From 20a7633a3f32c853ddfacec4e114657180421291 Mon Sep 17 00:00:00 2001
From: "Todd C. Miller" <Todd.Miller@courtesan.com>
Date: Thu, 8 Mar 2012 11:30:21 -0500
Subject: [PATCH] Disable environment hooks after we get user_env back to make
 sure a plugin can't to modify user_env after we "own" it.  This is kind of a
 hack but we don't want the init_session plugin function to modify user_env.

---
 src/hooks.c | 26 ++++++++++++++++++++++++++
 src/sudo.c  |  4 ++++
 src/sudo.h  |  1 +
 3 files changed, 31 insertions(+)

diff --git a/src/hooks.c b/src/hooks.c
index 5e8a395ed..4f694cc8f 100644
--- a/src/hooks.c
+++ b/src/hooks.c
@@ -278,3 +278,29 @@ deregister_hook(struct sudo_hook *hook)
 
     debug_return_int(rval);
 }
+
+/* Deregister all environment handling hooks. */
+void
+deregister_env_hooks(void)
+{
+    struct sudo_hook_list *tofree;
+    debug_decl(deregister_env_hooks, SUDO_DEBUG_HOOKS)
+
+    while ((tofree = sudo_hook_setenv_list) != NULL) {
+	sudo_hook_setenv_list = sudo_hook_setenv_list->next;
+	efree(tofree);
+    }
+    while ((tofree = sudo_hook_unsetenv_list) != NULL) {
+	sudo_hook_unsetenv_list = sudo_hook_unsetenv_list->next;
+	efree(tofree);
+    }
+    while ((tofree = sudo_hook_getenv_list) != NULL) {
+	sudo_hook_getenv_list = sudo_hook_getenv_list->next;
+	efree(tofree);
+    }
+    while ((tofree = sudo_hook_putenv_list) != NULL) {
+	sudo_hook_putenv_list = sudo_hook_putenv_list->next;
+	efree(tofree);
+    }
+    debug_return;
+}
diff --git a/src/sudo.c b/src/sudo.c
index 00cb7238b..391350579 100644
--- a/src/sudo.c
+++ b/src/sudo.c
@@ -287,6 +287,10 @@ main(int argc, char *argv[], char *envp[])
 			plugin->name);
 		}
 	    }
+	    /* Now that we have the command's environment, disable env hooks. */
+	    deregister_env_hooks();
+
+	    /* Setup command details and run command/edit. */
 	    command_info_to_details(command_info, &command_details);
 	    command_details.argv = argv_out;
 	    command_details.envp = user_env_out;
diff --git a/src/sudo.h b/src/sudo.h
index ec981132f..c72f65274 100644
--- a/src/sudo.h
+++ b/src/sudo.h
@@ -231,6 +231,7 @@ int process_hooks_getenv(const char *name, char **val);
 int process_hooks_setenv(const char *name, const char *value, int overwrite);
 int process_hooks_putenv(char *string);
 int process_hooks_unsetenv(const char *name);
+void deregister_env_hooks(void);
 
 /* interfaces.c */
 int get_net_ifs(char **addrinfo);