Bug 562

Summary: rebuild_env() function can truncate uid
Product: Sudo Reporter: kbyanc
Component: SudoersAssignee: Todd C. Miller <Todd.Miller>
Status: RESOLVED FIXED    
Severity: enhancement CC: bgertzfield
Priority: low    
Version: 1.8.4   
Hardware: Macintosh   
OS: MacOS X   

Description kbyanc 2012-06-27 13:19:21 MDT 
uid_t is 32-bits so the maximal length in decimal is 10 digits.  MAX_UID_T_LEN, which represents the maximum length of the decimal string representation of a uid_t, suitably defaults to 10 characters.

However, the rebuild_env() function in plugins/sudoers/env.c causes 10-digit uids to be truncated in order to nul-terminate the string.  One more character (for the terminating nul) needs to be allocated for idbuf in this function.
Comment 1 Todd C. Miller 2012-09-12 15:03:15 MDT 
Fixed in sudo 1.8.6
Comment 2 Todd C. Miller 2013-12-16 15:08:02 MST 
*** Bug 629 has been marked as a duplicate of this bug. ***