[Bug 795063] New: su-wrapper segfault if TERM variabile is not in environment

https://bugzilla.novell.com/show_bug.cgi?id=795063 https://bugzilla.novell.com/show_bug.cgi?id=795063#c0 Summary: su-wrapper segfault if TERM variabile is not in environment Classification: openSUSE Product: openSUSE 12.2 Version: Final Platform: All OS/Version: openSUSE 12.2 Status: NEW Severity: Major Priority: P5 - None Component: Basesystem AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: vanni.dellaricca@gmail.com QAContact: qa-bugs@suse.de Found By: --- Blocker: --- Created an attachment (id=517536) --> (http://bugzilla.novell.com/attachment.cgi?id=517536) patch for fix segfaults User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/23.0.1271.97 Safari/537.11 If su-wrapper is invoked without TERM variable in environment, wu-warapper segfaults. I attach a patch that set a dafault value form TERM in getenv("TERM") return a null Reproducible: Always Steps to Reproduce: 1. invocke su-wrapper from a process without TERM variable 2. 3. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=795063 https://bugzilla.novell.com/show_bug.cgi?id=795063#c Jiaying ren <jren@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |jren@suse.com AssignedTo|bnc-team-screening@forge.pr |werner@suse.com |ovo.novell.com | -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=795063 https://bugzilla.novell.com/show_bug.cgi?id=795063#c1 Dr. Werner Fink <werner@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |FIXED --- Comment #1 from Dr. Werner Fink <werner@suse.com> 2012-12-19 10:50:17 UTC --- Fixed -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=795063 https://bugzilla.novell.com/show_bug.cgi?id=795063#c2 --- Comment #2 from Bernhard Wiedemann <bwiedemann@suse.com> 2012-12-19 12:00:26 CET --- This is an autogenerated message for OBS integration: This bug (795063) was mentioned in https://build.opensuse.org/request/show/145861 Factory / su-wrapper -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=795063 https://bugzilla.novell.com/show_bug.cgi?id=795063#c3 --- Comment #3 from Vanni Della Ricca <vanni.dellaricca@gmail.com> 2012-12-21 15:50:08 UTC --- Hi, tanks for fix this problem since su-wrapper is used for security reasons, is possible release a package for update opensuse 12.2 via yast/zypper ? thanks vanni --- Comment #4 from Vanni Della Ricca <vanni.dellaricca@gmail.com> 2012-12-21 15:50:08 UTC --- Hi, tanks for fix this problem since su-wrapper is used for security reasons, is possible release a package for update opensuse 12.2 via yast/zypper ? thanks vanni -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=795063 https://bugzilla.novell.com/show_bug.cgi?id=795063#c3 --- Comment #3 from Vanni Della Ricca <vanni.dellaricca@gmail.com> 2012-12-21 15:50:08 UTC --- Hi, tanks for fix this problem since su-wrapper is used for security reasons, is possible release a package for update opensuse 12.2 via yast/zypper ? thanks vanni --- Comment #4 from Vanni Della Ricca <vanni.dellaricca@gmail.com> 2012-12-21 15:50:08 UTC --- Hi, tanks for fix this problem since su-wrapper is used for security reasons, is possible release a package for update opensuse 12.2 via yast/zypper ? thanks vanni -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=795063 https://bugzilla.novell.com/show_bug.cgi?id=795063#c5 Dr. Werner Fink <werner@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |maintenance@opensuse.org --- Comment #5 from Dr. Werner Fink <werner@suse.com> 2012-12-21 16:15:31 UTC --- submit request id #146250 Let's see if this will be seen by Mr. Maintenance -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=795063 https://bugzilla.novell.com/show_bug.cgi?id=795063#c6 --- Comment #6 from Bernhard Wiedemann <bwiedemann@suse.com> 2012-12-22 00:00:09 CET --- This is an autogenerated message for OBS integration: This bug (795063) was mentioned in https://build.opensuse.org/request/show/146250 Maintenance / -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=795063 https://bugzilla.novell.com/show_bug.cgi?id=795063#c7 Marcus Meissner <meissner@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |meissner@suse.com --- Comment #7 from Marcus Meissner <meissner@suse.com> 2012-12-23 18:31:52 UTC --- it is seen. however it is not sceurity critical, as a null ptr deref crash is ,most likely harmless here. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=795063 https://bugzilla.novell.com/show_bug.cgi?id=795063#c8 --- Comment #8 from Swamp Workflow Management <swamp@suse.de> 2013-01-02 09:09:18 UTC --- openSUSE-RU-2013:0005-1: An update that has one recommended fix can now be installed. Category: recommended (low) Bug References: 795063 CVE References: Sources used: openSUSE 12.2 (src): su-wrapper-1.2.0-489.4.1 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com