env_file_next_local: change the order of the val_len check.

It makes more sense to verify that val_len > 1 before using it. This is not a problem in practice because val[val_len - 1] is guaranteed not to underflow but it can confuse reviewers and static analyzers.
2025-09-05 08:45:28 +00:00 · 2023-01-09 14:26:07 -07:00
parent d781ab0a89
commit 3878ce8d49
1 changed files with 1 additions and 1 deletions
--- a/plugins/sudoers/env.c
+++ b/plugins/sudoers/env.c
@@ -1278,7 +1278,7 @@ env_file_next_local(void *cookie, int *errnum)
 	val_len = strlen(++val);

 	/* Strip leading and trailing single/double quotes */
-	if ((val[0] == '\'' || val[0] == '\"') && val[0] == val[val_len - 1] && val_len > 1) {
+	if ((val[0] == '\'' || val[0] == '\"') && val_len > 1 && val[0] == val[val_len - 1]) {
 	    val[val_len - 1] = '\0';
 	    val++;
 	    val_len -= 2;