File sudo-CVE-2023-22809.patch of Package sudo.27425

diff --git a/plugins/sudoers/sudoers.c b/plugins/sudoers/sudoers.c
index 5b20448..79a0fb7 100644
--- a/plugins/sudoers/sudoers.c
+++ b/plugins/sudoers/sudoers.c
@@ -983,7 +983,7 @@ static char *
 resolve_editor(const char *ed, size_t edlen, int nfiles, char **files, char ***argv_out)
 {
     char *cp, **nargv, *editor, *editor_path = NULL;
-    int ac, i, nargc;
+    int ac, i, nargc = 0;
     bool wasblank;
     debug_decl(resolve_editor, SUDO_DEBUG_PLUGIN)
 
@@ -1015,6 +1015,15 @@ resolve_editor(const char *ed, size_t edlen, int nfiles, char **files, char ***a
     }
     nargv = (char **) emalloc2(nargc + 1 + nfiles + 1, sizeof(char *));
     for (ac = 0; cp != NULL && ac < nargc; ac++) {
+	/*
+	 * We use "--" to separate the editor and arguments from the files
+	 * to edit.  The editor arguments themselves may not contain "--".
+	 */
+      if (strcmp(cp, "--") == 0) {
+	warningx(U_("editor arguments may not contain \"--\""));
+	errno = EINVAL;
+	debug_return_str(NULL);
+      }
 	nargv[ac] = cp;
 	cp = strtok(NULL, " \t");
     }
diff --git a/plugins/sudoers/visudo.c b/plugins/sudoers/visudo.c
index 79d8df3..d58a4ac 100644
--- a/plugins/sudoers/visudo.c
+++ b/plugins/sudoers/visudo.c
@@ -928,7 +928,7 @@ open_sudoers(const char *path, bool doedit, bool *keepopen)
 static char *
 get_editor(char **args)
 {
-    char *Editor, *EditorArgs, *EditorPath, *UserEditor, *UserEditorArgs;
+    char *Editor = NULL, *EditorArgs, *EditorPath, *UserEditor, *UserEditorArgs;
     debug_decl(get_editor, SUDO_DEBUG_UTIL)
 
     /*
@@ -949,7 +949,11 @@ get_editor(char **args)
 	} else {
 	    if (def_env_editor) {
 		/* If we are honoring $EDITOR this is a fatal error. */
-		fatalx(U_("specified editor (%s) doesn't exist"), UserEditor);
+	      if (errno == ENOENT) {
+		warningx(U_("specified editor (%s) doesn't exist"),
+			 Editor);
+	      }
+	      exit(EXIT_FAILURE);
 	    } else {
 		/* Otherwise, just ignore $EDITOR. */
 		UserEditor = NULL;