Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
sudo-project
GitHub Repository: sudo-project/sudo
 Path: blob/main/plugins/sudoers/find_path.c
1532 views
1
/*

2
 * SPDX-License-Identifier: ISC

3
 *

4
 * Copyright (c) 1996, 1998-2005, 2010-2015, 2017-2019

5
 *	Todd C. Miller <[email protected]>

6
 *

7
 * Permission to use, copy, modify, and distribute this software for any

8
 * purpose with or without fee is hereby granted, provided that the above

9
 * copyright notice and this permission notice appear in all copies.

10
 *

11
 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES

12
 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF

13
 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR

14
 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES

15
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN

16
 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF

17
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

18
 *

19
 * Sponsored in part by the Defense Advanced Research Projects

20
 * Agency (DARPA) and Air Force Research Laboratory, Air Force

21
 * Materiel Command, USAF, under agreement number F39502-99-1-0512.

22
 */

23


24
#include <config.h>

25


26
#include <sys/stat.h>

27
#include <stdio.h>

28
#include <stdlib.h>

29
#include <string.h>

30
#include <unistd.h>

31
#include <errno.h>

32


33
#include <sudoers.h>

34


35
/*

36
 * Check the given command against the specified allowlist (NULL-terminated).

37
 * On success, rewrites cmnd based on the allowlist and returns true.

38
 * On failure, returns false.

39
 */

40
static bool

41
cmnd_allowed(char *cmnd, size_t cmnd_size, const char *runchroot,

42
    struct stat *cmnd_sbp, char * const *allowlist)

43
{

44
    const char *cmnd_base;

45
    char * const *al;

46
    debug_decl(cmnd_allowed, SUDOERS_DEBUG_UTIL);

47


48
    if (!sudo_goodpath(cmnd, runchroot, cmnd_sbp))

49
	debug_return_bool(false);

50


51
    if (allowlist == NULL)

52
	debug_return_bool(true);	/* nothing to check */

53


54
    /* We compare the base names to avoid excessive stat()ing. */

55
    cmnd_base = sudo_basename(cmnd);

56


57
    for (al = allowlist; *al != NULL; al++) {

58
	const char *base, *path = *al;

59
	struct stat sb;

60


61
	base = sudo_basename(path);

62
	if (strcmp(cmnd_base, base) != 0)

63
	    continue;

64


65
	if (sudo_goodpath(path, runchroot, &sb) &&

66
	    sb.st_dev == cmnd_sbp->st_dev && sb.st_ino == cmnd_sbp->st_ino) {

67
	    /* Overwrite cmnd with safe version from allowlist. */

68
	    if (strlcpy(cmnd, path, cmnd_size) < cmnd_size)

69
		debug_return_bool(true);

70
	}

71
    }

72
    debug_return_bool(false);

73
}

74


75
/*

76
 * This function finds the full pathname for a command and stores it

77
 * in a statically allocated array, filling in a pointer to the array.

78
 * Returns FOUND if the command was found, NOT_FOUND if it was not found,

79
 * NOT_FOUND_DOT if it would have been found but it is in '.' and

80
 * ignore_dot is set or NOT_FOUND_ERROR if an error occurred.

81
 * The caller is responsible for freeing the output file.

82
 */

83
int

84
find_path(const char *infile, char **outfile, struct stat *sbp,

85
    const char *path, const char *runchroot, bool ignore_dot,

86
    char * const *allowlist)

87
{

88
    char command[PATH_MAX];

89
    const char *cp, *ep, *pathend;

90
    bool found = false;

91
    bool checkdot = false;

92
    int len;

93
    debug_decl(find_path, SUDOERS_DEBUG_UTIL);

94


95
    sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO,

96
	"resolving %s", infile);

97


98
    /*

99
     * If we were given a fully qualified or relative path

100
     * there is no need to look at $PATH.

101
     */

102
    if (strchr(infile, '/') != NULL) {

103
	if (strlcpy(command, infile, sizeof(command)) >= sizeof(command)) {

104
	    errno = ENAMETOOLONG;

105
	    debug_return_int(NOT_FOUND_ERROR);

106
	}

107
	found = cmnd_allowed(command, sizeof(command), runchroot, sbp,

108
	    allowlist);

109
	goto done;

110
    }

111


112
    if (path == NULL)

113
	debug_return_int(NOT_FOUND);

114


115
    pathend = path + strlen(path);

116
    for (cp = sudo_strsplit(path, pathend, ":", &ep); cp != NULL;

117
	cp = sudo_strsplit(NULL, pathend, ":", &ep)) {

118


119
	/*

120
	 * Search current dir last if it is in PATH.

121
	 * This will miss sneaky things like using './' or './/' (XXX)

122
	 */

123
	if (cp == ep || (*cp == '.' && cp + 1 == ep)) {

124
	    checkdot = 1;

125
	    continue;

126
	}

127


128
	/*

129
	 * Resolve the path and exit the loop if found.

130
	 */

131
	len = snprintf(command, sizeof(command), "%.*s/%s",

132
	    (int)(ep - cp), cp, infile);

133
	if (len < 0 || len >= ssizeof(command)) {

134
	    errno = ENAMETOOLONG;

135
	    debug_return_int(NOT_FOUND_ERROR);

136
	}

137
	found = cmnd_allowed(command, sizeof(command), runchroot,

138
	    sbp, allowlist);

139
	if (found)

140
	    break;

141
    }

142


143
    /*

144
     * Check current dir if dot was in the PATH

145
     */

146
    if (!found && checkdot) {

147
	len = snprintf(command, sizeof(command), "./%s", infile);

148
	if (len < 0 || len >= ssizeof(command)) {

149
	    errno = ENAMETOOLONG;

150
	    debug_return_int(NOT_FOUND_ERROR);

151
	}

152
	found = cmnd_allowed(command, sizeof(command), runchroot,

153
	    sbp, allowlist);

154
	if (found && ignore_dot)

155
	    debug_return_int(NOT_FOUND_DOT);

156
    }

157


158
done:

159
    if (found) {

160
	sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO,

161
	    "found %s", command);

162
	if ((*outfile = strdup(command)) == NULL)

163
	    debug_return_int(NOT_FOUND_ERROR);

164
	debug_return_int(FOUND);

165
    }

166
    debug_return_int(NOT_FOUND);

167
}

168


169