From eb4ae10ab4d7d311aeec25008961d3b2ff3736f6 Mon Sep 17 00:00:00 2001
From: "Todd C. Miller" <Todd.Miller@sudo.ws>
Date: Tue, 22 Nov 2022 11:57:42 -0700
Subject: [PATCH] Better handling of out-of-memory conditions.

---
 plugins/sample/sample_plugin.c | 46 +++++++++++++++++++++-------------
 1 file changed, 29 insertions(+), 17 deletions(-)

diff --git a/plugins/sample/sample_plugin.c b/plugins/sample/sample_plugin.c
index e09a8da83..074ab6cf4 100644
--- a/plugins/sample/sample_plugin.c
+++ b/plugins/sample/sample_plugin.c
@@ -201,33 +201,45 @@ check_passwd(void)
 static char **
 build_command_info(const char *command)
 {
-    static char **command_info;
+    char **command_info;
     int i = 0;
 
     /* Setup command info. */
     command_info = calloc(32, sizeof(char *));
     if (command_info == NULL)
-	return NULL;
-    if ((command_info[i++] = sudo_new_key_val("command", command)) == NULL ||
-	asprintf(&command_info[i++], "runas_euid=%ld", (long)runas_uid) == -1 ||
-	asprintf(&command_info[i++], "runas_uid=%ld", (long)runas_uid) == -1) {
-	return NULL;
-    }
+	goto oom;
+    if ((command_info[i] = sudo_new_key_val("command", command)) == NULL)
+	goto oom;
+    i++;
+    if (asprintf(&command_info[i], "runas_euid=%ld", (long)runas_uid) == -1)
+	goto oom;
+    i++;
+    if (asprintf(&command_info[i++], "runas_uid=%ld", (long)runas_uid) == -1)
+	goto oom;
+    i++;
     if (runas_gid != (gid_t)-1) {
-	if (asprintf(&command_info[i++], "runas_gid=%ld", (long)runas_gid) == -1 ||
-	    asprintf(&command_info[i++], "runas_egid=%ld", (long)runas_gid) == -1) {
-	    return NULL;
-	}
-    }
-    if (use_sudoedit) {
-	command_info[i] = strdup("sudoedit=true");
-	if (command_info[i++] == NULL)
-		return NULL;
+	if (asprintf(&command_info[i++], "runas_gid=%ld", (long)runas_gid) == -1)
+	    goto oom;
+	i++;
+	if (asprintf(&command_info[i++], "runas_egid=%ld", (long)runas_gid) == -1)
+	    goto oom;
+	i++;
     }
 #ifdef USE_TIMEOUT
-    command_info[i++] = "timeout=30";
+    if ((command_info[i] = strdup("timeout=30")) == NULL)
+	goto oom;
+    i++;
 #endif
+    if (use_sudoedit) {
+	if ((command_info[i] = strdup("sudoedit=true")) == NULL)
+	    goto oom;
+    }
     return command_info;
+oom:
+    while (i > 0) {
+	free(command_info[i--]);
+    }
+    return NULL;
 }
 
 static char *