From 1ed27f38db3571c5f4e84ba85b0a3b2f239f829d Mon Sep 17 00:00:00 2001
From: millert <millert@openbsd.org>
Date: Thu, 24 Apr 2014 16:29:48 +0000
Subject: [PATCH] Fix logic inversion when checking environment variables on
 the command line against the blacklist.  This is only a problem when
 env_reset is disabled.  CVE 2014-0106

---
 usr.bin/sudo/env.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/usr.bin/sudo/env.c b/usr.bin/sudo/env.c
index 3dc11836ecc..ef2785d95bf 100644
--- a/usr.bin/sudo/env.c
+++ b/usr.bin/sudo/env.c
@@ -832,7 +832,7 @@ validate_env_vars(env_vars)
 		okvar = matches_env_keep(var->value);
 	} else {
 	    okvar = matches_env_delete(var->value) == FALSE;
-	    if (okvar == FALSE)
+	    if (okvar == TRUE)
 		okvar = matches_env_check(var->value) != FALSE;
 	}
 	if (okvar == FALSE) {
-- 
2.20.1