From: Todd C. Miller <Todd.Miller@courtesan.com>
Date: Tue, 6 Sep 2016 01:44:46 +0000 (-0600)
Subject: In sudoers_main() avoid setting rval prematurely.  Prevents a crash
X-Git-Tag: SUDO_1_8_18^2~30
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=b80309e6d83e3027cd6c6b6c83cc28df294815a4;p=sudo

In sudoers_main() avoid setting rval prematurely.  Prevents a crash
when auditing fails after successfully authenticating.  Bug #756
---

diff --git a/plugins/sudoers/sudoers.c b/plugins/sudoers/sudoers.c
index 72ddae204..c4c3dc7f0 100644
--- a/plugins/sudoers/sudoers.c
+++ b/plugins/sudoers/sudoers.c
@@ -415,13 +415,19 @@ sudoers_policy_main(int argc, char * const argv[], int pwflag, char *env_add[],
 	goto bad;
 
     /* Require a password if sudoers says so.  */
-    rval = check_user(validated, sudo_mode);
-    if (rval != true) {
+    switch (check_user(validated, sudo_mode)) {
+    case true:
+	/* user authenticated successfully. */
+	break;
+    case false:
 	/* Note: log_denial() calls audit for us. */
 	if (!ISSET(validated, VALIDATE_SUCCESS)) {
 	    if (!log_denial(validated, false))
-		rval = -1;
+		goto done;
 	}
+	goto bad;
+    default:
+	/* some other error, rval is -1. */
 	goto done;
     }