Update to sudo 1.6.8p4

8 files changed, 43 insertions, 14 deletions

diff --git a/usr.bin/sudo/CHANGES b/usr.bin/sudo/CHANGES
index eb3edc5bef3..2cad65eb6c1 100644
--- a/usr.bin/sudo/CHANGES
+++ b/usr.bin/sudo/CHANGES
@@ -1734,7 +1734,20 @@ Sudo 1.6.8 released.
 
 Sudo 1.6.8p1 released.
 
-549) Bash exported functions and the CDPATH variable are now stripped from
-     the environment passed to the program to be executed.
+549) Bash exported functions are now stripped from the environment passed
+     to the program to be executed.
 
 Sudo 1.6.8p2 released.
+
+550) The CDPATH variable is now stripped from the environment passed
+     to the program to be executed.
+
+551) Fix temp file generation on systems where the _PATH_VARTMP macro
+     lacks a trailing slash.
+
+Sudo 1.6.8p3 released.
+
+552) The KRB5CCNAME environment variable is preserved during sudo
+     execution for password lookups that use GSSAPI.
+
+Sudo 1.6.8p4 released.
diff --git a/usr.bin/sudo/Makefile.in b/usr.bin/sudo/Makefile.in
index c456a75e818..93a8db2f3e4 100644
--- a/usr.bin/sudo/Makefile.in
+++ b/usr.bin/sudo/Makefile.in
@@ -130,7 +130,7 @@ TESTOBJS = interfaces.o testsudoers.o $(PARSEOBJS)
 
 LIBOBJS = @LIBOBJS@ @ALLOCA@
 
-VERSION = 1.6.8p2
+VERSION = 1.6.8p4
 
 DISTFILES = $(SRCS) $(HDRS) BUGS CHANGES HISTORY INSTALL INSTALL.configure \
 	    LICENSE Makefile.in PORTING README README.LDAP RUNSON TODO \
diff --git a/usr.bin/sudo/env.c b/usr.bin/sudo/env.c
index 5a05a4516ee..3f58b446ee4 100644
--- a/usr.bin/sudo/env.c
+++ b/usr.bin/sudo/env.c
@@ -88,6 +88,7 @@ static char *format_env		__P((char *, ...));
  */
 static const char *initial_badenv_table[] = {
     "IFS",
+    "CDPATH",
     "LOCALDOMAIN",
     "RES_OPTIONS",
     "HOSTALIASES",
@@ -141,7 +142,7 @@ static size_t env_size;		/* size of new_environ in char **'s */
 static size_t env_len;		/* number of slots used, not counting NULL */
 
 /*
- * Zero out environment and replace with a minimal set of
+ * Zero out environment and replace with a minimal set of KRB5CCNAME
  * USER, LOGNAME, HOME, TZ, PATH (XXX - should just set path to default)
  * May set user_path, user_shell, and/or user_prompt as side effects.
  */
@@ -149,8 +150,9 @@ char **
 zero_env(envp)
     char **envp;
 {
-    static char *newenv[8];
+    static char *newenv[9];
     char **ep, **nep = newenv;
+    char **ne_last = &newenv[(sizeof(newenv) / sizeof(newenv[0])) - 1];
     extern char *prev_user;
 
     for (ep = envp; *ep; ep++) {
@@ -159,6 +161,10 @@ zero_env(envp)
 		if (strncmp("HOME=", *ep, 5) == 0)
 		    break;
 		continue;
+	    case 'K':
+		if (strncmp("KRB5CCNAME=", *ep, 11) == 0)
+		    break;
+		continue;
 	    case 'L':
 		if (strncmp("LOGNAME=", *ep, 8) == 0)
 		    break;
@@ -195,8 +201,12 @@ zero_env(envp)
 	    if (**nep == **ep)
 		break;
 	}
-	if (*nep == NULL)
-	    *nep++ = *ep;
+	if (*nep == NULL) {
+	    if (nep < ne_last)
+		*nep++ = *ep;
+	    else
+		errx(1, "internal error, attempt to write outside newenv");
+	}
     }
 
 #ifdef HAVE_LDAP
@@ -205,7 +215,10 @@ zero_env(envp)
      * or files in the current directory.
      *
      */	     
-    *nep++ = "LDAPNOINIT=1";
+    if (nep < ne_last)
+	*nep++ = "LDAPNOINIT=1";
+    else
+	errx(1, "internal error, attempt to write outside newenv");
 #endif
 
     return(&newenv[0]);
diff --git a/usr.bin/sudo/sudo.8 b/usr.bin/sudo/sudo.8
index bf3592cc45c..43daf487c27 100644
--- a/usr.bin/sudo/sudo.8
+++ b/usr.bin/sudo/sudo.8
@@ -149,7 +149,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SUDO 8"
-.TH SUDO 8 "November 11, 2004" "1.6.8p2" "MAINTENANCE COMMANDS"
+.TH SUDO 8 "November 17, 2004" "1.6.8p4" "MAINTENANCE COMMANDS"
 .SH "NAME"
 sudo, sudoedit \- execute a command as another user
 .SH "SYNOPSIS"
diff --git a/usr.bin/sudo/sudo_edit.c b/usr.bin/sudo/sudo_edit.c
index 772c2423e6c..93cf275a0a4 100644
--- a/usr.bin/sudo/sudo_edit.c
+++ b/usr.bin/sudo/sudo_edit.c
@@ -73,7 +73,7 @@ int sudo_edit(argc, argv)
     const char *tmpdir;
     char **nargv, **ap, *editor, *cp;
     char buf[BUFSIZ];
-    int i, ac, ofd, tfd, nargc, rval;
+    int i, ac, ofd, tfd, nargc, rval, tmplen;
     sigaction_t sa;
     struct stat sb;
     struct timespec ts1, ts2;
@@ -95,6 +95,9 @@ int sudo_edit(argc, argv)
 #endif
     else
 	tmpdir = _PATH_TMP;
+    tmplen = strlen(tmpdir);
+    while (tmplen > 0 && tmpdir[tmplen - 1] == '/')
+	tmplen--;
 
     /*
      * For each file specified by the user, make a temporary version
@@ -141,7 +144,7 @@ int sudo_edit(argc, argv)
 	    cp++;
 	else
 	    cp = tf[i].ofile;
-	easprintf(&tf[i].tfile, "%s%s.XXXXXXXX", tmpdir, cp);
+	easprintf(&tf[i].tfile, "%.*s/%s.XXXXXXXX", tmplen, tmpdir, cp);
 	set_perms(PERM_USER);
 	tfd = mkstemp(tf[i].tfile);
 	set_perms(PERM_ROOT);
diff --git a/usr.bin/sudo/sudoers.5 b/usr.bin/sudo/sudoers.5
index 2e34c378887..a7d68d71050 100644
--- a/usr.bin/sudo/sudoers.5
+++ b/usr.bin/sudo/sudoers.5
@@ -149,7 +149,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SUDOERS 5"
-.TH SUDOERS 5 "November 11, 2004" "1.6.8p2" "MAINTENANCE COMMANDS"
+.TH SUDOERS 5 "November 17, 2004" "1.6.8p4" "MAINTENANCE COMMANDS"
 .SH "NAME"
 sudoers \- list of which users may execute what
 .SH "DESCRIPTION"
diff --git a/usr.bin/sudo/version.h b/usr.bin/sudo/version.h
index 297445344ba..44b5b9cd792 100644
--- a/usr.bin/sudo/version.h
+++ b/usr.bin/sudo/version.h
@@ -23,6 +23,6 @@
 #ifndef _SUDO_VERSION_H
 #define _SUDO_VERSION_H
 
-static const char version[] = "1.6.8p2";
+static const char version[] = "1.6.8p4";
 
 #endif /* _SUDO_VERSION_H */
diff --git a/usr.bin/sudo/visudo.8 b/usr.bin/sudo/visudo.8
index c04c5ce283e..5d99ce0d241 100644
--- a/usr.bin/sudo/visudo.8
+++ b/usr.bin/sudo/visudo.8
@@ -149,7 +149,7 @@
 .\" ========================================================================
 .\"
 .IX Title "VISUDO 8"
-.TH VISUDO 8 "November 11, 2004" "1.6.8p2" "MAINTENANCE COMMANDS"
+.TH VISUDO 8 "November 17, 2004" "1.6.8p4" "MAINTENANCE COMMANDS"
 .SH "NAME"
 visudo \- edit the sudoers file
 .SH "SYNOPSIS"