From 0d28bf0904e77b7337c003380e51cf694be1e957 Mon Sep 17 00:00:00 2001
From: "K. Lange" <klange@toaruos.org>
Date: Thu, 18 Jan 2024 19:24:03 +0900
Subject: [PATCH] sudo: pwent may be shared with auth library...

---
 apps/sudo.c | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/apps/sudo.c b/apps/sudo.c
index d40d3e9ca..4f6f38d22 100644
--- a/apps/sudo.c
+++ b/apps/sudo.c
@@ -63,7 +63,7 @@ static int sudo_loop(int (*prompt_callback)(char * username, char * password, in
 			fprintf(stderr, "%s: unable to obtain username for real uid=%d\n", argv[0], getuid());
 			return 1;
 		}
-		char * username = p->pw_name;
+		char * username = strdup(p->pw_name);
 
 		char token_file[64];
 		sprintf(token_file, "/var/sudoers/%d", me); /* TODO: Restrict to this session? */
@@ -82,6 +82,8 @@ static int sudo_loop(int (*prompt_callback)(char * username, char * password, in
 			char * password = calloc(sizeof(char) * 1024, 1);
 
 			if (prompt_callback(username, password, fails, argv)) {
+				free(username);
+				free(password);
 				return 1;
 			}
 
@@ -90,6 +92,7 @@ static int sudo_loop(int (*prompt_callback)(char * username, char * password, in
 			free(password);
 
 			if (uid < 0) {
+				free(username);
 				fails++;
 				if (fails == 3) {
 					fprintf(stderr, "%s: %d incorrect password attempts\n", argv[0], fails);
@@ -104,6 +107,7 @@ static int sudo_loop(int (*prompt_callback)(char * username, char * password, in
 		if (need_sudoers) {
 			FILE * sudoers = fopen("/etc/sudoers","r");
 			if (!sudoers) {
+				free(username);
 				fprintf(stderr, "%s: /etc/sudoers is not available\n", argv[0]);
 				return 1;
 			}
@@ -126,10 +130,13 @@ static int sudo_loop(int (*prompt_callback)(char * username, char * password, in
 
 			if (!in_sudoers) {
 				fprintf(stderr, "%s is not in sudoers file.\n", username);
+				free(username);
 				return 1;
 			}
 		}
 
+		free(username);
+
 		/* Write a timestamp file */
 		FILE * f = fopen(token_file, "w");
 		if (!f) {