[Bug 1565567] Re: segv in sudo_getgrgid

Marc Deslauriers marc.deslauriers at canonical.com
Wed May 4 16:36:38 UTC 2016 

Packages in the PPA have been successfully tested, and upstream has
commited a slightly more exhaustive fix:

https://www.sudo.ws/repos/sudo/rev/1d13341d53ec

I have uploaded the fix to yakkety.
I have uploaded the fix to xenial for processing by the SRU team.

** Changed in: sudo (Ubuntu)
       Status: Confirmed => Fix Committed

** Changed in: sudo (Ubuntu Xenial)
       Status: Confirmed => In Progress

** Changed in: sudo (Ubuntu Xenial)
   Importance: Undecided => High

** Description changed:

+ [Impact]
+ 
+ In certain environments, for example when using LDAP, users can end up
+ in a group with no name. When that happens, sudo crashes when attempting
+ to look up the group name for the debug log.
+ 
+ Upstream has commited a simple fix for this issue, it has been commited
+ to Yakkety, and uploaded to Xenial.
+ 
+ [Test Case]
+ 
+ I currently don't know an easy way to reproduce this, it is environment-
+ specific. A package containing the fix was successfully tested in the
+ problematic environment.
+ 
+ [Regression Potential]
+ 
+ A regression in the patch would prevent users from using sudo. The risk
+ of regression is low since the patch only changes the debug log.
+ 
+ 
+ Original report:
+ 
  If the user is in a group with no name (because libnss-db got removed
  and the group was defined there, for example...) then:
  
  the call to sudo_debug_printf in sudo_getgrgid
  (plugins/sudoers/pwutil.c, line 462) causes a SEGV when trying to get
  item->d.gr->gr_name (since item->d.gr is NULL).

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to sudo in Ubuntu.
https://bugs.launchpad.net/bugs/1565567

Title:
  segv in sudo_getgrgid

Status in sudo:
  Unknown
Status in sudo package in Ubuntu:
  Fix Committed
Status in sudo source package in Xenial:
  In Progress

Bug description:
  [Impact]

  In certain environments, for example when using LDAP, users can end up
  in a group with no name. When that happens, sudo crashes when
  attempting to look up the group name for the debug log.

  Upstream has commited a simple fix for this issue, it has been
  commited to Yakkety, and uploaded to Xenial.

  [Test Case]

  I currently don't know an easy way to reproduce this, it is
  environment-specific. A package containing the fix was successfully
  tested in the problematic environment.

  [Regression Potential]

  A regression in the patch would prevent users from using sudo. The
  risk of regression is low since the patch only changes the debug log.


  Original report:

  If the user is in a group with no name (because libnss-db got removed
  and the group was defined there, for example...) then:

  the call to sudo_debug_printf in sudo_getgrgid
  (plugins/sudoers/pwutil.c, line 462) causes a SEGV when trying to get
  item->d.gr->gr_name (since item->d.gr is NULL).

To manage notifications about this bug go to:
https://bugs.launchpad.net/sudo/+bug/1565567/+subscriptions

More information about the foundations-bugs mailing list