Make a copy of the current sudoers path when assigning errorfile.

Fixes a potential use after free in visudo when there is an error in one of the include files.
2016-10-31 15:21:18 -06:00
parent a3a545e416
commit 5a8b60e4b4
5 changed files with 32 additions and 14 deletions
--- a/plugins/sudoers/visudo_json.c
+++ b/plugins/sudoers/visudo_json.c
@@ -1030,7 +1030,9 @@ export_sudoers(const char *sudoers_path, const char *export_path,
 	if (!quiet)
 	    sudo_warnx(U_("failed to parse %s file, unknown error"), sudoers_path);
 	parse_error = true;
-	errorfile = sudoers_path;
+	free(errorfile);
+	if ((errorfile = strdup(sudoers_path)) == NULL)
+	    sudo_fatalx(U_("%s: %s"), __func__, U_("unable to allocate memory"));
    }
    ret = !parse_error;