X-Git-Url: https://git.gag.com/?a=blobdiff_plain;f=find_path.c;h=78c96eaa72ec532c7327bb85abab54bd85c806a4;hb=35e75111658450b5f1c03f76bf2c696fbf8d0160;hp=3fcf314f91fa98d3b320f1a7773642adbad4efa7;hpb=a922b9e5432b28b092428393180b1a2c2569f708;p=debian%2Fsudo

diff --git a/find_path.c b/find_path.c
index 3fcf314..78c96ea 100644
--- a/find_path.c
+++ b/find_path.c
@@ -1,5 +1,6 @@
 /*
- * Copyright (c) 1996, 1998-2005 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Copyright (c) 1996, 1998-2005, 2010
+ *	Todd C. Miller <Todd.Miller@courtesan.com>
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -34,26 +35,16 @@
 #endif /* STDC_HEADERS */
 #ifdef HAVE_STRING_H
 # include <string.h>
-#else
-# ifdef HAVE_STRINGS_H
-#  include <strings.h>
-# endif
 #endif /* HAVE_STRING_H */
+#ifdef HAVE_STRINGS_H
+# include <strings.h>
+#endif /* HAVE_STRINGS_H */
 #ifdef HAVE_UNISTD_H
 # include <unistd.h>
 #endif /* HAVE_UNISTD_H */
-#ifdef HAVE_ERR_H
-# include <err.h>
-#else
-# include "emul/err.h"
-#endif /* HAVE_ERR_H */
 
 #include "sudo.h"
 
-#ifndef lint
-__unused static const char rcsid[] = "$Sudo: find_path.c,v 1.108.2.4 2007/06/12 01:43:01 millert Exp $";
-#endif /* lint */
-
 /*
  * This function finds the full pathname for a command and
  * stores it in a statically allocated array, filling in a pointer
@@ -62,11 +53,12 @@ __unused static const char rcsid[] = "$Sudo: find_path.c,v 1.108.2.4 2007/06/12
  * but it is in '.' and IGNORE_DOT is set.
  */
 int
-find_path(infile, outfile, sbp, path)
+find_path(infile, outfile, sbp, path, ignore_dot)
     char *infile;		/* file to find */
     char **outfile;		/* result parameter */
     struct stat *sbp;		/* stat result parameter */
     char *path;			/* path to search */
+    int ignore_dot;		/* don't check cwd */
 {
     static char command[PATH_MAX]; /* qualified filename */
     char *n;			/* for traversing path */
@@ -76,7 +68,7 @@ find_path(infile, outfile, sbp, path)
     int len;			/* length parameter */
 
     if (strlen(infile) >= PATH_MAX)
-	errx(1, "%s: File name too long", infile);
+	errorx(1, "%s: File name too long", infile);
 
     /*
      * If we were given a fully qualified or relative path
@@ -91,11 +83,6 @@ find_path(infile, outfile, sbp, path)
 	    return(NOT_FOUND);
     }
 
-    /* Use PATH passed in unless SECURE_PATH is in effect.  */
-#ifdef SECURE_PATH
-    if (!user_is_exempt())
-	path = SECURE_PATH;
-#endif /* SECURE_PATH */
     if (path == NULL)
 	return(NOT_FOUND);
     path = estrdup(path);
@@ -120,7 +107,7 @@ find_path(infile, outfile, sbp, path)
 	 */
 	len = snprintf(command, sizeof(command), "%s/%s", path, infile);
 	if (len <= 0 || len >= sizeof(command))
-	    errx(1, "%s: File name too long", infile);
+	    errorx(1, "%s: File name too long", infile);
 	if ((result = sudo_goodpath(command, sbp)))
 	    break;
 
@@ -133,8 +120,11 @@ find_path(infile, outfile, sbp, path)
      * Check current dir if dot was in the PATH
      */
     if (!result && checkdot) {
-	result = sudo_goodpath(infile, sbp);
-	if (result && def_ignore_dot)
+	len = snprintf(command, sizeof(command), "./%s", infile);
+	if (len <= 0 || len >= sizeof(command))
+	    errorx(1, "%s: File name too long", infile);
+	result = sudo_goodpath(command, sbp);
+	if (result && ignore_dot)
 	    return(NOT_FOUND_DOT);
     }