[Pkg-shadow-commits] r286 - in trunk/debian: . patches
Nicolas FRANCOIS
pkg-shadow-devel@lists.alioth.debian.org
Tue, 21 Jun 2005 23:03:14 +0000
Author: nekral-guest
Date: 2005-06-21 23:03:13 +0000 (Tue, 21 Jun 2005)
New Revision: 286
Added:
trunk/debian/patches/357_su_pass_args_without_concatenation
Modified:
trunk/debian/changelog
Log:
Fix #276419.
Add the patches from the BTS from 23 Mar 2005 (su.c.patch)
and 31 Mar 2005 (commandline.2.patch).
Modified: trunk/debian/changelog
===================================================================
--- trunk/debian/changelog 2005-06-21 06:27:38 UTC (rev 285)
+++ trunk/debian/changelog 2005-06-21 23:03:13 UTC (rev 286)
@@ -44,6 +44,13 @@
Document the system user range from 0 to 999 in Debian
Closes: #286258
* Upstream bugs not fixed in upstream releases or CVS:
+ - 357_su_pass_args_without_concatenation
+ Thanks to Helmut Waitzmann.
+ Closes: #276419
+ * pass the argument to the shell or command without concatenation
+ before the call to exec.
+ * If no command is provided, the arguments after the username are for
+ the shell, no -c has to be appended.
* Upstream bugs already fixed in upstream releases or CVS:
- Corrected typos in chfn.1. Closes: #312428
- Corrected typos in gshadow.5. Closes: #312429
Added: trunk/debian/patches/357_su_pass_args_without_concatenation
===================================================================
--- trunk/debian/patches/357_su_pass_args_without_concatenation 2005-06-21 06:27:38 UTC (rev 285)
+++ trunk/debian/patches/357_su_pass_args_without_concatenation 2005-06-21 23:03:13 UTC (rev 286)
@@ -0,0 +1,108 @@
+Goal: * pass the argument to the shell or command without concatenation
+ before the call to exec.
+ (su --shell=/bin/sh -c 'printf :%q:\\n ${1+"$@"}' "$USER" sh a "b\'c" d)
+ * If no command is provided, the arguments after the username are for the shell,
+ no -c has to be appended.
+ (su -- - "$LOGNAME" -x)
+ * The submitter also reported some changes I consider being only aesthetical (only
+ malloc the exact number of elements)
+ * He also proposed another patch that would change the return type of
+ "elements" to size_t instead of int. But I did not included this one.
+Fixes: #276419
+
+Status wrt upstream: Upstream should be checked. Only in regard to the
+ second issue (run_shell in upstream is quite different
+ and don't suffer from the first point and don't have
+ "elements" function, which voids the last two points)
+
+Index: shadow-4.0.3/src/su.c
+===================================================================
+--- shadow-4.0.3.orig/src/su.c 2005-06-20 23:28:48.000000000 +0200
++++ shadow-4.0.3/src/su.c 2005-06-21 20:49:22.128723000 +0200
+@@ -172,8 +172,9 @@
+ {
+ int n = 0;
+
+- for (n = 0; *arr; ++arr)
+- ++n;
++ if (arr)
++ for (n = 0; *arr; ++arr)
++ ++n;
+ return n;
+ }
+
+@@ -183,16 +184,25 @@
+ {
+ const char **args;
+ int argno = 1;
+- char cmd[BUFSIZ];
+- int cmd_len_left = sizeof(cmd) - 1;
+
+- cmd[0] = '\0';
+-
+- if (additional_args)
+- args = (const char **) xmalloc (sizeof (char *)
+- * (10 + elements (additional_args)));
+- else
+- args = (const char **) xmalloc (sizeof (char *) * 10);
++ /* Allocate 2 up to 4 more slots for the argument vector than there are
++ additional args:
++ 1 for args[0],
++ 2 (optional) for a commandline, preceded with "-c",
++ 1 for the args[]-terminating NULL entry.
++ */
++ args = (const char **)
++ xmalloc (
++ sizeof (char *) *
++ (
++ 1 /* args[0] */
++ +
++ (command ? 2 : 0) /* "-c" "commandline", if supplied */
++ +
++ elements (additional_args) /* number of additional args: */
++ +
++ 1 /* the terminating NULL entry */
++ ));
+
+ if (login)
+ {
+@@ -210,30 +220,17 @@
+ }
+ else
+ args[0] = Basename(shell);
+- if (command || additional_args)
+- args[argno++] = "-c";
+- if (command) {
+- if (strlen(command) > cmd_len_left) {
+- fprintf(stderr, _("Command line args too long\n"));
+- exit(1);
++ if (command)
++ { /* A command option "-c" or "--command" has been supplied. Insert
++ * "-c" and its option argument, i.e. the commandline, into the
++ * argument vector.
++ */
++ args[argno++] = "-c";
++ args[argno++] = command;
+ }
+- strcat(cmd, command);
+- cmd_len_left -= strlen(command);
+- }
+ if (additional_args)
+- for (; *additional_args; ++additional_args) {
+- if ((strlen(*additional_args) + 1) > cmd_len_left) {
+- fprintf(stderr, _("Command line args too long\n"));
+- exit(1);
+- }
+- if (cmd[0]) {
+- strcat(cmd, " ");
+- cmd_len_left--;
+- }
+- strcat(cmd, *additional_args);
+- cmd_len_left -= strlen(*additional_args);
+- }
+- if (cmd[0]) args[argno++] = cmd;
++ for (; *additional_args; ++additional_args)
++ args[argno++] = *additional_args;
+ args[argno] = NULL;
+ execv (shell, (char **) args);
+ fprintf (stderr, _("No shell\n"));