Bug 358 – Crash in sudo's setenv() when _var_ == NULL

Bug 358 - Crash in sudo's setenv() when _var_ == NULL


Summary:	Crash in sudo's setenv() when _var_ == NULL

Status:	RESOLVED FIXED

Product:	Sudo
Classification:	Unclassified
Component:	Sudo
Version:	1.7.1
Hardware:	PC Linux

Importance:	low normal
Assigned To:	Todd C. Miller

URL:	https://bugs.gentoo.org/show_bug.cgi?...

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2009-06-15 07:08 MDT by Diego Elio Petteno'
Modified:	2009-06-15 09:13 MDT (History)
CC List:	0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Diego Elio Petteno' 2009-06-15 07:08:36 MDT

Similar to bug #348 I got a bug reported that happens with pam_mount module set up. The problem seems to be that it passes an empty var, probably by mistake on the module's side, but still might be worth to harden sudo do accept that case too.

Thanks in advance,
Diego

Comment 1 Todd C. Miller 2009-06-15 09:13:04 MDT

I've committed a change to make setenv() return EINVAL if var is NULL or empty which will be present in sudo 1.7.2.  I really think that checking for NULL in functions that take a string is a bad idea since it hides bugs in the code that calls it.  However, since there seems to be code that relies on this behavior I suppose there's not a better option.