https://bugzilla.redhat.com/show_bug.cgi?id=1885874
Bug ID: 1885874
Summary: double free in sss_to_sudoers
Product: Fedora
Version: 32
OS: Linux
Status: NEW
Component: sssd
Severity: high
Assignee: sssd-maintainers(a)lists.fedoraproject.org
Reporter: avi.kivity(a)gmail.com
QA Contact: extras-qa(a)fedoraproject.org
CC: abokovoy(a)redhat.com, atikhono(a)redhat.com,
jhrozek(a)redhat.com, lslebodn(a)redhat.com,
mzidek(a)redhat.com, pbrezina(a)redhat.com,
rharwood(a)redhat.com, sbose(a)redhat.com,
ssorce(a)redhat.com,
sssd-maintainers(a)lists.fedoraproject.org
Target Milestone: ---
Classification: Fedora
Description of problem:
Running 'sudo -s' crashes with
free(): double free detected in tcache 2
Version-Release number of selected component (if applicable):
sudo-1.9.2-1.fc32.x86_64
sssd-2.3.1-2.fc32.x86_64
How reproducible:
Always (on one machine)
Steps to Reproduce:
1. sudo -s
Actual results:
free(): double free detected in tcache 2
Expected results:
Root superpowers
Additional info:
This is a freeipa enrolled machine.
Backtrace:
(gdb) bt
#0 0x00007fdb051ae9e5 in raise () from /lib64/libc.so.6
#1 0x00007fdb05197895 in abort () from /lib64/libc.so.6
#2 0x00007fdb051f2857 in __libc_message () from /lib64/libc.so.6
#3 0x00007fdb051f9d7c in malloc_printerr () from /lib64/libc.so.6
#4 0x00007fdb051fb38d in _int_free () from /lib64/libc.so.6
#5 0x00007fdb056fa205 in sss_sudo_free_values () from
/usr/lib64/libsss_sudo.so
#6 0x00007fdaf779faaf in sss_rule_to_priv (rc_out=<synthetic pointer>,
rule=0x564ee50595d0, handle=0x564ee5055690) at ./sssd.c:336
#7 sss_to_sudoers (sss_result=0x564ee5057d50, handle=0x564ee5055690) at
./sssd.c:398
#8 sudo_sss_query (nss=<optimized out>, pw=<optimized out>) at ./sssd.c:684
#9 0x00007fdaf778f9b9 in sudoers_lookup (snl=<optimized out>,
pw=0x564ee5054d78, validated=validated@entry=96, pwflag=pwflag@entry=0) at
./parse.c:297
#10 0x00007fdaf77994ca in sudoers_policy_main (argc=argc@entry=1,
argv=argv@entry=0x564ee504aa80, pwflag=pwflag@entry=0,
env_add=env_add@entry=0x0, verbose=verbose@entry=false,
closure=closure@entry=0x7fff1050fc70) at ./sudoers.c:368
#11 0x00007fdaf7792090 in sudoers_policy_check (argc=1, argv=0x564ee504aa80,
env_add=0x0, command_infop=0x7fff1050fd30, argv_out=0x7fff1050fd38,
user_env_out=0x7fff1050fd40,
errstr=0x7fff1050fd58) at ./policy.c:974
#12 0x0000564ee349b14d in policy_check (user_env_out=0x7fff1050fd40,
argv_out=0x7fff1050fd38, command_info=0x7fff1050fd30, env_add=0x0,
argv=0x564ee504aa80, argc=1) at ./sudo.c:1162
#13 main (argc=<optimized out>, argv=<optimized out>, envp=0x7fff1050ffd0) at
./sudo.c:267
(gdb)
--
You are receiving this mail because:
You are on the CC list for the bug.
You are the assignee for the bug.