Bug 970

Summary: sudo_sendlog crashes with non-existing or invalid key or cert
Product: Sudo Reporter: Pavel Heimlich <tropikhajma>
Component: Log serverAssignee: Todd C. Miller <Todd.Miller>
Status: RESOLVED FIXED    
Severity: normal CC: mehmetgelisin
Priority: low    
Version: 1.9.5   
Hardware: PC   
OS: Solaris 2.x   

Description Pavel Heimlich 2021-03-30 02:52:39 MDT 
To reproduce:
-bash-5.0$ rm a
-bash-5.0$ /usr/sbin/sudo_sendlog -k a -c /etc/ssl/sudo/certs/logsrvd_cert.pem -p 30344 -n /tmp/x
Connected to localhost:30344
Segmentation Fault (core dumped)
-bash-5.0$ pstack core 
core 'core' of 22658:   /usr/sbin/sudo_sendlog -k a -c /etc/ssl/sudo/certs/logsrvd_cert.pem -p
 00007fda4f166c78 OPENSSL_sk_dup () + 38
 00007fda4e878917 SSL_new () + 117
 000000000041957c main () + f6c
 0000000000412084 ???????? ()


Reproducible: always

This is on Solaris 11.4, amd64
Comment 1 Todd C. Miller 2021-03-31 08:13:10 MDT 
The crash is fixed by https://www.sudo.ws/repos/sudo/rev/5fbadce88524

There are also some pending commits that will improve the error messages when the certificate, key or CA bundle are invalid.
Comment 2 Todd C. Miller 2021-05-12 07:36:30 MDT 
Fixed in sudo 1.9.7