File sudo-fix_NULL_deref_RunAs.patch of Package sudo.32788

diff --git a/plugins/sudoers/parse.c b/plugins/sudoers/parse.c
index 0d6d0eb..ab90945 100644
--- a/plugins/sudoers/parse.c
+++ b/plugins/sudoers/parse.c
@@ -41,6 +41,23 @@
 #include "sudo_lbuf.h"
 #include <gram.h>
 
+static int
+runas_matches_pw(struct sudoers_parse_tree *parse_tree,
+    const struct cmndspec *cs, const struct passwd *pw)
+{
+    debug_decl(runas_matches_pw, SUDOERS_DEBUG_PARSER);
+
+    if (cs->runasuserlist != NULL)
+	debug_return_int(userlist_matches(parse_tree, pw, cs->runasuserlist));
+
+    if (cs->runasgrouplist == NULL) {
+	/* No explicit runas user or group, use default. */
+	if (userpw_matches(def_runas_default, pw->pw_name, pw))
+	    debug_return_int(ALLOW);
+    }
+    debug_return_int(UNSPEC);
+}
+
 /*
  * Look up the user in the sudoers prase tree for pseudo-commands like
  * list, verify and kill.
@@ -67,6 +84,8 @@ sudoers_lookup_pseudo(struct sudo_nss_list *snl, struct passwd *pw,
     CLR(validated, FLAG_NO_HOST);
     if (list_pw != NULL) {
 	root_pw = sudo_getpwuid(ROOT_UID);
+	if (root_pw == NULL)
+	    log_warningx(SLOG_SEND_MAIL, N_("unknown uid %u"), ROOT_UID);
     } else {
 	SET(validated, FLAG_NO_CHECK);
     }
@@ -106,13 +125,15 @@ sudoers_lookup_pseudo(struct sudo_nss_list *snl, struct passwd *pw,
 			continue;
 		    }
 		    /* Runas user must match list user or root. */
-		    if (userlist_matches(nss->parse_tree, list_pw,
-			    cs->runasuserlist) == DENY ||
-			    userlist_matches(nss->parse_tree, root_pw,
-			    cs->runasuserlist) != ALLOW)
+		    if (runas_matches_pw(nss->parse_tree, cs, list_pw) == DENY)
+		      continue;
+		    if (root_pw == NULL || runas_matches_pw(nss->parse_tree,
+							    cs, root_pw) != ALLOW) {
 			continue;
-		    if (cmnd_matches(nss->parse_tree, cs->cmnd) == ALLOW)
+		    }
+		    if (cmnd_matches(nss->parse_tree, cs->cmnd) == ALLOW) {
 			match = ALLOW;
+		    }
 		}
 	    }
 	}