Bug 638

Summary: Hang due to invalid timestamp entry when using "Defaults timestamp_timeout=0"
Product: Sudo Reporter: Evangelos Foutras <evangelos>
Component: SudoersAssignee: Todd C. Miller <Todd.Miller>
Status: RESOLVED FIXED    
Severity: high    
Priority: low    
Version: 1.8.10   
Hardware: PC   
OS: Linux   
Attachments: Avoid writing empty timestamp records when timestamp_timeout is 0

Description Evangelos Foutras 2014-03-17 01:02:12 MDT
With "Defaults timestamp_timeout=0" specified in /etc/sudoers, sudo will create what appears to be an invalid timestamp entry. On subsequent invocations it will hang (after the correct password is typed in) and the following debug message is repeatedly logged (when debugging is configured in /etc/sudo.conf):

"wrong sized record, got 0, expected 40 @ ts_find_record() ./timestamp.c:125"

Tested this using sudo 1.8.10p1; didn't check 1.8.10 but I'm guessing it has the same problem. According to the user that originally reported this on the Arch Linux bug tracker, 1.8.9.p5 worked fine with the same settings.¹

Please let me know if you can reproduce the issue or if I need to provide more information.

¹ https://bugs.archlinux.org/task/39472
Comment 1 Todd C. Miller 2014-03-17 07:14:55 MDT
Created attachment 399 [details]
Avoid writing empty timestamp records when timestamp_timeout is 0

The attached patch is what I'm going to ship as part of 1.8.10p2
Comment 2 Evangelos Foutras 2014-03-17 10:22:47 MDT
(In reply to Todd C Miller from comment #1)
> Created attachment 399 [details]
> Avoid writing empty timestamp records when timestamp_timeout is 0
> 
> The attached patch is what I'm going to ship as part of 1.8.10p2

Tested 1.8.10p2 and can confirm that it fixes this issue.

Thanks!