From: Todd C. Miller <Todd.Miller@courtesan.com>
Date: Fri, 26 Feb 2016 16:32:08 +0000 (-0700)
Subject: Fix the check for whether a user is allowed to lists another user's
X-Git-Tag: SUDO_1_8_16^2~10
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=95dd64ea7513e4034d787e82fbcbe84c758c0c98;p=sudo

Fix the check for whether a user is allowed to lists another user's
privileges.  The "matched" variable is not boolean, it can also
have the value UNSPEC so we need to check explicitly for true.
Bug #738
---

diff --git a/plugins/sudoers/ldap.c b/plugins/sudoers/ldap.c
index 2cd2d6335..ffb5e7f25 100644
--- a/plugins/sudoers/ldap.c
+++ b/plugins/sudoers/ldap.c
@@ -3170,12 +3170,12 @@ sudo_ldap_lookup(struct sudo_nss *nss, int ret, int pwflag)
 	    /* Only check the command when listing another user. */
 	    if (user_uid == 0 || list_pw == NULL ||
 		user_uid == list_pw->pw_uid ||
-		sudo_ldap_check_command(ld, entry, NULL)) {
+		sudo_ldap_check_command(ld, entry, NULL) == true) {
 		matched = true;
 		break;
 	    }
 	}
-	if (matched || user_uid == 0) {
+	if (matched == true || user_uid == 0) {
 	    SET(ret, VALIDATE_SUCCESS);
 	    CLR(ret, VALIDATE_FAILURE);
 	    if (def_authenticate) {
diff --git a/plugins/sudoers/sssd.c b/plugins/sudoers/sssd.c
index 316ee38a5..a6b48b499 100644
--- a/plugins/sudoers/sssd.c
+++ b/plugins/sudoers/sssd.c
@@ -1137,13 +1137,13 @@ sudo_sss_lookup(struct sudo_nss *nss, int ret, int pwflag)
 		/* Only check the command when listing another user. */
 		if (user_uid == 0 || list_pw == NULL ||
 		    user_uid == list_pw->pw_uid ||
-		    sudo_sss_check_command(handle, rule, NULL)) {
+		    sudo_sss_check_command(handle, rule, NULL) == true) {
 		    matched = true;
 		    break;
 		}
 	    }
 	}
-	if (matched || user_uid == 0) {
+	if (matched == true || user_uid == 0) {
 	    SET(ret, VALIDATE_SUCCESS);
 	    CLR(ret, VALIDATE_FAILURE);
 	    if (def_authenticate) {