1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72
|
# HG changeset patch
# User Todd C. Miller <Todd.Miller@courtesan.com>
# Date 1361459125 18000
# Node ID ddf399e3e306ca238f6f1cda8153889b15bba12e
# Parent ac2bf49a24b8f8cec453f8d0623be17e954414c6
Completely ignore time stamp file if it is set to the epoch,
regardless of what gettimeofday() returns.
Index: sudo-1.7.4p6/check.c
===================================================================
--- sudo-1.7.4p6.orig/check.c 2013-02-27 13:36:12.373219996 -0500
+++ sudo-1.7.4p6/check.c 2013-02-27 13:37:49.305222478 -0500
@@ -591,31 +591,34 @@
*/
if (status == TS_OLD && !ISSET(flags, TS_REMOVE)) {
mtim_get(&sb, &mtime);
- /* Negative timeouts only expire manually (sudo -k). */
- if (def_timestamp_timeout < 0 && mtime.tv_sec != 0)
- status = TS_CURRENT;
- else {
- now = time(NULL);
- if (def_timestamp_timeout &&
- now - mtime.tv_sec < 60 * def_timestamp_timeout) {
- /*
- * Check for bogus time on the stampfile. The clock may
- * have been set back or someone could be trying to spoof us.
- */
- if (mtime.tv_sec > now + 60 * def_timestamp_timeout * 2) {
- time_t tv_sec = (time_t)mtime.tv_sec;
- log_error(NO_EXIT,
- "timestamp too far in the future: %20.20s",
- 4 + ctime(&tv_sec));
- if (timestampfile)
- (void) unlink(timestampfile);
- else
- (void) rmdir(timestampdir);
- status = TS_MISSING;
- } else if (get_boottime(&boottime) && timevalcmp(&mtime, &boottime, <)) {
- status = TS_OLD;
- } else {
- status = TS_CURRENT;
+ if (timevalisset(&mtime)) {
+ /* Negative timeouts only expire manually (sudo -k). */
+ if (def_timestamp_timeout < 0) {
+ status = TS_CURRENT;
+ } else {
+ now = time(NULL);
+ if (def_timestamp_timeout &&
+ now - mtime.tv_sec < 60 * def_timestamp_timeout) {
+ /*
+ * Check for bogus time on the stampfile. The clock may
+ * have been set back or user could be trying to spoof us.
+ */
+ if (mtime.tv_sec > now + 60 * def_timestamp_timeout * 2) {
+ time_t tv_sec = (time_t)mtime.tv_sec;
+ log_error(NO_EXIT,
+ "timestamp too far in the future: %20.20s",
+ 4 + ctime(&tv_sec));
+ if (timestampfile)
+ (void) unlink(timestampfile);
+ else
+ (void) rmdir(timestampdir);
+ status = TS_MISSING;
+ } else if (get_boottime(&boottime) &&
+ timevalcmp(&mtime, &boottime, <)) {
+ status = TS_OLD;
+ } else {
+ status = TS_CURRENT;
+ }
}
}
}
|