[Bug 1565567] Re: segv in sudo_getgrgid

Launchpad Bug Tracker 1565567 at bugs.launchpad.net
Wed May 11 15:39:16 UTC 2016

This bug was fixed in the package sudo - 1.8.16-0ubuntu1.1

sudo (1.8.16-0ubuntu1.1) xenial; urgency=medium

  * debian/patches/lp1565567.patch: fix crash when looking up a negative
    cached entry which is stored as a NULL passwd or group struct pointer
    in plugins/sudoers/pwutil.c. (LP: #1565567)

 -- Marc Deslauriers <marc.deslauriers at ubuntu.com>  Wed, 04 May 2016
11:36:54 -0400

** Changed in: sudo (Ubuntu Xenial)
       Status: Fix Committed => Fix Released

You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to sudo in Ubuntu.

  segv in sudo_getgrgid

Status in sudo:
Status in sudo package in Ubuntu:
  Fix Released
Status in sudo source package in Xenial:
  Fix Released

Bug description:

  In certain environments, for example when using LDAP, users can end up
  in a group with no name. When that happens, sudo crashes when
  attempting to look up the group name for the debug log.

  Upstream has commited a simple fix for this issue, it has been
  commited to Yakkety, and uploaded to Xenial.

  [Test Case]

  I currently don't know an easy way to reproduce this, it is
  environment-specific. A package containing the fix was successfully
  tested in the problematic environment.

  [Regression Potential]

  A regression in the patch would prevent users from using sudo. The
  risk of regression is low since the patch only changes the debug log.

  Original report:

  If the user is in a group with no name (because libnss-db got removed
  and the group was defined there, for example...) then:

  the call to sudo_debug_printf in sudo_getgrgid
  (plugins/sudoers/pwutil.c, line 462) causes a SEGV when trying to get
  item->d.gr->gr_name (since item->d.gr is NULL).

To manage notifications about this bug go to:

More information about the foundations-bugs mailing list