parent | 62eb0a713c83dc803e2823dad34ab8e4399dd132 (diff) | |
download | sudo-5579d3f2ba7c666149bd660bb1687f402996194a.tar.gz |
Hard-code usage() and help() for an 80-column terminal.
Trying to tailor the help and usage output to the terminal width
is simply not worth it and could be abused to mark a socket as
"trusted" on Linux if there are additional kernel bugs like
CVE-2023-2002.
-rw-r--r-- | src/parse_args.c | 76 | ||||
-rw-r--r-- | src/sudo_usage.h.in | 58 |
2 files changed, 76 insertions, 58 deletions
diff --git a/src/parse_args.c b/src/parse_args.c index 1214587b3..738319f27 100644 --- a/src/parse_args.c +++ b/src/parse_args.c @@ -695,56 +695,31 @@ parse_args(int argc, char **argv, const char *shell, int *old_optind, debug_return_int(mode | flags); } -static int -usage_err(const char *buf) -{ - return fputs(buf, stderr); -} - -static int -usage_out(const char *buf) -{ - return fputs(buf, stdout); -} - /* * Display usage message. * The actual usage strings are in sudo_usage.h for configure substitution. */ static void -display_usage(int (*output)(const char *), int cols) +display_usage(FILE *fp) { - struct sudo_lbuf lbuf; - const char *uvec[6]; - int i, ulen; + const char * const **uvecs = sudo_usage; + const char * const *uvec; + int i, indent; /* * Use usage vectors appropriate to the progname. */ - if (strcmp(getprogname(), "sudoedit") == 0) { - uvec[0] = SUDO_USAGE0; - uvec[1] = &SUDO_USAGE5[3]; /* skip the leading "-e " */ - uvec[2] = NULL; - } else { - uvec[0] = SUDO_USAGE1; - uvec[1] = SUDO_USAGE2; - uvec[2] = SUDO_USAGE3; - uvec[3] = SUDO_USAGE4; - uvec[4] = SUDO_USAGE5; - uvec[5] = NULL; - } - - /* - * Print usage and wrap lines as needed, depending on the - * tty width. - */ - ulen = (int)strlen(getprogname()) + 8; - sudo_lbuf_init(&lbuf, output, ulen, NULL, cols); - for (i = 0; uvec[i] != NULL; i++) { - sudo_lbuf_append(&lbuf, "usage: %s%s", getprogname(), uvec[i]); - sudo_lbuf_print(&lbuf); + if (strcmp(getprogname(), "sudoedit") == 0) + uvecs = sudoedit_usage; + + indent = strlen(getprogname()) + 8; + while ((uvec = *uvecs) != NULL) { + (void)fprintf(fp, "usage: %s %s\n", getprogname(), uvec[0]); + for (i = 1; uvec[i] != NULL; i++) { + (void)fprintf(fp, "%*s%s\n", indent, "", uvec[i]); + } + uvecs++; } - sudo_lbuf_destroy(&lbuf); } /* @@ -753,10 +728,7 @@ display_usage(int (*output)(const char *), int cols) void usage(void) { - int rows, cols; - - sudo_get_ttysize(STDERR_FILENO, &rows, &cols); - display_usage(usage_err, cols); + display_usage(stderr); exit(EXIT_FAILURE); } @@ -786,6 +758,12 @@ usage_excl_ticket(void) usage(); } +static int +help_out(const char *buf) +{ + return fputs(buf, stdout); +} + static void help(void) { @@ -793,21 +771,17 @@ help(void) const int indent = 32; const char *pname = getprogname(); bool sudoedit = false; - int rows, cols; debug_decl(help, SUDO_DEBUG_ARGS); - sudo_get_ttysize(STDOUT_FILENO, &rows, &cols); - sudo_lbuf_init(&lbuf, usage_out, indent, NULL, cols); if (strcmp(pname, "sudoedit") == 0) { sudoedit = true; - sudo_lbuf_append(&lbuf, _("%s - edit files as another user\n\n"), pname); + (void)printf(_("%s - edit files as another user\n\n"), pname); } else { - sudo_lbuf_append(&lbuf, _("%s - execute a command as another user\n\n"), pname); + (void)printf(_("%s - execute a command as another user\n\n"), pname); } - sudo_lbuf_print(&lbuf); - - display_usage(usage_out, cols); + display_usage(stdout); + sudo_lbuf_init(&lbuf, help_out, indent, NULL, 80); sudo_lbuf_append(&lbuf, "%s", _("\nOptions:\n")); sudo_lbuf_append(&lbuf, " -A, --askpass %s\n", _("use a helper program for password prompting")); diff --git a/src/sudo_usage.h.in b/src/sudo_usage.h.in index 557dbde55..6b186f4bc 100644 --- a/src/sudo_usage.h.in +++ b/src/sudo_usage.h.in @@ -1,7 +1,7 @@ /* * SPDX-License-Identifier: ISC * - * Copyright (c) 2007-2010, 2013, 2015, 2017, 2020-2022 + * Copyright (c) 2007-2010, 2013, 2015, 2017, 2020-2023 * Todd C. Miller <Todd.Miller@sudo.ws> * * Permission to use, copy, modify, and distribute this software for any @@ -24,11 +24,55 @@ * Usage strings for sudo. These are here because we * need to be able to substitute values from configure. */ -#define SUDO_USAGE0 " -h | -V" -#define SUDO_USAGE1 " -h | -K | -k | -V" -#define SUDO_USAGE2 " -v [-ABkNnS] @BSDAUTH_USAGE@[-g group] [-h host] [-p prompt] [-u user]" -#define SUDO_USAGE3 " -l [-ABkNnS] @BSDAUTH_USAGE@[-g group] [-h host] [-p prompt] [-U user] [-u user] [command [arg ...]]" -#define SUDO_USAGE4 " [-ABbEHkNnPS] @BSDAUTH_USAGE@@SELINUX_USAGE@[-C num] [-D directory] @LOGINCAP_USAGE@[-g group] [-h host] [-p prompt] [-R directory] [-T timeout] [-u user] [VAR=value] [-i | -s] [command [arg ...]]" -#define SUDO_USAGE5 " -e [-ABkNnS] @BSDAUTH_USAGE@@SELINUX_USAGE@[-C num] @LOGINCAP_USAGE@[-D directory] [-g group] [-h host] [-p prompt] [-R directory] [-T timeout] [-u user] file ..." +static const char *sudo_usage1[] = { + "-h | -K | -k | -V", + NULL +}; +static const char *sudo_usage2[] = { + "-v [-ABkNnS] @BSDAUTH_USAGE@[-g group] [-h host] [-p prompt] [-u user]", + NULL +}; +static const char *sudo_usage3[] = { + "-l [-ABkNnS] @BSDAUTH_USAGE@[-g group] [-h host] [-p prompt] [-U user]", + "[-u user] [command [arg ...]]", + NULL +}; +static const char *sudo_usage4[] = { + "[-ABbEHkNnPS] @BSDAUTH_USAGE@@SELINUX_USAGE@[-C num] @LOGINCAP_USAGE@[-D directory]", + "[-g group] [-h host] [-p prompt] [-R directory] [-T timeout]", + "[-u user] [VAR=value] [-i | -s] [command [arg ...]]", + NULL +}; +static const char *sudo_usage5[] = { + "-e [-ABkNnS] @BSDAUTH_USAGE@@SELINUX_USAGE@[-C num] @LOGINCAP_USAGE@[-D directory]", + "[-g group] [-h host] [-p prompt] [-R directory] [-T timeout]", + "[-u user] file ...", + NULL +}; +static const char * const *sudo_usage[] = { + sudo_usage1, + sudo_usage2, + sudo_usage3, + sudo_usage4, + sudo_usage5, + NULL +}; + +static const char *sudoedit_usage1[] = { + "-h | -V", + NULL +}; +static const char *sudoedit_usage2[] = { + /* Same as sudo_usage5 but no -e flag. */ + "[-ABkNnS] @BSDAUTH_USAGE@@SELINUX_USAGE@[-C num] @LOGINCAP_USAGE@[-D directory]", + "[-g group] [-h host] [-p prompt] [-R directory] [-T timeout]", + "[-u user] file ...", + NULL +}; +static const char * const *sudoedit_usage[] = { + sudoedit_usage1, + sudoedit_usage2, + NULL +}; #endif /* SUDO_USAGE_H */ |