From 0667fa97161d67eb22bbba89864d197113f49d50 Mon Sep 17 00:00:00 2001
From: Daniel Kopeček <mildew@fedoraproject.org>
Date: Jun 02 2010 09:18:34 +0000
Subject: - added patch that fixes insufficient environment sanitization issue

    (#598154)

---

diff --git a/sudo-1.7.2p2-envsanitize.patch b/sudo-1.7.2p2-envsanitize.patch
new file mode 100644
index 0000000..37dc38c
--- /dev/null
+++ b/sudo-1.7.2p2-envsanitize.patch
@@ -0,0 +1,83 @@
+diff -up sudo-1.7.2p2/env.c.orig sudo-1.7.2p2/env.c
+--- sudo-1.7.2p2/env.c.orig	2010-06-01 13:19:54.000000000 +0200
++++ sudo-1.7.2p2/env.c	2010-06-01 13:26:22.000000000 +0200
+@@ -321,7 +321,7 @@ int
+ unsetenv(var)
+     const char *var;
+ {
+-    char **ep;
++    char **ep = env.envp;
+     size_t len;
+ 
+     if (strchr(var, '=') != NULL) {
+@@ -359,13 +359,15 @@ unsetenv(var)
+     }
+ 
+     len = strlen(var);
+-    for (ep = env.envp; *ep; ep++) {
++    while (*ep != NULL) {
+ 	if (strncmp(var, *ep, len) == 0 && (*ep)[len] == '=') {
+ 	    /* Found it; shift remainder + NULL over by one and update len. */
+ 	    memmove(ep, ep + 1,
+ 		(env.env_len - (ep - env.envp)) * sizeof(char *));
+ 	    env.env_len--;
+-	    break;
++	    /* Keep going, could be multiple instances of the var. */
++	} else {
++	    ep++;
+ 	}
+     }
+ #ifndef UNSETENV_VOID
+@@ -433,6 +435,7 @@ sudo_putenv(str, dupcheck, overwrite)
+ {
+     char **ep;
+     size_t len;
++    int found = FALSE;
+ 
+     /* Make sure there is room for the new entry plus a NULL. */
+     if (env.env_len + 2 > env.env_size) {
+@@ -451,20 +454,34 @@ sudo_putenv(str, dupcheck, overwrite)
+ #endif
+ 
+     if (dupcheck) {
+-	    len = (strchr(str, '=') - str) + 1;
+-	    for (ep = env.envp; *ep; ep++) {
++	len = (strchr(str, '=') - str) + 1;
++	for (ep = env.envp; !found && *ep != NULL; ep++) {
++	    if (strncmp(str, *ep, len) == 0) {
++		if (overwrite)
++		    *ep = str;
++		found = TRUE;
++	    }
++	}
++	/* Prune out duplicate variables. */
++	if (found && overwrite) {
++	    while (*ep != NULL) {
+ 		if (strncmp(str, *ep, len) == 0) {
+-		    if (overwrite)
+-			*ep = str;
+-		    return;
++		    memmove(ep, ep + 1,
++			(env.env_len - (ep - env.envp)) * sizeof(char *));
++		    env.env_len--;
++		} else {
++		    ep++;
+ 		}
+ 	    }
+-    } else
+-	ep = env.envp + env.env_len;
++	}
++    }
+ 
+-    env.env_len++;
+-    *ep++ = str;
+-    *ep = NULL;
++    if (!found) {
++	ep = env.envp + env.env_len;
++	env.env_len++;
++	*ep++ = str;
++	*ep = NULL;
++    }
+ }
+ 
+ /*
diff --git a/sudo.spec b/sudo.spec
index 1ca5ef3..ecf5d87 100644
--- a/sudo.spec
+++ b/sudo.spec
@@ -1,7 +1,7 @@
 Summary: Allows restricted root access for specified users
 Name: sudo
 Version: 1.7.2p6
-Release: 1%{?dist}
+Release: 2%{?dist}
 License: BSD
 Group: Applications/System
 URL: http://www.courtesan.com/sudo/
@@ -31,6 +31,8 @@ Patch4: sudo-1.7.1-libtool.patch
 Patch5: sudo-1.7.2p4-getgrouplist.patch
 # audit support improvement
 Patch6: sudo-1.7.2p6-audit.patch
+# insufficient environment sanitization issue (#598154)
+Patch7: sudo-1.7.2p2-envsanitize.patch
 
 %description
 Sudo (superuser do) allows a system administrator to give certain
@@ -51,6 +53,7 @@ on many different machines.
 %patch4 -p1 -b .libtool
 %patch5 -p1 -b .getgrouplist
 %patch6 -p1 -b .audit
+%patch7 -p1 -b .envsanitize
 
 %build
 # handle newer autoconf
@@ -142,6 +145,9 @@ rm -rf $RPM_BUILD_ROOT
 /bin/chmod 0440 /etc/sudoers || :
 
 %changelog
+* Wed Jun  2 2010 Daniel Kopecek <dkopecek@redhat.com> - 1.7.2p6-2
+- added patch that fixes insufficient environment sanitization issue (#598154)
+
 * Wed Apr 14 2010 Daniel Kopecek <dkopecek@redhat.com> - 1.7.2p6-1
 - update to new upstream version
 - merged .audit and .libaudit patch