role_to_sudoers: only try to reuse a privilege if one is present

sudo-project · Nov 2, 2023 · 2ffcda8 · 2ffcda8
1 parent 1a11be4
commit 2ffcda8
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/plugins/sudoers/parse_ldif.c b/plugins/sudoers/parse_ldif.c
@@ -427,7 +427,7 @@ role_to_sudoers(struct sudoers_parse_tree *parse_tree, struct sudo_role *role,
 	    U_("unable to allocate memory"));
     }
 
-    if (reuse_privilege) {
+    if (reuse_privilege && !TAILQ_EMPTY(&us->privileges)) {
 	/* Hostspec unchanged, append cmndlist to previous privilege. */
 	struct privilege *prev_priv = TAILQ_LAST(&us->privileges, privilege_list);
 	if (reuse_runas) {