From c7140895af5da2946cfc85133d76f8557ef1613e Mon Sep 17 00:00:00 2001
From: "Todd C. Miller" <Todd.Miller@courtesan.com>
Date: Fri, 18 Nov 2005 01:38:32 +0000
Subject: [PATCH] Make a copy of the shell field in the passwd struct for
 NewArgv to avoid a use after free situation after sudo_endpwent() is called.

---
 sudo.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/sudo.c b/sudo.c
index a41310d2c..a68daf577 100644
--- a/sudo.c
+++ b/sudo.c
@@ -584,7 +584,7 @@ init_vars(sudo_mode, envp)
 	log_error(0, "uid %s does not exist in the passwd file!", pw_name);
     }
     if (user_shell == NULL || *user_shell == '\0')
-	user_shell = sudo_user.pw->pw_shell;
+	user_shell = estrdup(sudo_user.pw->pw_shell);
 
     /* It is now safe to use log_error() and set_perms() */
 
@@ -633,7 +633,7 @@ init_vars(sudo_mode, envp)
 	if (ISSET(sudo_mode, MODE_EDIT))
 	    NewArgv[0] = "sudoedit";
 	else if (ISSET(sudo_mode, MODE_LOGIN_SHELL))
-	    NewArgv[0] = runas_pw->pw_shell;
+	    NewArgv[0] = estrdup(runas_pw->pw_shell);
 	else if (user_shell && *user_shell)
 	    NewArgv[0] = user_shell;
 	else
-- 
2.40.0