strlen
size_t cmnd_size = (size_t) (argv[argc - 1] - argv[0]) + strlen(argv[argc - 1]) + 1;
Well the first obvious issue is they used strlen() and not strnlen() -doh! Isn't there a pre-processor to check for this?
The second issue is they are subtracting pointer addresses. Taking the address of the last argument, subtracting the address of the first argument and then adding the size of the last one only - what about args in the middle? This code appears to be borked several ways.
I suspect that sudo for a command was scrutineered (? is that a word) in more detail than sudo -e / sudoedit.
This code is nearly as bad as David Korn's initial efforts in su, login, and passwd, which I had to upgrade for pam once upon a time. His code was a horror of #IFDEFs. At least the explicit length check I used had an 'n' in the function call, 25 years ago.
Biting the hand that feeds IT
