Always dynamically allocate user_role, user_type, user_privs, user_limitprivs

2021-02-14 07:47:48 -07:00
parent 5c0454495c
commit 561740cd54
3 changed files with 14 additions and 6 deletions
--- a/plugins/sudoers/parse.c
+++ b/plugins/sudoers/parse.c
@@ -201,6 +201,7 @@ apply_cmndspec(struct cmndspec *cs)
 		}
 	    } else {
 		user_role = def_role;
+		def_role = NULL;
 	    }
 	    sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO,
 		"user_role -> %s", user_role);
@@ -215,6 +216,7 @@ apply_cmndspec(struct cmndspec *cs)
 		}
 	    } else {
 		user_type = def_type;
+		def_type = NULL;
 	    }
 	    sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO,
 		"user_type -> %s", user_type);
@@ -232,6 +234,7 @@ apply_cmndspec(struct cmndspec *cs)
 		}
 	    } else {
 		runas_privs = def_privs;
+		def_privs = NULL;
 	    }
 	    sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO,
 		"runas_privs -> %s", runas_privs);
@@ -246,6 +249,7 @@ apply_cmndspec(struct cmndspec *cs)
 		}
 	    } else {
 		runas_limitprivs = def_limitprivs;
+		def_limitprivs = NULL;
 	    }
 	    sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO,
 		"runas_limitprivs -> %s", runas_limitprivs);
--- a/plugins/sudoers/policy.c
+++ b/plugins/sudoers/policy.c
@@ -281,12 +281,18 @@ sudoers_policy_deserialize_info(void *v)
 #ifdef HAVE_SELINUX
 	if (MATCHES(*cur, "selinux_role=")) {
 	    CHECK(*cur, "selinux_role=");
-	    user_role = *cur + sizeof("selinux_role=") - 1;
+	    free(user_role);
+	    user_role = strdup(*cur + sizeof("selinux_role=") - 1);
+	    if (user_role == NULL)
+		goto oom;
 	    continue;
 	}
 	if (MATCHES(*cur, "selinux_type=")) {
 	    CHECK(*cur, "selinux_type=");
-	    user_type = *cur + sizeof("selinux_type=") - 1;
+	    free(user_type);
+	    user_type = strdup(*cur + sizeof("selinux_type=") - 1);
+	    if (user_type == NULL)
+		goto oom;
 	    continue;
 	}
 #endif /* HAVE_SELINUX */
--- a/plugins/sudoers/regress/fuzz/fuzz_policy.c
+++ b/plugins/sudoers/regress/fuzz/fuzz_policy.c
@@ -375,13 +375,11 @@ done:
    free(sudo_user.cmnd_safe);
    free(sudo_user.cmnd_stat);
    /* XXX - sudo_user.env_vars */
-#ifdef HAVE_SELINUX_XXX
-    /* XXX - not always dynamic */
+#ifdef HAVE_SELINUX
    free(sudo_user.role);
    free(sudo_user.type);
 #endif
-#ifdef HAVE_PRIV_SET_XXX
-    /* XXX - not always dynamic */
+#ifdef HAVE_PRIV_SET
    free(sudo_user.privs);
    free(sudo_user.limitprivs);
 #endif