From 105ced47b8bbf6f0184abb8438501df1cfb38550 Mon Sep 17 00:00:00 2001 From: "Todd C. Miller" Date: Sat, 3 Feb 2018 06:59:37 -0700 Subject: [PATCH] For "sudo -l", if a word includes spaces, print it in double quotes. Also escape spaces in the command path. This matches the sudoers quoting rules. --- plugins/sudoers/parse.c | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/plugins/sudoers/parse.c b/plugins/sudoers/parse.c index 084d2f36d..b68022abe 100644 --- a/plugins/sudoers/parse.c +++ b/plugins/sudoers/parse.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2004-2005, 2007-2017 Todd C. Miller + * Copyright (c) 2004-2005, 2007-2018 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -863,7 +863,7 @@ print_member_int(struct sudo_lbuf *lbuf, char *name, int type, int negated, c = (struct sudo_command *) name; if (negated) sudo_lbuf_append(lbuf, "!"); - sudo_lbuf_append_quoted(lbuf, SUDOERS_QUOTED, "%s", c->cmnd); + sudo_lbuf_append_quoted(lbuf, SUDOERS_QUOTED" \t", "%s", c->cmnd); if (c->args) { sudo_lbuf_append(lbuf, " "); sudo_lbuf_append_quoted(lbuf, SUDOERS_QUOTED, "%s", c->args); @@ -888,8 +888,14 @@ print_member_int(struct sudo_lbuf *lbuf, char *name, int type, int negated, name[strspn(name + 1, "0123456789") + 1] == '\0') { sudo_lbuf_append(lbuf, "%s%s", negated ? "!" : "", name); } else { - sudo_lbuf_append_quoted(lbuf, SUDOERS_QUOTED, "%s%s", - negated ? "!" : "", name); + if (strpbrk(name, " \t") != NULL) { + sudo_lbuf_append(lbuf, "%s\"", negated ? "!" : ""); + sudo_lbuf_append_quoted(lbuf, "\"", "%s", name); + sudo_lbuf_append(lbuf, "\""); + } else { + sudo_lbuf_append_quoted(lbuf, SUDOERS_QUOTED, "%s%s", + negated ? "!" : "", name); + } } break; } -- 2.40.0