From: Todd C. Miller <Todd.Miller@courtesan.com>
Date: Wed, 26 Oct 2016 17:25:59 +0000 (-0600)
Subject: Fix incorrect strncmp() lengths.  The check for USERNAME was only
X-Git-Tag: SUDO_1_8_19^2~91
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=dbd52527983857281423ae5c1123c67ca433b999;p=sudo

Fix incorrect strncmp() lengths.  The check for USERNAME was only
looking at the first 5 characters (copy and paste error).  The check
for SUDO_PS1 was not checking the trailing '=' character (off by
one error).  Found by PVS-Studio.
---

diff --git a/plugins/sudoers/env.c b/plugins/sudoers/env.c
index 22e0b7d0a..8ba353b44 100644
--- a/plugins/sudoers/env.c
+++ b/plugins/sudoers/env.c
@@ -817,7 +817,7 @@ env_update_didvar(const char *ep, unsigned int *didvar)
 	case 'U':
 	    if (strncmp(ep, "USER=", 5) == 0)
 		SET(*didvar, DID_USER);
-	    if (strncmp(ep, "USERNAME=", 5) == 0)
+	    if (strncmp(ep, "USERNAME=", 9) == 0)
 		SET(*didvar, DID_USERNAME);
 	    break;
     }
@@ -918,7 +918,7 @@ rebuild_env(void)
 	     * Do SUDO_PS1 -> PS1 conversion.
 	     * This must happen *after* env_should_keep() is called.
 	     */
-	    if (strncmp(*ep, "SUDO_PS1=", 8) == 0)
+	    if (strncmp(*ep, "SUDO_PS1=", 9) == 0)
 		ps1 = *ep + 5;
 
 	    if (keepit) {