From: Todd C. Miller <Todd.Miller@courtesan.com>
Date: Sat, 7 May 2016 10:37:55 +0000 (-0600)
Subject: In fill_args() clean up properly if there is an internal overflow
X-Git-Tag: SUDO_1_8_17^2~89
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=edd1a1cac543576062bece45d94107c7b9701d98;p=sudo

In fill_args() clean up properly if there is an internal overflow
(which should not be possible).  Coverity CID 104569.
---

diff --git a/plugins/sudoers/toke_util.c b/plugins/sudoers/toke_util.c
index 01b4fe110..e7bc37f01 100644
--- a/plugins/sudoers/toke_util.c
+++ b/plugins/sudoers/toke_util.c
@@ -144,11 +144,7 @@ fill_args(const char *s, size_t len, int addspace)
 	p = realloc(sudoerslval.command.args, arg_size);
 	if (p == NULL) {
 	    sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory"));
-	    sudoerserror(NULL);
-	    free(sudoerslval.command.args);
-	    sudoerslval.command.args = NULL;
-	    arg_len = arg_size = 0;
-	    debug_return_bool(false);
+	    goto bad;
 	} else
 	    sudoerslval.command.args = p;
     }
@@ -159,11 +155,16 @@ fill_args(const char *s, size_t len, int addspace)
 	*p++ = ' ';
     if (strlcpy(p, s, arg_size - (p - sudoerslval.command.args)) != (size_t)len) {
 	sudo_warnx(U_("internal error, %s overflow"), __func__);
-	sudoerserror(NULL);
-	debug_return_bool(false);
+	goto bad;
     }
     arg_len = new_len;
     debug_return_bool(true);
+bad:
+    sudoerserror(NULL);
+    free(sudoerslval.command.args);
+    sudoerslval.command.args = NULL;
+    arg_len = arg_size = 0;
+    debug_return_bool(false);
 }
 
 /*