if (!do_stat(cmnd_fd, user_cmnd, &sb))
goto bad;
/* Check digest of user_cmnd since sudoers_cmnd is a pattern. */
- if (digest != NULL && !digest_matches(cmnd_fd, user_cmnd, digest))
- goto bad;
+ if (digest != NULL) {
+ if (!digest_matches(cmnd_fd, user_cmnd, digest))
+ goto bad;
+ if (def_fdexec == never) {
+ close(cmnd_fd);
+ cmnd_fd = -1;
+ }
+ }
/* No need to set safe_cmnd since user_cmnd matches sudoers_cmnd */
debug_return_bool(true);
bad:
close(cmnd_fd);
cmnd_fd = -1;
}
- if (fd != -1)
- cmnd_fd = fd;
+ if (fd != -1) {
+ if (def_fdexec == never)
+ close(fd);
+ else
+ cmnd_fd = fd;
+ }
debug_return_bool(true);
}
}
close(cmnd_fd);
cmnd_fd = -1;
}
-#ifdef HAVE_FEXECVE
- /* Stash away fd if we are going to use fexecve(2) */
- if (def_fdexec == always || (digest != NULL && def_fdexec == digest_only)) {
- cmnd_fd = fd;
- } else
-#endif /* HAVE_FEXECVE */
- {
- /* Either fdexec is not in use or fexecve(2) is not present. */
- if (fd != -1)
+ if (fd != -1) {
+ if (def_fdexec == never)
close(fd);
+ else
+ cmnd_fd = fd;
}
debug_return_bool(true);
bad:
close(cmnd_fd);
cmnd_fd = -1;
}
- if (fd != -1)
- cmnd_fd = fd;
+ if (fd != -1) {
+ if (def_fdexec == never)
+ close(fd);
+ else
+ cmnd_fd = fd;
+ }
debug_return_bool(true);
}
if (fd != -1)
projects / sudo / commitdiff