From ae7bb12335d173eb0904cca82c36b47451702f52 Mon Sep 17 00:00:00 2001
From: "Todd C. Miller" <Todd.Miller@sudo.ws>
Date: Fri, 17 Apr 2020 15:07:25 -0600
Subject: [PATCH] Free passwd and group caches in I/O plugin after
 log_warning(), not before. The logging functions may try to use the cache via
 set_perms(PERM_ROOT).

---
 plugins/sudoers/iolog.c  | 9 ++++-----
 plugins/sudoers/policy.c | 3 +--
 2 files changed, 5 insertions(+), 7 deletions(-)

diff --git a/plugins/sudoers/iolog.c b/plugins/sudoers/iolog.c
index e7b15369b..a27e6cd94 100644
--- a/plugins/sudoers/iolog.c
+++ b/plugins/sudoers/iolog.c
@@ -784,9 +784,6 @@ sudoers_io_close(int exit_status, int error)
     if (io_operations.close != NULL)
 	io_operations.close(exit_status, error, &errstr);
 
-    sudo_freepwcache();
-    sudo_freegrcache();
-
     if (errstr != NULL && !warned) {
 	/* Only warn about I/O log file errors once. */
 	log_warning(SLOG_SEND_MAIL,
@@ -794,9 +791,11 @@ sudoers_io_close(int exit_status, int error)
 	warned = true;
     }
 
-    sudoers_debug_deregister();
+    sudo_freepwcache();
+    sudo_freegrcache();
 
-    return;
+    /* sudoers_debug_deregister() calls sudo_debug_exit() for us. */
+    sudoers_debug_deregister();
 }
 
 static int
diff --git a/plugins/sudoers/policy.c b/plugins/sudoers/policy.c
index 782c60a7e..27a0ddc59 100644
--- a/plugins/sudoers/policy.c
+++ b/plugins/sudoers/policy.c
@@ -931,9 +931,8 @@ sudoers_policy_close(int exit_status, int error_code)
     free(audit_msg);
     audit_msg = NULL;
 
+    /* sudoers_debug_deregister() calls sudo_debug_exit() for us. */
     sudoers_debug_deregister();
-
-    return;
 }
 
 /*