Store mulitple command digests of the same type as an array.

Otherwise, we end up with duplicated keys in the object.
GitHub issue #370

plugins/sudoers/cvtsudoers_json.c

@@ -31,6 +31,7 @@
 #include <ctype.h>
 
 #include <sudoers.h>
+#include <sudo_digest.h>
 #include <sudo_json.h>
 #include <cvtsudoers.h>
 #include <gram.h>
@@ -67,6 +68,7 @@ print_command_json(struct json_container *jsonc, const char *name, bool negated)
     struct command_digest *digest;
     struct json_value value;
     char *cmnd = c->cmnd;
+    unsigned int digest_type;
     const char *digest_name;
     debug_decl(print_command_json, SUDOERS_DEBUG_UTIL);
 
@@ -89,14 +91,37 @@ print_command_json(struct json_container *jsonc, const char *name, bool negated)
 	if (!sudo_json_add_value(jsonc, "command", &value))
 	    debug_return_bool(false);
 
-	/* Optional digest list. */
+	/* Optional digest list, ordered by digest type. */
+	for (digest_type = 0; digest_type < SUDO_DIGEST_INVALID; digest_type++) {
+	    unsigned int ndigests = 0;
+
 	    TAILQ_FOREACH(digest, &c->digests, entries) {
-	    digest_name = digest_type_to_name(digest->digest_type);
+		if (digest->digest_type == digest_type)
+		    ndigests++;
+	    }
+	    if (ndigests == 0)
+		continue;
+
+	    digest_name = digest_type_to_name(digest_type);
+	    if (ndigests > 1) {
+		if (!sudo_json_open_array(jsonc, digest_name))
+		    debug_return_bool(false);
+		/* Only use digest_name for the array key, not value. */
+		digest_name = NULL;
+	    }
+	    TAILQ_FOREACH(digest, &c->digests, entries) {
+		if (digest->digest_type != digest_type)
+		    continue;
 		value.type = JSON_STRING;
 		value.u.string = digest->digest_str;
 		if (!sudo_json_add_value(jsonc, digest_name, &value))
 		    debug_return_bool(false);
 	    }
+	    if (ndigests > 1) {
+		if (!sudo_json_close_array(jsonc))
+		    debug_return_bool(false);
+	    }
+	}
 
 	/* Command may be negated. */
 	if (negated) {

plugins/sudoers/regress/sudoers/test14.json.ok

@@ -3,15 +3,19 @@
         "LS": [
             {
                 "command": "/bin/ls",
-                "sha224": "d06a2617c98d377c250edd470fd5e576327748d82915d6e33b5f8db1",
-                "sha224": "d7910e1967342b4605cb73a550944044c631cd3514001900966962ac"
+                "sha224": [
+                    "d06a2617c98d377c250edd470fd5e576327748d82915d6e33b5f8db1",
+                    "d7910e1967342b4605cb73a550944044c631cd3514001900966962ac"
+                ]
             }
         ],
         "SH": [
             {
                 "command": "/bin/sh",
-                "sha256": "hOtoe/iK6SlGg7w4BfZBBdSsXjUmTJ5+ts51yjh7vkM=",
-                "sha256": "1IXHRCxXgSnIEnb+xBz4PAfWaPdXIBWKFF0QCwxJ5G4="
+                "sha256": [
+                    "hOtoe/iK6SlGg7w4BfZBBdSsXjUmTJ5+ts51yjh7vkM=",
+                    "1IXHRCxXgSnIEnb+xBz4PAfWaPdXIBWKFF0QCwxJ5G4="
+                ]
             }
         ]
     },
@@ -51,8 +55,8 @@
                     "Commands": [
                         {
                             "command": "ALL",
-                            "sha384": "knMlCLkJ71K6uRrKo5C1CAvZ5kq+mRpjKDD/RofGosFjiGcYhiYYZORVyiRHgBnu",
-                            "sha256": "1IXHRCxXgSnIEnb+xBz4PAfWaPdXIBWKFF0QCwxJ5G4="
+                            "sha256": "1IXHRCxXgSnIEnb+xBz4PAfWaPdXIBWKFF0QCwxJ5G4=",
+                            "sha384": "knMlCLkJ71K6uRrKo5C1CAvZ5kq+mRpjKDD/RofGosFjiGcYhiYYZORVyiRHgBnu"
                         }
                     ]
                 }