Fix the check for whether a user is allowed to lists another user's

privileges. The "matched" variable is not boolean, it can also have the value UNSPEC so we need to check explicitly for true. Bug #738
2025-09-01 06:45:10 +00:00 · 2016-02-26 09:32:08 -07:00
parent 5dd7ac20e1
commit 95dd64ea75
2 changed files with 4 additions and 4 deletions
--- a/plugins/sudoers/ldap.c
+++ b/plugins/sudoers/ldap.c
@@ -3170,12 +3170,12 @@ sudo_ldap_lookup(struct sudo_nss *nss, int ret, int pwflag)
 	    /* Only check the command when listing another user. */
 	    if (user_uid == 0 || list_pw == NULL ||
 		user_uid == list_pw->pw_uid ||
-		sudo_ldap_check_command(ld, entry, NULL)) {
+		sudo_ldap_check_command(ld, entry, NULL) == true) {
 		matched = true;
 		break;
 	    }
 	}
-	if (matched || user_uid == 0) {
+	if (matched == true || user_uid == 0) {
 	    SET(ret, VALIDATE_SUCCESS);
 	    CLR(ret, VALIDATE_FAILURE);
 	    if (def_authenticate) {
--- a/plugins/sudoers/sssd.c
+++ b/plugins/sudoers/sssd.c
@@ -1137,13 +1137,13 @@ sudo_sss_lookup(struct sudo_nss *nss, int ret, int pwflag)
 		/* Only check the command when listing another user. */
 		if (user_uid == 0 || list_pw == NULL ||
 		    user_uid == list_pw->pw_uid ||
-		    sudo_sss_check_command(handle, rule, NULL)) {
+		    sudo_sss_check_command(handle, rule, NULL) == true) {
 		    matched = true;
 		    break;
 		}
 	    }
 	}
-	if (matched || user_uid == 0) {
+	if (matched == true || user_uid == 0) {
 	    SET(ret, VALIDATE_SUCCESS);
 	    CLR(ret, VALIDATE_FAILURE);
 	    if (def_authenticate) {