|
|
b1606e |
From e1a402f1d65f4f107a40237bc19384e43b334546 Mon Sep 17 00:00:00 2001
|
|
|
b1606e |
From: "Todd C. Miller" <Todd.Miller@sudo.ws>
|
|
|
b1606e |
Date: Tue, 16 Oct 2018 12:49:34 -0600
|
|
|
b1606e |
Subject: [PATCH] sudo_ldap_parse_option() never returns '=' as the operator.
|
|
|
b1606e |
When parsing command_timeout, role, type, privs and limitprivs, check that
|
|
|
b1606e |
val is non-NULL instead. Found by PVS Studio.
|
|
|
b1606e |
|
|
|
b1606e |
---
|
|
|
b1606e |
plugins/sudoers/ldap_util.c | 37 ++++++++++++++-----------------------
|
|
|
b1606e |
1 file changed, 14 insertions(+), 23 deletions(-)
|
|
|
b1606e |
|
|
|
b1606e |
diff --git a/plugins/sudoers/ldap_util.c b/plugins/sudoers/ldap_util.c
|
|
|
b1606e |
index d9be95a61..fecb7a6c5 100644
|
|
|
b1606e |
--- a/plugins/sudoers/ldap_util.c
|
|
|
b1606e |
+++ b/plugins/sudoers/ldap_util.c
|
|
|
b1606e |
@@ -405,32 +405,23 @@ sudo_ldap_role_to_priv(const char *cn, void *hosts, void *runasusers,
|
|
|
b1606e |
int op;
|
|
|
b1606e |
|
|
|
b1606e |
op = sudo_ldap_parse_option(opt, &var, &val;;
|
|
|
b1606e |
- if (strcmp(var, "command_timeout") == 0) {
|
|
|
b1606e |
- if (op == '=')
|
|
|
b1606e |
- cmndspec->timeout = parse_timeout(val);
|
|
|
b1606e |
+ if (strcmp(var, "command_timeout") == 0 && val != NULL) {
|
|
|
b1606e |
+ cmndspec->timeout = parse_timeout(val);
|
|
|
b1606e |
#ifdef HAVE_SELINUX
|
|
|
b1606e |
- } else if (strcmp(var, "role") == 0) {
|
|
|
b1606e |
- if (op == '=') {
|
|
|
b1606e |
- if ((cmndspec->role = strdup(val)) == NULL)
|
|
|
b1606e |
- goto oom;
|
|
|
b1606e |
- }
|
|
|
b1606e |
- } else if (strcmp(var, "type") == 0) {
|
|
|
b1606e |
- if (op == '=') {
|
|
|
b1606e |
- if ((cmndspec->type = strdup(val)) == NULL)
|
|
|
b1606e |
- goto oom;
|
|
|
b1606e |
- }
|
|
|
b1606e |
+ } else if (strcmp(var, "role") == 0 && val != NULL) {
|
|
|
b1606e |
+ if ((cmndspec->role = strdup(val)) == NULL)
|
|
|
b1606e |
+ goto oom;
|
|
|
b1606e |
+ } else if (strcmp(var, "type") == 0 && val != NULL) {
|
|
|
b1606e |
+ if ((cmndspec->type = strdup(val)) == NULL)
|
|
|
b1606e |
+ goto oom;
|
|
|
b1606e |
#endif /* HAVE_SELINUX */
|
|
|
b1606e |
#ifdef HAVE_PRIV_SET
|
|
|
b1606e |
- } else if (strcmp(var, "privs") == 0) {
|
|
|
b1606e |
- if (op == '=') {
|
|
|
b1606e |
- if ((cmndspec->privs = strdup(val)) == NULL)
|
|
|
b1606e |
- goto oom;
|
|
|
b1606e |
- }
|
|
|
b1606e |
- } else if (strcmp(var, "limitprivs") == 0) {
|
|
|
b1606e |
- if (op == '=') {
|
|
|
b1606e |
- if ((cmndspec->limitprivs = strdup(val)) == NULL)
|
|
|
b1606e |
- goto oom;
|
|
|
b1606e |
- }
|
|
|
b1606e |
+ } else if (strcmp(var, "privs") == 0 && val != NULL) {
|
|
|
b1606e |
+ if ((cmndspec->privs = strdup(val)) == NULL)
|
|
|
b1606e |
+ goto oom;
|
|
|
b1606e |
+ } else if (strcmp(var, "limitprivs") == 0 && val != NULL) {
|
|
|
b1606e |
+ if ((cmndspec->limitprivs = strdup(val)) == NULL)
|
|
|
b1606e |
+ goto oom;
|
|
|
b1606e |
#endif /* HAVE_PRIV_SET */
|
|
|
b1606e |
} else if (store_options) {
|
|
|
b1606e |
if (!sudo_ldap_add_default(var, val, op, source,
|
|
|
b1606e |
--
|
|
|
b1606e |
2.21.0
|
|
|
b1606e |
|