From 2e2dd48befea3f1e723a62dc7666cc07984d1ace Mon Sep 17 00:00:00 2001
From: "Todd C. Miller" <Todd.Miller@sudo.ws>
Date: Wed, 5 Oct 2022 10:10:31 -0600
Subject: [PATCH] Add test for matching a literal "" command line argument as
 "" in sudoers. GitHub issue #182.

---
 MANIFEST                                      |  2 ++
 .../sudoers/regress/testsudoers/test19.out.ok | 20 +++++++++++++++++++
 plugins/sudoers/regress/testsudoers/test19.sh | 20 +++++++++++++++++++
 3 files changed, 42 insertions(+)
 create mode 100644 plugins/sudoers/regress/testsudoers/test19.out.ok
 create mode 100755 plugins/sudoers/regress/testsudoers/test19.sh

diff --git a/MANIFEST b/MANIFEST
index f2ffc4956..aaf84d54d 100644
--- a/MANIFEST
+++ b/MANIFEST
@@ -1020,6 +1020,8 @@ plugins/sudoers/regress/testsudoers/test17.out.ok
 plugins/sudoers/regress/testsudoers/test17.sh
 plugins/sudoers/regress/testsudoers/test18.out.ok
 plugins/sudoers/regress/testsudoers/test18.sh
+plugins/sudoers/regress/testsudoers/test19.out.ok
+plugins/sudoers/regress/testsudoers/test19.sh
 plugins/sudoers/regress/testsudoers/test2.inc
 plugins/sudoers/regress/testsudoers/test2.out.ok
 plugins/sudoers/regress/testsudoers/test2.sh
diff --git a/plugins/sudoers/regress/testsudoers/test19.out.ok b/plugins/sudoers/regress/testsudoers/test19.out.ok
new file mode 100644
index 000000000..a0de2408e
--- /dev/null
+++ b/plugins/sudoers/regress/testsudoers/test19.out.ok
@@ -0,0 +1,20 @@
+Parses OK
+
+Entries for user root:
+
+ALL = /bin/ls ""
+	host  matched
+	runas matched
+	cmnd  allowed
+
+Command allowed
+Parses OK
+
+Entries for user root:
+
+ALL = /bin/ls ""
+	host  matched
+	runas matched
+	cmnd  unmatched
+
+Command unmatched
diff --git a/plugins/sudoers/regress/testsudoers/test19.sh b/plugins/sudoers/regress/testsudoers/test19.sh
new file mode 100755
index 000000000..113eb2ad4
--- /dev/null
+++ b/plugins/sudoers/regress/testsudoers/test19.sh
@@ -0,0 +1,20 @@
+#!/bin/sh
+#
+# Verify that "" in sudoers does not match a literal "" on the command line.
+#
+
+: ${TESTSUDOERS=testsudoers}
+
+exec 2>&1
+
+# This should succeed
+$TESTSUDOERS root /bin/ls <<'EOF'
+root ALL = /bin/ls ""
+EOF
+
+# This should fail
+$TESTSUDOERS root /bin/ls '""' <<'EOF'
+root ALL = /bin/ls ""
+EOF
+
+exit 0