|
Bugzilla – Full Text Bug Listing |
| Summary: | session password (e.g. pam_mount) causes segmentation violation - null pointer | ||
|---|---|---|---|
| Product: | Sudo | Reporter: | David Gardner <djgardner> |
| Component: | Sudo | Assignee: | Todd C. Miller <Todd.Miller> |
| Status: | RESOLVED FIXED | ||
| Severity: | normal | CC: | rodrigo |
| Priority: | normal | ||
| Version: | 1.6.9 | ||
| Hardware: | PC | ||
| OS: | Linux | ||
| Attachments: | One line patch. | ||
*** Bug 338 has been marked as a duplicate of this bug. *** Fixed in sudo 1.7.1. A beta version of sudo 1.7.1 may be downloaded from http://www.sudo.ws/devel.html |
Created attachment 238 [details] One line patch. sudo -u user command causes a SEGV when pam needs a password to open the session, (e.g. accounts that access an encrypted directory with pam_mount.) This is because the callback from pam_open_session to sudo_conv isn't checking the validity of def_prompt before checking its content, and it's NULL, at least sometimes in 1.6.9, Code seems unchanged in 1.7.0. I've attatched a one line patch that at least checks that it's not NULL before it gets strncmp'd, but I'm not sure that def_prompt is actually initialized to NULL anywhere, or if that's just a compiler feature.