Bdale,
what's your stance on this?
Regards,
Joey
Alexandra N. Kossovsky wrote:
> Package: sudo-ldap
> Version: 1.6.9p17-2+lenny1
> Severity: grave
> Tags: security patch
> Justification: user security hole
>
> Hello.
>
> Following patch fixes memory access after free():
>
> --- parse.c 2010-05-05 13:43:20.000000000 +0400
> +++ parse.c.fixed 2010-05-05 13:42:45.000000000 +0400
> @@ -316,9 +316,11 @@
> break;
> }
> }
> - globfree(&gl);
> - if (*ap == NULL)
> + if (*ap == NULL) {
> + globfree(&gl);
> return(FALSE);
> + }
> + globfree(&gl);
>
> if (!sudoers_args ||
> (!user_args && sudoers_args && !strcmp("\"\"", sudoers_args)) ||
>
>
> Since ap points to the memory inside gl_pathv, it is not correct to
> check ap value when gl is freed. sudo is a security sensitive
> application, and there may be various effects of such access.
>
> I've created this patch after exploring the problem similar to Debian
> bugs 556562 578601. The patch fixes my problem.
--
It's time to close the windows.
Please always Cc to me when replying to me on the lists.
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
