sudoers_cleanup: free cached environment before running g/c.

Avoids a double free in fuzz_policy.

2 files changed, 3 insertions, 4 deletions

diff --git a/plugins/sudoers/regress/fuzz/fuzz_policy.c b/plugins/sudoers/regress/fuzz/fuzz_policy.c
index b36bf9b0b..ce58e2c88 100644
--- a/plugins/sudoers/regress/fuzz/fuzz_policy.c
+++ b/plugins/sudoers/regress/fuzz/fuzz_policy.c
@@ -498,13 +498,9 @@ LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
 	    sudoers_policy.close(0, 0);
 	else
 	    sudoers_cleanup();
-
-	/* Call a second time to free old env pointer. */
-	env_init(NULL);
     }
 
     sudoers_policy.deregister_hooks(SUDO_API_VERSION, fuzz_hook_stub);
-    sudoers_gc_run();
 
     free_dynamic_array(&plugin_args);
     free_dynamic_array(&settings);
diff --git a/plugins/sudoers/sudoers.c b/plugins/sudoers/sudoers.c
index c44c06503..44d027b76 100644
--- a/plugins/sudoers/sudoers.c
+++ b/plugins/sudoers/sudoers.c
@@ -1872,6 +1872,9 @@ sudoers_cleanup(void)
     sudo_freegrcache();
     canon_path_free_cache();
 
+    /* We must free the cached environment before running g/c. */
+    env_init(NULL);
+
     /* Run garbage collector. */
     sudoers_gc_run();