From a63890f487a7e8afe2dee52e766187cb3e4b4633 Mon Sep 17 00:00:00 2001 From: Artem Chernyshev Date: Tue, 7 Apr 2026 14:36:19 +0300 Subject: [PATCH] sudoers_policy_store_result: Fix potential NULL pointer deref sudo_get_gidlist() can return NULL value --- plugins/sudoers/policy.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/plugins/sudoers/policy.c b/plugins/sudoers/policy.c index 759039290f..c2f1d6cc1b 100644 --- a/plugins/sudoers/policy.c +++ b/plugins/sudoers/policy.c @@ -812,7 +812,8 @@ sudoers_policy_store_result(struct sudoers_context *ctx, bool accepted, struct gid_list *gidlist; /* Only use results from a group db query, not the front end. */ - gidlist = sudo_get_gidlist(ctx->runas.pw, ENTRY_TYPE_QUERIED); + if ((gidlist = sudo_get_gidlist(ctx->runas.pw, ENTRY_TYPE_QUERIED)) == NULL) + goto oom; /* We reserve an extra spot in the list for the effective gid. */ glsize = sizeof("runas_groups=") - 1 +