Bug 324 – session password (e.g. pam_mount) causes segmentation violation - null pointer

Bug 324 - session password (e.g. pam_mount) causes segmentation violation - null pointer


Summary:	session password (e.g. pam_mount) causes segmentation violation - null pointer

Status:	RESOLVED FIXED

Product:	Sudo
Classification:	Unclassified
Component:	Sudo
Version:	1.6.9
Hardware:	PC Linux

Importance:	normal normal
Assigned To:	Todd C. Miller

URL:

Duplicates:	338 (view as bug list)
Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2009-01-16 08:17 MST by David Gardner
Modified:	2009-03-12 10:11 MDT (History)
CC List:	1 user (show)

See Also:

Attachments
One line patch. (581 bytes, patch) 2009-01-16 08:17 MST, David Gardner	Details \| Diff
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description David Gardner 2009-01-16 08:17:03 MST

Created attachment 238 [details]
One line patch.

sudo -u user command
causes a SEGV when pam needs a password to open the session, (e.g. accounts that access an encrypted directory with pam_mount.)
This is because the callback from pam_open_session to sudo_conv isn't checking the validity of def_prompt before checking its content, and it's NULL, at least sometimes in 1.6.9, Code seems unchanged in 1.7.0.

I've attatched a one line patch that at least checks that it's not NULL before it gets strncmp'd, but I'm not sure that def_prompt is actually initialized to NULL anywhere, or if that's just a compiler feature.

Comment 1 Todd C. Miller 2009-02-27 12:15:38 MST

*** Bug 338 has been marked as a duplicate of this bug. ***

Comment 2 Todd C. Miller 2009-03-12 10:11:07 MDT

Fixed in sudo 1.7.1.  A beta version of sudo 1.7.1 may be downloaded from http://www.sudo.ws/devel.html