iolog_write_info_file_legacy: ignore evlog->runargv if NULL

millert · millert · commit e1fad8affe21 · 2026-04-21T10:07:28.000-06:00
The sudo logsrvd protocol allows runargv to be ommitted, so don't
try to dereference runargv if it is not set.  This fixes a crash
in sudo_logsrvd when an AcceptMessage is received that has no runargv
InfoMessage included.

First reported by Pedro Henrique de Almeida Silva of the
Stack Security Intelligence Research Team

Also reported by Samuel Ferenc Berecz and Oguz Bektas
diff --git a/lib/iolog/iolog_loginfo.c b/lib/iolog/iolog_loginfo.c
@@ -126,9 +126,11 @@ iolog_write_info_file_legacy(int dfd, struct eventlog *evlog)
 	evlog->lines, evlog->columns,
 	evlog->cwd ? evlog->cwd : "unknown");
     fputs(evlog->command ? evlog->command : "unknown", fp);
-    for (av = evlog->runargv + 1; *av != NULL; av++) {
-	fputc(' ', fp);
-	fputs(*av, fp);
+    if (evlog->runargv != NULL && evlog->runargv[0] != NULL) {
+	for (av = evlog->runargv + 1; *av != NULL; av++) {
+	    fputc(' ', fp);
+	    fputs(*av, fp);
+	}
     }
     fputc('\n', fp);
     fflush(fp);
