isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Always allocate a struct sudo_command for the command, even for ALL.

Browse Source 
This was missed in the previous set of changes, resulting in a crash
for LDAP and SSSD rules that give sudo "ALL" privileges.
Bug #994.
This commit is contained in:
Todd C. Miller
2021-09-16 11:24:26 -06:00
parent 31e4a0a0a6
commit 0c30976ae6
1 changed files with 8 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
plugins/sudoers/ldap_util.c
View File

@@ -408,15 +408,13 @@ sudo_ldap_role_to_priv(const char *cn, void *hosts, void *runasusers,
free(cmndspec); free(cmndspec);
goto oom; goto oom;
} }
if (strcmp(cmnd, "ALL") != 0) { if ((c = calloc(1, sizeof(*c))) == NULL) {
if ((c = calloc(1, sizeof(*c))) == NULL) { free(cmndspec);
free(cmndspec); free(m);
free(m); goto oom;
goto oom;
}
m->name = (char *)c;
TAILQ_INIT(&c->digests);
} }
m->name = (char *)c;
TAILQ_INIT(&c->digests);
/* Negated commands have precedence so insert them at the end. */ /* Negated commands have precedence so insert them at the end. */
if (negated) if (negated)
@@ -584,8 +582,8 @@ sudo_ldap_role_to_priv(const char *cn, void *hosts, void *runasusers,
/* Fill in command member now that options have been processed. */ /* Fill in command member now that options have been processed. */
m->negated = negated; m->negated = negated;
if (c == NULL) { if (strcmp(cmnd, "ALL") == 0) {
/* No command name for "ALL" */ /* TODO: support digests with ALL */
m->type = ALL; m->type = ALL;
if (cmndspec->tags.setenv == UNSPEC) if (cmndspec->tags.setenv == UNSPEC)
cmndspec->tags.setenv = IMPLIED; cmndspec->tags.setenv = IMPLIED;