isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Always dynamically allocate user_cmnd, it is freed in sudo_user_free().

Browse Source 
Instead of setting user_cmnd in the policy functions, always set argv.
Calling sudoers_policy_main() with argc of 0 is no longer allowed.
This commit is contained in:
Todd C. Miller
2021-02-16 09:32:34 -07:00
parent c09169e812
commit ae3a098d2f
3 changed files with 49 additions and 46 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
plugins/sudoers/regress/fuzz/fuzz_policy.c
View File

@@ -302,7 +302,7 @@ LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
continue;
}
/* First argv entry is the command, the rest are args. */
/* Additional environment variables to add. */
if (strncmp(line, "env=", sizeof("env=") - 1) == 0) {
push(&env_add, line);
continue;
@@ -340,10 +340,6 @@ LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
break;
}
/* Avoid double free of user_cmnd, it will be freed as part of argv. */
if (argv.len != 0 && user_cmnd == argv.entries[0])
user_cmnd = NULL;
/* Free resources. */
sudoers_policy.close(0, 0);
@@ -639,7 +635,7 @@ find_path(const char *infile, char **outfile, struct stat *sbp,
if (asprintf(outfile, "/usr/bin/%s", infile) == -1)
*outfile = NULL;
}
return *outfile ? FOUND : NOT_FOUND;
return *outfile ? FOUND : NOT_FOUND_ERROR;
}
/* STUB */