base/SOURCES/sudo-1.8.6p3-strictuidgid.patch

diff -up sudo-1.8.6p3/plugins/sudoers/match.c.strictuidgid sudo-1.8.6p3/plugins/sudoers/match.c
--- sudo-1.8.6p3/plugins/sudoers/match.c.strictuidgid	2012-09-18 15:56:29.000000000 +0200
+++ sudo-1.8.6p3/plugins/sudoers/match.c	2013-08-08 16:22:00.413281960 +0200
@@ -650,14 +650,16 @@ hostname_matches(char *shost, char *lhos
 bool
 userpw_matches(char *sudoers_user, char *user, struct passwd *pw)
 {
-    debug_decl(userpw_matches, SUDO_DEBUG_MATCH)
-
-    if (pw != NULL && *sudoers_user == '#') {
-	uid_t uid = (uid_t) atoi(sudoers_user + 1);
-	if (uid == pw->pw_uid)
-	    debug_return_bool(true);
-    }
-    debug_return_bool(strcmp(sudoers_user, user) == 0);
+	debug_decl(userpw_matches, SUDO_DEBUG_MATCH)
+	if (pw != NULL && *sudoers_user == '#') {
+		char *end = NULL;
+		uid_t uid = (uid_t) strtol(sudoers_user + 1, &end, 10);
+		if (end != NULL && (sudoers_user[1] != '\0' && *end == '\0')) {
+			if (uid == pw->pw_uid)
+				debug_return_bool(true);
+		}
+	}
+	debug_return_bool(strcmp(sudoers_user, user) == 0);
 }
 
 /*
@@ -667,14 +669,16 @@ userpw_matches(char *sudoers_user, char
 bool
 group_matches(char *sudoers_group, struct group *gr)
 {
-    debug_decl(group_matches, SUDO_DEBUG_MATCH)
-
-    if (*sudoers_group == '#') {
-	gid_t gid = (gid_t) atoi(sudoers_group + 1);
-	if (gid == gr->gr_gid)
-	    debug_return_bool(true);
-    }
-    debug_return_bool(strcmp(gr->gr_name, sudoers_group) == 0);
+	debug_decl(group_matches, SUDO_DEBUG_MATCH)
+	if (*sudoers_group == '#') {
+		char *end = NULL;
+		gid_t gid = (gid_t) strtol(sudoers_group + 1, &end, 10);
+		if (end != NULL && (sudoers_group[1] != '\0' && *end == '\0')) {
+			if (gid == gr->gr_gid)
+				debug_return_bool(true);
+		}
+	}
+	debug_return_bool(strcmp(gr->gr_name, sudoers_group) == 0);
 }
 
 /*