isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Do not match a literal "" command line argument as "" in sudoers.

Browse Source 
If the empty string is specified in sudoers, no user args are allowed.
GitHub issue #182.
This commit is contained in:
Todd C. Miller
2022-10-04 13:37:32 -06:00
parent 3940020c94
commit 575200e734
1 changed files with 3 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
plugins/sudoers/match_command.c
View File

@@ -89,8 +89,10 @@ command_args_match(const char *sudoers_cmnd, const char *sudoers_args)
* If no args specified in sudoers, any user args are allowed. * If no args specified in sudoers, any user args are allowed.
* If the empty string is specified in sudoers, no user args are allowed. * If the empty string is specified in sudoers, no user args are allowed.
*/ */
if (!sudoers_args || (!user_args && !strcmp("\"\"", sudoers_args))) if (sudoers_args == NULL)
debug_return_bool(true); debug_return_bool(true);
if (strcmp("\"\"", sudoers_args) == 0)
debug_return_bool(user_args ? false : true);
/* /*
* If args are specified in sudoers, they must match the user args. * If args are specified in sudoers, they must match the user args.