[Bug 1565567] Re: segv in sudo_getgrgid

Adam Conrad adconrad at 0c3.net
Wed May 4 17:22:38 UTC 2016 

Hello LaMont, or anyone else affected,

Accepted sudo into xenial-proposed. The package will build now and be
available at https://launchpad.net/ubuntu/+source/sudo/1.8.16-0ubuntu1.1
in a few hours, and then in the -proposed repository.

Please help us by testing this new package.  See
https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to
enable and use -proposed.  Your feedback will aid us getting this update
out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug,
mentioning the version of the package you tested, and change the tag
from verification-needed to verification-done. If it does not fix the
bug for you, please add a comment stating that, and change the tag to
verification-failed.  In either case, details of your testing will help
us make a better decision.

Further information regarding the verification process can be found at
https://wiki.ubuntu.com/QATeam/PerformingSRUVerification .  Thank you in
advance!

** Changed in: sudo (Ubuntu Xenial)
       Status: In Progress => Fix Committed

** Tags added: verification-needed

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to sudo in Ubuntu.
https://bugs.launchpad.net/bugs/1565567

Title:
  segv in sudo_getgrgid

Status in sudo:
  Unknown
Status in sudo package in Ubuntu:
  Fix Committed
Status in sudo source package in Xenial:
  Fix Committed

Bug description:
  [Impact]

  In certain environments, for example when using LDAP, users can end up
  in a group with no name. When that happens, sudo crashes when
  attempting to look up the group name for the debug log.

  Upstream has commited a simple fix for this issue, it has been
  commited to Yakkety, and uploaded to Xenial.

  [Test Case]

  I currently don't know an easy way to reproduce this, it is
  environment-specific. A package containing the fix was successfully
  tested in the problematic environment.

  [Regression Potential]

  A regression in the patch would prevent users from using sudo. The
  risk of regression is low since the patch only changes the debug log.


  Original report:

  If the user is in a group with no name (because libnss-db got removed
  and the group was defined there, for example...) then:

  the call to sudo_debug_printf in sudo_getgrgid
  (plugins/sudoers/pwutil.c, line 462) causes a SEGV when trying to get
  item->d.gr->gr_name (since item->d.gr is NULL).

To manage notifications about this bug go to:
https://bugs.launchpad.net/sudo/+bug/1565567/+subscriptions

More information about the foundations-bugs mailing list