Bug 852

Summary: null pointer dereference/segfault in lib/util/event_poll.c
Product: Sudo Reporter: Jim Westfall <jwestfall>
Component: SudoAssignee: Todd C. Miller <Todd.Miller>
Status: RESOLVED DUPLICATE    
Severity: normal    
Priority: low    
Version: 1.8.25   
Hardware: PC   
OS: Linux   

Description Jim Westfall 2018-09-12 14:57:19 MDT 
Seeing a segfault when trying to run sudo 1.8.25 on an older linux server.  Its being caused by a NULL pointer dereference in lib/util/event_poll.c

int
sudo_ev_scan_impl(struct sudo_event_base *base, int flags)
{
    struct timespec now, ts, *timeout;
    struct sudo_event *ev;
    int nready;
    debug_decl(sudo_ev_scan_impl, SUDO_DEBUG_EVENT)

    if ((ev = TAILQ_FIRST(&base->timeouts)) != NULL) {
        sudo_gettime_mono(&now);
        sudo_timespecsub(&ev->timeout, &now, &ts);
        if (ts.tv_sec < 0 || (ts.tv_sec == 0 && ts.tv_nsec < 0))
            sudo_timespecclear(&ts);
        timeout = &ts;
    } else {
        if (ISSET(flags, SUDO_EVLOOP_NONBLOCK)) {
            sudo_timespecclear(&ts);
            timeout = &ts;
        } else {
            timeout = NULL;    <----
        }
    }

    nready = sudo_ev_poll(base->pfds, base->pfd_high + 1, timeout);  <----
...


static int
sudo_ev_poll(struct pollfd *fds, nfds_t nfds, const struct timespec *timo)
{
    const int timeout = (timo->tv_sec * 1000) + (timo->tv_nsec / 1000000);  <----

    return poll(fds, nfds, timeout);
}
Comment 1 Todd C. Miller 2018-09-12 14:58:20 MDT 
Fixed in sudo 1.8.25p1 out today.

*** This bug has been marked as a duplicate of bug 851 ***