diff -p -up sudo-1.6.9p17/parse.c.CVE-2009-0034 sudo-1.6.9p17/parse.c --- sudo-1.6.9p17/parse.c.CVE-2009-0034 2009-02-03 22:58:41.000000000 -0200 +++ sudo-1.6.9p17/parse.c 2009-02-03 22:59:20.000000000 -0200 @@ -621,10 +621,12 @@ usergr_matches(group, user, pw) /* * If the user has a supplementary group vector, check it first. */ - for (i = 0; i < user_ngroups; i++) { - if (grp->gr_gid == user_groups[i]) - return(TRUE); - } + if (strcmp(user, user_name) == 0) { + for (i = 0; i < user_ngroups; i++) { + if (grp->gr_gid == user_groups[i]) + return(TRUE); + } + } if (grp->gr_mem != NULL) { for (cur = grp->gr_mem; *cur; cur++) { if (strcmp(*cur, user) == 0)