From b92b745eaf8eea4d44c2f80fc098b614678d6603 Mon Sep 17 00:00:00 2001
From: "Todd C. Miller" <Todd.Miller@courtesan.com>
Date: Tue, 4 Jan 2011 12:44:39 -0500
Subject: [PATCH] Fix NULL dereference with "sudo -g group" when the sudoers
 rule has no runas user or group listed.  Fixes RedHat bug Bug 667103.

---
 plugins/sudoers/match.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/plugins/sudoers/match.c b/plugins/sudoers/match.c
index 4a245422f..0f74d61da 100644
--- a/plugins/sudoers/match.c
+++ b/plugins/sudoers/match.c
@@ -165,10 +165,11 @@ _runaslist_matches(struct member_list *user_list, struct member_list *group_list
     int user_matched = UNSPEC;
     int group_matched = UNSPEC;
 
-    if (tq_empty(user_list) && tq_empty(group_list))
-	return(userpw_matches(def_runas_default, runas_pw->pw_name, runas_pw));
-
     if (runas_pw != NULL) {
+	/* If no runas user or runas group listed in sudoers, use default. */
+	if (tq_empty(user_list) && tq_empty(group_list))
+	    return(userpw_matches(def_runas_default, runas_pw->pw_name, runas_pw));
+
 	tq_foreach_rev(user_list, m) {
 	    switch (m->type) {
 		case ALL:
-- 
2.40.0