Your message dated Wed, 5 May 2010 21:55:10 +0200
with message-id <20100505195510.gb2...@galadriel.inutil.org>
and subject line Re: Bug#580342: sudo: Memory access after free()
has caused the Debian Bug report #580342,
regarding sudo: Memory access after free()
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
580342: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=580342
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: sudo-ldap
Version: 1.6.9p17-2+lenny1
Severity: grave
Tags: security patch
Justification: user security hole
Hello.
Following patch fixes memory access after free():
--- parse.c 2010-05-05 13:43:20.000000000 +0400
+++ parse.c.fixed 2010-05-05 13:42:45.000000000 +0400
@@ -316,9 +316,11 @@
break;
}
}
- globfree(&gl);
- if (*ap == NULL)
+ if (*ap == NULL) {
+ globfree(&gl);
return(FALSE);
+ }
+ globfree(&gl);
if (!sudoers_args ||
(!user_args && sudoers_args && !strcmp("\"\"", sudoers_args)) ||
Since ap points to the memory inside gl_pathv, it is not correct to
check ap value when gl is freed. sudo is a security sensitive
application, and there may be various effects of such access.
I've created this patch after exploring the problem similar to Debian
bugs 556562 578601. The patch fixes my problem.
Thank you for your work for Debian,
Alexandra.
-- System Information:
Debian Release: 5.0.4
APT prefers stable
APT policy: (500, 'stable')
Architecture: i386 (i686)
Kernel: Linux 2.6.26-2-686 (SMP w/2 CPU cores)
Locale: LANG=, LC_CTYPE=ru_RU.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages sudo-ldap depends on:
ii libc6 2.7-18lenny2 GNU C Library: Shared libraries
ii libldap-2.4-2 2.4.11-1+lenny1 OpenLDAP libraries
ii libpam-modules 1.0.1-5+lenny1 Pluggable Authentication Modules f
ii libpam0g 1.0.1-5+lenny1 Pluggable Authentication Modules l
sudo-ldap recommends no packages.
sudo-ldap suggests no packages.
-- debconf-show failed
--
Alexandra N. Kossovsky
OKTET Labs (http://www.oktetlabs.ru/)
Phones: +7(921)956-42-86(mobile) +7(812)783-21-91(office)
e-mail: sa...@oktetlabs.ru
--- End Message ---
--- Begin Message ---
Version: 1.7.0-1
Hi,
Alexandra N. Kossovsky wrote:
> Package: sudo-ldap
> Version: 1.6.9p17-2+lenny1
> Severity: grave
> Tags: security patch
> Justification: user security hole
>
> Hello.
>
> Following patch fixes memory access after free():
This has been reported before, see #565223.
Fixed upstream http://sudo.ws/bugs/show_bug.cgi?id=300
Bdale, since this has been reported at least twice and the
patch is straight-forward you might consider fixing it through
a stable point update.
Cheers,
Moritz
--- End Message ---
