Bug 732

Summary: sssd sudoers backend crashes for local users
Product: Sudo Reporter: Daniel Mueller <daniel.mueller>
Component: SudoersAssignee: Todd C. Miller <Todd.Miller>
Status: RESOLVED FIXED    
Severity: normal    
Priority: low    
Version: 1.8.15   
Hardware: PC   
OS: FreeBSD   
Attachments: Valgrind Output
Bugfix Patch for this problem

Description Daniel Mueller 2016-01-28 05:03:17 MST 
Created attachment 467 [details]
Valgrind Output

In Version 1.8.15 the sssd sudoers backend crashes if it can't find the user.
Version 1.8.13 doesn't have this bug, it was probably introduced by the changes in version 1.8.14.

Steps to reproduce:
-Compile sudo with sssd support
-In /etc/nssswitch.conf
   sudoers: files sss
-As user root run:
 sudo -l


Actual result:
Bus error

Expected result:
Show rules for user root

I have run sudo with valgrind and attached the valgrind log.

The crash is in sudo_sss_setdefs (sssd.c:456) because of uninitialized junk in sss_result pointer.

Initializing the variables in sudo_sss_setdefs with the attached patch seems to fix the problem.
Comment 1 Daniel Mueller 2016-01-28 05:05:39 MST 
Created attachment 468 [details]
Bugfix Patch for this problem
Comment 2 Todd C. Miller 2016-01-28 07:04:05 MST 
I actually ran into this yesterday while testing sudo with address sanitizer.  It was fixed in https://www.sudo.ws/repos/sudo/rev/fa1c8eaed6ac
Comment 3 Daniel Mueller 2016-02-05 04:29:21 MST 
I have tested the change fa1c8eaed6ac against 1.8.15 and can confirm that
everything works as expected.
No crash and the valgrind errors are gone.
Comment 4 Todd C. Miller 2016-03-17 10:19:19 MDT 
Fixed in 1.8.16, available now.