Bug 358

Summary: Crash in sudo's setenv() when _var_ == NULL
Product: Sudo Reporter: Diego Elio Petteno' <flameeyes>
Component: SudoAssignee: Todd C. Miller <Todd.Miller>
Status: RESOLVED FIXED    
Severity: normal    
Priority: low    
Version: 1.7.1   
Hardware: PC   
OS: Linux   
URL: https://bugs.gentoo.org/show_bug.cgi?id=273785

Description Diego Elio Petteno' 2009-06-15 07:08:36 MDT 
Similar to bug #348 I got a bug reported that happens with pam_mount module set up. The problem seems to be that it passes an empty var, probably by mistake on the module's side, but still might be worth to harden sudo do accept that case too.

Thanks in advance,
Diego
Comment 1 Todd C. Miller 2009-06-15 09:13:04 MDT 
I've committed a change to make setenv() return EINVAL if var is NULL or empty which will be present in sudo 1.7.2.  I really think that checking for NULL in functions that take a string is a bad idea since it hides bugs in the code that calls it.  However, since there seems to be code that relies on this behavior I suppose there's not a better option.