From 49e43f580c67609dfa123e35d2394a9af8d076ab Mon Sep 17 00:00:00 2001 From: "Todd C. Miller" Date: Thu, 4 Jun 2020 11:31:12 -0600 Subject: [PATCH] Avoid passing NULL to printf in match debug code for LDAP/SSSD. The file name in struct userspec was not set for the LDAP and SSSD backends. There is no actual file in this case so set the name to LDAP/SSSD. Also add a guard to make sure we don't try to print NULL in sudoers_lookup_check() if name is left unset. --- plugins/sudoers/ldap.c | 1 + plugins/sudoers/parse.c | 3 ++- plugins/sudoers/sssd.c | 1 + 3 files changed, 4 insertions(+), 1 deletion(-) diff --git a/plugins/sudoers/ldap.c b/plugins/sudoers/ldap.c index f0ec3c532..e52d026ec 100644 --- a/plugins/sudoers/ldap.c +++ b/plugins/sudoers/ldap.c @@ -1248,6 +1248,7 @@ ldap_to_sudoers(LDAP *ld, struct ldap_result *lres, /* We only have a single userspec */ if ((us = calloc(1, sizeof(*us))) == NULL) goto oom; + us->file = rcstr_dup("LDAP"); TAILQ_INIT(&us->users); TAILQ_INIT(&us->privileges); STAILQ_INIT(&us->comments); diff --git a/plugins/sudoers/parse.c b/plugins/sudoers/parse.c index 7a1c07e24..06f239e24 100644 --- a/plugins/sudoers/parse.c +++ b/plugins/sudoers/parse.c @@ -161,7 +161,8 @@ sudoers_lookup_check(struct sudo_nss *nss, struct passwd *pw, *matching_cs = cs; *defs = &priv->defaults; sudo_debug_printf(SUDO_DEBUG_DEBUG|SUDO_DEBUG_LINENO, - "userspec matched @ %s:%d %s", us->file, us->lineno, + "userspec matched @ %s:%d %s", + us->file ? us->file : "???", us->lineno, cmnd_match ? "allowed" : "denied"); debug_return_int(cmnd_match); } diff --git a/plugins/sudoers/sssd.c b/plugins/sudoers/sssd.c index 3000ca7e0..b52fec3fa 100644 --- a/plugins/sudoers/sssd.c +++ b/plugins/sudoers/sssd.c @@ -364,6 +364,7 @@ sss_to_sudoers(struct sudo_sss_handle *handle, /* We only have a single userspec */ if ((us = calloc(1, sizeof(*us))) == NULL) goto oom; + us->file = rcstr_dup("SSSD"); TAILQ_INIT(&us->users); TAILQ_INIT(&us->privileges); STAILQ_INIT(&us->comments);