isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

When spliting EDITOR check for escaped quote characters.

Browse Source 
Also add check_editor to sudoers "make check".
This commit is contained in:
Todd C. Miller
2021-04-25 19:12:50 -06:00
parent 5e5131dec3
commit 6907376ae9
3 changed files with 20 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
plugins/sudoers/editor.c
View File

@@ -63,10 +63,16 @@ wordsplit(const char *str, const char *endstr, const char **last)
/* If word is quoted, skip to end quote and return. */
if (*str == '"' || *str == '\'') {
const char *endquote = memchr(str + 1, *str, endstr - str);
if (endquote != NULL) {
*last = endquote;
debug_return_const_ptr(str + 1);
const char *endquote;
for (cp = str + 1; cp < endstr; cp = endquote + 1) {
endquote = memchr(cp, *str, endstr - cp);
if (endquote == NULL)
break;
/* ignore escaped quotes */
if (endquote[-1] != '\\') {
*last = endquote;
debug_return_const_ptr(str + 1);
}
}
}