From 972ee9a0fb1c61d82effcc468586b82f6afe650e Mon Sep 17 00:00:00 2001
From: "Todd C. Miller" <Todd.Miller@courtesan.com>
Date: Wed, 7 Aug 2013 10:13:04 -0600
Subject: [PATCH] Avoid "perm stack underflow" error when logging the unknown
 uid error.

---
 plugins/sudoers/sudoers.c | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/plugins/sudoers/sudoers.c b/plugins/sudoers/sudoers.c
index 244cd3b3b..023fa23da 100644
--- a/plugins/sudoers/sudoers.c
+++ b/plugins/sudoers/sudoers.c
@@ -147,7 +147,6 @@ sudoers_policy_init(void *info, char * const envp[])
     snl = sudo_read_nss();
 
     /* LDAP or NSS may modify the euid so we need to be root for the open. */
-    set_perms(PERM_INITIAL);
     set_perms(PERM_ROOT);
 
     /* Open and parse sudoers, set global defaults */
@@ -523,6 +522,7 @@ static void
 init_vars(char * const envp[])
 {
     char * const * ep;
+    bool unknown_user = false;
     debug_decl(init_vars, SUDO_DEBUG_PLUGIN)
 
     sudoers_initlocale(setlocale(LC_ALL, NULL), def_sudoers_locale);
@@ -563,16 +563,16 @@ init_vars(char * const envp[])
 
 	    /* Need to make a fake struct passwd for the call to log_fatal(). */
 	    sudo_user.pw = sudo_mkpwent(user_name, user_uid, user_gid, NULL, NULL);
-	    log_fatal(0, N_("unknown uid: %u"), (unsigned int) user_uid);
-	    /* NOTREACHED */
+	    unknown_user = true;
 	}
     }
 
     /*
-     * Get group list.
+     * Get group list and store initialize permissions.
      */
     if (user_group_list == NULL)
 	user_group_list = sudo_get_grlist(sudo_user.pw);
+    set_perms(PERM_INITIAL);
 
     /* Set runas callback. */
     sudo_defs_table[I_RUNAS_DEFAULT].callback = cb_runas_default;
@@ -584,6 +584,8 @@ init_vars(char * const envp[])
     sudo_defs_table[I_MAXSEQ].callback = io_set_max_sessid;
 
     /* It is now safe to use log_fatal() and set_perms() */
+    if (unknown_user)
+	log_fatal(0, N_("unknown uid: %u"), (unsigned int) user_uid);
     debug_return;
 }