From d1aa09d8e429c4f286d091c5a43899e8e11d362a Mon Sep 17 00:00:00 2001 From: modric Date: Fri, 10 Mar 2023 02:23:52 +0000 Subject: [PATCH] Fix CVE-2023-27320. --- backport-CVE-2023-27320.patch | 38 +++++++++++++++++++++++++++++++++++ sudo.spec | 7 ++++++- 2 files changed, 44 insertions(+), 1 deletion(-) create mode 100644 backport-CVE-2023-27320.patch diff --git a/backport-CVE-2023-27320.patch b/backport-CVE-2023-27320.patch new file mode 100644 index 0000000..6f55e01 --- /dev/null +++ b/backport-CVE-2023-27320.patch @@ -0,0 +1,38 @@ +diff --git a/plugins/sudoers/match_command.c b/plugins/sudoers/match_command.c +index 37d376d..bda7082 100644 +--- a/plugins/sudoers/match_command.c ++++ b/plugins/sudoers/match_command.c +@@ -818,12 +818,16 @@ command_matches(const char *sudoers_cmnd, const char *sudoers_args, + /* Rule-specific runchroot, reset user_cmnd and user_stat. */ + int status; + ++ /* Save old user_cmnd first, set_cmnd_path() will free it. */ + saved_user_cmnd = user_cmnd; ++ user_cmnd = NULL; + if (user_stat != NULL) + saved_user_stat = *user_stat; + status = set_cmnd_path(runchroot); +- if (status != FOUND) ++ if (status != FOUND) { ++ user_cmnd = saved_user_cmnd; + saved_user_cmnd = NULL; ++ } + if (info != NULL) + info->status = status; + } +diff --git a/plugins/sudoers/visudo.c b/plugins/sudoers/visudo.c +index 3f43382..ec8deab 100644 +--- a/plugins/sudoers/visudo.c ++++ b/plugins/sudoers/visudo.c +@@ -260,7 +260,9 @@ main(int argc, char *argv[]) + } + + /* Mock up a fake sudo_user struct. */ +- user_cmnd = user_base = (char *)""; ++ user_cmnd = user_base = strdup("true"); ++ if (user_cmnd == NULL) ++ sudo_fatalx(U_("%s: %s"), __func__, U_("unable to allocate memory")); + if (geteuid() == 0) { + const char *user = getenv("SUDO_USER"); + if (user != NULL && *user != '\0') + diff --git a/sudo.spec b/sudo.spec index 2343b5d..29968e5 100644 --- a/sudo.spec +++ b/sudo.spec @@ -1,6 +1,6 @@ Name: sudo Version: 1.9.12p2 -Release: 2 +Release: 3 Summary: Allows restricted root access for specified users License: ISC URL: https://www.sudo.ws @@ -10,6 +10,8 @@ Source1: sudoers Source2: sudo Source3: sudo-i +Patch0: backport-CVE-2023-27320.patch + Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) Requires: pam Recommends: vim-minimal @@ -153,6 +155,9 @@ chrpath -d $RPM_BUILD_ROOT/usr/libexec/sudo/* %exclude %{_pkgdocdir}/ChangeLog %changelog +* Fri Mar 10 2023 wangyu - 1.9.12p2-3 +- Fix CVE-2023-27320. + * Mon Mar 06 2023 wangyu - 1.9.12p2-2 - Remove -rpath option. -- Gitee