[Bug 1565567] Re: segv in sudo_getgrgid

Eric Desrochers eric.desrochers at canonical.com
Tue May 3 23:30:47 UTC 2016

The segmentation fault[1] is due to a NULL pointer dereference[2] at :

[1] Core was generated by `sudo bash'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 0x00007fa01c0a6944 in sudo_getgrgid (gid=7241)
at /build/sudo-g3ghsu/sudo-1.8.16/plugins/sudoers/pwutil.c:462
462 /build/sudo-g3ghsu/sudo-1.8.16/plugins/sudoers/pwutil.c: No such file or directory.

[2] (gdb) p item->d.gr
$1 = (struct group *) 0x0

[3] - sudo-1.8.16/plugins/sudoers/pwutil.c:462
449 * Get a group entry by gid and allocate space for it.
450 */
451 struct group *
452 sudo_getgrgid(gid_t gid)
453 {
454 struct cache_item key, *item;
455 struct rbnode *node;
456 debug_decl(sudo_getgrgid, SUDOERS_DEBUG_NSS)
458 key.k.gid = gid;
459 getauthregistry(NULL, key.registry);
460 if ((node = rbfind(grcache_bygid, &key)) != NULL) {
461 item = node->data;
462 sudo_debug_printf(SUDO_DEBUG_DEBUG,
463 "%s: gid %u [%s] -> group %s [%s] (cache hit)", __func__,
464 (unsigned int)gid, key.registry, item->d.gr->gr_name,
465 item->registry);
466 goto done;
467 }

Three months ago, a additional debugging for pwutil functions has been introduced[4] upstream.
The addition is exactly where the segfault happen. I think it is worth looking this commit as a starting point.

[4] https://www.sudo.ws/repos/sudo/rev/908b83c3acbb

changeset 10331:908b83c3acbb
Additional debugging for pwutil functions.
author Todd C. Miller <Todd.Miller at courtesan.com>
date Fri, 22 Jan 2016 17:04:59 -0700 (3 months ago)
parents 5a2921412663
children 5113a3c04494
files plugins/sudoers/pwutil.c


You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to sudo in Ubuntu.

  segv in sudo_getgrgid

Status in sudo package in Ubuntu:

Bug description:
  If the user is in a group with no name (because libnss-db got removed
  and the group was defined there, for example...) then:

  the call to sudo_debug_printf in sudo_getgrgid
  (plugins/sudoers/pwutil.c, line 462) causes a SEGV when trying to get
  item->d.gr->gr_name (since item->d.gr is NULL).

To manage notifications about this bug go to:

More information about the foundations-bugs mailing list