[sudo-workers] Empty NewArgs causing internal error on Linux

Daniel Kopecek dkopecek at redhat.com
Tue Sep 7 09:12:30 EDT 2010

 when sudo is compiled with --with-linux-audit and run with the -l
option as an user that is not allowed to run sudo, then an internal
error is triggered:

[dnk at dhcp-29-221 ~]$ sudo -l
[sudo] password for dnk: 
Sorry, user dnk may not run sudo on dhcp-29-221.
sudo: internal error, tried to emalloc(0)

The problem is that NewArgv is empty (NewArgs[0] == NULL) when passed to
the linux_audit_command() function and therefore the following code
triggers the error:

     72     /* Convert argv to a flat string. */
     73     for (size = 0, av = argv; *av != NULL; av++)
     74         size += strlen(*av) + 1;
     75     command = cp = emalloc(size);

That function is called via a wrapper from sudo.c:

    559         audit_failure(NewArgv, "validation failure");
    560         exit(1);

In the attachement you'll find a proposed fix for this problem along
with a change in some of the internal command names (so that the audit
cmd= field is "sudolist" and not just "list" for example). Not sure
whether you'll like the changes, I think that there are other ways how
to fix this too.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: sudo-1.7.4p3-sudolist.patch
Type: text/x-patch
Size: 2082 bytes
Desc: not available
URL: </pipermail/sudo-workers/attachments/20100907/f8953a49/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: </pipermail/sudo-workers/attachments/20100907/f8953a49/attachment-0001.bin>

More information about the sudo-workers mailing list