From: Todd C. Miller <Todd.Miller@courtesan.com>
Date: Wed, 16 Mar 2011 19:59:44 +0000 (-0400)
Subject: Be careful not to deref user_stat if it is NULL.  This cannot currently
X-Git-Tag: SUDO_1_8_1~85^2
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=092b4b4d0273c5cc2f46355cf2c09075a004016f;p=sudo

Be careful not to deref user_stat if it is NULL.  This cannot currently
happen in sudo but might in other programs using the parser.
---

diff --git a/plugins/sudoers/match.c b/plugins/sudoers/match.c
index a3b65de1f..8e06a4d5c 100644
--- a/plugins/sudoers/match.c
+++ b/plugins/sudoers/match.c
@@ -580,8 +580,9 @@ command_matches_dir(char *sudoers_dir, size_t dlen)
 	if (strcmp(user_base, dent->d_name) != 0 ||
 	    stat(buf, &sudoers_stat) == -1)
 	    continue;
-	if (user_stat->st_dev == sudoers_stat.st_dev &&
-	    user_stat->st_ino == sudoers_stat.st_ino) {
+	if (user_stat == NULL ||
+	    (user_stat->st_dev == sudoers_stat.st_dev &&
+	    user_stat->st_ino == sudoers_stat.st_ino)) {
 	    efree(safe_cmnd);
 	    safe_cmnd = estrdup(buf);
 	    break;