X-Git-Url: https://git.gag.com/?a=blobdiff_plain;f=find_path.c;h=78c96eaa72ec532c7327bb85abab54bd85c806a4;hb=2c19e019cbc7f545a55a02a3476a1abb5fc4fe86;hp=673cd0df55913b3618b00e08706b23e5f0745ccf;hpb=812709a155f4e8ca2a6b6070bad027a372835857;p=debian%2Fsudo

diff --git a/find_path.c b/find_path.c
index 673cd0d..78c96ea 100644
--- a/find_path.c
+++ b/find_path.c
@@ -1,5 +1,6 @@
 /*
- * Copyright (c) 1996, 1998-2005 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Copyright (c) 1996, 1998-2005, 2010
+ *	Todd C. Miller <Todd.Miller@courtesan.com>
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -34,21 +35,16 @@
 #endif /* STDC_HEADERS */
 #ifdef HAVE_STRING_H
 # include <string.h>
-#else
-# ifdef HAVE_STRINGS_H
-#  include <strings.h>
-# endif
 #endif /* HAVE_STRING_H */
+#ifdef HAVE_STRINGS_H
+# include <strings.h>
+#endif /* HAVE_STRINGS_H */
 #ifdef HAVE_UNISTD_H
 # include <unistd.h>
 #endif /* HAVE_UNISTD_H */
 
 #include "sudo.h"
 
-#ifndef lint
-__unused static const char rcsid[] = "$Sudo: find_path.c,v 1.115 2005/03/29 14:29:46 millert Exp $";
-#endif /* lint */
-
 /*
  * This function finds the full pathname for a command and
  * stores it in a statically allocated array, filling in a pointer
@@ -57,11 +53,12 @@ __unused static const char rcsid[] = "$Sudo: find_path.c,v 1.115 2005/03/29 14:2
  * but it is in '.' and IGNORE_DOT is set.
  */
 int
-find_path(infile, outfile, sbp, path)
+find_path(infile, outfile, sbp, path, ignore_dot)
     char *infile;		/* file to find */
     char **outfile;		/* result parameter */
     struct stat *sbp;		/* stat result parameter */
     char *path;			/* path to search */
+    int ignore_dot;		/* don't check cwd */
 {
     static char command[PATH_MAX]; /* qualified filename */
     char *n;			/* for traversing path */
@@ -86,10 +83,7 @@ find_path(infile, outfile, sbp, path)
 	    return(NOT_FOUND);
     }
 
-    /* Use PATH passed in unless SECURE_PATH is in effect.  */
-    if (def_secure_path && !user_is_exempt())
-	path = def_secure_path;
-    else if (path == NULL)
+    if (path == NULL)
 	return(NOT_FOUND);
     path = estrdup(path);
     origpath = path;
@@ -126,8 +120,11 @@ find_path(infile, outfile, sbp, path)
      * Check current dir if dot was in the PATH
      */
     if (!result && checkdot) {
-	result = sudo_goodpath(infile, sbp);
-	if (result && def_ignore_dot)
+	len = snprintf(command, sizeof(command), "./%s", infile);
+	if (len <= 0 || len >= sizeof(command))
+	    errorx(1, "%s: File name too long", infile);
+	result = sudo_goodpath(command, sbp);
+	if (result && ignore_dot)
 	    return(NOT_FOUND_DOT);
     }