]> granicus.if.org Git - sudo/commitdiff
Fix incorrect strncmp() lengths. The check for USERNAME was only
authorTodd C. Miller <Todd.Miller@courtesan.com>
Wed, 26 Oct 2016 17:25:59 +0000 (11:25 -0600)
committerTodd C. Miller <Todd.Miller@courtesan.com>
Wed, 26 Oct 2016 17:25:59 +0000 (11:25 -0600)
looking at the first 5 characters (copy and paste error).  The check
for SUDO_PS1 was not checking the trailing '=' character (off by
one error).  Found by PVS-Studio.

plugins/sudoers/env.c

index 22e0b7d0a5f877f80fbcd5057a04d5a5e6815da2..8ba353b440ff7eea1a465757f34cd3941cdc4e74 100644 (file)
@@ -817,7 +817,7 @@ env_update_didvar(const char *ep, unsigned int *didvar)
        case 'U':
            if (strncmp(ep, "USER=", 5) == 0)
                SET(*didvar, DID_USER);
-           if (strncmp(ep, "USERNAME=", 5) == 0)
+           if (strncmp(ep, "USERNAME=", 9) == 0)
                SET(*didvar, DID_USERNAME);
            break;
     }
@@ -918,7 +918,7 @@ rebuild_env(void)
             * Do SUDO_PS1 -> PS1 conversion.
             * This must happen *after* env_should_keep() is called.
             */
-           if (strncmp(*ep, "SUDO_PS1=", 8) == 0)
+           if (strncmp(*ep, "SUDO_PS1=", 9) == 0)
                ps1 = *ep + 5;
 
            if (keepit) {