From: Greg Hudson Date: Tue, 24 Apr 2018 23:35:38 +0000 (-0400) Subject: Move zero argc check earlier in ksu X-Git-Tag: krb5-1.17-beta1~131 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F770%2Fhead;p=thirdparty%2Fkrb5.git Move zero argc check earlier in ksu For improved auditability, check for a zero argc value earlier in main() so that the first two calls to com_err() can't pass a NULL whoami value--which would be harmless, but that may not be obvious to a reader. ticket: 8661 --- diff --git a/src/clients/ksu/main.c b/src/clients/ksu/main.c index 5e79ef5f42..30f6db7716 100644 --- a/src/clients/ksu/main.c +++ b/src/clients/ksu/main.c @@ -121,6 +121,9 @@ main (argc, argv) krb5_boolean restrict_creds; krb5_deltat lifetime, rlife; + if (argc == 0) + exit(1); + params = (char **) xcalloc (2, sizeof (char *)); params[1] = NULL; @@ -138,8 +141,6 @@ main (argc, argv) exit(1); } - if (argc == 0) - exit(1); if (strrchr(argv[0], '/')) argv[0] = strrchr(argv[0], '/')+1; prog_name = argv[0];