Fix "sudo -l command args", broken in sudo 1.9.13.

The value of user_args should not contain the command to be run in
"sudo -l command args", only the arguments of the command being checked.
This restores the pre-1.9.13 behavior.  GitHub issue #249

plugins/sudoers/logging.c

@@ -322,9 +322,9 @@ log_denial(int status, bool inform_user)
 		"sudo on %s.\n"), user_name, user_srunhost);
 	} else {
 	    sudo_printf(SUDO_CONV_ERROR_MSG, _("Sorry, user %s is not allowed "
-		"to execute '%s%s%s' as %s%s%s on %s.\n"),
-		user_name, user_cmnd, user_args ? " " : "",
-		user_args ? user_args : "",
+		"to execute '%s%s%s%s' as %s%s%s on %s.\n"),
+		user_name, user_cmnd, list_cmnd ? list_cmnd : "",
+		user_args ? " " : "", user_args ? user_args : "",
 		list_pw ? list_pw->pw_name : runas_pw ?
 		runas_pw->pw_name : user_name, runas_gr ? ":" : "",
 		runas_gr ? runas_gr->gr_name : "", user_host);

plugins/sudoers/parse.c

@@ -1067,8 +1067,8 @@ display_cmnd(struct sudo_nss_list *snl, struct passwd *pw)
 	    break;
     }
     if (match == ALLOW) {
-	/* For "sudo -l cmd" user_args includes the command being checked. */
-	const int len = sudo_printf(SUDO_CONV_INFO_MSG, "%s\n", user_args);
+	const int len = sudo_printf(SUDO_CONV_INFO_MSG, "%s%s%s\n",
+	    list_cmnd, user_args ? " " : "", user_args ? user_args : "");
 	ret = len < 0 ? -1 : true;
     }
     debug_return_int(ret);

plugins/sudoers/sudoers.c

@@ -1104,7 +1104,14 @@ set_cmnd(void)
 	/* set user_args */
 	free(user_args);
 	user_args = NULL;
-	if (NewArgc > 1) {
+	if (ISSET(sudo_mode, MODE_CHECK)) {
+	    if (NewArgc > 2) {
+		/* Skip the command being listed in NewArgv[1]. */
+		user_args = strvec_join(NewArgv + 2, ' ', NULL);
+		if (user_args == NULL)
+		    debug_return_int(NOT_FOUND_ERROR);
+	    }
+	} else if (NewArgc > 1) {
 	    if (ISSET(sudo_mode, MODE_SHELL|MODE_LOGIN_SHELL) &&
 		    ISSET(sudo_mode, MODE_RUN)) {
 		/*