When parsing sudoOptions that include an operator (!, +, +=, -=)

strip out any whitespace on either side of the operator.
2025-09-02 23:35:36 +00:00 · 2015-12-09 14:57:33 -07:00
parent e2add4ae20
commit d46d0fbc6f
2 changed files with 36 additions and 14 deletions
--- a/plugins/sudoers/ldap.c
+++ b/plugins/sudoers/ldap.c
@@ -1046,7 +1046,7 @@ static bool
 sudo_ldap_parse_options(LDAP *ld, LDAPMessage *entry)
 {
    struct berval **bv, **p;
-    char *var, *val;
+    char *cp, *var;
    int op;
    bool rc = false;
    debug_decl(sudo_ldap_parse_options, SUDOERS_DEBUG_LDAP)
@@ -1064,17 +1064,25 @@ sudo_ldap_parse_options(LDAP *ld, LDAPMessage *entry)
 	DPRINTF2("ldap sudoOption: '%s'", var);
 	/* check for equals sign past first char */
-	val = strchr(var, '=');
+	cp = strchr(var, '=');
-	if (val > var) {
+	if (cp > var) {
-	    *val++ = '\0';	/* split on = and truncate var */
+	    char *val = cp + 1;
-	    op = val[-2];	/* peek for += or -= cases */
+	    op = cp[-1];	/* peek for += or -= cases */
 	    if (op == '+' || op == '-') {
 		/* case var+=val or var-=val */
-		val[-2] = '\0';	/* remove extra + or - char */
+		cp--;
 	    } else {
 		/* case var=val */
 		op = true;
 	    }
 	    /* Trim whitespace between var and operator. */
 	    while (cp > var && isblank((unsigned char)cp[-1]))
 		cp--;
 	    /* Truncate variable name. */
 	    *cp = '\0';
 	    /* Trim leading whitespace from val. */
 	    while (isblank((unsigned char)*val))
 		val++;
 	    /* Strip double quotes if present. */
 	    if (*val == '"') {
 		char *ep = val + strlen(val);
@@ -1086,7 +1094,10 @@ sudo_ldap_parse_options(LDAP *ld, LDAPMessage *entry)
 	    set_default(var, val, op);
 	} else if (*var == '!') {
 	    /* case !var Boolean False */
-	    set_default(var + 1, NULL, false);
+	    do {
 		var++;
 	    } while (isblank((unsigned char)*var));
 	    set_default(var, NULL, false);
 	} else {
 	    /* case var Boolean True */
 	    set_default(var, NULL, true);
--- a/plugins/sudoers/sssd.c
+++ b/plugins/sudoers/sssd.c
@@ -1024,7 +1024,7 @@ sudo_sss_parse_options(struct sudo_sss_handle *handle, struct sss_sudo_rule *rul
 {
    int i, op;
    bool ret = false;
-    char *v, *val;
+    char *cp, *v;
    char **val_array = NULL;
    debug_decl(sudo_sss_parse_options, SUDOERS_DEBUG_SSSD);
@@ -1052,17 +1052,25 @@ sudo_sss_parse_options(struct sudo_sss_handle *handle, struct sss_sudo_rule *rul
 	}
 	/* check for equals sign past first char */
-	val = strchr(v, '=');
+	cp = strchr(v, '=');
-	if (val > v) {
+	if (cp > v) {
-	    *val++ = '\0';	/* split on = and truncate var */
+	    char *val = cp + 1;
-	    op = val[-2];	/* peek for += or -= cases */
+	    op = cp[-1];	/* peek for += or -= cases */
 	    if (op == '+' || op == '-') {
 		/* case var+=val or var-=val */
-		val[-2] = '\0';	/* remove extra + or - char */
+		cp--;
 	    } else {
 		/* case var=val */
 		op = true;
 	    }
 	    /* Trim whitespace between var and operator. */
 	    while (cp > v && isblank((unsigned char)cp[-1]))
 		cp--;
 	    /* Truncate variable name. */
 	    *cp = '\0';
 	    /* Trim leading whitespace from val. */
 	    while (isblank((unsigned char)*val))
 		val++;
 	    /* Strip double quotes if present. */
 	    if (*val == '"') {
 		char *ep = val + strlen(val);
@@ -1074,7 +1082,10 @@ sudo_sss_parse_options(struct sudo_sss_handle *handle, struct sss_sudo_rule *rul
 	    set_default(v, val, op);
 	} else if (*v == '!') {
 	    /* case !var Boolean False */
-	    set_default(v + 1, NULL, false);
+	    do {
 		v++;
 	    } while (isblank((unsigned char)*v));
 	    set_default(v, NULL, false);
 	} else {
 	    /* case var Boolean True */
 	    set_default(v, NULL, true);