Store mulitple command digests of the same type as an array.

Otherwise, we end up with duplicated keys in the object. GitHub issue #370
sudo-project · Apr 25, 2024 · c429220 · c429220
1 parent 78699a8
commit c429220
Show file tree

Hide file tree

Showing 2 changed files with 42 additions and 13 deletions.
diff --git a/plugins/sudoers/cvtsudoers_json.c b/plugins/sudoers/cvtsudoers_json.c
@@ -31,6 +31,7 @@
 #include <ctype.h>
 
 #include <sudoers.h>
+#include <sudo_digest.h>
 #include <sudo_json.h>
 #include <cvtsudoers.h>
 #include <gram.h>
@@ -67,6 +68,7 @@ print_command_json(struct json_container *jsonc, const char *name, bool negated)
  struct command_digest *digest;
  struct json_value value;
  char *cmnd = c->cmnd;
+ unsigned int digest_type;
  const char *digest_name;
  debug_decl(print_command_json, SUDOERS_DEBUG_UTIL);
 
@@ -89,13 +91,36 @@ print_command_json(struct json_container *jsonc, const char *name, bool negated)
  if (!sudo_json_add_value(jsonc, "command", &value))
  debug_return_bool(false);
 
- /* Optional digest list. */
- TAILQ_FOREACH(digest, &c->digests, entries) {
- digest_name = digest_type_to_name(digest->digest_type);
- value.type = JSON_STRING;
- value.u.string = digest->digest_str;
- if (!sudo_json_add_value(jsonc, digest_name, &value))
- debug_return_bool(false);
+ /* Optional digest list, ordered by digest type. */
+ for (digest_type = 0; digest_type < SUDO_DIGEST_INVALID; digest_type++) {
+ unsigned int ndigests = 0;
+
+ TAILQ_FOREACH(digest, &c->digests, entries) {
+ if (digest->digest_type == digest_type)
+ ndigests++;
+ }
+ if (ndigests == 0)
+ continue;
+
+ digest_name = digest_type_to_name(digest_type);
+ if (ndigests > 1) {
+ if (!sudo_json_open_array(jsonc, digest_name))
+ debug_return_bool(false);
+ /* Only use digest_name for the array key, not value. */
+ digest_name = NULL;
+ }
+ TAILQ_FOREACH(digest, &c->digests, entries) {
+ if (digest->digest_type != digest_type)
+ continue;
+ value.type = JSON_STRING;
+ value.u.string = digest->digest_str;
+ if (!sudo_json_add_value(jsonc, digest_name, &value))
+ debug_return_bool(false);
+ }
+ if (ndigests > 1) {
+ if (!sudo_json_close_array(jsonc))
+ debug_return_bool(false);
+ }
  }
 
  /* Command may be negated. */

diff --git a/plugins/sudoers/regress/sudoers/test14.json.ok b/plugins/sudoers/regress/sudoers/test14.json.ok
@@ -3,15 +3,19 @@
  "LS": [
  {
  "command": "/bin/ls",
- "sha224": "d06a2617c98d377c250edd470fd5e576327748d82915d6e33b5f8db1",
- "sha224": "d7910e1967342b4605cb73a550944044c631cd3514001900966962ac"
+ "sha224": [
+ "d06a2617c98d377c250edd470fd5e576327748d82915d6e33b5f8db1",
+ "d7910e1967342b4605cb73a550944044c631cd3514001900966962ac"
+ ]
  }
  ],
  "SH": [
  {
  "command": "/bin/sh",
- "sha256": "hOtoe/iK6SlGg7w4BfZBBdSsXjUmTJ5+ts51yjh7vkM=",
- "sha256": "1IXHRCxXgSnIEnb+xBz4PAfWaPdXIBWKFF0QCwxJ5G4="
+ "sha256": [
+ "hOtoe/iK6SlGg7w4BfZBBdSsXjUmTJ5+ts51yjh7vkM=",
+ "1IXHRCxXgSnIEnb+xBz4PAfWaPdXIBWKFF0QCwxJ5G4="
+ ]
  }
  ]
  },
@@ -51,8 +55,8 @@
  "Commands": [
  {
  "command": "ALL",
- "sha384": "knMlCLkJ71K6uRrKo5C1CAvZ5kq+mRpjKDD/RofGosFjiGcYhiYYZORVyiRHgBnu",
- "sha256": "1IXHRCxXgSnIEnb+xBz4PAfWaPdXIBWKFF0QCwxJ5G4="
+ "sha256": "1IXHRCxXgSnIEnb+xBz4PAfWaPdXIBWKFF0QCwxJ5G4=",
+ "sha384": "knMlCLkJ71K6uRrKo5C1CAvZ5kq+mRpjKDD/RofGosFjiGcYhiYYZORVyiRHgBnu"
  }
  ]
  }