2010年4月23日

[installer 2341] sudosh2-1.0.3

sudosh2-1.0.3 出ています。

☆ sudosh2-1.0.3
http://sourceforge.net/projects/sudosh2/
http://sourceforge.net/projects/sudosh2/files/

ソース差分はこのあたり。

diff -u -urNbB sudosh2-1.0.2/src/replay.c sudosh2-1.0.3/src/replay.c
--- sudosh2-1.0.2/src/replay.c 2008-01-31 07:56:15.000000000 +0900
+++ sudosh2-1.0.3/src/replay.c 2010-04-14 05:39:17.000000000 +0900
@@ -198,9 +198,10 @@
exit(EXIT_FAILURE);
}

- fgets(s->id, BUFSIZ - 1, f);
- fclose(f);
-
+ if (fgets(s->id, BUFSIZ - 1, f)==NULL)
+ fprintf(stderr,"Bad header in %s\n",s->script.str);
+ else
+ {
ptr = strchr(s->id, '\n');
if(ptr != (char *) 0)
*ptr++ = '\0';
@@ -211,6 +212,8 @@
strncpy(s->randstr, randstr, BUFSIZ - 1);
strftime(s->date, 20, "%m/%d/%Y %H:%M:%S", localtime(&s->e));
link_session(s);
+ }
+ fclose(f);
continue;
}

@@ -260,9 +263,9 @@

if (closedir(dp) < 0) {
LL();
- fprintf(stderr, "%s: can't closedir(%s): %s (%i)\n", progname,
+ fprintf(stderr, "%s: can't closedir(%s): %s (%i) .. But teally this isn't fatal, it just wasn't expected.\n", progname,
config_option.logdir, strerror(errno), errno);
- exit(EXIT_FAILURE);
+// exit(EXIT_FAILURE);
}

if (argc) {
@@ -345,7 +348,6 @@
fprintf(stderr,
"[warning]: session %s is missing input information.\n",
scan->id);
- else
close(scan->input.fd);

if ((scan->script.fd = open(scan->script.str, O_RDONLY)) == -1) {
@@ -355,6 +357,7 @@
scan->id);
continue;
}
+ close(scan->script.fd);

if(!strcmp(scan->type, "interactive"))
fprintf(stdout, "%-19s %-8s %-12s %-12s %s\n", scan->date,
@@ -469,6 +472,8 @@
fflush(stdout);
memset(read_buffer, '\0', BUFSIZ);
}
+ close(s_script.fd);
+ fclose(s_time.f);
fprintf(stderr, "[info]: EOF\n");
fflush(stderr);
}
@@ -655,4 +660,5 @@
}

s->secs = (long) t_time;
+ fclose(s_time.f);
}
diff -u -urNbB sudosh2-1.0.2/src/sudosh.c sudosh2-1.0.3/src/sudosh.c
--- sudosh2-1.0.2/src/sudosh.c 2008-02-26 05:29:12.000000000 +0900
+++ sudosh2-1.0.3/src/sudosh.c 2010-04-14 05:39:17.000000000 +0900
@@ -2,7 +2,7 @@

sudosh - sudo shell that supports input and output logging to syslog

-Copyright 2004 and $Date: 2008/02/25 20:29:12 $
+Copyright 2004 and $Date: 2010/04/13 20:39:17 $
Douglas Richard Hanks Jr.

Licensed under the Open Software License version 2.0
@@ -179,6 +179,19 @@

if (c_str)
{
+// Test for methods of escape
+ if (strchr(c_command,';')!=NULL ||
+ strchr(c_command,'&') !=NULL ||
+ strchr(c_command,'|') !=NULL ||
+ strchr(c_command,'<') !=NULL ||
+ strchr(c_command,'>') !=NULL)
+ {
+ fprintf (stderr, "\"%s\" isn't allowed to be executed with process or redirect controls.\n",
+ c_command);
+ exit (EXIT_FAILURE);
+ }
+
+
// fprintf(stderr,"Testing c\n");
// Make sure that c_str is in argallow
char argtest[BUFSIZ];
@@ -555,6 +569,7 @@
static void
prepchild (struct pst *pst)
{
+int newfd;
int i;
char *b = NULL;
char newargv[BUFSIZ];
@@ -574,9 +589,8 @@

if ((pst->sfd = open (pst->slave, O_RDWR)) < 0)
exit (EXIT_FAILURE);
-
- dup (0);
- dup (0);
+ newfd=dup (0);
+ newfd=dup (0);

for (i = 3; i < 100; ++i)
close (i);

----
こがよういちろう


投稿者 xml-rpc : 2010年4月23日 09:13
役に立ちました?:
過去のフィードバック 平均:(0) 総合:(0) 投票回数:(0)
本記事へのTrackback: http://hoop.euqset.org/blog/mt-tb2006.cgi/95306
トラックバック
コメント
コメントする




画像の中に見える文字を入力してください。