|
Bugzilla – Full Text Bug Listing |
| Summary: | (Patch included) Segfault when pressing Ctrl+Z during PAM conversation input | ||
|---|---|---|---|
| Product: | Sudo | Reporter: | Michael Norton <flarn2006> |
| Component: | Sudoers | Assignee: | Todd C. Miller <Todd.Miller> |
| Status: | RESOLVED FIXED | ||
| Severity: | normal | ||
| Priority: | low | ||
| Version: | 1.8.30 | ||
| Hardware: | PC | ||
| OS: | Linux | ||
| Attachments: | Patch to fix bug | ||
Thanks, the closure used to be a struct, not a pointer. It looks like this got broken in 9b2022e6f11d as part of the fix for bug #910. I've committed this as https://www.sudo.ws/repos/sudo/rev/011b6a7663ef Oh wow you're right, it does it even on the regular password prompt. Didn't think to try that. :P Glad I could help! This was fixed in Sudo 1.8.31 |
Created attachment 539 [details] Patch to fix bug I thought this was a bug in the PAM I'm coding, but after debugging, I found that it's actually a bug in sudo itself. To reproduce: 1) Configure sudo to use any PAM that requests user input via the conversation API. 2) Invoke sudo so it calls this PAM for authentication. 3) Press Ctrl+Z at the input prompt. Expected results: sudo should suspend and resume cleanly. Actual results: sudo crashes with a segmentation fault. Cause of issue + fix: The sudo_conv_callback structure's closure field should contain a pointer to a getpass_closure structure. The code populates this with "&closure", but this is incorrect as the "closure" argument referenced is already a pointer. As a result, when a pointer is later read from that structure, it's read from the wrong location, causing a segmentation fault. I tried replacing "cb.closure = &closure;" with "cb.closure = closure;" in plugins/sudoers/check.c, and it resolved the issue I was experiencing. I have attached a patch for this change.