diff options
| author | Todd C. Miller <millert@cvs.openbsd.org> | 2014-04-24 16:29:49 +0000 |
|---|---|---|
| committer | Todd C. Miller <millert@cvs.openbsd.org> | 2014-04-24 16:29:49 +0000 |
| commit | 79657697514bb6c99ca7d4c2c3ecb4f8f59b7545 (patch) | |
| tree | 11551c038df2a1cae760d0e766ea21b73517aec7 | |
| parent | 68f5d61e3a48539f8bb9a33ab8ecf305268e6f8f (diff) | |
Fix logic inversion when checking environment variables on the
command line against the blacklist. This is only a problem when
env_reset is disabled. CVE 2014-0106
| -rw-r--r-- | usr.bin/sudo/env.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/usr.bin/sudo/env.c b/usr.bin/sudo/env.c index 3dc11836ecc..ef2785d95bf 100644 --- a/usr.bin/sudo/env.c +++ b/usr.bin/sudo/env.c @@ -832,7 +832,7 @@ validate_env_vars(env_vars) okvar = matches_env_keep(var->value); } else { okvar = matches_env_delete(var->value) == FALSE; - if (okvar == FALSE) + if (okvar == TRUE) okvar = matches_env_check(var->value) != FALSE; } if (okvar == FALSE) { |