|
Bugzilla – Full Text Bug Listing |
| Summary: | Sudo skips some non-blank characters in the do_syslog() | ||
|---|---|---|---|
| Product: | Sudo | Reporter: | Eygene Ryabinkin <rea-sudo> |
| Component: | Sudo | Assignee: | Todd C. Miller <Todd.Miller> |
| Status: | RESOLVED FIXED | ||
| Severity: | normal | ||
| Priority: | low | ||
| Version: | 1.6.8 | ||
| Hardware: | PC | ||
| OS: | All | ||
| URL: | http://codelabs.ru/patches/sudo/patch-1.6.8p12-logging.c::do_syslog | ||
| Attachments: |
Patch, first version
Patch, second version |
||
Created attachment 47 [details]
Patch, first version
Looking into do_syslog() more carefully, I've found another problems. 1. If buffer size to be logged is a multiple of the MAXSYSLOGLEN, then the last chunk will be logged twice. 2. Only buffer size was taken into the consideration, but format string includes more characters, so long commands were truncated. The patch that fixes these two bugs and the previous one is attached. Created attachment 48 [details]
Patch, second version
Second version of the patch.
I had thought that the MAXSYSLOGLEN number I was using had enough breathing room to hold the continuation text but apparently not. An adaptation of your patch will appear in sudo 1.6.9. |
While reading sudo's logging.c sources I've found that the famous piece of code /* Eliminate leading whitespace */ for ( p = tmp; *p != ' ' && *p !='\0'; p++ ) ; in the logging.c:do_syslog() contradicts with its own comment: it eliminates non-whitespace characters, i.e. stops on the first space or '\0'. I think that it contradicts with the original idea -- it should really skip the whitespace. So the for loop should look like for (p = tmp; *p == ' '; p++) ; The patch is on the provided URL.