From b80309e6d83e3027cd6c6b6c83cc28df294815a4 Mon Sep 17 00:00:00 2001
From: "Todd C. Miller" <Todd.Miller@courtesan.com>
Date: Mon, 5 Sep 2016 19:44:46 -0600
Subject: [PATCH] In sudoers_main() avoid setting rval prematurely.  Prevents a
 crash when auditing fails after successfully authenticating.  Bug #756

---
 plugins/sudoers/sudoers.c | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/plugins/sudoers/sudoers.c b/plugins/sudoers/sudoers.c
index 72ddae204..c4c3dc7f0 100644
--- a/plugins/sudoers/sudoers.c
+++ b/plugins/sudoers/sudoers.c
@@ -415,13 +415,19 @@ sudoers_policy_main(int argc, char * const argv[], int pwflag, char *env_add[],
 	goto bad;
 
     /* Require a password if sudoers says so.  */
-    rval = check_user(validated, sudo_mode);
-    if (rval != true) {
+    switch (check_user(validated, sudo_mode)) {
+    case true:
+	/* user authenticated successfully. */
+	break;
+    case false:
 	/* Note: log_denial() calls audit for us. */
 	if (!ISSET(validated, VALIDATE_SUCCESS)) {
 	    if (!log_denial(validated, false))
-		rval = -1;
+		goto done;
 	}
+	goto bad;
+    default:
+	/* some other error, rval is -1. */
 	goto done;
     }