Don't try to audit failure if the runas user does not exist. We don't

have the user's command at this point so there is nothing to audit.
Add a NULL check in audit_success() and audit_failure() just to be
on the safe side.

diff --git a/plugins/sudoers/audit.c b/plugins/sudoers/audit.c
index 2cb113083e28eb8accf142ae90b4e31276bbe1b0..c3d35a27946df8c05427dd32a9554fd5a1315cf2 100644 (file)
--- a/plugins/sudoers/audit.c
+++ b/plugins/sudoers/audit.c
@@ -41,6 +41,9 @@
 void
 audit_success(char *exec_args[])
 {
+    if (exec_args == NULL)
+       return;
+
 #ifdef HAVE_BSM_AUDIT
     bsm_audit_success(exec_args);
 #endif
@@ -50,10 +53,13 @@ audit_success(char *exec_args[])
 }
 
 void
-audit_failure(char **exec_args, char const *const fmt, ...)
+audit_failure(char *exec_args[], char const *const fmt, ...)
 {
     va_list ap;
 
+    if (exec_args == NULL)
+       return;
+
     va_start(ap, fmt);
 #ifdef HAVE_BSM_AUDIT
     bsm_audit_failure(exec_args, fmt, ap);

diff --git a/plugins/sudoers/sudoers.c b/plugins/sudoers/sudoers.c
index db897d5f282e4b5ad3ad657af92e8f76464cf63f..2cc3d8bab416e5ae57a060071fa4c5f28c582a24 100644 (file)
--- a/plugins/sudoers/sudoers.c
+++ b/plugins/sudoers/sudoers.c
@@ -1066,10 +1066,8 @@ set_runaspw(char *user)
        if ((runas_pw = sudo_getpwuid(atoi(user + 1))) == NULL)
            runas_pw = sudo_fakepwnam(user, runas_gr ? runas_gr->gr_gid : 0);
     } else {
-       if ((runas_pw = sudo_getpwnam(user)) == NULL) {
-           audit_failure(NewArgv, _("unknown user: %s"), user);
+       if ((runas_pw = sudo_getpwnam(user)) == NULL)
            log_error(NO_MAIL|MSG_ONLY, _("unknown user: %s"), user);
-       }
     }
 }