* libmisc/env.c: Fix sanitize_env() noslash support. This fixes

	Alioth#311740. Thanks to Jason Cassell.

diff --git a/ChangeLog b/ChangeLog
index e440b310b543129645571fc4d2b296441769ca70..6a0095d7941dde1448845caeeb4f7cb958355702 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,10 +1,15 @@
+2009-01-24  Nicolas François  <nicolas.francois@centraliens.net>
+
+       * libmisc/env.c: Fix sanitize_env() noslash support. This fixes
+       Alioth#311740.
+
 2009-01-24  Nicolas François  <nicolas.francois@centraliens.net>
 
        * src/su.c: Do not sanitize the environment. This breaks
        --preserve-environment. This sanitation was disabled on Debian
        since quite some time with no reported issues, and sanitize_env()
        documentation agrees that it should be useless as all modern
-       Unixes will handle setuid executables properly. This Fixes
+       Unixes will handle setuid executables properly. This fixes
        Alioth#312287.
 
 2009-01-24  Nicolas François  <nicolas.francois@centraliens.net>

diff --git a/libmisc/env.c b/libmisc/env.c
index b46ca10c838e807e30ac541e798e72c7dc947ded..056602c46c8ef3714c402e40c512f2be5787f7e6 100644 (file)
--- a/libmisc/env.c
+++ b/libmisc/env.c
@@ -251,7 +251,7 @@ void sanitize_env (void)
                        if (strncmp (*cur, *bad, strlen (*bad)) != 0) {
                                continue;
                        }
-                       if (strchr (*cur, '/') != NULL) {
+                       if (strchr (*cur, '/') == NULL) {
                                continue;       /* OK */
                        }
                        for (move = cur; NULL != *move; move++) {