=================================================================== RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/doas/doas.c,v retrieving revision 1.75 retrieving revision 1.76 diff -c -r1.75 -r1.76 *** src/usr.bin/doas/doas.c 2019/06/10 18:11:27 1.75 --- src/usr.bin/doas/doas.c 2019/06/12 02:50:29 1.76 *************** *** 1,4 **** ! /* $OpenBSD: doas.c,v 1.75 2019/06/10 18:11:27 tedu Exp $ */ /* * Copyright (c) 2015 Ted Unangst * --- 1,4 ---- ! /* $OpenBSD: doas.c,v 1.76 2019/06/12 02:50:29 tedu Exp $ */ /* * Copyright (c) 2015 Ted Unangst * *************** *** 288,294 **** char *sh; const char *cmd; char cmdline[LINE_MAX]; - char myname[_PW_NAME_LEN + 1]; char mypwbuf[_PW_BUF_LEN], targpwbuf[_PW_BUF_LEN]; struct passwd mypwstore, targpwstore; struct passwd *mypw, *targpw; --- 288,293 ---- *************** *** 349,358 **** usage(); rv = getpwuid_r(uid, &mypwstore, mypwbuf, sizeof(mypwbuf), &mypw); ! if (rv != 0 || mypw == NULL) err(1, "getpwuid_r failed"); ! if (strlcpy(myname, mypw->pw_name, sizeof(myname)) >= sizeof(myname)) ! errx(1, "pw_name too long"); ngroups = getgroups(NGROUPS_MAX, groups); if (ngroups == -1) err(1, "can't get groups"); --- 348,357 ---- usage(); rv = getpwuid_r(uid, &mypwstore, mypwbuf, sizeof(mypwbuf), &mypw); ! if (rv != 0) err(1, "getpwuid_r failed"); ! if (mypw == NULL) ! errx(1, "no passwd entry for self"); ngroups = getgroups(NGROUPS_MAX, groups); if (ngroups == -1) err(1, "can't get groups"); *************** *** 361,369 **** if (sflag) { sh = getenv("SHELL"); if (sh == NULL || *sh == '\0') { ! shargv[0] = strdup(mypw->pw_shell); ! if (shargv[0] == NULL) ! err(1, NULL); } else shargv[0] = sh; argv = shargv; --- 360,366 ---- if (sflag) { sh = getenv("SHELL"); if (sh == NULL || *sh == '\0') { ! shargv[0] = mypw->pw_shell; } else shargv[0] = sh; argv = shargv; *************** *** 394,400 **** if (!permit(uid, groups, ngroups, &rule, target, cmd, (const char **)argv + 1)) { syslog(LOG_AUTHPRIV | LOG_NOTICE, ! "failed command for %s: %s", myname, cmdline); errc(1, EPERM, NULL); } --- 391,397 ---- if (!permit(uid, groups, ngroups, &rule, target, cmd, (const char **)argv + 1)) { syslog(LOG_AUTHPRIV | LOG_NOTICE, ! "failed command for %s: %s", mypw->pw_name, cmdline); errc(1, EPERM, NULL); } *************** *** 402,408 **** if (nflag) errx(1, "Authorization required"); ! authuser(myname, login_style, rule->options & PERSIST); } if (unveil(_PATH_LOGIN_CONF, "r") == -1) --- 399,405 ---- if (nflag) errx(1, "Authorization required"); ! authuser(mypw->pw_name, login_style, rule->options & PERSIST); } if (unveil(_PATH_LOGIN_CONF, "r") == -1) *************** *** 418,424 **** err(1, "pledge"); rv = getpwuid_r(target, &targpwstore, targpwbuf, sizeof(targpwbuf), &targpw); ! if (rv != 0 || targpw == NULL) errx(1, "no passwd entry for target"); if (setusercontext(NULL, targpw, target, LOGIN_SETGROUP | --- 415,423 ---- err(1, "pledge"); rv = getpwuid_r(target, &targpwstore, targpwbuf, sizeof(targpwbuf), &targpw); ! if (rv != 0) ! err(1, "getpwuid_r failed"); ! if (targpw == NULL) errx(1, "no passwd entry for target"); if (setusercontext(NULL, targpw, target, LOGIN_SETGROUP | *************** *** 438,444 **** err(1, "pledge"); syslog(LOG_AUTHPRIV | LOG_INFO, "%s ran command %s as %s from %s", ! myname, cmdline, targpw->pw_name, cwd); envp = prepenv(rule); --- 437,443 ---- err(1, "pledge"); syslog(LOG_AUTHPRIV | LOG_INFO, "%s ran command %s as %s from %s", ! mypw->pw_name, cmdline, targpw->pw_name, cwd); envp = prepenv(rule);