First Last Prev Next    This bug is not in your last search results.
Bug 743 - segv in sudo_getgrgid when group has no name
segv in sudo_getgrgid when group has no name
Status: RESOLVED FIXED
Product: Sudo
Classification: Unclassified
Component: Sudoers
1.8.16
PC Linux
: low normal
Assigned To: Todd C. Miller
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2016-05-04 06:17 MDT by Marc Deslauriers
Modified: 2016-06-18 06:00 MDT (History)
0 users

See Also:

Attachments
proposed patch currently being tested (842 bytes, patch)
2016-05-04 06:17 MDT, Marc Deslauriers 		Details | Diff
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Marc Deslauriers 2016-05-04 06:17:11 MDT 
Created attachment 475 [details]
proposed patch currently being tested

In certain environments, such as LDAP, a user can end up in a group with no name, in which case sudo will crash.

This is caused by the following commit:
https://www.sudo.ws/repos/sudo/rev/908b83c3acbb

...which tries to access item->d.gr->gr_name when item->d.gr is NULL.

Attached is a minimal fix being tested, but the analysis in the following downstream bug seems to indicate perhaps it shouldn't get cached like that in the first place:

https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/1565567

A distro-specific patch may be exposing the issue.
Comment 1 Todd C. Miller 2016-05-04 09:02:14 MDT 
Thanks for the great analysis.  This is fixed by the following commit:
https://www.sudo.ws/repos/sudo/rev/1d13341d53ec
Comment 2 Marc Deslauriers 2016-05-04 09:07:46 MDT 
Thanks for the fix! :)
Comment 3 Todd C. Miller 2016-06-18 06:00:19 MDT 
Fixed in sudo 1.8.17 which is now available.
First Last Prev Next    This bug is not in your last search results.