First Last Prev Next    This bug is not in your last search results.
Bug 348 - Crash in sudo's setenv() when val == NULL
Crash in sudo's setenv() when val == NULL
Status: RESOLVED FIXED
Product: Sudo
Classification: Unclassified
Component: Sudo
1.7.1
PC Linux
: low high
Assigned To: Todd C. Miller
https://bugs.gentoo.org/show_bug.cgi?...
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2009-04-24 10:35 MDT by Diego Elio Petteno'
Modified: 2009-07-28 13:48 MDT (History)
0 users

See Also:

Attachments
setenv patch to treat a NULL val as the empty string (449 bytes, patch)
2009-04-24 11:10 MDT, Todd C. Miller 		Details | Diff
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Diego Elio Petteno' 2009-04-24 10:35:54 MDT 
I've received the report in the URL on Gentoo, with the new sudo 1.7.1; while the stack trace points at line 271 (which is the sync between environment pointers) the fact that the trace lists strlen() and the val parameter is NULL (0x0) I'm quite sure the problem is with line 260 instead.

At least glibc-2.9 setenv() function seem to accept a NULL val parameter, the man page does not report anything about what it means though, but I'd guess something like unsetenv().
Comment 1 Todd C. Miller 2009-04-24 11:10:15 MDT 
Created attachment 254 [details]
setenv patch to treat a NULL val as the empty string
Comment 2 Todd C. Miller 2009-07-28 13:48:06 MDT 
Fixed in sudo 1.7.2
First Last Prev Next    This bug is not in your last search results.