Treat stack exhaustion like memory allocation failure
This commit is contained in:
yixiangzhike
parent
3f1f231939
commit
ca3a4a8565
@ -0,0 +1,42 @@
|
||||
From 8781560e1bf30e2b7fa564865d138f663bbfa125 Mon Sep 17 00:00:00 2001
|
||||
From: "Todd C. Miller" <Todd.Miller@sudo.ws>
|
||||
Date: Fri, 29 Jan 2021 09:23:51 -0700
|
||||
Subject: [PATCH] In json_stack_push() treat stack exhaustion like memory
|
||||
allocation failure. Return NULL instead of treating as a fatal error. This
|
||||
should make life a little easier for oss-fuzz.
|
||||
|
||||
---
|
||||
lib/iolog/iolog_json.c | 10 +++++++---
|
||||
1 file changed, 7 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/lib/iolog/iolog_json.c b/lib/iolog/iolog_json.c
|
||||
index 684f938..9c7754f 100644
|
||||
--- a/lib/iolog/iolog_json.c
|
||||
+++ b/lib/iolog/iolog_json.c
|
||||
@@ -548,6 +548,12 @@ json_stack_push(struct json_stack *stack, struct json_item_list *items,
|
||||
struct json_item *item;
|
||||
debug_decl(iolog_parse_loginfo_json, SUDO_DEBUG_UTIL);
|
||||
|
||||
+ /* We limit the stack size rather than expanding it. */
|
||||
+ if (stack->depth >= stack->maxdepth) {
|
||||
+ sudo_warnx(U_("json stack exhausted (max %u frames)"), stack->maxdepth);
|
||||
+ debug_return_ptr(NULL);
|
||||
+ }
|
||||
+
|
||||
/* Allocate a new item and insert it into the list. */
|
||||
if ((item = new_json_item(type, name, lineno)) == NULL)
|
||||
debug_return_ptr(NULL);
|
||||
@@ -555,9 +561,7 @@ json_stack_push(struct json_stack *stack, struct json_item_list *items,
|
||||
item->u.child.parent = item;
|
||||
TAILQ_INSERT_TAIL(items, item, entries);
|
||||
|
||||
- /* Push the current frame onto the stack. */
|
||||
- if (stack->depth == stack->maxdepth)
|
||||
- sudo_fatalx(U_("internal error, %s overflow"), __func__);
|
||||
+ /* Push the current frame onto the stack (depth check performed above). */
|
||||
stack->frames[stack->depth++] = frame;
|
||||
|
||||
/* Return the new frame */
|
||||
--
|
||||
1.8.3.1
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
Name: sudo
|
||||
Version: 1.9.2
|
||||
Release: 3
|
||||
Release: 4
|
||||
Summary: Allows restricted root access for specified users
|
||||
License: ISC
|
||||
URL: http://www.courtesan.com/sudo/
|
||||
@ -19,6 +19,7 @@ Patch5: backport-0003-CVE-2021-3156-Fix-potential-buffer-overflow.patch
|
||||
Patch6: backport-0004-CVE-2021-3156-Fix-the-memset-offset.patch
|
||||
Patch7: backport-0005-CVE-2021-3156-Dont-assume-that-argv.patch
|
||||
Patch8: backport-Fix-runstatedir-handling-for-distros-that-do-not-support-it.patch
|
||||
Patch9: backport-In-json_stack_push-treat-stack-exhaustion-like-memory-allocation-failure.patch
|
||||
|
||||
Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
||||
Requires: pam
|
||||
@ -159,6 +160,12 @@ install -p -c -m 0644 %{SOURCE3} $RPM_BUILD_ROOT/etc/pam.d/sudo-i
|
||||
%exclude %{_pkgdocdir}/ChangeLog
|
||||
|
||||
%changelog
|
||||
* Thu Sep 16 2021 yixiangzhike <zhangxingliang3@huawei.com> - 1.9.2-4
|
||||
- Type:bugfix
|
||||
- ID:NA
|
||||
- SUG:NA
|
||||
- DESC:treat stack exhaustion like memory allocation failure
|
||||
|
||||
* Fri Jan 29 2021 zoulin <zoulin13@huawei.com> - 1.9.2-3
|
||||
- Type:bugfix
|
||||
- ID:NA
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user