Bug 559

Summary: Using -s option causes segfault
Product: Sudo Reporter: Howard Kash <howard.m.kash.civ>
Component: SudoAssignee: Todd C. Miller <Todd.Miller>
Status: RESOLVED FIXED    
Severity: normal    
Priority: low    
Version: 1.7.9   
Hardware: All   
OS: All   
Attachments: Fix for "sudo -s command" crash

Description Howard Kash 2012-06-14 15:44:34 MDT 
I believe the problem is in the code starting on line 726 of sudo.c.  The value of NewArgv[0] ends up being NULL and the strlen(infile) call in find_path.c segfaults on a NULL pointer.  The value of av[0], set to user_shell on line 726 od sudo.c, is subsequently replaced with a new value in the for loop on line 734.  Moving the av[0]=user_shell line to just before the av[1]="-c" line (line 747) fixes the problem.
Comment 1 Todd C. Miller 2012-06-14 16:22:00 MDT 
Created attachment 352 [details]
Fix for "sudo -s command" crash

This was due to a mis-merge from sudo trunk.  The attached patch moves the allocation until after the command has been escaped which fixes the problem.
Comment 2 Todd C. Miller 2012-09-12 15:04:50 MDT 
Fixed in sudo 1.7.10.