Don't pass user_cmnd and user_args to command_matches(), just use

the globals there.  Since we keep state with statics anyway it is
misleading to pretend that passing in different cmnd and cmnd_args
will work.

parse.c

@@ -227,12 +227,10 @@ sudoers_lookup(pwflag)
 
 /*
  * If path doesn't end in /, return TRUE iff cmnd & path name the same inode;
- * otherwise, return TRUE if cmnd names one of the inodes in path.
+ * otherwise, return TRUE if user_cmnd names one of the inodes in path.
  */
 int
-command_matches(cmnd, cmnd_args, path, sudoers_args)
+command_matches(path, sudoers_args)
-    char *cmnd;
-    char *cmnd_args;
     char *path;
     char *sudoers_args;
 {
@@ -245,19 +243,19 @@ command_matches(cmnd, cmnd_args, path, sudoers_args)
     static char *cmnd_base;
 
     /* Check for pseudo-commands */
-    if (strchr(cmnd, '/') == NULL) {
+    if (strchr(user_cmnd, '/') == NULL) {
 	/*
-	 * Return true if cmnd is "sudoedit" AND
+	 * Return true if both path and user_cmnd are "sudoedit" AND
 	 *  a) there are no args in sudoers OR
 	 *  b) there are no args on command line and none req by sudoers OR
 	 *  c) there are args in sudoers and on command line and they match
 	 */
-	if (strcmp(cmnd, "sudoedit") != 0 || strcmp(path, "sudoedit") != 0)
+	if (strcmp(path, "sudoedit") != 0 || strcmp(user_cmnd, "sudoedit") != 0)
 	    return(FALSE);
 	if (!sudoers_args ||
-	    (!cmnd_args && sudoers_args && !strcmp("\"\"", sudoers_args)) ||
+	    (!user_args && sudoers_args && !strcmp("\"\"", sudoers_args)) ||
 	    (sudoers_args &&
-	     fnmatch(sudoers_args, cmnd_args ? cmnd_args : "", 0) == 0)) {
+	     fnmatch(sudoers_args, user_args ? user_args : "", 0) == 0)) {
 	    if (safe_cmnd)
 		free(safe_cmnd);
 	    safe_cmnd = estrdup(path);
@@ -268,12 +266,12 @@ command_matches(cmnd, cmnd_args, path, sudoers_args)
 
     plen = strlen(path);
 
-    /* Only need to stat cmnd once since it never changes */
+    /* Only need to stat user_cmnd and set base once since it never changes */
-    if (cst.st_dev == 0) {
+    if (cmnd_base == NULL) {
-	if (stat(cmnd, &cst) == -1)
+	if (stat(user_cmnd, &cst) == -1)
 	    return(FALSE);
-	if ((cmnd_base = strrchr(cmnd, '/')) == NULL)
+	if ((cmnd_base = strrchr(user_cmnd, '/')) == NULL)
-	    cmnd_base = cmnd;
+	    cmnd_base = user_cmnd;
 	else
 	    cmnd_base++;
     }
@@ -290,12 +288,12 @@ command_matches(cmnd, cmnd_args, path, sudoers_args)
 	 *  c) there are args in sudoers and on command line and they match
 	 * else return false.
 	 */
-	if (fnmatch(path, cmnd, FNM_PATHNAME) != 0)
+	if (fnmatch(path, user_cmnd, FNM_PATHNAME) != 0)
 	    return(FALSE);
 	if (!sudoers_args ||
-	    (!cmnd_args && sudoers_args && !strcmp("\"\"", sudoers_args)) ||
+	    (!user_args && sudoers_args && !strcmp("\"\"", sudoers_args)) ||
 	    (sudoers_args &&
-	     fnmatch(sudoers_args, cmnd_args ? cmnd_args : "", 0) == 0)) {
+	     fnmatch(sudoers_args, user_args ? user_args : "", 0) == 0)) {
 	    if (safe_cmnd)
 		free(safe_cmnd);
 	    safe_cmnd = estrdup(user_cmnd);
@@ -310,7 +308,7 @@ command_matches(cmnd, cmnd_args, path, sudoers_args)
 	if (path[plen - 1] != '/') {
 	    char *p;
 
-	    /* Only proceed if the basenames of cmnd and path are the same */
+	    /* Only proceed if cmnd_base and basename(path) are the same */
 	    if ((p = strrchr(path, '/')) == NULL)
 		p = path;
 	    else
@@ -327,9 +325,9 @@ command_matches(cmnd, cmnd_args, path, sudoers_args)
 	    if (cst.st_dev != pst.st_dev || cst.st_ino != pst.st_ino)
 		return(FALSE);
 	    if (!sudoers_args ||
-		(!cmnd_args && sudoers_args && !strcmp("\"\"", sudoers_args)) ||
+		(!user_args && sudoers_args && !strcmp("\"\"", sudoers_args)) ||
 		(sudoers_args &&
-		 fnmatch(sudoers_args, cmnd_args ? cmnd_args : "", 0) == 0)) {
+		 fnmatch(sudoers_args, user_args ? user_args : "", 0) == 0)) {
 		if (safe_cmnd)
 		    free(safe_cmnd);
 		safe_cmnd = estrdup(path);
@@ -339,7 +337,7 @@ command_matches(cmnd, cmnd_args, path, sudoers_args)
 	}
 
 	/*
-	 * Grot through path's directory entries, looking for cmnd.
+	 * Grot through path's directory entries, looking for cmnd_base.
 	 */
 	dirp = opendir(path);
 	if (dirp == NULL)

parse.h

@@ -93,7 +93,7 @@ extern int top;
  * Prototypes
  */
 int addr_matches	__P((char *));
-int command_matches	__P((char *, char *, char *, char *));
+int command_matches	__P((char *, char *));
 int hostname_matches	__P((char *, char *, char *));
 int netgr_matches	__P((char *, char *, char *, char *));
 int userpw_matches	__P((char *, char *, struct passwd *));

testsudoers.c

@@ -117,63 +117,61 @@ has_meta(s)
 }
 
 /*
- * Returns TRUE if cmnd matches, in the sudo sense,
+ * Returns TRUE if user_cmnd matches, in the sudo sense,
  * the pathname in path; otherwise, return FALSE
  */
 int
-command_matches(cmnd, cmnd_args, path, sudoers_args)
+command_matches(path, sudoers_args)
-    char *cmnd;
-    char *cmnd_args;
     char *path;
     char *sudoers_args;
 {
     int clen, plen;
     char *args;
 
-    if (cmnd == NULL)
+    if (user_cmnd == NULL)
 	return(FALSE);
 
     if ((args = strchr(path, ' ')))
 	*args++ = '\0';
 
     if (has_meta(path)) {
-	if (fnmatch(path, cmnd, FNM_PATHNAME))
+	if (fnmatch(path, user_cmnd, FNM_PATHNAME))
 	    return(FALSE);
 	if (!sudoers_args)
 	    return(TRUE);
-	else if (!cmnd_args && sudoers_args && !strcmp("\"\"", sudoers_args))
+	else if (!user_args && sudoers_args && !strcmp("\"\"", sudoers_args))
 	    return(TRUE);
 	else if (sudoers_args)
-	    return((fnmatch(sudoers_args, cmnd_args ? cmnd_args : "", 0) == 0));
+	    return((fnmatch(sudoers_args, user_args ? user_args : "", 0) == 0));
 	else
 	    return(FALSE);
     } else {
 	plen = strlen(path);
 	if (path[plen - 1] != '/') {
-	    if (strcmp(cmnd, path))
+	    if (strcmp(user_cmnd, path))
 		return(FALSE);
 	    if (!sudoers_args)
 		return(TRUE);
-	    else if (!cmnd_args && sudoers_args && !strcmp("\"\"", sudoers_args))
+	    else if (!user_args && sudoers_args && !strcmp("\"\"", sudoers_args))
 		return(TRUE);
 	    else if (sudoers_args)
-		return((fnmatch(sudoers_args, cmnd_args ? cmnd_args : "", 0) == 0));
+		return((fnmatch(sudoers_args, user_args ? user_args : "", 0) == 0));
 	    else
 		return(FALSE);
 	}
 
-	clen = strlen(cmnd);
+	clen = strlen(user_cmnd);
 	if (clen < plen + 1)
-	    /* path cannot be the parent dir of cmnd */
+	    /* path cannot be the parent dir of user_cmnd */
 	    return(FALSE);
 
-	if (strchr(cmnd + plen + 1, '/') != NULL)
+	if (strchr(user_cmnd + plen + 1, '/') != NULL)
-	    /* path could only be an anscestor of cmnd -- */
+	    /* path could only be an anscestor of user_cmnd -- */
 	    /* ignoring, of course, things like // & /./  */
 	    return(FALSE);
 
-	/* see whether path is the prefix of cmnd */
+	/* see whether path is the prefix of user_cmnd */
-	return((strncmp(cmnd, path, plen) == 0));
+	return((strncmp(user_cmnd, path, plen) == 0));
     }
 }
 
@@ -390,7 +388,7 @@ main(argc, argv)
 	user_shost = user_host;
     }
 
-    /* Fill in cmnd_args from NewArgv. */
+    /* Fill in user_args from NewArgv. */
     if (NewArgc > 1) {
 	char *to, **from;
 	size_t size, n;

visudo.c

@@ -84,7 +84,7 @@ static RETSIGTYPE Exit		__P((int));
 static void setup_signals	__P((void));
 static int run_command		__P((char *, char **));
 static int check_syntax		__P((int));
-int command_matches		__P((char *, char *, char *, char *));
+int command_matches		__P((char *, char *));
 int addr_matches		__P((char *));
 int hostname_matches		__P((char *, char *, char *));
 int netgr_matches		__P((char *, char *, char *, char *));
@@ -482,9 +482,7 @@ main(argc, argv)
  * These exist to allow us to use the same parser as sudo(8).
  */
 int
-command_matches(cmnd, cmnd_args, path, sudoers_args)
+command_matches(path, sudoers_args)
-    char *cmnd;
-    char *cmnd_args;
     char *path;
     char *sudoers_args;
 {