From 340831499ad379eea3250ce52eac0755f2fb17df Mon Sep 17 00:00:00 2001
From: "Todd C. Miller" <Todd.Miller@courtesan.com>
Date: Wed, 22 Aug 2007 22:32:00 +0000
Subject: [PATCH] Use lbuf_append_quoted() for sudo -l output to quote
 characters that would require quoting in sudoers.

---
 parse.c | 22 ++++++++++++++++------
 1 file changed, 16 insertions(+), 6 deletions(-)

diff --git a/parse.c b/parse.c
index b02815f31..a490b70e8 100644
--- a/parse.c
+++ b/parse.c
@@ -52,6 +52,9 @@
 __unused static const char rcsid[] = "$Sudo$";
 #endif /* lint */
 
+/* Characters that must be quoted in sudoers */
+#define SUDOERS_QUOTED	"*?[]!:\\,=#\""
+
 /*
  * Parsed sudoers info.
  */
@@ -321,10 +324,12 @@ display_defaults(pw)
 	if (d->val != NULL) {
 	    lbuf_append(&lbuf, d->var, d->op == '+' ? " += " :
 		d->op == '-' ? " -= " : " = ", NULL);
-	    if (strpbrk(d->val, " \t") != NULL)
-		lbuf_append(&lbuf, "\"", d->val, "\"", NULL);
-	    else
-		lbuf_append(&lbuf, d->val, NULL);
+	    if (strpbrk(d->val, " \t") != NULL) {
+		lbuf_append(&lbuf, "\"", NULL);
+		lbuf_append_quoted(&lbuf, "\"", d->val, NULL);
+		lbuf_append(&lbuf, "\"", NULL);
+	    } else
+		lbuf_append_quoted(&lbuf, SUDOERS_QUOTED, d->val, NULL);
 	} else
 	    lbuf_append(&lbuf, d->op == FALSE ? "!" : "", d->var, NULL);
 	prefix = ", ";
@@ -477,8 +482,13 @@ print_member(lbuf, name, type, negated, alias_type)
 	    break;
 	case COMMAND:
 	    c = (struct sudo_command *) name;
-	    lbuf_append(lbuf, negated ? "!" : "", c->cmnd, c->args ? " " : "",
-		c->args ? c->args : "", NULL);
+	    if (negated)
+		lbuf_append(lbuf, negated, NULL);
+	    lbuf_append_quoted(lbuf, SUDOERS_QUOTED, c->cmnd, NULL);
+	    if (c->args) {
+		lbuf_append(lbuf, " ", NULL);
+		lbuf_append_quoted(lbuf, SUDOERS_QUOTED, c->args, NULL);
+	    }
 	    break;
 	case ALIAS:
 	    if ((a = find_alias(name, alias_type)) != NULL) {
-- 
2.40.0