From ca3a4a8565750024c76ea6e6aba186d52b6400a7 Mon Sep 17 00:00:00 2001 From: yixiangzhike Date: Thu, 16 Sep 2021 16:23:53 +0800 Subject: [PATCH] Treat stack exhaustion like memory allocation failure --- ...stion-like-memory-allocation-failure.patch | 42 +++++++++++++++++++ sudo.spec | 9 +++- 2 files changed, 50 insertions(+), 1 deletion(-) create mode 100644 backport-In-json_stack_push-treat-stack-exhaustion-like-memory-allocation-failure.patch diff --git a/backport-In-json_stack_push-treat-stack-exhaustion-like-memory-allocation-failure.patch b/backport-In-json_stack_push-treat-stack-exhaustion-like-memory-allocation-failure.patch new file mode 100644 index 0000000..23e75e1 --- /dev/null +++ b/backport-In-json_stack_push-treat-stack-exhaustion-like-memory-allocation-failure.patch @@ -0,0 +1,42 @@ +From 8781560e1bf30e2b7fa564865d138f663bbfa125 Mon Sep 17 00:00:00 2001 +From: "Todd C. Miller" +Date: Fri, 29 Jan 2021 09:23:51 -0700 +Subject: [PATCH] In json_stack_push() treat stack exhaustion like memory + allocation failure. Return NULL instead of treating as a fatal error. This + should make life a little easier for oss-fuzz. + +--- + lib/iolog/iolog_json.c | 10 +++++++--- + 1 file changed, 7 insertions(+), 3 deletions(-) + +diff --git a/lib/iolog/iolog_json.c b/lib/iolog/iolog_json.c +index 684f938..9c7754f 100644 +--- a/lib/iolog/iolog_json.c ++++ b/lib/iolog/iolog_json.c +@@ -548,6 +548,12 @@ json_stack_push(struct json_stack *stack, struct json_item_list *items, + struct json_item *item; + debug_decl(iolog_parse_loginfo_json, SUDO_DEBUG_UTIL); + ++ /* We limit the stack size rather than expanding it. */ ++ if (stack->depth >= stack->maxdepth) { ++ sudo_warnx(U_("json stack exhausted (max %u frames)"), stack->maxdepth); ++ debug_return_ptr(NULL); ++ } ++ + /* Allocate a new item and insert it into the list. */ + if ((item = new_json_item(type, name, lineno)) == NULL) + debug_return_ptr(NULL); +@@ -555,9 +561,7 @@ json_stack_push(struct json_stack *stack, struct json_item_list *items, + item->u.child.parent = item; + TAILQ_INSERT_TAIL(items, item, entries); + +- /* Push the current frame onto the stack. */ +- if (stack->depth == stack->maxdepth) +- sudo_fatalx(U_("internal error, %s overflow"), __func__); ++ /* Push the current frame onto the stack (depth check performed above). */ + stack->frames[stack->depth++] = frame; + + /* Return the new frame */ +-- +1.8.3.1 + diff --git a/sudo.spec b/sudo.spec index 7cd6fe4..6689ce3 100644 --- a/sudo.spec +++ b/sudo.spec @@ -1,6 +1,6 @@ Name: sudo Version: 1.9.2 -Release: 3 +Release: 4 Summary: Allows restricted root access for specified users License: ISC URL: http://www.courtesan.com/sudo/ @@ -19,6 +19,7 @@ Patch5: backport-0003-CVE-2021-3156-Fix-potential-buffer-overflow.patch Patch6: backport-0004-CVE-2021-3156-Fix-the-memset-offset.patch Patch7: backport-0005-CVE-2021-3156-Dont-assume-that-argv.patch Patch8: backport-Fix-runstatedir-handling-for-distros-that-do-not-support-it.patch +Patch9: backport-In-json_stack_push-treat-stack-exhaustion-like-memory-allocation-failure.patch Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) Requires: pam @@ -159,6 +160,12 @@ install -p -c -m 0644 %{SOURCE3} $RPM_BUILD_ROOT/etc/pam.d/sudo-i %exclude %{_pkgdocdir}/ChangeLog %changelog +* Thu Sep 16 2021 yixiangzhike - 1.9.2-4 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC:treat stack exhaustion like memory allocation failure + * Fri Jan 29 2021 zoulin - 1.9.2-3 - Type:bugfix - ID:NA -- Gitee