Package: sudo Version: 1.6.9p17-3 Severity: normal Tags: patch sudo has a use-after-free bug when parsing wildcards in command names in sudoers. The symptom is that it can think a command does not match the wildcard when, really, it does. This happens semi-randomly, I can only reproduce it on certain wildcard matches on certain systems. But the patch is obvious enough.
Upstream has rearranged the code slightly in 1.7 (maybe to address this same bug), so this only affects lenny, not squeeze.
Fix use-after-free bug in parsing wildcard commands in sudoers. *ap is inside the gl struct. --- sudo-1.6.9p17/parse.c +++ sudo-1.6.9p17/parse.c @@ -316,9 +316,11 @@ break; } } - globfree(&gl); - if (*ap == NULL) + if (*ap == NULL) { + globfree(&gl); return(FALSE); + } + globfree(&gl); if (!sudoers_args || (!user_args && sudoers_args && !strcmp("\"\"", sudoers_args)) ||