This patch will upgrade Sudo version 1.9.8 to Sudo version 1.9.8 patchlevel 1. To apply: $ cd sudo-1.9.8 $ patch -p1 < sudo-1.9.8p1.patch diff -urNa sudo-1.9.8/ChangeLog sudo-1.9.8p1/ChangeLog --- sudo-1.9.8/ChangeLog Thu Sep 9 12:26:29 2021 +++ sudo-1.9.8p1/ChangeLog Thu Sep 16 11:39:13 2021 @@ -1,8 +1,65 @@ +2021-09-16 Todd C. Miller + + * .hgtags: + Added tag SUDO_1_9_8p1 for changeset feb396a0d60d + [e5f560a935fc] [tip] <1.9> + + * configure, configure.ac: + Merge sudo 1.9.8p1 from tip + [feb396a0d60d] [SUDO_1_9_8p1] <1.9> + + * NEWS: + Bug #994. + [14ea3a741b25] + + * plugins/sudoers/ldap_util.c: + Always allocate a struct sudo_command for the command, even for ALL. + This was missed in the previous set of changes, resulting in a crash + for LDAP and SSSD rules that give sudo "ALL" privileges. Bug #994. + [91d0379b068a] + + * plugins/sudoers/Makefile.in: + Add SUDOERS_LDFLAGS to FUZZ_LDFLAGS Fixes a fuzzer link error when + building with ldap if the ldap libs are not in the default library + search path. + [a450881f9763] + + * configure, configure.ac: + Fix the OpenSSL link order for the non-pkg-config case. Since -lssl + depends on -lcrypto, -lcrypto must be listed after -lssl. Fixes + linking of non-dynamic OpenSSL libs. + [787724ab6e87] + +2021-09-15 Todd C. Miller + + * NEWS, configure, configure.ac: + Sudo 1.9.8p1 + [fc8c69d55348] + + * src/sudo_intercept_common.c: + sudo_interposer_init: verify message type from sudo We should only + get a HelloResponse from sudo at this point. + [a021319260b3] + + * include/intercept.pb-c.h, src/exec_intercept.c, + src/intercept.pb-c.c, src/intercept.proto, + src/sudo_intercept_common.c: + Avoid symbol name clash to fix --enable-static-sudoers linking. + [5cc5e415844f] + +2021-09-14 Todd C. Miller + + * plugins/sudoers/defaults.c, plugins/sudoers/policy.c: + append_defaults() should not be passed a value for boolean flags. + The operation should simply be set to true/false. Also treat a NULL + file as coming from the front-end. Bug #993. + [86e69d358916] + 2021-09-09 Todd C. Miller * .hgtags: Added tag SUDO_1_9_8 for changeset e25cff5d148b - [4067d7a889fa] [tip] <1.9> + [4067d7a889fa] <1.9> * config.h.in, configure, configure.ac, include/sudo_compat.h, logsrvd/tls_init.c, plugins/sudoers/regress/fuzz/fuzz_policy.c: diff -urNa sudo-1.9.8/NEWS sudo-1.9.8p1/NEWS --- sudo-1.9.8/NEWS Thu Sep 9 12:24:35 2021 +++ sudo-1.9.8p1/NEWS Thu Sep 16 11:37:37 2021 @@ -1,3 +1,17 @@ +What's new in Sudo 1.9.8p1 + + * Fixed support for passing a prompt (sudo -p) or a login class + (sudo -l) on the command line. This is a regression introduced + in sudo 1.9.8. Bug #993. + + * Fixed a crash with "sudo ALL" rules in the LDAP and SSSD back-ends. + This is a regression introduced in sudo 1.9.8. Bug #994. + + * Fixed a compilation error when the --enable-static-sudoers configure + option was specified. This is a regression introduced in sudo + 1.9.8 caused by a symbol clash with the intercept and log server + protobuf functions. + What's new in Sudo 1.9.8 * It is now possible to transparently intercepting sub-commands @@ -34,6 +48,10 @@ commands run in a privileged shell. It uses the same mechanism as the intercept support described above and has the same limitations. + * The new "log_exit_status" sudoers setting can be used to log + the exit status commands run via sudo. This is also a corresponding + "log_exit" setting in the sudo_logsrvd.conf eventlog stanza. + * Support for logging sudo_logsrvd errors via syslog or to a file. Previously, most sudo_logsrvd errors were only visible in the debug log. diff -urNa sudo-1.9.8/configure sudo-1.9.8p1/configure --- sudo-1.9.8/configure Thu Sep 9 12:24:35 2021 +++ sudo-1.9.8p1/configure Thu Sep 16 11:37:37 2021 @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.71 for sudo 1.9.8. +# Generated by GNU Autoconf 2.71 for sudo 1.9.8p1. # # Report bugs to . # @@ -621,8 +621,8 @@ # Identity of this package. PACKAGE_NAME='sudo' PACKAGE_TARNAME='sudo' -PACKAGE_VERSION='1.9.8' -PACKAGE_STRING='sudo 1.9.8' +PACKAGE_VERSION='1.9.8p1' +PACKAGE_STRING='sudo 1.9.8p1' PACKAGE_BUGREPORT='https://bugzilla.sudo.ws/' PACKAGE_URL='' @@ -1631,7 +1631,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures sudo 1.9.8 to adapt to many kinds of systems. +\`configure' configures sudo 1.9.8p1 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1697,7 +1697,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of sudo 1.9.8:";; + short | recursive ) echo "Configuration of sudo 1.9.8p1:";; esac cat <<\_ACEOF @@ -1982,7 +1982,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -sudo configure 1.9.8 +sudo configure 1.9.8p1 generated by GNU Autoconf 2.71 Copyright (C) 2021 Free Software Foundation, Inc. @@ -2639,7 +2639,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by sudo $as_me 1.9.8, which was +It was created by sudo $as_me 1.9.8p1, which was generated by GNU Autoconf 2.71. Invocation command line was $ $0$ac_configure_args_raw @@ -23674,7 +23674,7 @@ else enable_openssl=yes fi - LIBTLS="${LIBTLS} -lcrypto -lssl" + LIBTLS="${LIBTLS} -lssl -lcrypto" # Use OpenSSL's sha2 functions if possible { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for SHA224_Update in -lcrypto" >&5 @@ -31497,7 +31497,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by sudo $as_me 1.9.8, which was +This file was extended by sudo $as_me 1.9.8p1, which was generated by GNU Autoconf 2.71. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -31565,7 +31565,7 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config='$ac_cs_config_escaped' ac_cs_version="\\ -sudo config.status 1.9.8 +sudo config.status 1.9.8p1 configured by $0, generated by GNU Autoconf 2.71, with options \\"\$ac_cs_config\\" diff -urNa sudo-1.9.8/configure.ac sudo-1.9.8p1/configure.ac --- sudo-1.9.8/configure.ac Thu Sep 9 12:24:35 2021 +++ sudo-1.9.8p1/configure.ac Thu Sep 16 11:37:37 2021 @@ -18,7 +18,7 @@ dnl OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. dnl AC_PREREQ([2.70]) -AC_INIT([sudo], [1.9.8], [https://bugzilla.sudo.ws/], [sudo]) +AC_INIT([sudo], [1.9.8p1], [https://bugzilla.sudo.ws/], [sudo]) AC_CONFIG_HEADERS([config.h pathnames.h]) AC_CONFIG_SRCDIR([src/sudo.c]) AC_CONFIG_AUX_DIR([scripts]) @@ -2995,7 +2995,7 @@ else enable_openssl=yes fi - LIBTLS="${LIBTLS} -lcrypto -lssl" + LIBTLS="${LIBTLS} -lssl -lcrypto" # Use OpenSSL's sha2 functions if possible AC_CHECK_LIB(crypto, SHA224_Update, [ diff -urNa sudo-1.9.8/include/intercept.pb-c.h sudo-1.9.8p1/include/intercept.pb-c.h --- sudo-1.9.8/include/intercept.pb-c.h Thu Sep 9 12:24:24 2021 +++ sudo-1.9.8p1/include/intercept.pb-c.h Thu Sep 16 11:37:37 2021 @@ -16,7 +16,7 @@ typedef struct _InterceptRequest InterceptRequest; -typedef struct _ClientHello ClientHello; +typedef struct _InterceptHello InterceptHello; typedef struct _HelloResponse HelloResponse; typedef struct _PolicyCheckRequest PolicyCheckRequest; typedef struct _PolicyAcceptMessage PolicyAcceptMessage; @@ -47,7 +47,7 @@ InterceptRequest__TypeCase type_case; union { PolicyCheckRequest *policy_check_req; - ClientHello *hello; + InterceptHello *hello; } u; }; #define INTERCEPT_REQUEST__INIT \ @@ -59,18 +59,18 @@ * Hello message from sudo_intercept.so to main sudo process. * Sudo sends back the token and localhost port number. */ -struct _ClientHello +struct _InterceptHello { ProtobufCMessage base; int32_t pid; }; -#define CLIENT_HELLO__INIT \ - { PROTOBUF_C_MESSAGE_INIT (&client_hello__descriptor) \ +#define INTERCEPT_HELLO__INIT \ + { PROTOBUF_C_MESSAGE_INIT (&intercept_hello__descriptor) \ , 0 } /* - * Sudo response to a ClientHello from sudo_intercept.so. + * Sudo response to an InterceptHello from sudo_intercept.so. * The client uses the port number and token to connect back to sudo. */ struct _HelloResponse @@ -187,24 +187,24 @@ void intercept_request__free_unpacked (InterceptRequest *message, ProtobufCAllocator *allocator); -/* ClientHello methods */ -void client_hello__init - (ClientHello *message); -size_t client_hello__get_packed_size - (const ClientHello *message); -size_t client_hello__pack - (const ClientHello *message, +/* InterceptHello methods */ +void intercept_hello__init + (InterceptHello *message); +size_t intercept_hello__get_packed_size + (const InterceptHello *message); +size_t intercept_hello__pack + (const InterceptHello *message, uint8_t *out); -size_t client_hello__pack_to_buffer - (const ClientHello *message, +size_t intercept_hello__pack_to_buffer + (const InterceptHello *message, ProtobufCBuffer *buffer); -ClientHello * - client_hello__unpack +InterceptHello * + intercept_hello__unpack (ProtobufCAllocator *allocator, size_t len, const uint8_t *data); -void client_hello__free_unpacked - (ClientHello *message, +void intercept_hello__free_unpacked + (InterceptHello *message, ProtobufCAllocator *allocator); /* HelloResponse methods */ void hello_response__init @@ -325,8 +325,8 @@ typedef void (*InterceptRequest_Closure) (const InterceptRequest *message, void *closure_data); -typedef void (*ClientHello_Closure) - (const ClientHello *message, +typedef void (*InterceptHello_Closure) + (const InterceptHello *message, void *closure_data); typedef void (*HelloResponse_Closure) (const HelloResponse *message, @@ -353,7 +353,7 @@ /* --- descriptors --- */ extern const ProtobufCMessageDescriptor intercept_request__descriptor; -extern const ProtobufCMessageDescriptor client_hello__descriptor; +extern const ProtobufCMessageDescriptor intercept_hello__descriptor; extern const ProtobufCMessageDescriptor hello_response__descriptor; extern const ProtobufCMessageDescriptor policy_check_request__descriptor; extern const ProtobufCMessageDescriptor policy_accept_message__descriptor; diff -urNa sudo-1.9.8/plugins/sudoers/Makefile.in sudo-1.9.8p1/plugins/sudoers/Makefile.in --- sudo-1.9.8/plugins/sudoers/Makefile.in Thu Sep 9 12:24:24 2021 +++ sudo-1.9.8p1/plugins/sudoers/Makefile.in Thu Sep 16 11:37:37 2021 @@ -165,7 +165,7 @@ FUZZ_PROGS = fuzz_policy fuzz_sudoers fuzz_sudoers_ldif FUZZ_SEED_CORPUS = ${FUZZ_PROGS:=_seed_corpus.zip} FUZZ_LIBS = libparsesudoers.la @SUDOERS_LIBS@ $(LIB_FUZZING_ENGINE) -FUZZ_LDFLAGS = @LDFLAGS@ +FUZZ_LDFLAGS = @LDFLAGS@ @SUDOERS_LDFLAGS@ FUZZ_MAX_LEN = 4096 FUZZ_RUNS = 8192 diff -urNa sudo-1.9.8/plugins/sudoers/defaults.c sudo-1.9.8p1/plugins/sudoers/defaults.c --- sudo-1.9.8/plugins/sudoers/defaults.c Thu Sep 9 12:24:24 2021 +++ sudo-1.9.8p1/plugins/sudoers/defaults.c Thu Sep 16 11:37:37 2021 @@ -206,6 +206,9 @@ int rc; debug_decl(parse_default_entry, SUDOERS_DEBUG_DEFAULTS); + if (file == NULL) + file = "front-end"; + sudo_debug_printf(SUDO_DEBUG_INFO, "%s: %s:%d:%d: %s=%s op=%d", __func__, file, line, column, def->name, val ? val : "", op); diff -urNa sudo-1.9.8/plugins/sudoers/ldap_util.c sudo-1.9.8p1/plugins/sudoers/ldap_util.c --- sudo-1.9.8/plugins/sudoers/ldap_util.c Thu Sep 9 12:24:24 2021 +++ sudo-1.9.8p1/plugins/sudoers/ldap_util.c Thu Sep 16 11:37:37 2021 @@ -408,15 +408,13 @@ free(cmndspec); goto oom; } - if (strcmp(cmnd, "ALL") != 0) { - if ((c = calloc(1, sizeof(*c))) == NULL) { - free(cmndspec); - free(m); - goto oom; - } - m->name = (char *)c; - TAILQ_INIT(&c->digests); + if ((c = calloc(1, sizeof(*c))) == NULL) { + free(cmndspec); + free(m); + goto oom; } + m->name = (char *)c; + TAILQ_INIT(&c->digests); /* Negated commands have precedence so insert them at the end. */ if (negated) @@ -584,8 +582,8 @@ /* Fill in command member now that options have been processed. */ m->negated = negated; - if (c == NULL) { - /* No command name for "ALL" */ + if (strcmp(cmnd, "ALL") == 0) { + /* TODO: support digests with ALL */ m->type = ALL; if (cmndspec->tags.setenv == UNSPEC) cmndspec->tags.setenv = IMPLIED; diff -urNa sudo-1.9.8/plugins/sudoers/policy.c sudo-1.9.8p1/plugins/sudoers/policy.c --- sudo-1.9.8/plugins/sudoers/policy.c Thu Sep 9 12:24:24 2021 +++ sudo-1.9.8p1/plugins/sudoers/policy.c Thu Sep 16 11:37:37 2021 @@ -224,7 +224,7 @@ if (MATCHES(*cur, "prompt=")) { /* Allow epmpty prompt. */ user_prompt = *cur + sizeof("prompt=") - 1; - if (!append_default("passprompt_override", "true", true, NULL, defaults)) + if (!append_default("passprompt_override", NULL, true, NULL, defaults)) goto oom; continue; } @@ -285,7 +285,7 @@ if (MATCHES(*cur, "login_class=")) { CHECK(*cur, "login_class="); login_class = *cur + sizeof("login_class=") - 1; - if (!append_default("use_loginclass", "true", true, NULL, defaults)) + if (!append_default("use_loginclass", NULL, true, NULL, defaults)) goto oom; continue; } diff -urNa sudo-1.9.8/src/exec_intercept.c sudo-1.9.8p1/src/exec_intercept.c --- sudo-1.9.8/src/exec_intercept.c Thu Sep 9 12:24:24 2021 +++ sudo-1.9.8p1/src/exec_intercept.c Thu Sep 16 11:37:37 2021 @@ -100,7 +100,7 @@ goto bad; } - /* If we've already seen a ClientHello, expect a policy check first. */ + /* If we've already seen an InterceptHello, expect a policy check first. */ closure->state = sudo_token_isset(intercept_token) ? RECV_SECRET : RECV_HELLO_INITIAL; closure->details = details; @@ -636,7 +636,7 @@ default: /* Only accept hello on a socket with an accepted command. */ sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, - "got ClientHello without an accepted command"); + "got InterceptHello without an accepted command"); goto done; } break; @@ -850,7 +850,7 @@ closure->state = RECV_CONNECTION; break; case POLICY_ACCEPT: - /* Re-use event to read ClientHello from sudo_intercept.so ctor. */ + /* Re-use event to read InterceptHello from sudo_intercept.so ctor. */ if (sudo_ev_set(&closure->ev, fd, SUDO_EV_READ|SUDO_EV_PERSIST, intercept_cb, closure) == -1) { /* This cannot (currently) fail. */ sudo_warn("%s", U_("unable to add event to queue")); diff -urNa sudo-1.9.8/src/intercept.pb-c.c sudo-1.9.8p1/src/intercept.pb-c.c --- sudo-1.9.8/src/intercept.pb-c.c Thu Sep 9 12:24:24 2021 +++ sudo-1.9.8p1/src/intercept.pb-c.c Thu Sep 16 11:37:37 2021 @@ -52,49 +52,49 @@ assert(message->base.descriptor == &intercept_request__descriptor); protobuf_c_message_free_unpacked ((ProtobufCMessage*)message, allocator); } -void client_hello__init - (ClientHello *message) +void intercept_hello__init + (InterceptHello *message) { - static const ClientHello init_value = CLIENT_HELLO__INIT; + static const InterceptHello init_value = INTERCEPT_HELLO__INIT; *message = init_value; } -size_t client_hello__get_packed_size - (const ClientHello *message) +size_t intercept_hello__get_packed_size + (const InterceptHello *message) { - assert(message->base.descriptor == &client_hello__descriptor); + assert(message->base.descriptor == &intercept_hello__descriptor); return protobuf_c_message_get_packed_size ((const ProtobufCMessage*)(message)); } -size_t client_hello__pack - (const ClientHello *message, +size_t intercept_hello__pack + (const InterceptHello *message, uint8_t *out) { - assert(message->base.descriptor == &client_hello__descriptor); + assert(message->base.descriptor == &intercept_hello__descriptor); return protobuf_c_message_pack ((const ProtobufCMessage*)message, out); } -size_t client_hello__pack_to_buffer - (const ClientHello *message, +size_t intercept_hello__pack_to_buffer + (const InterceptHello *message, ProtobufCBuffer *buffer) { - assert(message->base.descriptor == &client_hello__descriptor); + assert(message->base.descriptor == &intercept_hello__descriptor); return protobuf_c_message_pack_to_buffer ((const ProtobufCMessage*)message, buffer); } -ClientHello * - client_hello__unpack +InterceptHello * + intercept_hello__unpack (ProtobufCAllocator *allocator, size_t len, const uint8_t *data) { - return (ClientHello *) - protobuf_c_message_unpack (&client_hello__descriptor, + return (InterceptHello *) + protobuf_c_message_unpack (&intercept_hello__descriptor, allocator, len, data); } -void client_hello__free_unpacked - (ClientHello *message, +void intercept_hello__free_unpacked + (InterceptHello *message, ProtobufCAllocator *allocator) { if(!message) return; - assert(message->base.descriptor == &client_hello__descriptor); + assert(message->base.descriptor == &intercept_hello__descriptor); protobuf_c_message_free_unpacked ((ProtobufCMessage*)message, allocator); } void hello_response__init @@ -388,7 +388,7 @@ PROTOBUF_C_TYPE_MESSAGE, offsetof(InterceptRequest, type_case), offsetof(InterceptRequest, u.hello), - &client_hello__descriptor, + &intercept_hello__descriptor, NULL, 0 | PROTOBUF_C_FIELD_FLAG_ONEOF, /* flags */ 0,NULL,NULL /* reserved1,reserved2, etc */ @@ -418,7 +418,7 @@ (ProtobufCMessageInit) intercept_request__init, NULL,NULL,NULL /* reserved[123] */ }; -static const ProtobufCFieldDescriptor client_hello__field_descriptors[1] = +static const ProtobufCFieldDescriptor intercept_hello__field_descriptors[1] = { { "pid", @@ -426,34 +426,34 @@ PROTOBUF_C_LABEL_NONE, PROTOBUF_C_TYPE_INT32, 0, /* quantifier_offset */ - offsetof(ClientHello, pid), + offsetof(InterceptHello, pid), NULL, NULL, 0, /* flags */ 0,NULL,NULL /* reserved1,reserved2, etc */ }, }; -static const unsigned client_hello__field_indices_by_name[] = { +static const unsigned intercept_hello__field_indices_by_name[] = { 0, /* field[0] = pid */ }; -static const ProtobufCIntRange client_hello__number_ranges[1 + 1] = +static const ProtobufCIntRange intercept_hello__number_ranges[1 + 1] = { { 1, 0 }, { 0, 1 } }; -const ProtobufCMessageDescriptor client_hello__descriptor = +const ProtobufCMessageDescriptor intercept_hello__descriptor = { PROTOBUF_C__MESSAGE_DESCRIPTOR_MAGIC, - "ClientHello", - "ClientHello", - "ClientHello", + "InterceptHello", + "InterceptHello", + "InterceptHello", "", - sizeof(ClientHello), + sizeof(InterceptHello), 1, - client_hello__field_descriptors, - client_hello__field_indices_by_name, - 1, client_hello__number_ranges, - (ProtobufCMessageInit) client_hello__init, + intercept_hello__field_descriptors, + intercept_hello__field_indices_by_name, + 1, intercept_hello__number_ranges, + (ProtobufCMessageInit) intercept_hello__init, NULL,NULL,NULL /* reserved[123] */ }; static const ProtobufCFieldDescriptor hello_response__field_descriptors[3] = diff -urNa sudo-1.9.8/src/intercept.proto sudo-1.9.8p1/src/intercept.proto --- sudo-1.9.8/src/intercept.proto Thu Sep 9 12:24:24 2021 +++ sudo-1.9.8p1/src/intercept.proto Thu Sep 16 11:37:37 2021 @@ -7,7 +7,7 @@ message InterceptRequest { oneof type { PolicyCheckRequest policy_check_req = 1; - ClientHello hello = 2; + InterceptHello hello = 2; } } @@ -15,12 +15,12 @@ * Hello message from sudo_intercept.so to main sudo process. * Sudo sends back the token and localhost port number. */ -message ClientHello { +message InterceptHello { int32 pid = 1; } /* - * Sudo response to a ClientHello from sudo_intercept.so. + * Sudo response to an InterceptHello from sudo_intercept.so. * The client uses the port number and token to connect back to sudo. */ message HelloResponse { diff -urNa sudo-1.9.8/src/sudo_intercept_common.c sudo-1.9.8p1/src/sudo_intercept_common.c --- sudo-1.9.8/src/sudo_intercept_common.c Thu Sep 9 12:24:24 2021 +++ sudo-1.9.8p1/src/sudo_intercept_common.c Thu Sep 16 11:37:37 2021 @@ -87,7 +87,7 @@ send_client_hello(int sock) { InterceptRequest msg = INTERCEPT_REQUEST__INIT; - ClientHello hello = CLIENT_HELLO__INIT; + InterceptHello hello = INTERCEPT_HELLO__INIT; uint8_t *buf = NULL; uint32_t msg_len; size_t len; @@ -124,7 +124,7 @@ } /* - * Receive HelloResponse from sudo over fd. + * Receive InterceptResponse from sudo over fd. */ InterceptResponse * recv_intercept_response(int fd) @@ -240,16 +240,22 @@ } /* - * Send ClientHello message to over the fd. + * Send InterceptHello message to over the fd. */ if (!send_client_hello(fd)) goto done; res = recv_intercept_response(fd); if (res != NULL) { - intercept_token.u64[0] = res->u.hello_resp->token_lo; - intercept_token.u64[1] = res->u.hello_resp->token_hi; - intercept_port = res->u.hello_resp->portno; + if (res->type_case == INTERCEPT_RESPONSE__TYPE_HELLO_RESP) { + intercept_token.u64[0] = res->u.hello_resp->token_lo; + intercept_token.u64[1] = res->u.hello_resp->token_hi; + intercept_port = res->u.hello_resp->portno; + } else { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "unexpected type_case value %d in %s from %s", + res->type_case, "InterceptResponse", "sudo"); + } intercept_response__free_unpacked(res, NULL); }