[sudo-commits] sudo changeset 14479:1cd37144190c
Todd C. Miller
Todd.Miller at sudo.ws
Wed Jan 18 08:22:25 MST 2023
changeset: 14479:1cd37144190c in /raid/repos/sudo
details: https://www.sudo.ws/repos/sudo/rev/1cd37144190c
user: Todd C. Miller <Todd.Miller at sudo.ws>
date: Wed Jan 18 08:21:34 2023 -0700
Log Message:
Escape control characters in log messages and "sudoreplay -l" output.
The log message contains user-controlled strings that could include
things like terminal control characters. Space characters in the
command path are now also escaped.
Command line arguments that contain spaces are surrounded with
single quotes and any literal single quote or backslash characters
are escaped with a backslash. This makes it possible to distinguish
multiple command line arguments from a single argument that contains
spaces.
Issue found by Matthieu Barjole and Victor Cutillas of Synacktiv
(https://synacktiv.com).
diffstat:
docs/sudoers.man.in | 44 ++++++-
docs/sudoers.mdoc.in | 40 +++++-
docs/sudoreplay.man.in | 9 +
docs/sudoreplay.mdoc.in | 10 +
include/sudo_lbuf.h | 7 +
lib/eventlog/eventlog.c | 238 +++++++++++++-----------------------------
lib/iolog/iolog_json.c | 39 -------
lib/util/lbuf.c | 106 +++++++++++++++++++
lib/util/util.exp.in | 1 +
plugins/sudoers/sudoreplay.c | 142 ++++++++++++++++++++++---
10 files changed, 397 insertions(+), 239 deletions(-)
More information about the sudo-commits
mailing list