From: Bdale Garbee <bdale@gag.com>
Date: Tue, 15 Feb 2011 04:02:26 +0000 (-0700)
Subject: fix from Peter Samuelson for use-after-free bug parsing wildcards in sudoers
X-Git-Url: https://git.gag.com/?a=commitdiff_plain;h=refs%2Fheads%2Flenny;p=debian%2Fsudo

fix from Peter Samuelson for use-after-free bug parsing wildcards in sudoers
---

diff --git a/debian/changelog b/debian/changelog
index 2d51106..e194157 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+sudo (1.6.9p17-4) UNRELEASED; urgency=low
+
+  * patch from Peter Samuelson <peter@p12n.org> for use-after-free bug 
+    parsing wildcards in sudoers, closes: #613448
+
+ -- Bdale Garbee <bdale@gag.com>  Mon, 14 Feb 2011 21:02:09 -0700
+
 sudo (1.6.9p17-3) stable-security; urgency=high
 
   * Patch from Moritz Muehlenhoff fixing CVE-2010-1646, in which secure path
diff --git a/parse.c b/parse.c
index f22baff..7a64987 100644
--- a/parse.c
+++ b/parse.c
@@ -316,9 +316,11 @@ command_matches(sudoers_cmnd, sudoers_args)
 		break;
 	    }
 	}
-	globfree(&gl);
-	if (*ap == NULL)
+	if (*ap == NULL) {
+	    globfree(&gl);
 	    return(FALSE);
+	}
+	globfree(&gl);
 
 	if (!sudoers_args ||
 	    (!user_args && sudoers_args && !strcmp("\"\"", sudoers_args)) ||