From b71844daf7497c8ffd26acdc126ab0c17bd2a96a Mon Sep 17 00:00:00 2001
From: "Todd C. Miller" <Todd.Miller@courtesan.com>
Date: Fri, 16 Apr 2010 07:56:16 -0400
Subject: [PATCH] Don't change the environ directly in the sudoers plugin

---
 config.h.in           |  3 --
 configure             | 94 ------------------------------------------
 configure.in          |  1 -
 plugins/sudoers/env.c | 95 ++++---------------------------------------
 4 files changed, 9 insertions(+), 184 deletions(-)

diff --git a/config.h.in b/config.h.in
index 24ded52fc..85fbb7779 100644
--- a/config.h.in
+++ b/config.h.in
@@ -587,9 +587,6 @@
 /* Define to 1 if you have the `_innetgr' function. */
 #undef HAVE__INNETGR
 
-/* Define to 1 if you have the `_NSGetEnviron' function. */
-#undef HAVE__NSGETENVIRON
-
 /* Define to 1 if your crt0.o defines the __progname symbol for you. */
 #undef HAVE___PROGNAME
 
diff --git a/configure b/configure
index 52693fa27..0eb782c19 100755
--- a/configure
+++ b/configure
@@ -13089,100 +13089,6 @@ done
 		CHECKSHADOW="false"
 		test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
 		: ${with_logincap='yes'}
-
-for ac_func in _NSGetEnviron
-do
-as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-{ echo "$as_me:$LINENO: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; }
-if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-/* Define $ac_func to an innocuous variant, in case <limits.h> declares $ac_func.
-   For example, HP-UX 11i <limits.h> declares gettimeofday.  */
-#define $ac_func innocuous_$ac_func
-
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char $ac_func (); below.
-    Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
-    <limits.h> exists even on freestanding compilers.  */
-
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
-
-#undef $ac_func
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char $ac_func ();
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined __stub_$ac_func || defined __stub___$ac_func
-choke me
-#endif
-
-int
-main ()
-{
-return $ac_func ();
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  eval "$as_ac_var=yes"
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	eval "$as_ac_var=no"
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-fi
-ac_res=`eval echo '${'$as_ac_var'}'`
-	       { echo "$as_me:$LINENO: result: $ac_res" >&5
-echo "${ECHO_T}$ac_res" >&6; }
-if test `eval echo '${'$as_ac_var'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-done
-
 		;;
     *-*-nextstep*)
 		# lockf() on is broken on the NeXT -- use flock instead
diff --git a/configure.in b/configure.in
index ae01054a4..e12a4ad7b 100644
--- a/configure.in
+++ b/configure.in
@@ -1741,7 +1741,6 @@ case "$host" in
 		CHECKSHADOW="false"
 		test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
 		: ${with_logincap='yes'}
-		AC_CHECK_FUNCS(_NSGetEnviron)
 		;;
     *-*-nextstep*)
 		# lockf() on is broken on the NeXT -- use flock instead
diff --git a/plugins/sudoers/env.c b/plugins/sudoers/env.c
index 956127faf..4856ace5f 100644
--- a/plugins/sudoers/env.c
+++ b/plugins/sudoers/env.c
@@ -104,13 +104,6 @@ struct environment {
 static void sudo_setenv(const char *, const char *, int);
 static void sudo_putenv(char *, int, int);
 
-/* XXX - should not need to muck with environ, use envp from env_init */
-#ifdef HAVE__NSGETENVIRON
-char **environ;			/* global environment */
-#else
-extern char **environ;		/* global environment */
-#endif
-
 /*
  * Copy of the sudo-managed environment.
  */
@@ -226,10 +219,6 @@ env_init(char * const envp[])
     size_t len;
     int rval = -1;
 
-#ifdef HAVE__NSGETENVIRON
-    environ = _NSGetEnviron();
-#endif
-
     for (ep = envp; *ep != NULL; ep++)
 	continue;
     len = (size_t)(ep - envp);
@@ -313,32 +302,10 @@ setenv(var, val, overwrite)
     }
     *ep = '\0';
 
-    /* Sync env.envp with environ as needed. */
-    if (env.envp != environ) {
-	char **ep;
-	size_t len;
-
-	for (ep = environ; *ep != NULL; ep++)
-	    continue;
-	len = ep - environ;
-	if (len + 2 > env.env_size) {
-	    efree(env.envp);
-	    env.env_size = len + 2 + 128;
-	    env.envp = emalloc2(env.env_size, sizeof(char *));
 #ifdef ENV_DEBUG
-	    memset(env.envp, 0, env.env_size * sizeof(char *));
+    if (env.envp[env.env_len] != NULL)
+	errorx(1, "setenv: corrupted envp, len mismatch");
 #endif
-	}
-	memcpy(env.envp, environ, len * sizeof(char *));
-	env.envp[len] = NULL;
-	env.env_len = len;
-	environ = env.envp;
-#ifdef ENV_DEBUG
-    } else {
-	if (env.envp[env.env_len] != NULL)
-	    errorx(1, "setenv: corrupted envp, len mismatch");
-#endif
-    }
     sudo_putenv(estring, TRUE, overwrite);
     return 0;
 }
@@ -367,30 +334,10 @@ unsetenv(var)
 #endif
     }
 
-    /* Make sure we are operating on the current environment. */
-    /* XXX - this could be optimized to include the search */
-    if (env.envp != environ) {
-	for (ep = environ; *ep != NULL; ep++)
-	    continue;
-	len = ep - environ;
-	if (len + 1 > env.env_size) {
-	    efree(env.envp);
-	    env.env_size = len + 1 + 128;
-	    env.envp = emalloc2(env.env_size, sizeof(char *));
 #ifdef ENV_DEBUG
-	    memset(env.envp, 0, env.env_size * sizeof(char *));
+    if (env.envp[env.env_len] != NULL)
+	errorx(1, "unsetenv: corrupted envp, len mismatch");
 #endif
-	}
-	memcpy(env.envp, environ, len * sizeof(char *));
-	env.envp[len] = NULL;
-	env.env_len = len;
-	environ = env.envp;
-#ifdef ENV_DEBUG
-    } else {
-	if (env.envp[env.env_len] != NULL)
-	    errorx(1, "unsetenv: corrupted envp, len mismatch");
-#endif
-    }
 
     len = strlen(var);
     for (ep = env.envp; *ep; ep++) {
@@ -423,32 +370,10 @@ putenv(string)
 	errno = EINVAL;
 	return -1;
     }
-    /* Sync env.envp with environ as needed. */
-    if (env.envp != environ) {
-	char **ep;
-	size_t len;
-
-	for (ep = environ; *ep != NULL; ep++)
-	    continue;
-	len = ep - environ;
-	if (len + 2 > env.env_size) {
-	    efree(env.envp);
-	    env.env_size = len + 2 + 128;
-	    env.envp = emalloc2(env.env_size, sizeof(char *));
 #ifdef ENV_DEBUG
-	    memset(env.envp, 0, env.env_size * sizeof(char *));
+    if (env.envp[env.env_len] != NULL)
+	errorx(1, "putenv: corrupted envp, len mismatch");
 #endif
-	}
-	memcpy(env.envp, environ, len * sizeof(char *));
-	env.envp[len] = NULL;
-	env.env_len = len;
-	environ = env.envp;
-#ifdef ENV_DEBUG
-    } else {
-	if (env.envp[env.env_len] != NULL)
-	    errorx(1, "putenv: corrupted envp, len mismatch");
-#endif
-    }
     sudo_putenv((char *)string, TRUE, TRUE);
     return 0;
 }
@@ -476,7 +401,6 @@ sudo_putenv(str, dupcheck, overwrite)
 	memset(env.envp + env.env_len, 0,
 	    (env.env_size - env.env_len) * sizeof(char *));
 #endif
-	environ = env.envp;
     }
 
 #ifdef ENV_DEBUG
@@ -618,7 +542,7 @@ rebuild_env(sudo_mode, noexec)
 #endif
     if (def_env_reset || ISSET(sudo_mode, MODE_LOGIN_SHELL)) {
 	/* Pull in vars we want to keep from the old environment. */
-	for (ep = environ; *ep; ep++) {
+	for (ep = old_envp; *ep; ep++) {
 	    int keepit;
 
 	    /* Skip variables with values beginning with () (bash functions) */
@@ -705,7 +629,7 @@ rebuild_env(sudo_mode, noexec)
 	 * Copy environ entries as long as they don't match env_delete or
 	 * env_check.
 	 */
-	for (ep = environ; *ep; ep++) {
+	for (ep = old_envp; *ep; ep++) {
 	    int okvar;
 
 	    /* Skip variables with values beginning with () (bash functions) */
@@ -809,8 +733,7 @@ rebuild_env(sudo_mode, noexec)
     snprintf(idbuf, sizeof(idbuf), "%lu", (unsigned long) user_gid);
     sudo_setenv("SUDO_GID", idbuf, TRUE);
 
-    /* Install new environment. */
-    environ = env.envp;
+    /* Free old environment. */
     efree(old_envp);
 }