Bug 970 – sudo_sendlog crashes with non-existing or invalid key or cert

Bug 970 - sudo_sendlog crashes with non-existing or invalid key or cert


Summary:	sudo_sendlog crashes with non-existing or invalid key or cert

Status:	RESOLVED FIXED

Product:	Sudo
Classification:	Unclassified
Component:	Log server
Version:	1.9.5
Hardware:	PC Solaris 2.x

Importance:	low normal
Assigned To:	Todd C. Miller

URL:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2021-03-30 02:52 MDT by Pavel Heimlich
Modified:	2021-09-11 15:59 MDT (History)
CC List:	1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Pavel Heimlich 2021-03-30 02:52:39 MDT

To reproduce:
-bash-5.0$ rm a
-bash-5.0$ /usr/sbin/sudo_sendlog -k a -c /etc/ssl/sudo/certs/logsrvd_cert.pem -p 30344 -n /tmp/x
Connected to localhost:30344
Segmentation Fault (core dumped)
-bash-5.0$ pstack core 
core 'core' of 22658:   /usr/sbin/sudo_sendlog -k a -c /etc/ssl/sudo/certs/logsrvd_cert.pem -p
 00007fda4f166c78 OPENSSL_sk_dup () + 38
 00007fda4e878917 SSL_new () + 117
 000000000041957c main () + f6c
 0000000000412084 ???????? ()


Reproducible: always

This is on Solaris 11.4, amd64

Comment 1 Todd C. Miller 2021-03-31 08:13:10 MDT

The crash is fixed by https://www.sudo.ws/repos/sudo/rev/5fbadce88524

There are also some pending commits that will improve the error messages when the certificate, key or CA bundle are invalid.

Comment 2 Todd C. Miller 2021-05-12 07:36:30 MDT

Fixed in sudo 1.9.7