From: Todd C. Miller <Todd.Miller@sudo.ws>
Date: Fri, 2 Feb 2018 21:29:17 +0000 (-0700)
Subject: When printing a member name, quote sudoers special characters unless
X-Git-Tag: SUDO_1_8_23^2~158
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=df08d0d8f464e5f94601c6c7980570cd340a910b;p=sudo

When printing a member name, quote sudoers special characters unless
it is a UID/GID, in which case we print the '#' unquoted.
---

diff --git a/plugins/sudoers/parse.c b/plugins/sudoers/parse.c
index e1bbbea86..084d2f36d 100644
--- a/plugins/sudoers/parse.c
+++ b/plugins/sudoers/parse.c
@@ -883,7 +883,14 @@ print_member_int(struct sudo_lbuf *lbuf, char *name, int type, int negated,
 	    }
 	    /* FALLTHROUGH */
 	default:
-	    sudo_lbuf_append(lbuf, "%s%s", negated ? "!" : "", name);
+	    /* Do not quote UID/GID, all others get quoted. */
+	    if (name[0] == '#' &&
+		name[strspn(name + 1, "0123456789") + 1] == '\0') {
+		sudo_lbuf_append(lbuf, "%s%s", negated ? "!" : "", name);
+	    } else {
+		sudo_lbuf_append_quoted(lbuf, SUDOERS_QUOTED, "%s%s",
+		    negated ? "!" : "", name);
+	    }
 	    break;
     }
     debug_return;