Bug 556

Summary: sudo 1.8.4p4 core dumps across our fleet of severs
Product: Sudo Reporter: mathews.dennis
Component: SudoAssignee: Todd C. Miller <Todd.Miller>
Status: RESOLVED FIXED    
Severity: high    
Priority: low    
Version: 1.8.4   
Hardware: Sun   
OS: Solaris 2.x   
Attachments: pstack of core dump and output of sudo -V
Patch to prevent crash in handler_nofwd()
pstack of core dump

Description mathews.dennis 2012-05-10 22:26:49 MDT 
Created attachment 344 [details]
pstack of core dump and output of sudo -V

I'm not sure why, but I've found core dumps an all our servers ( Solaris 10 SPARC - 147440-12 ) with 1.8.4p4. Here is a 'pstack' output and 'sudo -V' output:
Comment 1 Todd C. Miller 2012-05-11 07:35:42 MDT 
What version of Solaris is this?
Comment 2 Todd C. Miller 2012-05-11 07:59:36 MDT 
Created attachment 345 [details]
Patch to prevent crash in handler_nofwd()

Apparently the siginfo_t structure in a siginfo-style signal handler can be NULL on Solaris at least.  The attached patch takes that into account.
Comment 3 mathews.dennis 2012-05-11 21:33:36 MDT 
Ok. I've applied this patch and installed on 2 hosts. Will let you know how it goes. BTW, these are Solaris 10 on kernel patch - 147440-12.
Comment 4 mathews.dennis 2012-05-13 04:58:28 MDT 
Even after applying the patch, we're seeing core dumps.( Attached )
Comment 5 mathews.dennis 2012-05-13 04:59:51 MDT 
Created attachment 346 [details]
pstack of core dump
Comment 6 Todd C. Miller 2012-05-14 10:20:54 MDT 
Are you sure the new stack trace is from the patched sudo?  It appears that the siginfo_t * argument is NULL in both of them and the patch will prevent the NULL dereference.  That signal handler does very little and the only possible case it could dump core when dereferencing the siginfo_t *.
Comment 7 mathews.dennis 2012-05-14 20:24:20 MDT 
Yep, the core file was generated a day after I installed the patched sudo.
/software/src/sudo/sudo-1.8.4p4/src>grep si_code exec.c
    if (info == NULL || info->si_code <= 0) {

But I have a theory that one of the pre-existing sessions running a script under the old sudo may have caused this core dump ? Because I've only had one core dump since the new package was installed. I should probably wait and see if there are any more. Haven't see a core dump on the other server I'm testing on either. Thanks !
Comment 8 Todd C. Miller 2012-05-17 11:08:57 MDT 
Fixed in sudo 1.8.5.