Add a regress check for the cvtsudoers filter crash.

GitHub issue #198.
2025-08-22 01:49:11 +00:00 · 2022-11-11 07:05:24 -07:00 · 2022-11-11 07:05:24 -07:00 · b8e9fc1b12
commit b8e9fc1b12
parent 264326de57
3 changed files with 41 additions and 0 deletions
--- a/2
+++ b/2
@ -812,6 +812,8 @@ plugins/sudoers/regress/cvtsudoers/test39.out.ok
 plugins/sudoers/regress/cvtsudoers/test39.sh
 plugins/sudoers/regress/cvtsudoers/test4.out.ok
 plugins/sudoers/regress/cvtsudoers/test4.sh
+plugins/sudoers/regress/cvtsudoers/test40.out.ok
+plugins/sudoers/regress/cvtsudoers/test40.sh
 plugins/sudoers/regress/cvtsudoers/test5.out.ok
 plugins/sudoers/regress/cvtsudoers/test5.sh
 plugins/sudoers/regress/cvtsudoers/test6.out.ok
--- a/plugins/sudoers/regress/cvtsudoers/test40.out.ok
+++ b/plugins/sudoers/regress/cvtsudoers/test40.out.ok
@ -0,0 +1,10 @@
+dn: cn=user0,ou=SUDOers,dc=sudo,dc=ws
+objectClass: top
+objectClass: sudoRole
+cn: user0
+sudoUser: user0
+sudoHost: A00
+sudoRunAsUser: 0
+sudoCommand: /bin/ls
+sudoOrder: 1
+
--- a/plugins/sudoers/regress/cvtsudoers/test40.sh
+++ b/plugins/sudoers/regress/cvtsudoers/test40.sh
@ -0,0 +1,29 @@
+#!/bin/sh
+#
+# Test use-after-free in cvtsudoers when filtering by command.
+#
+# If compiled with address sanitizer, cvtsudoers will crash without the
+# fix in 9da99e0e671e.
+#
+
+: ${CVTSUDOERS=cvtsudoers}
+
+$CVTSUDOERS -c "" -i ldif -b "ou=SUDOers,dc=sudo,dc=ws" -m cmd='/bin/ls' -p <<EOF
+objectClass:sudoRole
+sudoUser:user0
+sudoHost:A00
+sudoCommand:/bin/ls
+sudoRunAs:0
+
+objectClass:sudoRole
+sudoUser:user0
+sudoHost:A00
+sudoRunAsUser:
+sudoCommand:
+
+objectClass:sudoRole
+sudoUser:user0
+sudoHost:A00
+sudoRunAs:
+sudoCommand:
+EOF