~ubuntu-branches/ubuntu/quantal/sudo/quantal

Viewing changes to plugins/sudoers/match_addr.c

Committer: Package Import Robot
Author(s): Tyler Hicks
Date: 2012-05-16 09:42:17 UTC
Revision ID: package-import@ubuntu.com-20120516094217-x9gto7y6hhflwl9v

Tags: 1.8.3p1-1ubuntu5

* SECURITY UPDATE: Properly handle netmasks in sudoers Host and Host_List
  values (LP: #1000276)
  - debian/patches/CVE-2012-2337.patch: Don't perform IPv6 checks on IPv4
    addresses. Based on upstream patch.
  - CVE-2012-2337

files added:
.pc/CVE-2012-2337.patch

.pc/CVE-2012-2337.patch/plugins

.pc/CVE-2012-2337.patch/plugins/sudoers

.pc/CVE-2012-2337.patch/plugins/sudoers/match_addr.c

debian/patches/CVE-2012-2337.patch

files modified:
.pc/applied-patches

debian/changelog

debian/patches/series

plugins/sudoers/match_addr.c

Show diffs side-by-side

added added

removed removed

plugins/sudoers/match_addr.c

for (ifp = interfaces; ifp != NULL; ifp = ifp->next) {

if (ifp->family != family)

continue;

switch(family) {

switch (family) {

case AF_INET:

if (ifp->addr.ip4.s_addr == addr.ip4.s_addr ||

(ifp->addr.ip4.s_addr & ifp->netmask.ip4.s_addr)

}

if (j == sizeof(addr.ip6.s6_addr))

return TRUE;

break;

#endif

}

154

155

for (ifp = interfaces; ifp != NULL; ifp = ifp->next) {

155

156

if (ifp->family != family)

156

157

continue;

157

switch(family) {

158

switch (family) {

158

159

case AF_INET:

159

160

if ((ifp->addr.ip4.s_addr & mask.ip4.s_addr) == addr.ip4.s_addr)

160

161

return TRUE;

162

break;

161

163

#ifdef HAVE_IN6_ADDR

162

164

case AF_INET6:

163

165

for (j = 0; j < sizeof(addr.ip6.s6_addr); j++) {

166

168

}

167

169

if (j == sizeof(addr.ip6.s6_addr))

168

170

return TRUE;

171

break;

169

172

#endif /* HAVE_IN6_ADDR */

170

173

}

171

174

}

Older »