digest_matches: plug fd leak on snprinf() failure

millert · millert · commit 26a1a7529a19 · 2025-07-24T07:34:35.000-06:00
diff --git a/plugins/sudoers/match_command.c b/plugins/sudoers/match_command.c
@@ -272,7 +272,8 @@ command_matches_dir(struct sudoers_context *ctx, const char *sudoers_dir,
 	len = snprintf(sdbuf, sizeof(sdbuf), "%s%s", runchroot, sudoers_dir);
 	if (len >= ssizeof(sdbuf)) {
 	    errno = ENAMETOOLONG;
-	    debug_return_bool(false);
+	    sudo_warn("%s%s", runchroot, sudoers_dir);
+	    goto done;
 	}
 	sudoers_dir = sdbuf;
 	chrootlen = strlen(runchroot);
@@ -536,7 +537,8 @@ command_matches_glob(struct sudoers_context *ctx, const char *sudoers_cmnd,
 	    snprintf(pathbuf, sizeof(pathbuf), "%s%s", runchroot, sudoers_cmnd);
 	if (len >= ssizeof(pathbuf)) {
 	    errno = ENAMETOOLONG;
-	    debug_return_bool(false);
+	    sudo_warn("%s%s", runchroot, sudoers_cmnd);
+	    debug_return_int(DENY);
 	}
 	sudoers_cmnd = pathbuf;
 	chrootlen = strlen(runchroot);
diff --git a/plugins/sudoers/match_digest.c b/plugins/sudoers/match_digest.c
@@ -73,7 +73,8 @@ digest_matches(int fd, const char *path, const char *runchroot,
 	    snprintf(pathbuf, sizeof(pathbuf), "%s%s", runchroot, path);
 	if (len >= ssizeof(pathbuf)) {
 	    errno = ENAMETOOLONG;
-	    debug_return_bool(false);
+	    sudo_warn("%s%s", runchroot, path);
+	    goto done;
 	}
 	path = pathbuf;
     }

Original file line number	Diff line number	Diff line change
`@@ -73,7 +73,8 @@ digest_matches(int fd, const char path, const char runchroot,`
`73`	`73`	`snprintf(pathbuf, sizeof(pathbuf), "%s%s", runchroot, path);`
`74`	`74`	`if (len >= ssizeof(pathbuf)) {`
`75`	`75`	`errno = ENAMETOOLONG;`
`76`		`- debug_return_bool(false);`
	`76`	`+ sudo_warn("%s%s", runchroot, path);`
	`77`	`+ goto done;`
`77`	`78`	`}`
`78`	`79`	`path = pathbuf;`
`79`	`80`	`}`