60 lines
1.8 KiB
Diff
60 lines
1.8 KiB
Diff
From 985a2261bc5ae0491dc0be0977425c4f9a782883 Mon Sep 17 00:00:00 2001
|
|
From: "Todd C. Miller" <Todd.Miller@sudo.ws>
|
|
Date: Thu, 30 Jun 2022 13:35:04 -0600
|
|
Subject: [PATCH] sudoers_main: defer setting return value until the end when
|
|
running a command Otherwise, we could return success when there was an error
|
|
from a system call or memory allocation failure.
|
|
|
|
---
|
|
plugins/sudoers/sudoers.c | 15 ++++++---------
|
|
1 file changed, 6 insertions(+), 9 deletions(-)
|
|
|
|
diff --git a/plugins/sudoers/sudoers.c b/plugins/sudoers/sudoers.c
|
|
index b48de3e1f..26f19abb5 100644
|
|
--- a/plugins/sudoers/sudoers.c
|
|
+++ b/plugins/sudoers/sudoers.c
|
|
@@ -699,15 +699,16 @@ sudoers_policy_main(int argc, char * const argv[], int pwflag, char *env_add[],
|
|
switch (sudo_mode & MODE_MASK) {
|
|
case MODE_CHECK:
|
|
ret = display_cmnd(snl, list_pw ? list_pw : sudo_user.pw);
|
|
- break;
|
|
+ goto done;
|
|
case MODE_LIST:
|
|
ret = display_privs(snl, list_pw ? list_pw : sudo_user.pw, verbose);
|
|
- break;
|
|
+ goto done;
|
|
case MODE_VALIDATE:
|
|
+ ret = true;
|
|
+ goto done;
|
|
case MODE_RUN:
|
|
case MODE_EDIT:
|
|
- /* ret may be overridden by "goto bad" later */
|
|
- ret = true;
|
|
+ /* ret will not be set until the very end. */
|
|
break;
|
|
default:
|
|
/* Should not happen. */
|
|
@@ -715,11 +716,6 @@ sudoers_policy_main(int argc, char * const argv[], int pwflag, char *env_add[],
|
|
goto done;
|
|
}
|
|
|
|
- if (ISSET(sudo_mode, (MODE_VALIDATE|MODE_CHECK|MODE_LIST))) {
|
|
- /* ret already set appropriately */
|
|
- goto done;
|
|
- }
|
|
-
|
|
/*
|
|
* Set umask based on sudoers.
|
|
* If user's umask is more restrictive, OR in those bits too
|
|
@@ -825,6 +821,7 @@ sudoers_policy_main(int argc, char * const argv[], int pwflag, char *env_add[],
|
|
env_swap_old();
|
|
}
|
|
|
|
+ ret = true;
|
|
goto done;
|
|
|
|
bad:
|
|
--
|
|
2.33.0
|
|
|