From 2a60816f75d3daeef2dd8f3956da5f366466088d Mon Sep 17 00:00:00 2001
From: "Todd C. Miller" <Todd.Miller@sudo.ws>
Date: Fri, 17 Apr 2020 15:57:06 -0600
Subject: [PATCH] I/O log plugins should be closed *before* the policy plugin,
 not after.

---
 src/sudo.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/sudo.c b/src/sudo.c
index a7c25404d..05b2a2acb 100644
--- a/src/sudo.c
+++ b/src/sudo.c
@@ -967,8 +967,8 @@ run_command(struct command_details *details)
     switch (cstat.type) {
     case CMD_ERRNO:
 	/* exec_setup() or execve() returned an error. */
-	policy_close(0, cstat.val);
 	iolog_close(0, cstat.val);
+	policy_close(0, cstat.val);
 	audit_close(SUDO_PLUGIN_EXEC_ERROR, cstat.val);
 	break;
     case CMD_WSTATUS:
@@ -978,8 +978,8 @@ run_command(struct command_details *details)
 	if (ISSET(details->flags, CD_SUDOEDIT_COPY))
 	    break;
 #endif
-	policy_close(status, 0);
 	iolog_close(status, 0);
+	policy_close(status, 0);
 	audit_close(SUDO_PLUGIN_WAIT_STATUS, cstat.val);
 	break;
     default: