isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add more passes to policy fuzzer

Browse Source 
Now execises list, list other user and show_version.
This commit is contained in:
Todd C. Miller
2021-02-25 15:27:46 -07:00
parent b3b80fe6df
commit 65df01dd71
1 changed files with 28 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

51
plugins/sudoers/regress/fuzz/fuzz_policy.c
View File

@@ -150,11 +150,11 @@ LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
struct dynamic_array env_add = { NULL }; struct dynamic_array env_add = { NULL };
char **command_info = NULL, **argv_out = NULL, **user_env_out = NULL; char **command_info = NULL, **argv_out = NULL, **user_env_out = NULL;
const char *errstr = NULL; const char *errstr = NULL;
const int num_checks = 4; const int num_passes = 7;
char *line = NULL; char *line = NULL;
size_t linesize = 0; size_t linesize = 0;
ssize_t linelen; ssize_t linelen;
int i, res; int pass, res = 1;
FILE *fp; FILE *fp;
fp = open_data(data, size); fp = open_data(data, size);
@@ -278,45 +278,50 @@ LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
sudoers_policy.register_hooks(SUDO_API_VERSION, fuzz_hook_stub); sudoers_policy.register_hooks(SUDO_API_VERSION, fuzz_hook_stub);
for (i = 0; i < num_checks; i++) { for (pass = 1; res == 1 && pass <= num_passes; pass++) {
/* Call policy open function */ /* Call policy open function */
res = sudoers_policy.open(SUDO_API_VERSION, fuzz_conversation, fuzz_printf, res = sudoers_policy.open(SUDO_API_VERSION, fuzz_conversation,
settings.entries, user_info.entries, environ, plugin_args.entries, fuzz_printf, settings.entries, user_info.entries, environ,
&errstr); plugin_args.entries, &errstr);
if (res == 1) {
switch (res) {
case 1:
/* success */
if (i == 0)
sudoers_policy.show_version(true);
if (argv.len == 0) { if (argv.len == 0) {
/* Must have a command to check. */ /* Must have a command to check. */
push(&argv, "/usr/bin/id"); push(&argv, "/usr/bin/id");
} }
switch (i) { switch (pass) {
case 0: case 1:
/* sudo -V */
sudoers_policy.show_version(true);
break;
case 2:
/* sudo command */
sudoers_policy.check_policy(argv.len, argv.entries, sudoers_policy.check_policy(argv.len, argv.entries,
env_add.entries, &command_info, &argv_out, &user_env_out, env_add.entries, &command_info, &argv_out, &user_env_out,
&errstr); &errstr);
break; break;
case 1: case 3:
/* sudo -l */
sudoers_policy.list(0, NULL, false, NULL, &errstr);
break;
case 4:
/* sudo -l -U root */
sudoers_policy.list(0, NULL, false, "root", &errstr);
break;
case 5:
/* sudo -l command */
sudoers_policy.list(argv.len, argv.entries, false, NULL, sudoers_policy.list(argv.len, argv.entries, false, NULL,
&errstr); &errstr);
break; break;
case 2: case 6:
/* sudo -v */
sudoers_policy.validate(&errstr); sudoers_policy.validate(&errstr);
break; break;
case 3: case 7:
/* sudo -k */
sudoers_policy.invalidate(false); sudoers_policy.invalidate(false);
break; break;
} }
break;
default:
/* failure or error, skip remaining checks (counts by 4) */
i = ((i + num_checks) & ~(num_checks - 1)) - 1;
break;
} }
/* Free resources. */ /* Free resources. */