From 91f04dc3b46c5df163318e7dcd4ead3d6e0ffc87 Mon Sep 17 00:00:00 2001
From: "Todd C. Miller" <Todd.Miller@courtesan.com>
Date: Sun, 8 Mar 2009 20:57:01 +0000
Subject: [PATCH] Add --enable-env-debug flag to enable environment sanity
 checks.

---
 config.h.in  |  3 +++
 configure    | 47 ++++++++++++++++++++++++++++++++++++++---------
 configure.in | 15 +++++++++++++++
 env.c        | 36 ++++++++++++++++++++++++++++++++++++
 4 files changed, 92 insertions(+), 9 deletions(-)

diff --git a/config.h.in b/config.h.in
index ef3edc6c6..3d9974d36 100644
--- a/config.h.in
+++ b/config.h.in
@@ -32,6 +32,9 @@
 /* A colon-separated list of pathnames to be used as the editor for visudo. */
 #undef EDITOR
 
+/* Define to enable environment debugging. */
+#undef ENV_DEBUG
+
 /* Define to 1 if you want visudo to honor the EDITOR and VISUAL env
    variables. */
 #undef ENV_EDITOR
diff --git a/configure b/configure
index c2c63c7d4..b185e2d15 100755
--- a/configure
+++ b/configure
@@ -1495,6 +1495,7 @@ Optional Features:
   --enable-shell-sets-home
                           Set $HOME to target user in shell mode
   --disable-path-info     Print 'command not allowed' not 'command not found'
+  --enable-env-debug      Whether to enable environment debugging.
   --enable-gss-krb5-ccache-name
                           Use GSS-API to set the Kerberos V cred cache name
   --enable-static[=PKGS]  build static libraries [default=no]
@@ -4032,6 +4033,34 @@ echo "${ECHO_T}no" >&6; }
 fi
 
 
+{ echo "$as_me:$LINENO: checking whether to enable environment debugging" >&5
+echo $ECHO_N "checking whether to enable environment debugging... $ECHO_C" >&6; }
+# Check whether --enable-env_debug was given.
+if test "${enable_env_debug+set}" = set; then
+  enableval=$enable_env_debug;  case "$enableval" in
+    yes)	{ echo "$as_me:$LINENO: result: yes" >&5
+echo "${ECHO_T}yes" >&6; }
+		cat >>confdefs.h <<\_ACEOF
+#define ENV_DEBUG 1
+_ACEOF
+
+		;;
+    no)		{ echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6; }
+		;;
+    *)		{ echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6; }
+    		{ echo "$as_me:$LINENO: WARNING: Ignoring unknown argument to --enable-env-debug: $enableval" >&5
+echo "$as_me: WARNING: Ignoring unknown argument to --enable-env-debug: $enableval" >&2;}
+		;;
+  esac
+
+else
+  { echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6; }
+fi
+
+
 
 # Check whether --with-selinux was given.
 if test "${with_selinux+set}" = set; then
@@ -6184,7 +6213,7 @@ ia64-*-hpux*)
   ;;
 *-*-irix6*)
   # Find out which ABI we are using.
-  echo '#line 6187 "configure"' > conftest.$ac_ext
+  echo '#line 6216 "configure"' > conftest.$ac_ext
   if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
   (eval $ac_compile) 2>&5
   ac_status=$?
@@ -8043,11 +8072,11 @@ else
    -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
    -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
    -e 's:$: $lt_compiler_flag:'`
-   (eval echo "\"\$as_me:8046: $lt_compile\"" >&5)
+   (eval echo "\"\$as_me:8075: $lt_compile\"" >&5)
    (eval "$lt_compile" 2>conftest.err)
    ac_status=$?
    cat conftest.err >&5
-   echo "$as_me:8050: \$? = $ac_status" >&5
+   echo "$as_me:8079: \$? = $ac_status" >&5
    if (exit $ac_status) && test -s "$ac_outfile"; then
      # The compiler can only warn and ignore the option if not recognized
      # So say no if there are warnings other than the usual output.
@@ -8333,11 +8362,11 @@ else
    -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
    -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
    -e 's:$: $lt_compiler_flag:'`
-   (eval echo "\"\$as_me:8336: $lt_compile\"" >&5)
+   (eval echo "\"\$as_me:8365: $lt_compile\"" >&5)
    (eval "$lt_compile" 2>conftest.err)
    ac_status=$?
    cat conftest.err >&5
-   echo "$as_me:8340: \$? = $ac_status" >&5
+   echo "$as_me:8369: \$? = $ac_status" >&5
    if (exit $ac_status) && test -s "$ac_outfile"; then
      # The compiler can only warn and ignore the option if not recognized
      # So say no if there are warnings other than the usual output.
@@ -8437,11 +8466,11 @@ else
    -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
    -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
    -e 's:$: $lt_compiler_flag:'`
-   (eval echo "\"\$as_me:8440: $lt_compile\"" >&5)
+   (eval echo "\"\$as_me:8469: $lt_compile\"" >&5)
    (eval "$lt_compile" 2>out/conftest.err)
    ac_status=$?
    cat out/conftest.err >&5
-   echo "$as_me:8444: \$? = $ac_status" >&5
+   echo "$as_me:8473: \$? = $ac_status" >&5
    if (exit $ac_status) && test -s out/conftest2.$ac_objext
    then
      # The compiler can only warn and ignore the option if not recognized
@@ -10797,7 +10826,7 @@ else
   lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
   lt_status=$lt_dlunknown
   cat > conftest.$ac_ext <<EOF
-#line 10800 "configure"
+#line 10829 "configure"
 #include "confdefs.h"
 
 #if HAVE_DLFCN_H
@@ -10897,7 +10926,7 @@ else
   lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
   lt_status=$lt_dlunknown
   cat > conftest.$ac_ext <<EOF
-#line 10900 "configure"
+#line 10929 "configure"
 #include "confdefs.h"
 
 #if HAVE_DLFCN_H
diff --git a/configure.in b/configure.in
index a81de1551..141804fab 100644
--- a/configure.in
+++ b/configure.in
@@ -1181,6 +1181,21 @@ AC_ARG_ENABLE(path_info,
   esac
 ], AC_MSG_RESULT(no))
 
+AC_MSG_CHECKING(whether to enable environment debugging)
+AC_ARG_ENABLE(env_debug,
+[  --enable-env-debug      Whether to enable environment debugging.],
+[ case "$enableval" in
+    yes)	AC_MSG_RESULT(yes)
+		AC_DEFINE(ENV_DEBUG)
+		;;
+    no)		AC_MSG_RESULT(no)
+		;;
+    *)		AC_MSG_RESULT(no)
+    		AC_MSG_WARN([Ignoring unknown argument to --enable-env-debug: $enableval])
+		;;
+  esac
+], AC_MSG_RESULT(no))
+
 AC_ARG_WITH(selinux, [  --with-selinux          enable SELinux support],
 [case $with_selinux in
     yes)	SELINUX_USAGE="[[-r role]] [[-t type]] "
diff --git a/env.c b/env.c
index cff7df6ae..0b508c31f 100644
--- a/env.c
+++ b/env.c
@@ -279,11 +279,19 @@ setenv(var, val, overwrite)
 	    efree(env.envp);
 	    env.env_size = len + 2 + 128;
 	    env.envp = emalloc2(env.env_size, sizeof(char *));
+#ifdef ENV_DEBUG
+	    memset(env.envp, 0, env.env_size * sizeof(char *));
+#endif
 	}
 	memcpy(env.envp, environ, len * sizeof(char *));
 	env.envp[len] = NULL;
 	env.env_len = len;
 	environ = env.envp;
+#ifdef ENV_DEBUG
+    } else {
+	if (env.envp[env.env_len] != NULL)
+	    errorx(1, "setenv: corrupted envp, len mismatch");
+#endif
     }
     sudo_putenv(estring, TRUE, overwrite);
     return(0);
@@ -323,11 +331,19 @@ unsetenv(var)
 	    efree(env.envp);
 	    env.env_size = len + 1 + 128;
 	    env.envp = emalloc2(env.env_size, sizeof(char *));
+#ifdef ENV_DEBUG
+	    memset(env.envp, 0, env.env_size * sizeof(char *));
+#endif
 	}
 	memcpy(env.envp, environ, len * sizeof(char *));
 	env.envp[len] = NULL;
 	env.env_len = len;
 	environ = env.envp;
+#ifdef ENV_DEBUG
+    } else {
+	if (env.envp[env.env_len] != NULL)
+	    errorx(1, "unsetenv: corrupted envp, len mismatch");
+#endif
     }
 
     len = strlen(var);
@@ -372,11 +388,19 @@ putenv(char *string)
 	    efree(env.envp);
 	    env.env_size = len + 2 + 128;
 	    env.envp = emalloc2(env.env_size, sizeof(char *));
+#ifdef ENV_DEBUG
+	    memset(env.envp, 0, env.env_size * sizeof(char *));
+#endif
 	}
 	memcpy(env.envp, environ, len * sizeof(char *));
 	env.envp[len] = NULL;
 	env.env_len = len;
 	environ = env.envp;
+#ifdef ENV_DEBUG
+    } else {
+	if (env.envp[env.env_len] != NULL)
+	    errorx(1, "putenv: corrupted envp, len mismatch");
+#endif
     }
     sudo_putenv((char *)string, TRUE, TRUE);
     return(0);
@@ -401,9 +425,18 @@ sudo_putenv(str, dupcheck, overwrite)
     if (env.env_len + 2 > env.env_size) {
 	env.env_size += 128;
 	env.envp = erealloc3(env.envp, env.env_size, sizeof(char *));
+#ifdef ENV_DEBUG
+	memset(env.envp + env.env_len, 0,
+	    (env.env_size - env.env_len) * sizeof(char *));
+#endif
 	environ = env.envp;
     }
 
+#ifdef ENV_DEBUG
+    if (env.envp[env.env_len] != NULL)
+	errorx(1, "sudo_putenv: corrupted envp, len mismatch");
+#endif
+
     if (dupcheck) {
 	    len = (strchr(str, '=') - str) + 1;
 	    for (ep = env.envp; *ep; ep++) {
@@ -533,6 +566,9 @@ rebuild_env(sudo_mode, noexec)
     env.env_size = 128;
     old_envp = env.envp;
     env.envp = emalloc2(env.env_size, sizeof(char *));
+#ifdef ENV_DEBUG
+    memset(env.envp, 0, env.env_size * sizeof(char *));
+#endif
     if (def_env_reset || ISSET(sudo_mode, MODE_LOGIN_SHELL)) {
 	/* Pull in vars we want to keep from the old environment. */
 	for (ep = environ; *ep; ep++) {
-- 
2.40.0