Bug 348

Summary: Crash in sudo's setenv() when val == NULL
Product: Sudo Reporter: Diego Elio Petteno' <flameeyes>
Component: SudoAssignee: Todd C. Miller <Todd.Miller>
Status: RESOLVED FIXED    
Severity: high    
Priority: low    
Version: 1.7.1   
Hardware: PC   
OS: Linux   
URL: https://bugs.gentoo.org/show_bug.cgi?id=266361
Attachments: setenv patch to treat a NULL val as the empty string

Description Diego Elio Petteno' 2009-04-24 10:35:54 MDT 
I've received the report in the URL on Gentoo, with the new sudo 1.7.1; while the stack trace points at line 271 (which is the sync between environment pointers) the fact that the trace lists strlen() and the val parameter is NULL (0x0) I'm quite sure the problem is with line 260 instead.

At least glibc-2.9 setenv() function seem to accept a NULL val parameter, the man page does not report anything about what it means though, but I'd guess something like unsetenv().
Comment 1 Todd C. Miller 2009-04-24 11:10:15 MDT 
Created attachment 254 [details]
setenv patch to treat a NULL val as the empty string
Comment 2 Todd C. Miller 2009-07-28 13:48:06 MDT 
Fixed in sudo 1.7.2