Bug 743

Summary: segv in sudo_getgrgid when group has no name
Product: Sudo Reporter: Marc Deslauriers <marc.deslauriers>
Component: SudoersAssignee: Todd C. Miller <Todd.Miller>
Status: RESOLVED FIXED    
Severity: normal    
Priority: low    
Version: 1.8.16   
Hardware: PC   
OS: Linux   
Attachments: proposed patch currently being tested

Description Marc Deslauriers 2016-05-04 06:17:11 MDT 
Created attachment 475 [details]
proposed patch currently being tested

In certain environments, such as LDAP, a user can end up in a group with no name, in which case sudo will crash.

This is caused by the following commit:
https://www.sudo.ws/repos/sudo/rev/908b83c3acbb

...which tries to access item->d.gr->gr_name when item->d.gr is NULL.

Attached is a minimal fix being tested, but the analysis in the following downstream bug seems to indicate perhaps it shouldn't get cached like that in the first place:

https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/1565567

A distro-specific patch may be exposing the issue.
Comment 1 Todd C. Miller 2016-05-04 09:02:14 MDT 
Thanks for the great analysis.  This is fixed by the following commit:
https://www.sudo.ws/repos/sudo/rev/1d13341d53ec
Comment 2 Marc Deslauriers 2016-05-04 09:07:46 MDT 
Thanks for the fix! :)
Comment 3 Todd C. Miller 2016-06-18 06:00:19 MDT 
Fixed in sudo 1.8.17 which is now available.