Make find_path() a little more generic by not checking def_foo

variables inside it.  Instead, pass in ignore_dot as a function
argument.

plugins/sudoers/find_path.c

@@ -53,7 +53,8 @@
  * but it is in '.' and IGNORE_DOT is set.
  */
 int
-find_path(char *infile, char **outfile, struct stat *sbp, char *path)
+find_path(char *infile, char **outfile, struct stat *sbp, char *path,
+    int ignore_dot)
 {
     static char command[PATH_MAX]; /* qualified filename */
     char *n;			/* for traversing path */
@@ -78,10 +79,7 @@ find_path(char *infile, char **outfile, struct stat *sbp, char *path)
 	    return(NOT_FOUND);
     }
 
-    /* Use PATH passed in unless SECURE_PATH is in effect.  */
-    if (def_secure_path && !user_is_exempt())
-	path = def_secure_path;
-    else if (path == NULL)
+    if (path == NULL)
 	return(NOT_FOUND);
     path = estrdup(path);
     origpath = path;
@@ -122,7 +120,7 @@ find_path(char *infile, char **outfile, struct stat *sbp, char *path)
 	if (len <= 0 || len >= sizeof(command))
 	    errorx(1, "%s: File name too long", infile);
 	result = sudo_goodpath(command, sbp);
-	if (result && def_ignore_dot)
+	if (result && ignore_dot)
 	    return(NOT_FOUND_DOT);
     }
 

plugins/sudoers/sudoers.c

@@ -738,6 +738,7 @@ static int
 set_cmnd(int sudo_mode)
 {
     int rval;
+    char *path = user_path;
 
     /* Set project if applicable. */
     set_project(runas_pw);
@@ -752,13 +753,17 @@ set_cmnd(int sudo_mode)
 
     if (sudo_mode & (MODE_RUN | MODE_EDIT | MODE_CHECK)) {
 	if (ISSET(sudo_mode, MODE_RUN | MODE_CHECK)) {
+	    if (def_secure_path && !user_is_exempt())
+		path = def_secure_path;
 	    set_perms(PERM_RUNAS);
-	    rval = find_path(NewArgv[0], &user_cmnd, user_stat, user_path);
+	    rval = find_path(NewArgv[0], &user_cmnd, user_stat, path,
+		def_ignore_dot);
 	    restore_perms();
 	    if (rval != FOUND) {
 		/* Failed as root, try as invoking user. */
 		set_perms(PERM_USER);
-		rval = find_path(NewArgv[0], &user_cmnd, user_stat, user_path);
+		rval = find_path(NewArgv[0], &user_cmnd, user_stat, path,
+		    def_ignore_dot);
 		restore_perms();
 	    }
 	}

plugins/sudoers/sudoers.h

@@ -199,7 +199,7 @@ struct passwd;
 char *sudo_goodpath(const char *, struct stat *);
 
 /* findpath.c */
-int find_path(char *, char **, struct stat *, char *);
+int find_path(char *, char **, struct stat *, char *, int);
 
 /* check.c */
 int check_user(int, int);

plugins/sudoers/visudo.c

@@ -806,7 +806,7 @@ get_editor(char **args)
 	UserEditor = NULL;
     else if (UserEditor) {
 	UserEditorArgs = get_args(UserEditor);
-	if (find_path(UserEditor, &Editor, NULL, getenv("PATH")) == FOUND) {
+	if (find_path(UserEditor, &Editor, NULL, getenv("PATH"), 0) == FOUND) {
 	    UserEditor = Editor;
 	} else {
 	    if (def_env_editor) {