From: Todd C. Miller <Todd.Miller@courtesan.com>
Date: Wed, 26 Oct 2016 17:22:30 +0000 (-0600)
Subject: When checking for old-style bash functions in the environment, check
X-Git-Tag: SUDO_1_8_19^2~92
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=4c8988d4833f79c5179c3fb22d5e3051bb84e526;p=sudo

When checking for old-style bash functions in the environment, check
for values starting with "() " (note the trailing space) rather
than "()".  Bash will only treat the value as a function if the
space after "()" is present.  The trailing space was already present
in the compare string but when it was added, the length passed to
strncmp() was not updated from 3 to 4.
Found by PVS-Studio.  No security impact.
---

diff --git a/plugins/sudoers/env.c b/plugins/sudoers/env.c
index dd11e10a5..22e0b7d0a 100644
--- a/plugins/sudoers/env.c
+++ b/plugins/sudoers/env.c
@@ -715,7 +715,7 @@ env_should_delete(const char *var)
 
     /* Skip variables with values beginning with () (bash functions) */
     if ((cp = strchr(var, '=')) != NULL) {
-	if (strncmp(cp, "=() ", 3) == 0) {
+	if (strncmp(cp, "=() ", 4) == 0) {
 	    delete_it = true;
 	    goto done;
 	}
@@ -750,7 +750,7 @@ env_should_keep(const char *var)
     /* Skip bash functions unless we matched on the value as well as name. */
     if (keepit && !full_match) {
 	if ((cp = strchr(var, '=')) != NULL) {
-	    if (strncmp(cp, "=() ", 3) == 0)
+	    if (strncmp(cp, "=() ", 4) == 0)
 		keepit = false;
 	}
     }