[sudo-workers] Empty NewArgs causing internal error on Linux
Daniel Kopecek
dkopecek at redhat.com
Tue Sep 7 09:12:30 EDT 2010
Hello,
when sudo is compiled with --with-linux-audit and run with the -l
option as an user that is not allowed to run sudo, then an internal
error is triggered:
[dnk at dhcp-29-221 ~]$ sudo -l
[sudo] password for dnk:
Sorry, user dnk may not run sudo on dhcp-29-221.
sudo: internal error, tried to emalloc(0)
The problem is that NewArgv is empty (NewArgs[0] == NULL) when passed to
the linux_audit_command() function and therefore the following code
triggers the error:
linux_audit.c:
72 /* Convert argv to a flat string. */
73 for (size = 0, av = argv; *av != NULL; av++)
74 size += strlen(*av) + 1;
75 command = cp = emalloc(size);
That function is called via a wrapper from sudo.c:
559 audit_failure(NewArgv, "validation failure");
560 exit(1);
In the attachement you'll find a proposed fix for this problem along
with a change in some of the internal command names (so that the audit
cmd= field is "sudolist" and not just "list" for example). Not sure
whether you'll like the changes, I think that there are other ways how
to fix this too.
Dan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: sudo-1.7.4p3-sudolist.patch
Type: text/x-patch
Size: 2082 bytes
Desc: not available
URL: </pipermail/sudo-workers/attachments/20100907/f8953a49/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: </pipermail/sudo-workers/attachments/20100907/f8953a49/attachment-0001.bin>
More information about the sudo-workers
mailing list