First Last Prev Next    This bug is not in your last search results.
Bug 852 - null pointer dereference/segfault in lib/util/event_poll.c
null pointer dereference/segfault in lib/util/event_poll.c
Status: RESOLVED DUPLICATE of bug 851
Product: Sudo
Classification: Unclassified
Component: Sudo
1.8.25
PC Linux
: low normal
Assigned To: Todd C. Miller
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2018-09-12 14:57 MDT by Jim Westfall
Modified: 2018-09-12 14:58 MDT (History)
0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Jim Westfall 2018-09-12 14:57:19 MDT 
Seeing a segfault when trying to run sudo 1.8.25 on an older linux server.  Its being caused by a NULL pointer dereference in lib/util/event_poll.c

int
sudo_ev_scan_impl(struct sudo_event_base *base, int flags)
{
    struct timespec now, ts, *timeout;
    struct sudo_event *ev;
    int nready;
    debug_decl(sudo_ev_scan_impl, SUDO_DEBUG_EVENT)

    if ((ev = TAILQ_FIRST(&base->timeouts)) != NULL) {
        sudo_gettime_mono(&now);
        sudo_timespecsub(&ev->timeout, &now, &ts);
        if (ts.tv_sec < 0 || (ts.tv_sec == 0 && ts.tv_nsec < 0))
            sudo_timespecclear(&ts);
        timeout = &ts;
    } else {
        if (ISSET(flags, SUDO_EVLOOP_NONBLOCK)) {
            sudo_timespecclear(&ts);
            timeout = &ts;
        } else {
            timeout = NULL;    <----
        }
    }

    nready = sudo_ev_poll(base->pfds, base->pfd_high + 1, timeout);  <----
...


static int
sudo_ev_poll(struct pollfd *fds, nfds_t nfds, const struct timespec *timo)
{
    const int timeout = (timo->tv_sec * 1000) + (timo->tv_nsec / 1000000);  <----

    return poll(fds, nfds, timeout);
}
Comment 1 Todd C. Miller 2018-09-12 14:58:20 MDT 
Fixed in sudo 1.8.25p1 out today.

*** This bug has been marked as a duplicate of bug 851 ***
First Last Prev Next    This bug is not in your last search results.