From c57b8d7955f9254d5b7f1e48effa6c1db35acc77 Mon Sep 17 00:00:00 2001 From: AZero13 Date: Tue, 16 Dec 2025 22:36:48 -0500 Subject: [PATCH] Look for the slash, not the null terminator --- plugins/sudoers/match_command.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugins/sudoers/match_command.c b/plugins/sudoers/match_command.c index de2103a3e8..d104ad1aa2 100644 --- a/plugins/sudoers/match_command.c +++ b/plugins/sudoers/match_command.c @@ -335,7 +335,7 @@ command_matches_dir(struct sudoers_context *ctx, const char *sudoers_dir, goto bad; /* Make sure ctx->user.cmnd is not in a subdir of sudoers_dir. */ - if (strchr(ctx->user.cmnd + dlen + 1, '\0') != NULL) + if (strchr(ctx->user.cmnd + dlen + 1, '/') != NULL) goto bad; /* Open the file for fdexec or for digest matching. */