In find_path(), return NOT_FOUND_ERROR instead of calling fatal()

if the path is too long.  Remove an extraneous check against PATH_MAX
in set_cmnd() since find_path() already contains such a check.

diff --git a/plugins/sudoers/find_path.c b/plugins/sudoers/find_path.c
index 7dea1edacbc8e7980524793e495feb7dd2c3a5d8..d806eecf6bcafc3533bbb1f0c62c50f9fd84791d 100644 (file)
--- a/plugins/sudoers/find_path.c
+++ b/plugins/sudoers/find_path.c
@@ -66,7 +66,7 @@ find_path(char *infile, char **outfile, struct stat *sbp, char *path,
 
     if (strlen(infile) >= PATH_MAX) {
        errno = ENAMETOOLONG;
-       fatal("%s", infile);
+       debug_return_int(NOT_FOUND_ERROR);
     }
 
     /*
@@ -106,8 +106,9 @@ find_path(char *infile, char **outfile, struct stat *sbp, char *path,
         */
        len = snprintf(command, sizeof(command), "%s/%s", path, infile);
        if (len <= 0 || (size_t)len >= sizeof(command)) {
+           efree(origpath);
            errno = ENAMETOOLONG;
-           fatal("%s", infile);
+           debug_return_int(NOT_FOUND_ERROR);
        }
        if ((found = sudo_goodpath(command, sbp)))
            break;
@@ -124,7 +125,7 @@ find_path(char *infile, char **outfile, struct stat *sbp, char *path,
        len = snprintf(command, sizeof(command), "./%s", infile);
        if (len <= 0 || (size_t)len >= sizeof(command)) {
            errno = ENAMETOOLONG;
-           fatal("%s", infile);
+           debug_return_int(NOT_FOUND_ERROR);
        }
        found = sudo_goodpath(command, sbp);
        if (found && ignore_dot)

diff --git a/plugins/sudoers/sudoers.c b/plugins/sudoers/sudoers.c
index fe4550460c99c8dd0403fe795923e77e48b6fe68..377c7ce75aeb0ed97ef4fda919ebb2dca7c456d1 100644 (file)
--- a/plugins/sudoers/sudoers.c
+++ b/plugins/sudoers/sudoers.c
@@ -623,13 +623,18 @@ set_cmnd(void)
            rval = find_path(NewArgv[0], &user_cmnd, user_stat, path,
                def_ignore_dot);
            restore_perms();
-           if (rval != FOUND) {
+           if (rval == NOT_FOUND) {
                /* Failed as root, try as invoking user. */
                set_perms(PERM_USER);
                rval = find_path(NewArgv[0], &user_cmnd, user_stat, path,
                    def_ignore_dot);
                restore_perms();
            }
+           if (rval == NOT_FOUND_ERROR) {
+               if (errno == ENAMETOOLONG)
+                   audit_failure(NewArgv, N_("command too long"));
+               log_fatal(NO_MAIL|USE_ERRNO, NewArgv[0]);
+           }
        }
 
        /* set user_args */
@@ -668,11 +673,6 @@ set_cmnd(void)
            }
        }
     }
-    if (strlen(user_cmnd) >= PATH_MAX) {
-       audit_failure(NewArgv, N_("command too long"));
-       errno = ENAMETOOLONG;
-       fatal("%s", user_cmnd);
-    }
 
     if ((user_base = strrchr(user_cmnd, '/')) != NULL)
        user_base++;

diff --git a/plugins/sudoers/sudoers.h b/plugins/sudoers/sudoers.h
index 5ffe98c06d26f9ce9c56bf2080ae9ced8b8dce00..7338a61d2636d79b4e152cc7a26d0a8530200745 100644 (file)
--- a/plugins/sudoers/sudoers.h
+++ b/plugins/sudoers/sudoers.h
@@ -128,9 +128,10 @@ struct sudo_user {
 /*
  * find_path()/set_cmnd() return values
  */
-#define FOUND                   0
-#define NOT_FOUND               1
+#define FOUND                  0
+#define NOT_FOUND              1
 #define NOT_FOUND_DOT          2
+#define NOT_FOUND_ERROR                3
 
 /*
  * Various modes sudo can be in (based on arguments) in hex