|
Bugzilla – Full Text Bug Listing |
| Summary: | [PATCH] Segfault when hostname is empty. | ||
|---|---|---|---|
| Product: | Sudo | Reporter: | pprocacci |
| Component: | Sudo | Assignee: | Todd C. Miller <Todd.Miller> |
| Status: | RESOLVED FIXED | ||
| Severity: | high | CC: | ygy |
| Priority: | low | ||
| Version: | 1.8.21 | ||
| Hardware: | PC | ||
| OS: | FreeBSD | ||
| Attachments: | Fix empty user_host | ||
I should add, it actually appears to be initialized .... but in this case NULL. Passing NULL to strdup is an application bug. *words* FYI the original bug report in FreeBSD Bug Tracker is here: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=222510 Thanks for the detailed report. This is fixed by the following two commits: https://www.sudo.ws/repos/sudo/rev/fafb3a3083cb https://www.sudo.ws/repos/sudo/rev/03e281d93fff The first commit treats an empty host name the same as a gethostname() failure which will result in "localhost" being used. The second commit just adds some sanity checking and will error out if the sudo front end didn't at least set the user name, uid, gid and host name. Fixed in sudo 1.8.22, out now. |
Created attachment 501 [details] Fix empty user_host sudo-1.8.21p2/plugins/sudoers/policy.c:374 user_host can be used uninitialized here. Passing an uninitialized pointer to strdup is undefined behavior. My attached patch forces user_host to 'localhost', however you gents may have a better place of doing this.