diff options
Diffstat (limited to 'lib/util/sudo_conf.c')
-rw-r--r-- | lib/util/sudo_conf.c | 46 |
1 files changed, 29 insertions, 17 deletions
diff --git a/lib/util/sudo_conf.c b/lib/util/sudo_conf.c index 29518d4d9..5f046ffa1 100644 --- a/lib/util/sudo_conf.c +++ b/lib/util/sudo_conf.c @@ -38,6 +38,7 @@ #include <unistd.h> #include <ctype.h> #include <errno.h> +#include <fcntl.h> #include <limits.h> #define SUDO_ERROR_WRAP 0 @@ -68,7 +69,7 @@ struct sudo_conf_path_table { const char *pname; unsigned int pnamelen; bool dynamic; - char *pval; + const char *pval; }; struct sudo_conf_settings { @@ -221,7 +222,7 @@ parse_path(const char *entry, const char *conf_file, unsigned int lineno) } } if (cur->dynamic) - free(cur->pval); + free((char *)cur->pval); cur->pval = pval; cur->dynamic = true; sudo_debug_printf(SUDO_DEBUG_INFO, "%s: %s:%u: Path %s %s", @@ -651,7 +652,7 @@ sudo_conf_read_v1(const char *conf_file, int conf_types) { struct stat sb; FILE *fp = NULL; - int ret = false; + int fd, ret = false; char *prev_locale, *line = NULL; unsigned int conf_lineno = 0; size_t linesize = 0; @@ -670,38 +671,49 @@ sudo_conf_read_v1(const char *conf_file, int conf_types) if (prev_locale[0] != 'C' || prev_locale[1] != '\0') setlocale(LC_ALL, "C"); - if (conf_file == NULL) { + if (conf_file != NULL) { + fd = open(conf_file, O_RDONLY); + if (fd == -1) { + sudo_warn(U_("unable to open %s"), conf_file); + goto done; + } + } else { + int error; conf_file = _PATH_SUDO_CONF; - switch (sudo_secure_file(conf_file, ROOT_UID, -1, &sb)) { - case SUDO_PATH_SECURE: - break; + fd = sudo_secure_open_file(conf_file, ROOT_UID, -1, &sb, &error); + if (fd == -1) { + switch (error) { case SUDO_PATH_MISSING: /* Root should always be able to read sudo.conf. */ if (errno != ENOENT && geteuid() == ROOT_UID) - sudo_warn(U_("unable to stat %s"), conf_file); - goto done; + sudo_warn(U_("unable to open %s"), conf_file); + break; case SUDO_PATH_BAD_TYPE: sudo_warnx(U_("%s is not a regular file"), conf_file); - goto done; + break; case SUDO_PATH_WRONG_OWNER: sudo_warnx(U_("%s is owned by uid %u, should be %u"), conf_file, (unsigned int) sb.st_uid, ROOT_UID); - goto done; + break; case SUDO_PATH_WORLD_WRITABLE: sudo_warnx(U_("%s is world writable"), conf_file); - goto done; + break; case SUDO_PATH_GROUP_WRITABLE: sudo_warnx(U_("%s is group writable"), conf_file); - goto done; + break; default: - /* NOTREACHED */ - goto done; + sudo_warnx("%s: internal error, unexpected error %d", + __func__, error); + break; + } + goto done; } } - if ((fp = fopen(conf_file, "r")) == NULL) { + if ((fp = fdopen(fd, "r")) == NULL) { if (errno != ENOENT && geteuid() == ROOT_UID) sudo_warn(U_("unable to open %s"), conf_file); + close(fd); goto done; } @@ -769,7 +781,7 @@ sudo_conf_clear_paths_v1(void) for (cur = sudo_conf_data.path_table; cur->pname != NULL; cur++) { if (cur->dynamic) - free(cur->pval); + free((char *)cur->pval); cur->pval = NULL; cur->dynamic = false; } |