From c1ed913d7158d641f07c75760960789361880838 Mon Sep 17 00:00:00 2001
From: Radovan Sroka <rsroka@redhat.com>
Date: Aug 24 2015 09:50:05 +0000
Subject: Fix coverity scan outputs


- add patch that resolves initialization problem before call sudo_strsplit
- add patch that resolves deadcode in visudo.c

---

diff --git a/sudo-1.8.14p3-deadcode_visudo_c.patch b/sudo-1.8.14p3-deadcode_visudo_c.patch
new file mode 100644
index 0000000..19a55e1
--- /dev/null
+++ b/sudo-1.8.14p3-deadcode_visudo_c.patch
@@ -0,0 +1,40 @@
+diff -up ./plugins/sudoers/visudo.c.deadcode ./plugins/sudoers/visudo.c
+--- ./plugins/sudoers/visudo.c.deadcode	2015-08-24 09:54:59.216956064 +0200
++++ ./plugins/sudoers/visudo.c	2015-08-24 09:59:50.831547773 +0200
+@@ -415,12 +415,10 @@ edit_sudoers(struct sudoersfile *sp, cha
+     int tfd;				/* sudoers temp file descriptor */
+     bool modified;			/* was the file modified? */
+     int ac;				/* argument count */
+-    char buf[4096];			/* buffer used for copying files */
+     char linestr[64];			/* string version of lineno */
+     struct timespec ts, times[2];	/* time before and after edit */
+     struct timespec orig_mtim;		/* starting mtime of sudoers file */
+     off_t orig_size;			/* starting size of sudoers file */
+-    ssize_t nread;			/* number of bytes read */
+     struct stat sb;			/* stat buffer */
+     bool rval = false;			/* return value */
+     debug_decl(edit_sudoers, SUDOERS_DEBUG_UTIL)
+@@ -440,15 +438,19 @@ edit_sudoers(struct sudoersfile *sp, cha
+ 
+ 	/* Copy sp->path -> sp->tpath and reset the mtime. */
+ 	if (orig_size != 0) {
++	    char buf[4096], lastch = '\0';
++	    ssize_t nread;
+ 	    (void) lseek(sp->fd, (off_t)0, SEEK_SET);
+-	    while ((nread = read(sp->fd, buf, sizeof(buf))) > 0)
++	    while ((nread = read(sp->fd, buf, sizeof(buf))) > 0){
+ 		if (write(tfd, buf, nread) != nread)
+ 		    sudo_fatal(U_("write error"));
++		lastch = buf[nread - 1];
++	    }
+ 
+ 	    /* Add missing newline at EOF if needed. */
+-	    if (nread > 0 && buf[nread - 1] != '\n') {
+-		buf[0] = '\n';
+-		if (write(tfd, buf, 1) != 1)
++	    if (lastch != '\n') {
++		lastch = '\n';
++		if (write(tfd, &lastch, 1) != 1)    
+ 		    sudo_fatal(U_("write error"));
+ 	    }
+ 	}
diff --git a/sudo-1.8.14p3-extra_while.patch b/sudo-1.8.14p3-extra_while.patch
new file mode 100644
index 0000000..c7ff83e
--- /dev/null
+++ b/sudo-1.8.14p3-extra_while.patch
@@ -0,0 +1,24 @@
+diff -up ./plugins/sudoers/sudoers.c.extra_while ./plugins/sudoers/sudoers.c
+--- ./plugins/sudoers/sudoers.c.extra_while	2015-08-24 10:06:01.262987605 +0200
++++ ./plugins/sudoers/sudoers.c	2015-08-24 10:07:16.557919240 +0200
+@@ -1214,7 +1214,7 @@ find_editor(int nfiles, char **files, in
+ 		files, argc_out, argv_out, NULL);
+ 	    if (editor_path == NULL && errno != ENOENT)
+ 		debug_return_str(NULL);
+-	} while (ep != NULL && editor_path == NULL);
++	}
+     }
+     if (!editor_path) {
+ 	audit_failure(NewArgc, NewArgv, N_("%s: command not found"),
+diff -up ./plugins/sudoers/visudo.c.extra_while ./plugins/sudoers/visudo.c
+--- ./plugins/sudoers/visudo.c.extra_while	2015-08-24 10:07:34.602902856 +0200
++++ ./plugins/sudoers/visudo.c	2015-08-24 10:08:27.750854600 +0200
+@@ -332,7 +332,7 @@ get_editor(int *editor_argc, char ***edi
+ 		editor_argc, editor_argv, whitelist);
+ 	    if (editor_path == NULL && errno != ENOENT)
+ 		debug_return_str(NULL);
+-	} while (ep != NULL && editor_path == NULL);
++    	}
+     }
+     if (editor_path == NULL)
+ 	sudo_fatalx(U_("no editor found (editor path = %s)"), def_editor);
diff --git a/sudo-1.8.14p3-initialization.patch b/sudo-1.8.14p3-initialization.patch
new file mode 100644
index 0000000..75da7fd
--- /dev/null
+++ b/sudo-1.8.14p3-initialization.patch
@@ -0,0 +1,122 @@
+diff -up ./lib/util/strsplit.c.initialization ./lib/util/strsplit.c
+--- ./lib/util/strsplit.c.initialization	2015-07-22 14:22:49.000000000 +0200
++++ ./lib/util/strsplit.c	2015-08-18 13:28:28.141319501 +0200
+@@ -37,6 +37,10 @@ sudo_strsplit_v1(const char *str, const
+     const char *cp, *s;
+     debug_decl(sudo_strsplit, SUDO_DEBUG_UTIL)
+ 
++    /* exclusion of two NULLs at the same time */
++    if (str == NULL && *last == NULL)
++	debug_return_ptr(NULL);	
++
+     /* If no str specified, use last ptr (if any). */
+     if (str == NULL)
+ 	str = *last;
+diff -up ./lib/util/sudo_conf.c.initialization ./lib/util/sudo_conf.c
+--- ./lib/util/sudo_conf.c.initialization	2015-07-22 14:22:49.000000000 +0200
++++ ./lib/util/sudo_conf.c	2015-08-18 13:28:28.142319494 +0200
+@@ -161,7 +161,7 @@ static int
+ parse_path(const char *entry, const char *conf_file, unsigned int lineno)
+ {
+     const char *entry_end = entry + strlen(entry);
+-    const char *ep, *name, *path;
++    const char *ep = NULL, *name, *path;
+     struct sudo_conf_path_table *cur;
+     size_t namelen;
+     debug_decl(parse_path, SUDO_DEBUG_UTIL)
+@@ -208,7 +208,7 @@ parse_debug(const char *entry, const cha
+ {
+     struct sudo_conf_debug *debug_spec;
+     struct sudo_debug_file *debug_file = NULL;
+-    const char *ep, *path, *progname, *flags;
++    const char *ep = NULL, *path, *progname, *flags;
+     const char *entry_end = entry + strlen(entry);
+     size_t pathlen, prognamelen;
+     debug_decl(parse_debug, SUDO_DEBUG_UTIL)
+@@ -278,7 +278,7 @@ static int
+ parse_plugin(const char *entry, const char *conf_file, unsigned int lineno)
+ {
+     struct plugin_info *info = NULL;
+-    const char *ep, *path, *symbol;
++    const char *ep = NULL, *path, *symbol;
+     const char *entry_end = entry + strlen(entry);
+     char **options = NULL;
+     size_t pathlen, symlen;
+diff -up ./plugins/sudoers/editor.c.initialization ./plugins/sudoers/editor.c
+--- ./plugins/sudoers/editor.c.initialization	2015-07-22 14:22:49.000000000 +0200
++++ ./plugins/sudoers/editor.c	2015-08-18 13:28:28.142319494 +0200
+@@ -45,7 +45,7 @@ resolve_editor(const char *ed, size_t ed
+     int *argc_out, char ***argv_out, char * const *whitelist)
+ {
+     char **nargv, *editor, *editor_path = NULL;
+-    const char *cp, *ep, *tmp;
++    const char *cp, *ep = NULL, *tmp;
+     const char *edend = ed + edlen;
+     struct stat user_editor_sb;
+     int nargc;
+diff -up ./plugins/sudoers/interfaces.c.initialization ./plugins/sudoers/interfaces.c
+--- ./plugins/sudoers/interfaces.c.initialization	2015-07-22 14:22:50.000000000 +0200
++++ ./plugins/sudoers/interfaces.c	2015-08-18 13:28:28.142319494 +0200
+@@ -109,7 +109,7 @@ get_interfaces(void)
+ void
+ dump_interfaces(const char *ai)
+ {
+-    const char *cp, *ep;
++    const char *cp, *ep = NULL;
+     const char *ai_end = ai + strlen(ai);
+     debug_decl(set_interfaces, SUDOERS_DEBUG_NETIF)
+ 
+diff -up ./plugins/sudoers/sudoers.c.initialization ./plugins/sudoers/sudoers.c
+--- ./plugins/sudoers/sudoers.c.initialization	2015-07-22 14:22:50.000000000 +0200
++++ ./plugins/sudoers/sudoers.c	2015-08-18 13:28:28.142319494 +0200
+@@ -1186,7 +1186,7 @@ sudoers_cleanup(void)
+ static char *
+ find_editor(int nfiles, char **files, int *argc_out, char ***argv_out)
+ {
+-    const char *cp, *ep, *editor = NULL;
++    const char *cp, *ep = NULL, *editor = NULL;
+     char *editor_path = NULL, **ev, *ev0[4];
+     debug_decl(find_editor, SUDOERS_DEBUG_PLUGIN)
+ 
+diff -up ./plugins/sudoers/sudoreplay.c.initialization ./plugins/sudoers/sudoreplay.c
+--- ./plugins/sudoers/sudoreplay.c.initialization	2015-07-22 14:22:49.000000000 +0200
++++ ./plugins/sudoers/sudoreplay.c	2015-08-18 13:39:53.776411920 +0200
+@@ -189,7 +189,7 @@ main(int argc, char *argv[])
+     int ch, idx, plen, exitcode = 0, rows = 0, cols = 0;
+     bool def_filter = true, listonly = false;
+     const char *decimal, *id, *user = NULL, *pattern = NULL, *tty = NULL;
+-    char *cp, *ep, path[PATH_MAX];
++    char *cp, *ep = NULL, path[PATH_MAX];
+     struct log_info *li;
+     double max_wait = 0;
+     debug_decl(main, SUDO_DEBUG_MAIN)
+@@ -225,6 +225,8 @@ main(int argc, char *argv[])
+ 	    /* Set the replay filter. */
+ 	    def_filter = false;
+ 	    for (cp = strtok_r(optarg, ",", &ep); cp; cp = strtok_r(NULL, ",", &ep)) {
++		if (ep == NULL)
++		    sudo_fatalx(U_("invalid filter option: %s"), optarg);
+ 		if (strcmp(cp, "stdout") == 0)
+ 		    io_log_files[IOFD_STDOUT].enabled = true;
+ 		else if (strcmp(cp, "stderr") == 0)
+diff -up ./plugins/sudoers/visudo.c.initialization ./plugins/sudoers/visudo.c
+--- ./plugins/sudoers/visudo.c.initialization	2015-07-22 14:22:50.000000000 +0200
++++ ./plugins/sudoers/visudo.c	2015-08-18 13:28:28.142319494 +0200
+@@ -287,7 +287,7 @@ get_editor(int *editor_argc, char ***edi
+ 
+     /* Build up editor whitelist from def_editor unless env_editor is set. */
+     if (!def_env_editor) {
+-	const char *cp, *ep;
++	const char *cp, *ep =  NULL;
+ 	const char *def_editor_end = def_editor + strlen(def_editor);
+ 
+ 	/* Count number of entries in whitelist and split into a list. */
+@@ -325,7 +325,7 @@ get_editor(int *editor_argc, char ***edi
+     if (editor_path == NULL) {
+ 	/* def_editor could be a path, split it up, avoiding strtok() */
+ 	const char *def_editor_end = def_editor + strlen(def_editor);
+-	const char *cp, *ep;
++	const char *cp, *ep = NULL;
+ 	for (cp = sudo_strsplit(def_editor, def_editor_end, ":", &ep);
+ 	    cp != NULL; cp = sudo_strsplit(NULL, def_editor_end, ":", &ep)) {
+ 	    editor_path = resolve_editor(cp, (size_t)(ep - cp), 2, files,
diff --git a/sudo.spec b/sudo.spec
index 1694a4a..be971ac 100644
--- a/sudo.spec
+++ b/sudo.spec
@@ -1,7 +1,7 @@
 Summary: Allows restricted root access for specified users
 Name: sudo
 Version: 1.8.14p3
-Release: 1%{?dist}
+Release: 2%{?dist}
 License: ISC
 Group: Applications/System
 URL: http://www.courtesan.com/sudo/
@@ -30,7 +30,11 @@ Patch1: sudo-1.6.7p5-strip.patch
 Patch2: sudo-1.8.14p1-ldapconfpatch.patch
 # Patch makes changes in documentation bz:1162070
 Patch3: sudo-1.8.14p1-docpassexpire.patch
-
+# Patch initialize variable before executing sudo_strsplit
+Patch4: sudo-1.8.14p3-initialization.patch
+# Patch resolves deadcode in visudo.c from coverity scan.
+Patch5: sudo-1.8.14p3-deadcode_visudo_c.patch
+Patch6: sudo-1.8.14p3-extra_while.patch
 
 %description
 Sudo (superuser do) allows a system administrator to give certain
@@ -58,6 +62,9 @@ plugins that use %{name}.
 %patch1 -p1 -b .strip
 %patch2 -p1 -b .ldapconfpatch
 %patch3 -p1 -b .docpassexpire
+%patch4 -p1 -b .initialization
+%patch5 -p1 -b .deadcode
+%patch6 -p1 -b .extra_while
 
 %build
 # Remove bundled copy of zlib
@@ -193,6 +200,11 @@ rm -rf $RPM_BUILD_ROOT
 %{_libexecdir}/sudo/libsudo_util.so
 
 %changelog
+* Mon Aug 24 2015 Radovan Sroka <rsroka@redhat.com> 1.8.14p3-2
+- add patch that resolves initialization problem before sudo_strsplit call
+- add patch that resolves deadcode in visudo.c 
+- add patch that removes extra while in visudo.c and sudoers.c
+
 * Mon Jul 27 2015 Radovan Sroka <rsroka@redhat.com> 1.8.14p3-1
 - update to 1.8.14p3