[Pkg-shadow-commits] r286 - in trunk/debian: . patches

Nicolas FRANCOIS pkg-shadow-devel@lists.alioth.debian.org
Tue, 21 Jun 2005 23:03:14 +0000 

Author: nekral-guest
Date: 2005-06-21 23:03:13 +0000 (Tue, 21 Jun 2005)
New Revision: 286

Added:
   trunk/debian/patches/357_su_pass_args_without_concatenation
Modified:
   trunk/debian/changelog
Log:
Fix #276419.
Add the patches from the BTS from 23 Mar 2005 (su.c.patch)
and 31 Mar 2005 (commandline.2.patch).


Modified: trunk/debian/changelog
===================================================================
--- trunk/debian/changelog	2005-06-21 06:27:38 UTC (rev 285)
+++ trunk/debian/changelog	2005-06-21 23:03:13 UTC (rev 286)
@@ -44,6 +44,13 @@
       Document the system user range from 0 to 999 in Debian
       Closes: #286258
   * Upstream bugs not fixed in upstream releases or CVS:
+    - 357_su_pass_args_without_concatenation
+      Thanks to Helmut Waitzmann.
+      Closes: #276419
+      * pass the argument to the shell or command without concatenation
+        before the call to exec.
+      * If no command is provided, the arguments after the username are for
+        the shell, no -c has to be appended.
   * Upstream bugs already fixed in upstream releases or CVS:
     - Corrected typos in chfn.1. Closes: #312428
     - Corrected typos in gshadow.5. Closes: #312429

Added: trunk/debian/patches/357_su_pass_args_without_concatenation
===================================================================
--- trunk/debian/patches/357_su_pass_args_without_concatenation	2005-06-21 06:27:38 UTC (rev 285)
+++ trunk/debian/patches/357_su_pass_args_without_concatenation	2005-06-21 23:03:13 UTC (rev 286)
@@ -0,0 +1,108 @@
+Goal: * pass the argument to the shell or command without concatenation
+        before the call to exec.
+        (su --shell=/bin/sh -c 'printf :%q:\\n ${1+"$@"}' "$USER" sh a "b\'c" d)
+      * If no command is provided, the arguments after the username are for the shell,
+        no -c has to be appended.
+        (su -- - "$LOGNAME" -x)
+      * The submitter also reported some changes I consider being only aesthetical (only
+        malloc the exact number of elements)
+      * He also proposed another patch that would change the return type of
+        "elements" to size_t instead of int. But I did not included this one.
+Fixes: #276419
+
+Status wrt upstream: Upstream should be checked. Only in regard to the
+                     second issue (run_shell in upstream is quite different
+                     and don't suffer from the first point and don't have
+                     "elements" function, which voids the last two points)
+
+Index: shadow-4.0.3/src/su.c
+===================================================================
+--- shadow-4.0.3.orig/src/su.c	2005-06-20 23:28:48.000000000 +0200
++++ shadow-4.0.3/src/su.c	2005-06-21 20:49:22.128723000 +0200
+@@ -172,8 +172,9 @@
+ {
+   int n = 0;
+ 
+-  for (n = 0; *arr; ++arr)
+-    ++n;
++  if (arr)
++    for (n = 0; *arr; ++arr)
++      ++n;
+   return n;
+ }
+ 
+@@ -183,16 +184,25 @@
+ {
+   const char **args;
+   int argno = 1;
+-  char cmd[BUFSIZ];
+-  int cmd_len_left = sizeof(cmd) - 1;
+ 
+-  cmd[0] = '\0';
+-
+-  if (additional_args)
+-    args = (const char **) xmalloc (sizeof (char *)
+-                                    * (10 + elements (additional_args)));
+-  else
+-    args = (const char **) xmalloc (sizeof (char *) * 10);
++  /* Allocate 2 up to 4 more slots for the argument vector than there are
++     additional args:
++     1 for args[0],
++     2 (optional) for a commandline, preceded with "-c",
++     1 for the args[]-terminating NULL entry.
++   */
++  args = (const char **)
++    xmalloc (
++      sizeof (char *) *
++      (
++	1 /* args[0] */
++	+
++	(command ? 2 : 0) /* "-c" "commandline", if supplied */
++	+
++	elements (additional_args) /* number of additional args: */
++	+
++	1 /* the terminating NULL entry */
++      ));
+ 
+   if (login)
+     {
+@@ -210,30 +220,17 @@
+     }
+   else
+     args[0] = Basename(shell);
+-  if (command || additional_args)
+-    args[argno++] = "-c";
+-  if (command) {
+-    if (strlen(command) > cmd_len_left) {
+-      fprintf(stderr, _("Command line args too long\n"));
+-      exit(1);
++  if (command)
++    { /* A command option "-c" or "--command" has been supplied.  Insert
++       * "-c" and its option argument, i.e. the commandline, into the
++       * argument vector.
++       */
++      args[argno++] = "-c";
++      args[argno++] = command;
+     }
+-    strcat(cmd, command);
+-    cmd_len_left -= strlen(command);
+-  }
+   if (additional_args)
+-    for (; *additional_args; ++additional_args) {
+-      if ((strlen(*additional_args) + 1) > cmd_len_left) {
+-	fprintf(stderr, _("Command line args too long\n"));
+-	exit(1);
+-      }
+-      if (cmd[0]) {
+-	strcat(cmd, " ");
+-	cmd_len_left--;
+-      }
+-      strcat(cmd, *additional_args);
+-      cmd_len_left -= strlen(*additional_args);
+-    }
+-  if (cmd[0]) args[argno++] = cmd;
++    for (; *additional_args; ++additional_args)
++      args[argno++] = *additional_args;
+   args[argno] = NULL;
+   execv (shell, (char **) args);
+   fprintf (stderr, _("No shell\n"));