Bugzilla – Bug 914
(Patch included) Segfault when pressing Ctrl+Z during PAM conversation input
Last modified: 2020-06-19 06:13:18 MDT
Created attachment 539 [details] Patch to fix bug I thought this was a bug in the PAM I'm coding, but after debugging, I found that it's actually a bug in sudo itself. To reproduce: 1) Configure sudo to use any PAM that requests user input via the conversation API. 2) Invoke sudo so it calls this PAM for authentication. 3) Press Ctrl+Z at the input prompt. Expected results: sudo should suspend and resume cleanly. Actual results: sudo crashes with a segmentation fault. Cause of issue + fix: The sudo_conv_callback structure's closure field should contain a pointer to a getpass_closure structure. The code populates this with "&closure", but this is incorrect as the "closure" argument referenced is already a pointer. As a result, when a pointer is later read from that structure, it's read from the wrong location, causing a segmentation fault. I tried replacing "cb.closure = &closure;" with "cb.closure = closure;" in plugins/sudoers/check.c, and it resolved the issue I was experiencing. I have attached a patch for this change.
Thanks, the closure used to be a struct, not a pointer. It looks like this got broken in 9b2022e6f11d as part of the fix for bug #910. I've committed this as https://www.sudo.ws/repos/sudo/rev/011b6a7663ef
Oh wow you're right, it does it even on the regular password prompt. Didn't think to try that. :P Glad I could help!
This was fixed in Sudo 1.8.31