pkg/52923: sudo segfaults when the system hostname is not set

[andrew.hall649%gmail.com@localhost]

>Number:         52923
>Category:       pkg
>Synopsis:       sudo segfaults when the system hostname is not set
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    pkg-manager
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sat Jan 13 13:00:00 +0000 2018
>Originator:     Andrew Hall
>Release:        NetBSD 7.1.1 (pkgsrc 2017Q3)
>Organization:
>Environment:
NetBSD  7.1.1 NetBSD 7.1.1 (GENERIC.201712222334Z) amd64
>Description:
If the system hostname is not set sudo will pass a blank string containing a null terminator instead of NULL to strdup() causing the program to segfault. It is possible however to use the "-h" switch to manually set the hostname. A fix has been produced upstream to correct this issue.

The version the bug was encountered in was sudo-1.8.21p2 however it may be present in earlier versions.
>How-To-Repeat:
Once sudo-1.8.21p2 has been installed, unset the system hostname and run sudo. The program will then segfault.
>Fix:
A fix has been applied to sudo's HEAD and can be found at https://bugzilla.sudo.ws/show_bug.cgi?id=807). In the meanwhile following FreeBSD (https://svnweb.freebsd.org/ports/head/security/sudo/files/patch-bug222510?view=log) the following patch should be applied (SHA1 checksum: 2fa0e9f0af3c74c0ac248d775dff920ddc07b627):

diff -r 926deea0d506 -r fafb3a3083cb lib/util/gethostname.c
--- lib/util/gethostname.c	Tue Oct 17 14:28:38 2017 -0600
+++ lib/util/gethostname.c	Fri Oct 20 07:37:40 2017 -0600
@@ -42,7 +42,7 @@
 
     hname = malloc(host_name_max + 1);
     if (hname != NULL) {
-	if (gethostname(hname, host_name_max + 1) == 0) {
+	if (gethostname(hname, host_name_max + 1) == 0 && *hname != '\0') {
 	    /* Old gethostname() may not NUL-terminate if there is no room. */
 	    hname[host_name_max] = '\0';
 	} else {