https://bugzilla.redhat.com/show_bug.cgi?id=1885874
Bug ID: 1885874 Summary: double free in sss_to_sudoers Product: Fedora Version: 32 OS: Linux Status: NEW Component: sssd Severity: high Assignee: sssd-maintainers@lists.fedoraproject.org Reporter: avi.kivity@gmail.com QA Contact: extras-qa@fedoraproject.org CC: abokovoy@redhat.com, atikhono@redhat.com, jhrozek@redhat.com, lslebodn@redhat.com, mzidek@redhat.com, pbrezina@redhat.com, rharwood@redhat.com, sbose@redhat.com, ssorce@redhat.com, sssd-maintainers@lists.fedoraproject.org Target Milestone: --- Classification: Fedora
Description of problem:
Running 'sudo -s' crashes with
free(): double free detected in tcache 2
Version-Release number of selected component (if applicable):
sudo-1.9.2-1.fc32.x86_64 sssd-2.3.1-2.fc32.x86_64
How reproducible:
Always (on one machine)
Steps to Reproduce: 1. sudo -s
Actual results:
free(): double free detected in tcache 2
Expected results:
Root superpowers
Additional info:
This is a freeipa enrolled machine.
Backtrace:
(gdb) bt #0 0x00007fdb051ae9e5 in raise () from /lib64/libc.so.6 #1 0x00007fdb05197895 in abort () from /lib64/libc.so.6 #2 0x00007fdb051f2857 in __libc_message () from /lib64/libc.so.6 #3 0x00007fdb051f9d7c in malloc_printerr () from /lib64/libc.so.6 #4 0x00007fdb051fb38d in _int_free () from /lib64/libc.so.6 #5 0x00007fdb056fa205 in sss_sudo_free_values () from /usr/lib64/libsss_sudo.so #6 0x00007fdaf779faaf in sss_rule_to_priv (rc_out=<synthetic pointer>, rule=0x564ee50595d0, handle=0x564ee5055690) at ./sssd.c:336 #7 sss_to_sudoers (sss_result=0x564ee5057d50, handle=0x564ee5055690) at ./sssd.c:398 #8 sudo_sss_query (nss=<optimized out>, pw=<optimized out>) at ./sssd.c:684 #9 0x00007fdaf778f9b9 in sudoers_lookup (snl=<optimized out>, pw=0x564ee5054d78, validated=validated@entry=96, pwflag=pwflag@entry=0) at ./parse.c:297 #10 0x00007fdaf77994ca in sudoers_policy_main (argc=argc@entry=1, argv=argv@entry=0x564ee504aa80, pwflag=pwflag@entry=0, env_add=env_add@entry=0x0, verbose=verbose@entry=false, closure=closure@entry=0x7fff1050fc70) at ./sudoers.c:368 #11 0x00007fdaf7792090 in sudoers_policy_check (argc=1, argv=0x564ee504aa80, env_add=0x0, command_infop=0x7fff1050fd30, argv_out=0x7fff1050fd38, user_env_out=0x7fff1050fd40, errstr=0x7fff1050fd58) at ./policy.c:974 #12 0x0000564ee349b14d in policy_check (user_env_out=0x7fff1050fd40, argv_out=0x7fff1050fd38, command_info=0x7fff1050fd30, env_add=0x0, argv=0x564ee504aa80, argc=1) at ./sudo.c:1162 #13 main (argc=<optimized out>, argv=<optimized out>, envp=0x7fff1050ffd0) at ./sudo.c:267 (gdb)