role_to_sudoers: only try to reuse a privilege if one is present

millert · millert · commit 2ffcda8e15af · 2023-11-02T14:42:42.000-06:00
diff --git a/plugins/sudoers/parse_ldif.c b/plugins/sudoers/parse_ldif.c
@@ -427,7 +427,7 @@ role_to_sudoers(struct sudoers_parse_tree *parse_tree, struct sudo_role *role,
 	    U_("unable to allocate memory"));
     }
 
-    if (reuse_privilege) {
+    if (reuse_privilege && !TAILQ_EMPTY(&us->privileges)) {
 	/* Hostspec unchanged, append cmndlist to previous privilege. */
 	struct privilege *prev_priv = TAILQ_LAST(&us->privileges, privilege_list);
 	if (reuse_runas) {

Original file line number	Diff line number	Diff line change
`@@ -427,7 +427,7 @@ role_to_sudoers(struct sudoers_parse_tree parse_tree, struct sudo_role role,`
`427`	`427`	`U_("unable to allocate memory"));`
`428`	`428`	`}`
`429`	`429`
`430`		`- if (reuse_privilege) {`
	`430`	`+ if (reuse_privilege && !TAILQ_EMPTY(&us->privileges)) {`
`431`	`431`	`/* Hostspec unchanged, append cmndlist to previous privilege. */`
`432`	`432`	`struct privilege *prev_priv = TAILQ_LAST(&us->privileges, privilege_list);`
`433`	`433`	`if (reuse_runas) {`