From b8e9fc1b123a646d58b20cd38aa1d932b4297f8f Mon Sep 17 00:00:00 2001
From: "Todd C. Miller" <Todd.Miller@sudo.ws>
Date: Fri, 11 Nov 2022 07:05:24 -0700
Subject: [PATCH] Add a regress check for the cvtsudoers filter crash. GitHub
 issue #198.

---
 MANIFEST                                      |  2 ++
 .../sudoers/regress/cvtsudoers/test40.out.ok  | 10 +++++++
 plugins/sudoers/regress/cvtsudoers/test40.sh  | 29 +++++++++++++++++++
 3 files changed, 41 insertions(+)
 create mode 100644 plugins/sudoers/regress/cvtsudoers/test40.out.ok
 create mode 100755 plugins/sudoers/regress/cvtsudoers/test40.sh

diff --git a/MANIFEST b/MANIFEST
index 670efdd73..d2ef4d17c 100644
--- a/MANIFEST
+++ b/MANIFEST
@@ -812,6 +812,8 @@ plugins/sudoers/regress/cvtsudoers/test39.out.ok
 plugins/sudoers/regress/cvtsudoers/test39.sh
 plugins/sudoers/regress/cvtsudoers/test4.out.ok
 plugins/sudoers/regress/cvtsudoers/test4.sh
+plugins/sudoers/regress/cvtsudoers/test40.out.ok
+plugins/sudoers/regress/cvtsudoers/test40.sh
 plugins/sudoers/regress/cvtsudoers/test5.out.ok
 plugins/sudoers/regress/cvtsudoers/test5.sh
 plugins/sudoers/regress/cvtsudoers/test6.out.ok
diff --git a/plugins/sudoers/regress/cvtsudoers/test40.out.ok b/plugins/sudoers/regress/cvtsudoers/test40.out.ok
new file mode 100644
index 000000000..0fc19e453
--- /dev/null
+++ b/plugins/sudoers/regress/cvtsudoers/test40.out.ok
@@ -0,0 +1,10 @@
+dn: cn=user0,ou=SUDOers,dc=sudo,dc=ws
+objectClass: top
+objectClass: sudoRole
+cn: user0
+sudoUser: user0
+sudoHost: A00
+sudoRunAsUser: 0
+sudoCommand: /bin/ls
+sudoOrder: 1
+
diff --git a/plugins/sudoers/regress/cvtsudoers/test40.sh b/plugins/sudoers/regress/cvtsudoers/test40.sh
new file mode 100755
index 000000000..ff03c2c96
--- /dev/null
+++ b/plugins/sudoers/regress/cvtsudoers/test40.sh
@@ -0,0 +1,29 @@
+#!/bin/sh
+#
+# Test use-after-free in cvtsudoers when filtering by command.
+#
+# If compiled with address sanitizer, cvtsudoers will crash without the
+# fix in 9da99e0e671e.
+#
+
+: ${CVTSUDOERS=cvtsudoers}
+
+$CVTSUDOERS -c "" -i ldif -b "ou=SUDOers,dc=sudo,dc=ws" -m cmd='/bin/ls' -p <<EOF
+objectClass:sudoRole
+sudoUser:user0
+sudoHost:A00
+sudoCommand:/bin/ls
+sudoRunAs:0
+
+objectClass:sudoRole
+sudoUser:user0
+sudoHost:A00
+sudoRunAsUser:
+sudoCommand:
+
+objectClass:sudoRole
+sudoUser:user0
+sudoHost:A00
+sudoRunAs:
+sudoCommand:
+EOF