isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add garbage collection to the sudoers parser to clean up on error.

Browse Source 
This makes it possible to avoid memory leaks when there is a parse error.
This commit is contained in:
Todd C. Miller
2021-02-01 15:06:20 -07:00
parent 4cd6350cad
commit 9ed14870c6
8 changed files with 1202 additions and 441 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
plugins/sudoers/alias.c
View File

@@ -136,11 +136,11 @@ alias_add(struct sudoers_parse_tree *parse_tree, char *name, int type,
HLTQ_TO_TAILQ(&a->members, members, entries); HLTQ_TO_TAILQ(&a->members, members, entries);
switch (rbinsert(parse_tree->aliases, a, NULL)) { switch (rbinsert(parse_tree->aliases, a, NULL)) {
case 1: case 1:
alias_free(a); free(a);
errno = EEXIST; errno = EEXIST;
debug_return_bool(false); debug_return_bool(false);
case -1: case -1:
alias_free(a); free(a);
debug_return_bool(false); debug_return_bool(false);
} }
debug_return_bool(true); debug_return_bool(true);

1197
plugins/sudoers/gram.c
View File

File diff suppressed because it is too large Load Diff

6
plugins/sudoers/gram.h
View File

@@ -1,8 +1,8 @@
/* A Bison parser, made by GNU Bison 3.7.4. */ /* A Bison parser, made by GNU Bison 3.7.5. */
/* Bison interface for Yacc-like parsers in C /* Bison interface for Yacc-like parsers in C
Copyright (C) 1984, 1989-1990, 2000-2015, 2018-2020 Free Software Foundation, Copyright (C) 1984, 1989-1990, 2000-2015, 2018-2021 Free Software Foundation,
Inc. Inc.
This program is free software: you can redistribute it and/or modify This program is free software: you can redistribute it and/or modify
@@ -167,7 +167,7 @@ extern int sudoersdebug;
#if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED #if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED
union YYSTYPE union YYSTYPE
{ {
#line 83 "gram.y" #line 88 "gram.y"
struct cmndspec *cmndspec; struct cmndspec *cmndspec;
struct defaults *defaults; struct defaults *defaults;

355
plugins/sudoers/gram.y
View File

@@ -59,6 +59,11 @@ char *errorfile = NULL;
static int alias_line, alias_column; static int alias_line, alias_column;
#ifdef NO_LEAKS
static struct parser_leak_list parser_leak_list =
SLIST_HEAD_INITIALIZER(parser_leak_list);
#endif
struct sudoers_parse_tree parsed_policy = { struct sudoers_parse_tree parsed_policy = {
TAILQ_HEAD_INITIALIZER(parsed_policy.userspecs), TAILQ_HEAD_INITIALIZER(parsed_policy.userspecs),
TAILQ_HEAD_INITIALIZER(parsed_policy.defaults), TAILQ_HEAD_INITIALIZER(parsed_policy.defaults),
@@ -207,16 +212,20 @@ entry : '\n' {
} }
| include { | include {
if (!push_include($1, false)) { if (!push_include($1, false)) {
parser_leak_remove(LEAK_PTR, $1);
free($1); free($1);
YYERROR; YYERROR;
} }
parser_leak_remove(LEAK_PTR, $1);
free($1); free($1);
} }
| includedir { | includedir {
if (!push_include($1, true)) { if (!push_include($1, true)) {
parser_leak_remove(LEAK_PTR, $1);
free($1); free($1);
YYERROR; YYERROR;
} }
parser_leak_remove(LEAK_PTR, $1);
free($1); free($1);
} }
| userlist privileges '\n' { | userlist privileges '\n' {
@@ -279,6 +288,7 @@ includedir : INCLUDEDIR WORD '\n' {
defaults_list : defaults_entry defaults_list : defaults_entry
| defaults_list ',' defaults_entry { | defaults_list ',' defaults_entry {
parser_leak_remove(LEAK_DEFAULTS, $3);
HLTQ_CONCAT($1, $3, entries); HLTQ_CONCAT($1, $3, entries);
$$ = $1; $$ = $1;
} }
@@ -290,6 +300,8 @@ defaults_entry : DEFVAR {
sudoerserror(N_("unable to allocate memory")); sudoerserror(N_("unable to allocate memory"));
YYERROR; YYERROR;
} }
parser_leak_remove(LEAK_PTR, $1);
parser_leak_add(LEAK_DEFAULTS, $$);
} }
| '!' DEFVAR { | '!' DEFVAR {
$$ = new_default($2, NULL, false); $$ = new_default($2, NULL, false);
@@ -297,6 +309,8 @@ defaults_entry : DEFVAR {
sudoerserror(N_("unable to allocate memory")); sudoerserror(N_("unable to allocate memory"));
YYERROR; YYERROR;
} }
parser_leak_remove(LEAK_PTR, $2);
parser_leak_add(LEAK_DEFAULTS, $$);
} }
| DEFVAR '=' WORD { | DEFVAR '=' WORD {
$$ = new_default($1, $3, true); $$ = new_default($1, $3, true);
@@ -304,6 +318,9 @@ defaults_entry : DEFVAR {
sudoerserror(N_("unable to allocate memory")); sudoerserror(N_("unable to allocate memory"));
YYERROR; YYERROR;
} }
parser_leak_remove(LEAK_PTR, $1);
parser_leak_remove(LEAK_PTR, $3);
parser_leak_add(LEAK_DEFAULTS, $$);
} }
| DEFVAR '+' WORD { | DEFVAR '+' WORD {
$$ = new_default($1, $3, '+'); $$ = new_default($1, $3, '+');
@@ -311,6 +328,9 @@ defaults_entry : DEFVAR {
sudoerserror(N_("unable to allocate memory")); sudoerserror(N_("unable to allocate memory"));
YYERROR; YYERROR;
} }
parser_leak_remove(LEAK_PTR, $1);
parser_leak_remove(LEAK_PTR, $3);
parser_leak_add(LEAK_DEFAULTS, $$);
} }
| DEFVAR '-' WORD { | DEFVAR '-' WORD {
$$ = new_default($1, $3, '-'); $$ = new_default($1, $3, '-');
@@ -318,11 +338,15 @@ defaults_entry : DEFVAR {
sudoerserror(N_("unable to allocate memory")); sudoerserror(N_("unable to allocate memory"));
YYERROR; YYERROR;
} }
parser_leak_remove(LEAK_PTR, $1);
parser_leak_remove(LEAK_PTR, $3);
parser_leak_add(LEAK_DEFAULTS, $$);
} }
; ;
privileges : privilege privileges : privilege
| privileges ':' privilege { | privileges ':' privilege {
parser_leak_remove(LEAK_PRIVILEGE, $3);
HLTQ_CONCAT($1, $3, entries); HLTQ_CONCAT($1, $3, entries);
$$ = $1; $$ = $1;
} }
@@ -338,8 +362,11 @@ privilege : hostlist '=' cmndspeclist {
sudoerserror(N_("unable to allocate memory")); sudoerserror(N_("unable to allocate memory"));
YYERROR; YYERROR;
} }
parser_leak_add(LEAK_PRIVILEGE, p);
TAILQ_INIT(&p->defaults); TAILQ_INIT(&p->defaults);
parser_leak_remove(LEAK_MEMBER, $1);
HLTQ_TO_TAILQ(&p->hostlist, $1, entries); HLTQ_TO_TAILQ(&p->hostlist, $1, entries);
parser_leak_remove(LEAK_CMNDSPEC, $3);
HLTQ_TO_TAILQ(&p->cmndlist, $3, entries); HLTQ_TO_TAILQ(&p->cmndlist, $3, entries);
HLTQ_INIT(p, entries); HLTQ_INIT(p, entries);
$$ = p; $$ = p;
@@ -362,6 +389,8 @@ host : ALIAS {
sudoerserror(N_("unable to allocate memory")); sudoerserror(N_("unable to allocate memory"));
YYERROR; YYERROR;
} }
parser_leak_remove(LEAK_PTR, $1);
parser_leak_add(LEAK_MEMBER, $$);
} }
| ALL { | ALL {
$$ = new_member(NULL, ALL); $$ = new_member(NULL, ALL);
@@ -369,6 +398,7 @@ host : ALIAS {
sudoerserror(N_("unable to allocate memory")); sudoerserror(N_("unable to allocate memory"));
YYERROR; YYERROR;
} }
parser_leak_add(LEAK_MEMBER, $$);
} }
| NETGROUP { | NETGROUP {
$$ = new_member($1, NETGROUP); $$ = new_member($1, NETGROUP);
@@ -376,6 +406,8 @@ host : ALIAS {
sudoerserror(N_("unable to allocate memory")); sudoerserror(N_("unable to allocate memory"));
YYERROR; YYERROR;
} }
parser_leak_remove(LEAK_PTR, $1);
parser_leak_add(LEAK_MEMBER, $$);
} }
| NTWKADDR { | NTWKADDR {
$$ = new_member($1, NTWKADDR); $$ = new_member($1, NTWKADDR);
@@ -383,6 +415,8 @@ host : ALIAS {
sudoerserror(N_("unable to allocate memory")); sudoerserror(N_("unable to allocate memory"));
YYERROR; YYERROR;
} }
parser_leak_remove(LEAK_PTR, $1);
parser_leak_add(LEAK_MEMBER, $$);
} }
| WORD { | WORD {
$$ = new_member($1, WORD); $$ = new_member($1, WORD);
@@ -390,6 +424,8 @@ host : ALIAS {
sudoerserror(N_("unable to allocate memory")); sudoerserror(N_("unable to allocate memory"));
YYERROR; YYERROR;
} }
parser_leak_remove(LEAK_PTR, $1);
parser_leak_add(LEAK_MEMBER, $$);
} }
; ;
@@ -397,6 +433,7 @@ cmndspeclist : cmndspec
| cmndspeclist ',' cmndspec { | cmndspeclist ',' cmndspec {
struct cmndspec *prev; struct cmndspec *prev;
prev = HLTQ_LAST($1, cmndspec, entries); prev = HLTQ_LAST($1, cmndspec, entries);
parser_leak_remove(LEAK_CMNDSPEC, $3);
HLTQ_CONCAT($1, $3, entries); HLTQ_CONCAT($1, $3, entries);
/* propagate runcwd and runchroot */ /* propagate runcwd and runchroot */
@@ -459,6 +496,7 @@ cmndspec : runasspec options cmndtag digcmnd {
sudoerserror(N_("unable to allocate memory")); sudoerserror(N_("unable to allocate memory"));
YYERROR; YYERROR;
} }
parser_leak_add(LEAK_CMNDSPEC, cs);
if ($1 != NULL) { if ($1 != NULL) {
if ($1->runasusers != NULL) { if ($1->runasusers != NULL) {
cs->runasuserlist = cs->runasuserlist =
@@ -468,6 +506,7 @@ cmndspec : runasspec options cmndtag digcmnd {
sudoerserror(N_("unable to allocate memory")); sudoerserror(N_("unable to allocate memory"));
YYERROR; YYERROR;
} }
/* g/c done via runas container */
HLTQ_TO_TAILQ(cs->runasuserlist, HLTQ_TO_TAILQ(cs->runasuserlist,
$1->runasusers, entries); $1->runasusers, entries);
} }
@@ -479,9 +518,11 @@ cmndspec : runasspec options cmndtag digcmnd {
sudoerserror(N_("unable to allocate memory")); sudoerserror(N_("unable to allocate memory"));
YYERROR; YYERROR;
} }
/* g/c done via runas container */
HLTQ_TO_TAILQ(cs->runasgrouplist, HLTQ_TO_TAILQ(cs->runasgrouplist,
$1->runasgroups, entries); $1->runasgroups, entries);
} }
parser_leak_remove(LEAK_RUNAS, $1);
free($1); free($1);
} }
#ifdef HAVE_SELINUX #ifdef HAVE_SELINUX
@@ -499,6 +540,7 @@ cmndspec : runasspec options cmndtag digcmnd {
cs->runchroot = $2.runchroot; cs->runchroot = $2.runchroot;
cs->tags = $3; cs->tags = $3;
cs->cmnd = $4; cs->cmnd = $4;
parser_leak_remove(LEAK_MEMBER, $4);
HLTQ_INIT(cs, entries); HLTQ_INIT(cs, entries);
/* sudo "ALL" implies the SETENV tag */ /* sudo "ALL" implies the SETENV tag */
if (cs->cmnd->type == ALL && !cs->cmnd->negated && if (cs->cmnd->type == ALL && !cs->cmnd->negated &&
@@ -514,6 +556,8 @@ digestspec : SHA224_TOK ':' DIGEST {
sudoerserror(N_("unable to allocate memory")); sudoerserror(N_("unable to allocate memory"));
YYERROR; YYERROR;
} }
parser_leak_remove(LEAK_PTR, $3);
parser_leak_add(LEAK_DIGEST, $$);
} }
| SHA256_TOK ':' DIGEST { | SHA256_TOK ':' DIGEST {
$$ = new_digest(SUDO_DIGEST_SHA256, $3); $$ = new_digest(SUDO_DIGEST_SHA256, $3);
@@ -521,6 +565,8 @@ digestspec : SHA224_TOK ':' DIGEST {
sudoerserror(N_("unable to allocate memory")); sudoerserror(N_("unable to allocate memory"));
YYERROR; YYERROR;
} }
parser_leak_remove(LEAK_PTR, $3);
parser_leak_add(LEAK_DIGEST, $$);
} }
| SHA384_TOK ':' DIGEST { | SHA384_TOK ':' DIGEST {
$$ = new_digest(SUDO_DIGEST_SHA384, $3); $$ = new_digest(SUDO_DIGEST_SHA384, $3);
@@ -528,6 +574,8 @@ digestspec : SHA224_TOK ':' DIGEST {
sudoerserror(N_("unable to allocate memory")); sudoerserror(N_("unable to allocate memory"));
YYERROR; YYERROR;
} }
parser_leak_remove(LEAK_PTR, $3);
parser_leak_add(LEAK_DIGEST, $$);
} }
| SHA512_TOK ':' DIGEST { | SHA512_TOK ':' DIGEST {
$$ = new_digest(SUDO_DIGEST_SHA512, $3); $$ = new_digest(SUDO_DIGEST_SHA512, $3);
@@ -535,11 +583,14 @@ digestspec : SHA224_TOK ':' DIGEST {
sudoerserror(N_("unable to allocate memory")); sudoerserror(N_("unable to allocate memory"));
YYERROR; YYERROR;
} }
parser_leak_remove(LEAK_PTR, $3);
parser_leak_add(LEAK_DIGEST, $$);
} }
; ;
digestlist : digestspec digestlist : digestspec
| digestlist ',' digestspec { | digestlist ',' digestspec {
parser_leak_remove(LEAK_DIGEST, $3);
HLTQ_CONCAT($1, $3, entries); HLTQ_CONCAT($1, $3, entries);
$$ = $1; $$ = $1;
} }
@@ -564,6 +615,7 @@ digcmnd : opcmnd {
} }
$2->name = (char *)c; $2->name = (char *)c;
} }
parser_leak_remove(LEAK_DIGEST, $1);
HLTQ_TO_TAILQ(&c->digests, $1, entries); HLTQ_TO_TAILQ(&c->digests, $1, entries);
$$ = $2; $$ = $2;
} }
@@ -658,6 +710,7 @@ runaslist : /* empty */ {
sudoerserror(N_("unable to allocate memory")); sudoerserror(N_("unable to allocate memory"));
YYERROR; YYERROR;
} }
parser_leak_add(LEAK_RUNAS, $$);
} }
| userlist { | userlist {
$$ = calloc(1, sizeof(struct runascontainer)); $$ = calloc(1, sizeof(struct runascontainer));
@@ -665,6 +718,8 @@ runaslist : /* empty */ {
sudoerserror(N_("unable to allocate memory")); sudoerserror(N_("unable to allocate memory"));
YYERROR; YYERROR;
} }
parser_leak_add(LEAK_RUNAS, $$);
parser_leak_remove(LEAK_MEMBER, $1);
$$->runasusers = $1; $$->runasusers = $1;
/* $$->runasgroups = NULL; */ /* $$->runasgroups = NULL; */
} }
@@ -674,6 +729,9 @@ runaslist : /* empty */ {
sudoerserror(N_("unable to allocate memory")); sudoerserror(N_("unable to allocate memory"));
YYERROR; YYERROR;
} }
parser_leak_add(LEAK_RUNAS, $$);
parser_leak_remove(LEAK_MEMBER, $1);
parser_leak_remove(LEAK_MEMBER, $3);
$$->runasusers = $1; $$->runasusers = $1;
$$->runasgroups = $3; $$->runasgroups = $3;
} }
@@ -683,6 +741,8 @@ runaslist : /* empty */ {
sudoerserror(N_("unable to allocate memory")); sudoerserror(N_("unable to allocate memory"));
YYERROR; YYERROR;
} }
parser_leak_add(LEAK_RUNAS, $$);
parser_leak_remove(LEAK_MEMBER, $2);
/* $$->runasusers = NULL; */ /* $$->runasusers = NULL; */
$$->runasgroups = $2; $$->runasgroups = $2;
} }
@@ -700,6 +760,7 @@ runaslist : /* empty */ {
sudoerserror(N_("unable to allocate memory")); sudoerserror(N_("unable to allocate memory"));
YYERROR; YYERROR;
} }
parser_leak_add(LEAK_RUNAS, $$);
} }
; ;
@@ -727,13 +788,16 @@ options : /* empty */ {
| options chdirspec { | options chdirspec {
free($$.runcwd); free($$.runcwd);
$$.runcwd = $2; $$.runcwd = $2;
parser_leak_remove(LEAK_PTR, $2);
} }
| options chrootspec { | options chrootspec {
free($$.runchroot); free($$.runchroot);
$$.runchroot = $2; $$.runchroot = $2;
parser_leak_remove(LEAK_PTR, $2);
} }
| options notbeforespec { | options notbeforespec {
$$.notbefore = parse_gentime($2); $$.notbefore = parse_gentime($2);
parser_leak_remove(LEAK_PTR, $2);
free($2); free($2);
if ($$.notbefore == -1) { if ($$.notbefore == -1) {
sudoerserror(N_("invalid notbefore value")); sudoerserror(N_("invalid notbefore value"));
@@ -742,6 +806,7 @@ options : /* empty */ {
} }
| options notafterspec { | options notafterspec {
$$.notafter = parse_gentime($2); $$.notafter = parse_gentime($2);
parser_leak_remove(LEAK_PTR, $2);
free($2); free($2);
if ($$.notafter == -1) { if ($$.notafter == -1) {
sudoerserror(N_("invalid notafter value")); sudoerserror(N_("invalid notafter value"));
@@ -750,6 +815,7 @@ options : /* empty */ {
} }
| options timeoutspec { | options timeoutspec {
$$.timeout = parse_timeout($2); $$.timeout = parse_timeout($2);
parser_leak_remove(LEAK_PTR, $2);
free($2); free($2);
if ($$.timeout == -1) { if ($$.timeout == -1) {
if (errno == ERANGE) if (errno == ERANGE)
@@ -763,24 +829,28 @@ options : /* empty */ {
#ifdef HAVE_SELINUX #ifdef HAVE_SELINUX
free($$.role); free($$.role);
$$.role = $2; $$.role = $2;
parser_leak_remove(LEAK_PTR, $2);
#endif #endif
} }
| options typespec { | options typespec {
#ifdef HAVE_SELINUX #ifdef HAVE_SELINUX
free($$.type); free($$.type);
$$.type = $2; $$.type = $2;
parser_leak_remove(LEAK_PTR, $2);
#endif #endif
} }
| options privsspec { | options privsspec {
#ifdef HAVE_PRIV_SET #ifdef HAVE_PRIV_SET
free($$.privs); free($$.privs);
$$.privs = $2; $$.privs = $2;
parser_leak_remove(LEAK_PTR, $2);
#endif #endif
} }
| options limitprivsspec { | options limitprivsspec {
#ifdef HAVE_PRIV_SET #ifdef HAVE_PRIV_SET
free($$.limitprivs); free($$.limitprivs);
$$.limitprivs = $2; $$.limitprivs = $2;
parser_leak_remove(LEAK_PTR, $2);
#endif #endif
} }
; ;
@@ -838,6 +908,7 @@ cmnd : ALL {
sudoerserror(N_("unable to allocate memory")); sudoerserror(N_("unable to allocate memory"));
YYERROR; YYERROR;
} }
parser_leak_add(LEAK_MEMBER, $$);
} }
| ALIAS { | ALIAS {
$$ = new_member($1, ALIAS); $$ = new_member($1, ALIAS);
@@ -845,6 +916,8 @@ cmnd : ALL {
sudoerserror(N_("unable to allocate memory")); sudoerserror(N_("unable to allocate memory"));
YYERROR; YYERROR;
} }
parser_leak_remove(LEAK_PTR, $1);
parser_leak_add(LEAK_MEMBER, $$);
} }
| COMMAND { | COMMAND {
struct sudo_command *c; struct sudo_command *c;
@@ -859,6 +932,10 @@ cmnd : ALL {
sudoerserror(N_("unable to allocate memory")); sudoerserror(N_("unable to allocate memory"));
YYERROR; YYERROR;
} }
parser_leak_remove(LEAK_PTR, $1.cmnd);
if ($1.args != NULL)
parser_leak_remove(LEAK_PTR, $1.args);
parser_leak_add(LEAK_MEMBER, $$);
} }
; ;
@@ -875,12 +952,15 @@ hostalias : ALIAS {
alias_error($1, errno); alias_error($1, errno);
YYERROR; YYERROR;
} }
parser_leak_remove(LEAK_PTR, $1);
parser_leak_remove(LEAK_MEMBER, $4);
} }
| reserved_alias '=' hostlist | reserved_alias '=' hostlist
; ;
hostlist : ophost hostlist : ophost
| hostlist ',' ophost { | hostlist ',' ophost {
parser_leak_remove(LEAK_MEMBER, $3);
HLTQ_CONCAT($1, $3, entries); HLTQ_CONCAT($1, $3, entries);
$$ = $1; $$ = $1;
} }
@@ -899,12 +979,15 @@ cmndalias : ALIAS {
alias_error($1, errno); alias_error($1, errno);
YYERROR; YYERROR;
} }
parser_leak_remove(LEAK_PTR, $1);
parser_leak_remove(LEAK_MEMBER, $4);
} }
| reserved_alias '=' cmndlist | reserved_alias '=' cmndlist
; ;
cmndlist : digcmnd cmndlist : digcmnd
| cmndlist ',' digcmnd { | cmndlist ',' digcmnd {
parser_leak_remove(LEAK_MEMBER, $3);
HLTQ_CONCAT($1, $3, entries); HLTQ_CONCAT($1, $3, entries);
$$ = $1; $$ = $1;
} }
@@ -923,6 +1006,8 @@ runasalias : ALIAS {
alias_error($1, errno); alias_error($1, errno);
YYERROR; YYERROR;
} }
parser_leak_remove(LEAK_PTR, $1);
parser_leak_remove(LEAK_MEMBER, $4);
} }
| reserved_alias '=' userlist | reserved_alias '=' userlist
; ;
@@ -940,12 +1025,15 @@ useralias : ALIAS {
alias_error($1, errno); alias_error($1, errno);
YYERROR; YYERROR;
} }
parser_leak_remove(LEAK_PTR, $1);
parser_leak_remove(LEAK_MEMBER, $4);
} }
| reserved_alias '=' userlist | reserved_alias '=' userlist
; ;
userlist : opuser userlist : opuser
| userlist ',' opuser { | userlist ',' opuser {
parser_leak_remove(LEAK_MEMBER, $3);
HLTQ_CONCAT($1, $3, entries); HLTQ_CONCAT($1, $3, entries);
$$ = $1; $$ = $1;
} }
@@ -967,6 +1055,8 @@ user : ALIAS {
sudoerserror(N_("unable to allocate memory")); sudoerserror(N_("unable to allocate memory"));
YYERROR; YYERROR;
} }
parser_leak_remove(LEAK_PTR, $1);
parser_leak_add(LEAK_MEMBER, $$);
} }
| ALL { | ALL {
$$ = new_member(NULL, ALL); $$ = new_member(NULL, ALL);
@@ -974,6 +1064,7 @@ user : ALIAS {
sudoerserror(N_("unable to allocate memory")); sudoerserror(N_("unable to allocate memory"));
YYERROR; YYERROR;
} }
parser_leak_add(LEAK_MEMBER, $$);
} }
| NETGROUP { | NETGROUP {
$$ = new_member($1, NETGROUP); $$ = new_member($1, NETGROUP);
@@ -981,6 +1072,8 @@ user : ALIAS {
sudoerserror(N_("unable to allocate memory")); sudoerserror(N_("unable to allocate memory"));
YYERROR; YYERROR;
} }
parser_leak_remove(LEAK_PTR, $1);
parser_leak_add(LEAK_MEMBER, $$);
} }
| USERGROUP { | USERGROUP {
$$ = new_member($1, USERGROUP); $$ = new_member($1, USERGROUP);
@@ -988,6 +1081,8 @@ user : ALIAS {
sudoerserror(N_("unable to allocate memory")); sudoerserror(N_("unable to allocate memory"));
YYERROR; YYERROR;
} }
parser_leak_remove(LEAK_PTR, $1);
parser_leak_add(LEAK_MEMBER, $$);
} }
| WORD { | WORD {
$$ = new_member($1, WORD); $$ = new_member($1, WORD);
@@ -995,11 +1090,14 @@ user : ALIAS {
sudoerserror(N_("unable to allocate memory")); sudoerserror(N_("unable to allocate memory"));
YYERROR; YYERROR;
} }
parser_leak_remove(LEAK_PTR, $1);
parser_leak_add(LEAK_MEMBER, $$);
} }
; ;
grouplist : opgroup grouplist : opgroup
| grouplist ',' opgroup { | grouplist ',' opgroup {
parser_leak_remove(LEAK_MEMBER, $3);
HLTQ_CONCAT($1, $3, entries); HLTQ_CONCAT($1, $3, entries);
$$ = $1; $$ = $1;
} }
@@ -1021,6 +1119,8 @@ group : ALIAS {
sudoerserror(N_("unable to allocate memory")); sudoerserror(N_("unable to allocate memory"));
YYERROR; YYERROR;
} }
parser_leak_remove(LEAK_PTR, $1);
parser_leak_add(LEAK_MEMBER, $$);
} }
| ALL { | ALL {
$$ = new_member(NULL, ALL); $$ = new_member(NULL, ALL);
@@ -1028,6 +1128,7 @@ group : ALIAS {
sudoerserror(N_("unable to allocate memory")); sudoerserror(N_("unable to allocate memory"));
YYERROR; YYERROR;
} }
parser_leak_add(LEAK_MEMBER, $$);
} }
| WORD { | WORD {
$$ = new_member($1, WORD); $$ = new_member($1, WORD);
@@ -1035,6 +1136,8 @@ group : ALIAS {
sudoerserror(N_("unable to allocate memory")); sudoerserror(N_("unable to allocate memory"));
YYERROR; YYERROR;
} }
parser_leak_remove(LEAK_PTR, $1);
parser_leak_add(LEAK_MEMBER, $$);
} }
; ;
%% %%
@@ -1188,6 +1291,7 @@ new_command(char *cmnd, char *args)
"unable to allocate memory"); "unable to allocate memory");
debug_return_ptr(NULL); debug_return_ptr(NULL);
} }
/* garbage collected as part of struct member */
c->cmnd = cmnd; c->cmnd = cmnd;
c->args = args; c->args = args;
@@ -1244,15 +1348,18 @@ add_defaults(int type, struct member *bmem, struct defaults *defs)
sudoerserror(N_("unable to allocate memory")); sudoerserror(N_("unable to allocate memory"));
debug_return_bool(false); debug_return_bool(false);
} }
if (bmem != NULL) if (bmem != NULL) {
parser_leak_remove(LEAK_MEMBER, bmem);
HLTQ_TO_TAILQ(binding, bmem, entries); HLTQ_TO_TAILQ(binding, bmem, entries);
else } else {
TAILQ_INIT(binding); TAILQ_INIT(binding);
}
/* /*
* Set type and binding (who it applies to) for new entries. * Set type and binding (who it applies to) for new entries.
* Then add to the global defaults list. * Then add to the global defaults list.
*/ */
parser_leak_remove(LEAK_DEFAULTS, defs);
HLTQ_FOREACH_SAFE(d, defs, entries, next) { HLTQ_FOREACH_SAFE(d, defs, entries, next) {
d->type = type; d->type = type;
d->binding = binding; d->binding = binding;
@@ -1281,7 +1388,9 @@ add_userspec(struct member *members, struct privilege *privs)
u->line = this_lineno; u->line = this_lineno;
u->column = sudolinebuf.toke_start + 1; u->column = sudolinebuf.toke_start + 1;
u->file = rcstr_addref(sudoers); u->file = rcstr_addref(sudoers);
parser_leak_remove(LEAK_MEMBER, members);
HLTQ_TO_TAILQ(&u->users, members, entries); HLTQ_TO_TAILQ(&u->users, members, entries);
parser_leak_remove(LEAK_PRIVILEGE, privs);
HLTQ_TO_TAILQ(&u->privileges, privs, entries); HLTQ_TO_TAILQ(&u->privileges, privs, entries);
STAILQ_INIT(&u->comments); STAILQ_INIT(&u->comments);
TAILQ_INSERT_TAIL(&parsed_policy.userspecs, u, entries); TAILQ_INSERT_TAIL(&parsed_policy.userspecs, u, entries);
@@ -1367,12 +1476,9 @@ free_default(struct defaults *def, struct member_list **binding)
} }
void void
free_privilege(struct privilege *priv) free_cmndspecs(struct cmndspec_list *csl)
{ {
struct member_list *runasuserlist = NULL, *runasgrouplist = NULL; struct member_list *runasuserlist = NULL, *runasgrouplist = NULL;
struct member_list *prev_binding = NULL;
struct cmndspec *cs;
struct defaults *def;
char *runcwd = NULL, *runchroot = NULL; char *runcwd = NULL, *runchroot = NULL;
#ifdef HAVE_SELINUX #ifdef HAVE_SELINUX
char *role = NULL, *type = NULL; char *role = NULL, *type = NULL;
@@ -1380,12 +1486,12 @@ free_privilege(struct privilege *priv)
#ifdef HAVE_PRIV_SET #ifdef HAVE_PRIV_SET
char *privs = NULL, *limitprivs = NULL; char *privs = NULL, *limitprivs = NULL;
#endif /* HAVE_PRIV_SET */ #endif /* HAVE_PRIV_SET */
debug_decl(free_privilege, SUDOERS_DEBUG_PARSER); struct cmndspec *cs;
debug_decl(free_cmndspecs, SUDOERS_DEBUG_PARSER);
while ((cs = TAILQ_FIRST(csl)) != NULL) {
TAILQ_REMOVE(csl, cs, entries);
free(priv->ldap_role);
free_members(&priv->hostlist);
while ((cs = TAILQ_FIRST(&priv->cmndlist)) != NULL) {
TAILQ_REMOVE(&priv->cmndlist, cs, entries);
/* Only free the first instance of runcwd/runchroot. */ /* Only free the first instance of runcwd/runchroot. */
if (cs->runcwd != runcwd) { if (cs->runcwd != runcwd) {
runcwd = cs->runcwd; runcwd = cs->runcwd;
@@ -1431,6 +1537,20 @@ free_privilege(struct privilege *priv)
free_member(cs->cmnd); free_member(cs->cmnd);
free(cs); free(cs);
} }
debug_return;
}
void
free_privilege(struct privilege *priv)
{
struct member_list *prev_binding = NULL;
struct defaults *def;
debug_decl(free_privilege, SUDOERS_DEBUG_PARSER);
free(priv->ldap_role);
free_members(&priv->hostlist);
free_cmndspecs(&priv->cmndlist);
while ((def = TAILQ_FIRST(&priv->defaults)) != NULL) { while ((def = TAILQ_FIRST(&priv->defaults)) != NULL) {
TAILQ_REMOVE(&priv->defaults, def, entries); TAILQ_REMOVE(&priv->defaults, def, entries);
free_default(def, &prev_binding); free_default(def, &prev_binding);
@@ -1526,6 +1646,7 @@ init_parser(const char *path, bool quiet, bool strict)
debug_decl(init_parser, SUDOERS_DEBUG_PARSER); debug_decl(init_parser, SUDOERS_DEBUG_PARSER);
free_parse_tree(&parsed_policy); free_parse_tree(&parsed_policy);
parser_leak_init();
init_lexer(); init_lexer();
rcstr_delref(sudoers); rcstr_delref(sudoers);
@@ -1568,3 +1689,215 @@ init_options(struct command_options *opts)
opts->limitprivs = NULL; opts->limitprivs = NULL;
#endif #endif
} }
bool
parser_leak_add(enum parser_leak_types type, void *v)
{
#ifdef NO_LEAKS
struct parser_leak_entry *entry;
debug_decl(parser_leak_add, SUDOERS_DEBUG_PARSER);
if (v == NULL)
debug_return_bool(false);
entry = calloc(1, sizeof(*entry));
if (entry == NULL) {
sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory"));
debug_return_bool(false);
}
switch (type) {
case LEAK_PRIVILEGE:
entry->u.p = v;
break;
case LEAK_CMNDSPEC:
entry->u.cs = v;
break;
case LEAK_DEFAULTS:
entry->u.d = v;
break;
case LEAK_MEMBER:
entry->u.m = v;
break;
case LEAK_DIGEST:
entry->u.dig = v;
break;
case LEAK_RUNAS:
entry->u.rc = v;
break;
case LEAK_PTR:
entry->u.ptr = v;
break;
default:
free(entry);
sudo_warnx("unexpected leak type %d", type);
debug_return_bool(false);
}
entry->type = type;
SLIST_INSERT_HEAD(&parser_leak_list, entry, entries);
debug_return_bool(true);
#else
return true;
#endif /* NO_LEAKS */
}
bool
parser_leak_remove(enum parser_leak_types type, void *v)
{
#ifdef NO_LEAKS
struct parser_leak_entry *entry, *prev = NULL;
debug_decl(parser_leak_remove, SUDOERS_DEBUG_PARSER);
SLIST_FOREACH(entry, &parser_leak_list, entries) {
switch (entry->type) {
case LEAK_PRIVILEGE:
if (entry->u.p == v)
goto found;
break;
case LEAK_CMNDSPEC:
if (entry->u.cs == v)
goto found;
break;
case LEAK_DEFAULTS:
if (entry->u.d == v)
goto found;
break;
case LEAK_MEMBER:
if (entry->u.m == v)
goto found;
break;
case LEAK_DIGEST:
if (entry->u.dig == v)
goto found;
break;
case LEAK_RUNAS:
if (entry->u.rc == v)
goto found;
break;
case LEAK_PTR:
if (entry->u.ptr == v)
goto found;
break;
default:
sudo_warnx("unexpected leak type %d in %p", entry->type, entry);
}
prev = entry;
}
/* If this happens, there is a bug in the leak tracking code. */
sudo_warnx("%s: unable to find %p, type %d", __func__, v, type);
return false;
found:
if (prev == NULL)
SLIST_REMOVE_HEAD(&parser_leak_list, entries);
else
SLIST_REMOVE_AFTER(prev, entries);
free(entry);
return true;
#endif /* NO_LEAKS */
}
void
parser_leak_free(void)
{
#ifdef NO_LEAKS
struct parser_leak_entry *entry;
void *next;
debug_decl(parser_leak_run, SUDOERS_DEBUG_PARSER);
/* Free the leaks. */
while ((entry = SLIST_FIRST(&parser_leak_list))) {
SLIST_REMOVE_HEAD(&parser_leak_list, entries);
switch (entry->type) {
case LEAK_PRIVILEGE:
{
struct privilege *priv;
HLTQ_FOREACH_SAFE(priv, entry->u.p, entries, next)
free_privilege(priv);
free(entry);
}
break;
case LEAK_CMNDSPEC:
{
struct cmndspec_list specs;
HLTQ_TO_TAILQ(&specs, entry->u.cs, entries);
free_cmndspecs(&specs);
free(entry);
}
break;
case LEAK_DEFAULTS:
{
struct defaults_list defs;
HLTQ_TO_TAILQ(&defs, entry->u.d, entries);
free_defaults(&defs);
free(entry);
}
break;
case LEAK_MEMBER:
{
struct member *m;
HLTQ_FOREACH_SAFE(m, entry->u.m, entries, next)
free_member(m);
free(entry);
}
break;
case LEAK_DIGEST:
{
struct command_digest *dig;
HLTQ_FOREACH_SAFE(dig, entry->u.dig, entries, next) {
free(dig->digest_str);
free(dig);
}
free(entry);
}
break;
case LEAK_RUNAS:
{
struct member *m;
if (entry->u.rc->runasusers != NULL) {
HLTQ_FOREACH_SAFE(m, entry->u.rc->runasusers, entries, next)
free_member(m);
}
if (entry->u.rc->runasgroups != NULL) {
HLTQ_FOREACH_SAFE(m, entry->u.rc->runasgroups, entries, next)
free_member(m);
}
free(entry->u.rc);
free(entry);
break;
}
case LEAK_PTR:
free(entry->u.ptr);
free(entry);
break;
default:
sudo_warnx("unexpected garbage type %d", entry->type);
}
}
debug_return;
#endif /* NO_LEAKS */
}
void
parser_leak_init(void)
{
#ifdef NO_LEAKS
static bool initialized;
debug_decl(parser_leak_init, SUDOERS_DEBUG_PARSER);
if (!initialized) {
atexit(parser_leak_free);
initialized = true;
debug_return;
}
/* Already initialized, free existing leaks. */
parser_leak_free();
debug_return;
#endif /* NO_LEAKS */
}

35
plugins/sudoers/parse.h
View File

@@ -294,6 +294,37 @@ struct cmnd_info {
int status; int status;
}; };
/*
* The parser passes pointers to data structures that are not stored anywhere.
* We add them to the leak list at allocation time and remove them from
* the list when they are stored in another data structure.
* This makes it possible to free data on error that would otherwise be leaked.
*/
enum parser_leak_types {
LEAK_UNKNOWN,
LEAK_PRIVILEGE,
LEAK_CMNDSPEC,
LEAK_DEFAULTS,
LEAK_MEMBER,
LEAK_DIGEST,
LEAK_RUNAS,
LEAK_PTR
};
struct parser_leak_entry {
SLIST_ENTRY(parser_leak_entry) entries;
enum parser_leak_types type;
union {
struct command_digest *dig;
struct privilege *p;
struct cmndspec *cs;
struct defaults *d;
struct member *m;
struct runascontainer *rc;
void *ptr;
} u;
};
SLIST_HEAD(parser_leak_list, parser_leak_entry);
/* alias.c */ /* alias.c */
struct rbtree *alloc_aliases(void); struct rbtree *alloc_aliases(void);
void free_aliases(struct rbtree *aliases); void free_aliases(struct rbtree *aliases);
@@ -313,6 +344,7 @@ bool init_parser(const char *path, bool quiet, bool strict);
struct member *new_member_all(char *name); struct member *new_member_all(char *name);
void free_member(struct member *m); void free_member(struct member *m);
void free_members(struct member_list *members); void free_members(struct member_list *members);
void free_cmndspecs(struct cmndspec_list *csl);
void free_privilege(struct privilege *priv); void free_privilege(struct privilege *priv);
void free_userspec(struct userspec *us); void free_userspec(struct userspec *us);
void free_userspecs(struct userspec_list *usl); void free_userspecs(struct userspec_list *usl);
@@ -321,6 +353,9 @@ void free_defaults(struct defaults_list *defs);
void init_parse_tree(struct sudoers_parse_tree *parse_tree, const char *lhost, const char *shost); void init_parse_tree(struct sudoers_parse_tree *parse_tree, const char *lhost, const char *shost);
void free_parse_tree(struct sudoers_parse_tree *parse_tree); void free_parse_tree(struct sudoers_parse_tree *parse_tree);
void reparent_parse_tree(struct sudoers_parse_tree *new_tree); void reparent_parse_tree(struct sudoers_parse_tree *new_tree);
bool parser_leak_add(enum parser_leak_types type, void *v);
bool parser_leak_remove(enum parser_leak_types type, void *v);
void parser_leak_init(void);
/* match_addr.c */ /* match_addr.c */
bool addr_matches(char *n); bool addr_matches(char *n);

186
plugins/sudoers/toke.c
View File

@@ -3105,13 +3105,14 @@ YY_RULE_SETUP
LEXTRACE("DEFVAR "); LEXTRACE("DEFVAR ");
if (!fill(sudoerstext, sudoersleng)) if (!fill(sudoerstext, sudoersleng))
yyterminate(); yyterminate();
parser_leak_add(LEAK_PTR, sudoerslval.string);
return DEFVAR; return DEFVAR;
} }
YY_BREAK YY_BREAK
case 4: case 4:
YY_RULE_SETUP YY_RULE_SETUP
#line 134 "toke.l" #line 135 "toke.l"
{ {
BEGIN STARTDEFS; BEGIN STARTDEFS;
LEXTRACE(", "); LEXTRACE(", ");
@@ -3120,7 +3121,7 @@ YY_RULE_SETUP
YY_BREAK YY_BREAK
case 5: case 5:
YY_RULE_SETUP YY_RULE_SETUP
#line 140 "toke.l" #line 141 "toke.l"
{ {
LEXTRACE("= "); LEXTRACE("= ");
return '='; return '=';
@@ -3128,7 +3129,7 @@ YY_RULE_SETUP
YY_BREAK YY_BREAK
case 6: case 6:
YY_RULE_SETUP YY_RULE_SETUP
#line 145 "toke.l" #line 146 "toke.l"
{ {
LEXTRACE("+= "); LEXTRACE("+= ");
return '+'; return '+';
@@ -3136,7 +3137,7 @@ YY_RULE_SETUP
YY_BREAK YY_BREAK
case 7: case 7:
YY_RULE_SETUP YY_RULE_SETUP
#line 150 "toke.l" #line 151 "toke.l"
{ {
LEXTRACE("-= "); LEXTRACE("-= ");
return '-'; return '-';
@@ -3144,7 +3145,7 @@ YY_RULE_SETUP
YY_BREAK YY_BREAK
case 8: case 8:
YY_RULE_SETUP YY_RULE_SETUP
#line 155 "toke.l" #line 156 "toke.l"
{ {
LEXTRACE("BEGINSTR "); LEXTRACE("BEGINSTR ");
sudoerslval.string = NULL; sudoerslval.string = NULL;
@@ -3154,11 +3155,12 @@ YY_RULE_SETUP
YY_BREAK YY_BREAK
case 9: case 9:
YY_RULE_SETUP YY_RULE_SETUP
#line 162 "toke.l" #line 163 "toke.l"
{ {
LEXTRACE("WORD(2) "); LEXTRACE("WORD(2) ");
if (!fill(sudoerstext, sudoersleng)) if (!fill(sudoerstext, sudoersleng))
yyterminate(); yyterminate();
parser_leak_add(LEAK_PTR, sudoerslval.string);
return WORD; return WORD;
} }
YY_BREAK YY_BREAK
@@ -3167,7 +3169,7 @@ YY_RULE_SETUP
case 10: case 10:
/* rule 10 can match eol */ /* rule 10 can match eol */
YY_RULE_SETUP YY_RULE_SETUP
#line 171 "toke.l" #line 173 "toke.l"
{ {
/* Line continuation char followed by newline. */ /* Line continuation char followed by newline. */
sudolineno++; sudolineno++;
@@ -3176,7 +3178,7 @@ YY_RULE_SETUP
YY_BREAK YY_BREAK
case 11: case 11:
YY_RULE_SETUP YY_RULE_SETUP
#line 177 "toke.l" #line 179 "toke.l"
{ {
LEXTRACE("ENDSTR "); LEXTRACE("ENDSTR ");
BEGIN prev_state; BEGIN prev_state;
@@ -3192,29 +3194,34 @@ YY_RULE_SETUP
if (sudoerslval.string[1] == '\0' || if (sudoerslval.string[1] == '\0' ||
(sudoerslval.string[1] == ':' && (sudoerslval.string[1] == ':' &&
sudoerslval.string[2] == '\0')) { sudoerslval.string[2] == '\0')) {
free(sudoerslval.string);
sudoerserror(N_("empty group")); sudoerserror(N_("empty group"));
LEXTRACE("ERROR "); LEXTRACE("ERROR ");
return ERROR; return ERROR;
} }
parser_leak_add(LEAK_PTR, sudoerslval.string);
LEXTRACE("USERGROUP "); LEXTRACE("USERGROUP ");
return USERGROUP; return USERGROUP;
case '+': case '+':
if (sudoerslval.string[1] == '\0') { if (sudoerslval.string[1] == '\0') {
free(sudoerslval.string);
sudoerserror(N_("empty netgroup")); sudoerserror(N_("empty netgroup"));
LEXTRACE("ERROR "); LEXTRACE("ERROR ");
return ERROR; return ERROR;
} }
parser_leak_add(LEAK_PTR, sudoerslval.string);
LEXTRACE("NETGROUP "); LEXTRACE("NETGROUP ");
return NETGROUP; return NETGROUP;
} }
} }
parser_leak_add(LEAK_PTR, sudoerslval.string);
LEXTRACE("WORD(4) "); LEXTRACE("WORD(4) ");
return WORD; return WORD;
} }
YY_BREAK YY_BREAK
case 12: case 12:
YY_RULE_SETUP YY_RULE_SETUP
#line 212 "toke.l" #line 219 "toke.l"
{ {
LEXTRACE("BACKSLASH "); LEXTRACE("BACKSLASH ");
if (!append(sudoerstext, sudoersleng)) if (!append(sudoerstext, sudoersleng))
@@ -3223,7 +3230,7 @@ YY_RULE_SETUP
YY_BREAK YY_BREAK
case 13: case 13:
YY_RULE_SETUP YY_RULE_SETUP
#line 218 "toke.l" #line 225 "toke.l"
{ {
LEXTRACE("STRBODY "); LEXTRACE("STRBODY ");
if (!append(sudoerstext, sudoersleng)) if (!append(sudoerstext, sudoersleng))
@@ -3234,7 +3241,7 @@ YY_RULE_SETUP
case 14: case 14:
YY_RULE_SETUP YY_RULE_SETUP
#line 226 "toke.l" #line 233 "toke.l"
{ {
/* quoted fnmatch glob char, pass verbatim */ /* quoted fnmatch glob char, pass verbatim */
LEXTRACE("QUOTEDCHAR "); LEXTRACE("QUOTEDCHAR ");
@@ -3245,7 +3252,7 @@ YY_RULE_SETUP
YY_BREAK YY_BREAK
case 15: case 15:
YY_RULE_SETUP YY_RULE_SETUP
#line 234 "toke.l" #line 241 "toke.l"
{ {
/* quoted sudoers special char, strip backslash */ /* quoted sudoers special char, strip backslash */
LEXTRACE("QUOTEDCHAR "); LEXTRACE("QUOTEDCHAR ");
@@ -3257,17 +3264,19 @@ YY_RULE_SETUP
case 16: case 16:
/* rule 16 can match eol */ /* rule 16 can match eol */
YY_RULE_SETUP YY_RULE_SETUP
#line 242 "toke.l" #line 249 "toke.l"
{ {
BEGIN INITIAL; BEGIN INITIAL;
sudoersless(0); sudoersless(0);
yy_set_bol(0); yy_set_bol(0);
parser_leak_add(LEAK_PTR, sudoerslval.command.cmnd);
parser_leak_add(LEAK_PTR, sudoerslval.command.args);
return COMMAND; return COMMAND;
} /* end of command line args */ } /* end of command line args */
YY_BREAK YY_BREAK
case 17: case 17:
YY_RULE_SETUP YY_RULE_SETUP
#line 249 "toke.l" #line 258 "toke.l"
{ {
LEXTRACE("ARG "); LEXTRACE("ARG ");
if (!fill_args(sudoerstext, sudoersleng, sawspace)) if (!fill_args(sudoerstext, sudoersleng, sawspace))
@@ -3278,7 +3287,7 @@ YY_RULE_SETUP
case 18: case 18:
YY_RULE_SETUP YY_RULE_SETUP
#line 257 "toke.l" #line 266 "toke.l"
{ {
/* Only return DIGEST if the length is correct. */ /* Only return DIGEST if the length is correct. */
yy_size_t digest_len = yy_size_t digest_len =
@@ -3286,6 +3295,7 @@ YY_RULE_SETUP
if ((yy_size_t)sudoersleng == digest_len * 2) { if ((yy_size_t)sudoersleng == digest_len * 2) {
if (!fill(sudoerstext, sudoersleng)) if (!fill(sudoerstext, sudoersleng))
yyterminate(); yyterminate();
parser_leak_add(LEAK_PTR, sudoerslval.string);
BEGIN INITIAL; BEGIN INITIAL;
LEXTRACE("DIGEST "); LEXTRACE("DIGEST ");
return DIGEST; return DIGEST;
@@ -3296,7 +3306,7 @@ YY_RULE_SETUP
YY_BREAK YY_BREAK
case 19: case 19:
YY_RULE_SETUP YY_RULE_SETUP
#line 272 "toke.l" #line 282 "toke.l"
{ {
/* Only return DIGEST if the length is correct. */ /* Only return DIGEST if the length is correct. */
yy_size_t len, digest_len = yy_size_t len, digest_len =
@@ -3311,6 +3321,7 @@ YY_RULE_SETUP
if ((yy_size_t)sudoersleng == len) { if ((yy_size_t)sudoersleng == len) {
if (!fill(sudoerstext, sudoersleng)) if (!fill(sudoerstext, sudoersleng))
yyterminate(); yyterminate();
parser_leak_add(LEAK_PTR, sudoerslval.string);
BEGIN INITIAL; BEGIN INITIAL;
LEXTRACE("DIGEST "); LEXTRACE("DIGEST ");
return DIGEST; return DIGEST;
@@ -3321,7 +3332,7 @@ YY_RULE_SETUP
YY_BREAK YY_BREAK
case 20: case 20:
YY_RULE_SETUP YY_RULE_SETUP
#line 294 "toke.l" #line 305 "toke.l"
{ {
if (continued) { if (continued) {
sudoerserror(N_("invalid line continuation")); sudoerserror(N_("invalid line continuation"));
@@ -3336,7 +3347,7 @@ YY_RULE_SETUP
YY_BREAK YY_BREAK
case 21: case 21:
YY_RULE_SETUP YY_RULE_SETUP
#line 306 "toke.l" #line 317 "toke.l"
{ {
if (continued) { if (continued) {
sudoerserror(N_("invalid line continuation")); sudoerserror(N_("invalid line continuation"));
@@ -3352,7 +3363,7 @@ YY_RULE_SETUP
case 22: case 22:
/* rule 22 can match eol */ /* rule 22 can match eol */
YY_RULE_SETUP YY_RULE_SETUP
#line 318 "toke.l" #line 329 "toke.l"
{ {
if (continued) { if (continued) {
sudoerserror(N_("invalid line continuation")); sudoerserror(N_("invalid line continuation"));
@@ -3372,7 +3383,7 @@ YY_RULE_SETUP
case 23: case 23:
/* rule 23 can match eol */ /* rule 23 can match eol */
YY_RULE_SETUP YY_RULE_SETUP
#line 334 "toke.l" #line 345 "toke.l"
{ {
if (continued) { if (continued) {
sudoerserror(N_("invalid line continuation")); sudoerserror(N_("invalid line continuation"));
@@ -3391,7 +3402,7 @@ YY_RULE_SETUP
YY_BREAK YY_BREAK
case 24: case 24:
YY_RULE_SETUP YY_RULE_SETUP
#line 350 "toke.l" #line 361 "toke.l"
{ {
char deftype; char deftype;
int n; int n;
@@ -3435,7 +3446,7 @@ YY_RULE_SETUP
YY_BREAK YY_BREAK
case 25: case 25:
YY_RULE_SETUP YY_RULE_SETUP
#line 391 "toke.l" #line 402 "toke.l"
{ {
int n; int n;
@@ -3465,7 +3476,7 @@ YY_RULE_SETUP
YY_BREAK YY_BREAK
case 26: case 26:
YY_RULE_SETUP YY_RULE_SETUP
#line 418 "toke.l" #line 429 "toke.l"
{ {
/* cmnd does not require passwd for this user */ /* cmnd does not require passwd for this user */
LEXTRACE("NOPASSWD "); LEXTRACE("NOPASSWD ");
@@ -3474,7 +3485,7 @@ YY_RULE_SETUP
YY_BREAK YY_BREAK
case 27: case 27:
YY_RULE_SETUP YY_RULE_SETUP
#line 424 "toke.l" #line 435 "toke.l"
{ {
/* cmnd requires passwd for this user */ /* cmnd requires passwd for this user */
LEXTRACE("PASSWD "); LEXTRACE("PASSWD ");
@@ -3483,7 +3494,7 @@ YY_RULE_SETUP
YY_BREAK YY_BREAK
case 28: case 28:
YY_RULE_SETUP YY_RULE_SETUP
#line 430 "toke.l" #line 441 "toke.l"
{ {
LEXTRACE("NOEXEC "); LEXTRACE("NOEXEC ");
return NOEXEC; return NOEXEC;
@@ -3491,7 +3502,7 @@ YY_RULE_SETUP
YY_BREAK YY_BREAK
case 29: case 29:
YY_RULE_SETUP YY_RULE_SETUP
#line 435 "toke.l" #line 446 "toke.l"
{ {
LEXTRACE("EXEC "); LEXTRACE("EXEC ");
return EXEC; return EXEC;
@@ -3499,7 +3510,7 @@ YY_RULE_SETUP
YY_BREAK YY_BREAK
case 30: case 30:
YY_RULE_SETUP YY_RULE_SETUP
#line 440 "toke.l" #line 451 "toke.l"
{ {
LEXTRACE("SETENV "); LEXTRACE("SETENV ");
return SETENV; return SETENV;
@@ -3507,7 +3518,7 @@ YY_RULE_SETUP
YY_BREAK YY_BREAK
case 31: case 31:
YY_RULE_SETUP YY_RULE_SETUP
#line 445 "toke.l" #line 456 "toke.l"
{ {
LEXTRACE("NOSETENV "); LEXTRACE("NOSETENV ");
return NOSETENV; return NOSETENV;
@@ -3515,7 +3526,7 @@ YY_RULE_SETUP
YY_BREAK YY_BREAK
case 32: case 32:
YY_RULE_SETUP YY_RULE_SETUP
#line 450 "toke.l" #line 461 "toke.l"
{ {
LEXTRACE("LOG_OUTPUT "); LEXTRACE("LOG_OUTPUT ");
return LOG_OUTPUT; return LOG_OUTPUT;
@@ -3523,7 +3534,7 @@ YY_RULE_SETUP
YY_BREAK YY_BREAK
case 33: case 33:
YY_RULE_SETUP YY_RULE_SETUP
#line 455 "toke.l" #line 466 "toke.l"
{ {
LEXTRACE("NOLOG_OUTPUT "); LEXTRACE("NOLOG_OUTPUT ");
return NOLOG_OUTPUT; return NOLOG_OUTPUT;
@@ -3531,7 +3542,7 @@ YY_RULE_SETUP
YY_BREAK YY_BREAK
case 34: case 34:
YY_RULE_SETUP YY_RULE_SETUP
#line 460 "toke.l" #line 471 "toke.l"
{ {
LEXTRACE("LOG_INPUT "); LEXTRACE("LOG_INPUT ");
return LOG_INPUT; return LOG_INPUT;
@@ -3539,7 +3550,7 @@ YY_RULE_SETUP
YY_BREAK YY_BREAK
case 35: case 35:
YY_RULE_SETUP YY_RULE_SETUP
#line 465 "toke.l" #line 476 "toke.l"
{ {
LEXTRACE("NOLOG_INPUT "); LEXTRACE("NOLOG_INPUT ");
return NOLOG_INPUT; return NOLOG_INPUT;
@@ -3547,7 +3558,7 @@ YY_RULE_SETUP
YY_BREAK YY_BREAK
case 36: case 36:
YY_RULE_SETUP YY_RULE_SETUP
#line 470 "toke.l" #line 481 "toke.l"
{ {
LEXTRACE("MAIL "); LEXTRACE("MAIL ");
return MAIL; return MAIL;
@@ -3555,7 +3566,7 @@ YY_RULE_SETUP
YY_BREAK YY_BREAK
case 37: case 37:
YY_RULE_SETUP YY_RULE_SETUP
#line 475 "toke.l" #line 486 "toke.l"
{ {
LEXTRACE("NOMAIL "); LEXTRACE("NOMAIL ");
return NOMAIL; return NOMAIL;
@@ -3563,7 +3574,7 @@ YY_RULE_SETUP
YY_BREAK YY_BREAK
case 38: case 38:
YY_RULE_SETUP YY_RULE_SETUP
#line 480 "toke.l" #line 491 "toke.l"
{ {
LEXTRACE("FOLLOW "); LEXTRACE("FOLLOW ");
return FOLLOWLNK; return FOLLOWLNK;
@@ -3571,7 +3582,7 @@ YY_RULE_SETUP
YY_BREAK YY_BREAK
case 39: case 39:
YY_RULE_SETUP YY_RULE_SETUP
#line 485 "toke.l" #line 496 "toke.l"
{ {
LEXTRACE("NOFOLLOW "); LEXTRACE("NOFOLLOW ");
return NOFOLLOWLNK; return NOFOLLOWLNK;
@@ -3579,7 +3590,7 @@ YY_RULE_SETUP
YY_BREAK YY_BREAK
case 40: case 40:
YY_RULE_SETUP YY_RULE_SETUP
#line 490 "toke.l" #line 501 "toke.l"
{ {
if (sudoerstext[0] == '+') if (sudoerstext[0] == '+')
sudoerserror(N_("empty netgroup")); sudoerserror(N_("empty netgroup"));
@@ -3591,49 +3602,53 @@ YY_RULE_SETUP
YY_BREAK YY_BREAK
case 41: case 41:
YY_RULE_SETUP YY_RULE_SETUP
#line 499 "toke.l" #line 510 "toke.l"
{ {
/* netgroup */ /* netgroup */
if (!fill(sudoerstext, sudoersleng)) if (!fill(sudoerstext, sudoersleng))
yyterminate(); yyterminate();
parser_leak_add(LEAK_PTR, sudoerslval.string);
LEXTRACE("NETGROUP "); LEXTRACE("NETGROUP ");
return NETGROUP; return NETGROUP;
} }
YY_BREAK YY_BREAK
case 42: case 42:
YY_RULE_SETUP YY_RULE_SETUP
#line 507 "toke.l" #line 519 "toke.l"
{ {
/* group */ /* group */
if (!fill(sudoerstext, sudoersleng)) if (!fill(sudoerstext, sudoersleng))
yyterminate(); yyterminate();
parser_leak_add(LEAK_PTR, sudoerslval.string);
LEXTRACE("USERGROUP "); LEXTRACE("USERGROUP ");
return USERGROUP; return USERGROUP;
} }
YY_BREAK YY_BREAK
case 43: case 43:
YY_RULE_SETUP YY_RULE_SETUP
#line 515 "toke.l" #line 528 "toke.l"
{ {
if (!fill(sudoerstext, sudoersleng)) if (!fill(sudoerstext, sudoersleng))
yyterminate(); yyterminate();
parser_leak_add(LEAK_PTR, sudoerslval.string);
LEXTRACE("NTWKADDR "); LEXTRACE("NTWKADDR ");
return NTWKADDR; return NTWKADDR;
} }
YY_BREAK YY_BREAK
case 44: case 44:
YY_RULE_SETUP YY_RULE_SETUP
#line 522 "toke.l" #line 536 "toke.l"
{ {
if (!fill(sudoerstext, sudoersleng)) if (!fill(sudoerstext, sudoersleng))
yyterminate(); yyterminate();
parser_leak_add(LEAK_PTR, sudoerslval.string);
LEXTRACE("NTWKADDR "); LEXTRACE("NTWKADDR ");
return NTWKADDR; return NTWKADDR;
} }
YY_BREAK YY_BREAK
case 45: case 45:
YY_RULE_SETUP YY_RULE_SETUP
#line 529 "toke.l" #line 544 "toke.l"
{ {
if (!ipv6_valid(sudoerstext)) { if (!ipv6_valid(sudoerstext)) {
sudoerserror(N_("invalid IPv6 address")); sudoerserror(N_("invalid IPv6 address"));
@@ -3642,13 +3657,14 @@ YY_RULE_SETUP
} }
if (!fill(sudoerstext, sudoersleng)) if (!fill(sudoerstext, sudoersleng))
yyterminate(); yyterminate();
parser_leak_add(LEAK_PTR, sudoerslval.string);
LEXTRACE("NTWKADDR "); LEXTRACE("NTWKADDR ");
return NTWKADDR; return NTWKADDR;
} }
YY_BREAK YY_BREAK
case 46: case 46:
YY_RULE_SETUP YY_RULE_SETUP
#line 541 "toke.l" #line 557 "toke.l"
{ {
if (!ipv6_valid(sudoerstext)) { if (!ipv6_valid(sudoerstext)) {
sudoerserror(N_("invalid IPv6 address")); sudoerserror(N_("invalid IPv6 address"));
@@ -3657,13 +3673,14 @@ YY_RULE_SETUP
} }
if (!fill(sudoerstext, sudoersleng)) if (!fill(sudoerstext, sudoersleng))
yyterminate(); yyterminate();
parser_leak_add(LEAK_PTR, sudoerslval.string);
LEXTRACE("NTWKADDR "); LEXTRACE("NTWKADDR ");
return NTWKADDR; return NTWKADDR;
} }
YY_BREAK YY_BREAK
case 47: case 47:
YY_RULE_SETUP YY_RULE_SETUP
#line 553 "toke.l" #line 570 "toke.l"
{ {
LEXTRACE("ALL "); LEXTRACE("ALL ");
return ALL; return ALL;
@@ -3672,7 +3689,7 @@ YY_RULE_SETUP
YY_BREAK YY_BREAK
case 48: case 48:
YY_RULE_SETUP YY_RULE_SETUP
#line 559 "toke.l" #line 576 "toke.l"
{ {
LEXTRACE("CMND_TIMEOUT "); LEXTRACE("CMND_TIMEOUT ");
return CMND_TIMEOUT; return CMND_TIMEOUT;
@@ -3680,7 +3697,7 @@ YY_RULE_SETUP
YY_BREAK YY_BREAK
case 49: case 49:
YY_RULE_SETUP YY_RULE_SETUP
#line 564 "toke.l" #line 581 "toke.l"
{ {
LEXTRACE("NOTBEFORE "); LEXTRACE("NOTBEFORE ");
return NOTBEFORE; return NOTBEFORE;
@@ -3688,7 +3705,7 @@ YY_RULE_SETUP
YY_BREAK YY_BREAK
case 50: case 50:
YY_RULE_SETUP YY_RULE_SETUP
#line 569 "toke.l" #line 586 "toke.l"
{ {
LEXTRACE("NOTAFTER "); LEXTRACE("NOTAFTER ");
return NOTAFTER; return NOTAFTER;
@@ -3696,7 +3713,7 @@ YY_RULE_SETUP
YY_BREAK YY_BREAK
case 51: case 51:
YY_RULE_SETUP YY_RULE_SETUP
#line 574 "toke.l" #line 591 "toke.l"
{ {
LEXTRACE("CWD "); LEXTRACE("CWD ");
prev_state = YY_START; prev_state = YY_START;
@@ -3706,7 +3723,7 @@ YY_RULE_SETUP
YY_BREAK YY_BREAK
case 52: case 52:
YY_RULE_SETUP YY_RULE_SETUP
#line 581 "toke.l" #line 598 "toke.l"
{ {
LEXTRACE("CHROOT "); LEXTRACE("CHROOT ");
prev_state = YY_START; prev_state = YY_START;
@@ -3716,7 +3733,7 @@ YY_RULE_SETUP
YY_BREAK YY_BREAK
case 53: case 53:
YY_RULE_SETUP YY_RULE_SETUP
#line 588 "toke.l" #line 605 "toke.l"
{ {
#ifdef HAVE_SELINUX #ifdef HAVE_SELINUX
LEXTRACE("ROLE "); LEXTRACE("ROLE ");
@@ -3728,7 +3745,7 @@ YY_RULE_SETUP
YY_BREAK YY_BREAK
case 54: case 54:
YY_RULE_SETUP YY_RULE_SETUP
#line 597 "toke.l" #line 614 "toke.l"
{ {
#ifdef HAVE_SELINUX #ifdef HAVE_SELINUX
LEXTRACE("TYPE "); LEXTRACE("TYPE ");
@@ -3740,7 +3757,7 @@ YY_RULE_SETUP
YY_BREAK YY_BREAK
case 55: case 55:
YY_RULE_SETUP YY_RULE_SETUP
#line 605 "toke.l" #line 622 "toke.l"
{ {
#ifdef HAVE_PRIV_SET #ifdef HAVE_PRIV_SET
LEXTRACE("PRIVS "); LEXTRACE("PRIVS ");
@@ -3752,7 +3769,7 @@ YY_RULE_SETUP
YY_BREAK YY_BREAK
case 56: case 56:
YY_RULE_SETUP YY_RULE_SETUP
#line 614 "toke.l" #line 631 "toke.l"
{ {
#ifdef HAVE_PRIV_SET #ifdef HAVE_PRIV_SET
LEXTRACE("LIMITPRIVS "); LEXTRACE("LIMITPRIVS ");
@@ -3764,30 +3781,33 @@ YY_RULE_SETUP
YY_BREAK YY_BREAK
case 57: case 57:
YY_RULE_SETUP YY_RULE_SETUP
#line 623 "toke.l" #line 640 "toke.l"
{ {
got_alias: got_alias:
if (!fill(sudoerstext, sudoersleng)) if (!fill(sudoerstext, sudoersleng))
yyterminate(); yyterminate();
parser_leak_add(LEAK_PTR, sudoerslval.string);
LEXTRACE("ALIAS "); LEXTRACE("ALIAS ");
return ALIAS; return ALIAS;
} }
YY_BREAK YY_BREAK
case 58: case 58:
YY_RULE_SETUP YY_RULE_SETUP
#line 631 "toke.l" #line 649 "toke.l"
{ {
/* XXX - no way to specify digest for command */ /* XXX - no way to specify digest for command */
/* no command args allowed for Defaults!/path */ /* no command args allowed for Defaults!/path */
if (!fill_cmnd(sudoerstext, sudoersleng)) if (!fill_cmnd(sudoerstext, sudoersleng))
yyterminate(); yyterminate();
parser_leak_add(LEAK_PTR, sudoerslval.command.cmnd);
parser_leak_add(LEAK_PTR, sudoerslval.command.args);
LEXTRACE("COMMAND "); LEXTRACE("COMMAND ");
return COMMAND; return COMMAND;
} }
YY_BREAK YY_BREAK
case 59: case 59:
YY_RULE_SETUP YY_RULE_SETUP
#line 640 "toke.l" #line 660 "toke.l"
{ {
digest_type = SUDO_DIGEST_SHA224; digest_type = SUDO_DIGEST_SHA224;
BEGIN WANTDIGEST; BEGIN WANTDIGEST;
@@ -3797,7 +3817,7 @@ YY_RULE_SETUP
YY_BREAK YY_BREAK
case 60: case 60:
YY_RULE_SETUP YY_RULE_SETUP
#line 647 "toke.l" #line 667 "toke.l"
{ {
digest_type = SUDO_DIGEST_SHA256; digest_type = SUDO_DIGEST_SHA256;
BEGIN WANTDIGEST; BEGIN WANTDIGEST;
@@ -3807,7 +3827,7 @@ YY_RULE_SETUP
YY_BREAK YY_BREAK
case 61: case 61:
YY_RULE_SETUP YY_RULE_SETUP
#line 654 "toke.l" #line 674 "toke.l"
{ {
digest_type = SUDO_DIGEST_SHA384; digest_type = SUDO_DIGEST_SHA384;
BEGIN WANTDIGEST; BEGIN WANTDIGEST;
@@ -3817,7 +3837,7 @@ YY_RULE_SETUP
YY_BREAK YY_BREAK
case 62: case 62:
YY_RULE_SETUP YY_RULE_SETUP
#line 661 "toke.l" #line 681 "toke.l"
{ {
digest_type = SUDO_DIGEST_SHA512; digest_type = SUDO_DIGEST_SHA512;
BEGIN WANTDIGEST; BEGIN WANTDIGEST;
@@ -3827,7 +3847,7 @@ YY_RULE_SETUP
YY_BREAK YY_BREAK
case 63: case 63:
YY_RULE_SETUP YY_RULE_SETUP
#line 668 "toke.l" #line 688 "toke.l"
{ {
BEGIN GOTCMND; BEGIN GOTCMND;
LEXTRACE("COMMAND "); LEXTRACE("COMMAND ");
@@ -3837,24 +3857,26 @@ YY_RULE_SETUP
YY_BREAK YY_BREAK
case 64: case 64:
YY_RULE_SETUP YY_RULE_SETUP
#line 675 "toke.l" #line 695 "toke.l"
{ {
BEGIN prev_state; BEGIN prev_state;
if (!fill(sudoerstext, sudoersleng)) if (!fill(sudoerstext, sudoersleng))
yyterminate(); yyterminate();
parser_leak_add(LEAK_PTR, sudoerslval.string);
LEXTRACE("WORD(5) "); LEXTRACE("WORD(5) ");
return WORD; return WORD;
} }
YY_BREAK YY_BREAK
case 65: case 65:
YY_RULE_SETUP YY_RULE_SETUP
#line 683 "toke.l" #line 704 "toke.l"
{ {
/* directories can't have args... */ /* directories can't have args... */
if (sudoerstext[sudoersleng - 1] == '/') { if (sudoerstext[sudoersleng - 1] == '/') {
LEXTRACE("COMMAND "); LEXTRACE("COMMAND ");
if (!fill_cmnd(sudoerstext, sudoersleng)) if (!fill_cmnd(sudoerstext, sudoersleng))
yyterminate(); yyterminate();
parser_leak_add(LEAK_PTR, sudoerslval.command.cmnd);
return COMMAND; return COMMAND;
} }
BEGIN GOTCMND; BEGIN GOTCMND;
@@ -3865,7 +3887,7 @@ YY_RULE_SETUP
YY_BREAK YY_BREAK
case 66: case 66:
YY_RULE_SETUP YY_RULE_SETUP
#line 697 "toke.l" #line 719 "toke.l"
{ {
LEXTRACE("BEGINSTR "); LEXTRACE("BEGINSTR ");
sudoerslval.string = NULL; sudoerslval.string = NULL;
@@ -3875,11 +3897,12 @@ YY_RULE_SETUP
YY_BREAK YY_BREAK
case 67: case 67:
YY_RULE_SETUP YY_RULE_SETUP
#line 704 "toke.l" #line 726 "toke.l"
{ {
/* a word */ /* a word */
if (!fill(sudoerstext, sudoersleng)) if (!fill(sudoerstext, sudoersleng))
yyterminate(); yyterminate();
parser_leak_add(LEAK_PTR, sudoerslval.string);
LEXTRACE("WORD(6) "); LEXTRACE("WORD(6) ");
return WORD; return WORD;
} }
@@ -3887,11 +3910,12 @@ YY_RULE_SETUP
case 68: case 68:
YY_RULE_SETUP YY_RULE_SETUP
#line 713 "toke.l" #line 736 "toke.l"
{ {
/* include file/directory */ /* include file/directory */
if (!fill(sudoerstext, sudoersleng)) if (!fill(sudoerstext, sudoersleng))
yyterminate(); yyterminate();
parser_leak_add(LEAK_PTR, sudoerslval.string);
BEGIN INITIAL; BEGIN INITIAL;
LEXTRACE("WORD(7) "); LEXTRACE("WORD(7) ");
return WORD; return WORD;
@@ -3899,7 +3923,7 @@ YY_RULE_SETUP
YY_BREAK YY_BREAK
case 69: case 69:
YY_RULE_SETUP YY_RULE_SETUP
#line 722 "toke.l" #line 746 "toke.l"
{ {
LEXTRACE("BEGINSTR "); LEXTRACE("BEGINSTR ");
sudoerslval.string = NULL; sudoerslval.string = NULL;
@@ -3910,7 +3934,7 @@ YY_RULE_SETUP
case 70: case 70:
YY_RULE_SETUP YY_RULE_SETUP
#line 730 "toke.l" #line 754 "toke.l"
{ {
LEXTRACE("( "); LEXTRACE("( ");
return '('; return '(';
@@ -3918,7 +3942,7 @@ YY_RULE_SETUP
YY_BREAK YY_BREAK
case 71: case 71:
YY_RULE_SETUP YY_RULE_SETUP
#line 735 "toke.l" #line 759 "toke.l"
{ {
LEXTRACE(") "); LEXTRACE(") ");
return ')'; return ')';
@@ -3926,7 +3950,7 @@ YY_RULE_SETUP
YY_BREAK YY_BREAK
case 72: case 72:
YY_RULE_SETUP YY_RULE_SETUP
#line 740 "toke.l" #line 764 "toke.l"
{ {
LEXTRACE(", "); LEXTRACE(", ");
return ','; return ',';
@@ -3934,7 +3958,7 @@ YY_RULE_SETUP
YY_BREAK YY_BREAK
case 73: case 73:
YY_RULE_SETUP YY_RULE_SETUP
#line 745 "toke.l" #line 769 "toke.l"
{ {
LEXTRACE("= "); LEXTRACE("= ");
return '='; return '=';
@@ -3942,7 +3966,7 @@ YY_RULE_SETUP
YY_BREAK YY_BREAK
case 74: case 74:
YY_RULE_SETUP YY_RULE_SETUP
#line 750 "toke.l" #line 774 "toke.l"
{ {
LEXTRACE(": "); LEXTRACE(": ");
return ':'; return ':';
@@ -3950,7 +3974,7 @@ YY_RULE_SETUP
YY_BREAK YY_BREAK
case 75: case 75:
YY_RULE_SETUP YY_RULE_SETUP
#line 755 "toke.l" #line 779 "toke.l"
{ {
if (sudoersleng & 1) { if (sudoersleng & 1) {
LEXTRACE("!"); LEXTRACE("!");
@@ -3961,7 +3985,7 @@ YY_RULE_SETUP
case 76: case 76:
/* rule 76 can match eol */ /* rule 76 can match eol */
YY_RULE_SETUP YY_RULE_SETUP
#line 762 "toke.l" #line 786 "toke.l"
{ {
if (YY_START == INSTR) { if (YY_START == INSTR) {
/* re-scan after changing state */ /* re-scan after changing state */
@@ -3980,7 +4004,7 @@ YY_RULE_SETUP
YY_BREAK YY_BREAK
case 77: case 77:
YY_RULE_SETUP YY_RULE_SETUP
#line 778 "toke.l" #line 802 "toke.l"
{ /* throw away space/tabs */ { /* throw away space/tabs */
sawspace = true; /* but remember for fill_args */ sawspace = true; /* but remember for fill_args */
} }
@@ -3988,7 +4012,7 @@ YY_RULE_SETUP
case 78: case 78:
/* rule 78 can match eol */ /* rule 78 can match eol */
YY_RULE_SETUP YY_RULE_SETUP
#line 782 "toke.l" #line 806 "toke.l"
{ {
sawspace = true; /* remember for fill_args */ sawspace = true; /* remember for fill_args */
sudolineno++; sudolineno++;
@@ -3998,7 +4022,7 @@ YY_RULE_SETUP
case 79: case 79:
/* rule 79 can match eol */ /* rule 79 can match eol */
YY_RULE_SETUP YY_RULE_SETUP
#line 788 "toke.l" #line 812 "toke.l"
{ {
if (sudoerstext[sudoersleng - 1] == '\n') { if (sudoerstext[sudoersleng - 1] == '\n') {
/* comment ending in a newline */ /* comment ending in a newline */
@@ -4016,7 +4040,7 @@ YY_RULE_SETUP
YY_BREAK YY_BREAK
case 80: case 80:
YY_RULE_SETUP YY_RULE_SETUP
#line 803 "toke.l" #line 827 "toke.l"
{ {
LEXTRACE("NOMATCH "); LEXTRACE("NOMATCH ");
return NOMATCH; return NOMATCH;
@@ -4031,7 +4055,7 @@ case YY_STATE_EOF(INSTR):
case YY_STATE_EOF(WANTDIGEST): case YY_STATE_EOF(WANTDIGEST):
case YY_STATE_EOF(GOTINC): case YY_STATE_EOF(GOTINC):
case YY_STATE_EOF(EXPECTPATH): case YY_STATE_EOF(EXPECTPATH):
#line 808 "toke.l" #line 832 "toke.l"
{ {
if (!pop_include()) if (!pop_include())
yyterminate(); yyterminate();
@@ -4039,10 +4063,10 @@ case YY_STATE_EOF(EXPECTPATH):
YY_BREAK YY_BREAK
case 81: case 81:
YY_RULE_SETUP YY_RULE_SETUP
#line 813 "toke.l" #line 837 "toke.l"
ECHO; ECHO;
YY_BREAK YY_BREAK
#line 4040 "toke.c" #line 4064 "toke.c"
case YY_END_OF_BUFFER: case YY_END_OF_BUFFER:
{ {
@@ -5003,7 +5027,7 @@ void sudoersfree (void * ptr )
#define YYTABLES_NAME "yytables" #define YYTABLES_NAME "yytables"
#line 813 "toke.l" #line 837 "toke.l"
struct path_list { struct path_list {

24
plugins/sudoers/toke.l
View File

@@ -127,6 +127,7 @@ DEFVAR [a-z_]+
LEXTRACE("DEFVAR "); LEXTRACE("DEFVAR ");
if (!fill(sudoerstext, sudoersleng)) if (!fill(sudoerstext, sudoersleng))
yyterminate(); yyterminate();
parser_leak_add(LEAK_PTR, sudoerslval.string);
return DEFVAR; return DEFVAR;
} }
@@ -163,6 +164,7 @@ DEFVAR [a-z_]+
LEXTRACE("WORD(2) "); LEXTRACE("WORD(2) ");
if (!fill(sudoerstext, sudoersleng)) if (!fill(sudoerstext, sudoersleng))
yyterminate(); yyterminate();
parser_leak_add(LEAK_PTR, sudoerslval.string);
return WORD; return WORD;
} }
} }
@@ -189,22 +191,27 @@ DEFVAR [a-z_]+
if (sudoerslval.string[1] == '\0' || if (sudoerslval.string[1] == '\0' ||
(sudoerslval.string[1] == ':' && (sudoerslval.string[1] == ':' &&
sudoerslval.string[2] == '\0')) { sudoerslval.string[2] == '\0')) {
free(sudoerslval.string);
sudoerserror(N_("empty group")); sudoerserror(N_("empty group"));
LEXTRACE("ERROR "); LEXTRACE("ERROR ");
return ERROR; return ERROR;
} }
parser_leak_add(LEAK_PTR, sudoerslval.string);
LEXTRACE("USERGROUP "); LEXTRACE("USERGROUP ");
return USERGROUP; return USERGROUP;
case '+': case '+':
if (sudoerslval.string[1] == '\0') { if (sudoerslval.string[1] == '\0') {
free(sudoerslval.string);
sudoerserror(N_("empty netgroup")); sudoerserror(N_("empty netgroup"));
LEXTRACE("ERROR "); LEXTRACE("ERROR ");
return ERROR; return ERROR;
} }
parser_leak_add(LEAK_PTR, sudoerslval.string);
LEXTRACE("NETGROUP "); LEXTRACE("NETGROUP ");
return NETGROUP; return NETGROUP;
} }
} }
parser_leak_add(LEAK_PTR, sudoerslval.string);
LEXTRACE("WORD(4) "); LEXTRACE("WORD(4) ");
return WORD; return WORD;
} }
@@ -243,6 +250,8 @@ DEFVAR [a-z_]+
BEGIN INITIAL; BEGIN INITIAL;
sudoersless(0); sudoersless(0);
yy_set_bol(0); yy_set_bol(0);
parser_leak_add(LEAK_PTR, sudoerslval.command.cmnd);
parser_leak_add(LEAK_PTR, sudoerslval.command.args);
return COMMAND; return COMMAND;
} /* end of command line args */ } /* end of command line args */
@@ -261,6 +270,7 @@ DEFVAR [a-z_]+
if ((yy_size_t)sudoersleng == digest_len * 2) { if ((yy_size_t)sudoersleng == digest_len * 2) {
if (!fill(sudoerstext, sudoersleng)) if (!fill(sudoerstext, sudoersleng))
yyterminate(); yyterminate();
parser_leak_add(LEAK_PTR, sudoerslval.string);
BEGIN INITIAL; BEGIN INITIAL;
LEXTRACE("DIGEST "); LEXTRACE("DIGEST ");
return DIGEST; return DIGEST;
@@ -283,6 +293,7 @@ DEFVAR [a-z_]+
if ((yy_size_t)sudoersleng == len) { if ((yy_size_t)sudoersleng == len) {
if (!fill(sudoerstext, sudoersleng)) if (!fill(sudoerstext, sudoersleng))
yyterminate(); yyterminate();
parser_leak_add(LEAK_PTR, sudoerslval.string);
BEGIN INITIAL; BEGIN INITIAL;
LEXTRACE("DIGEST "); LEXTRACE("DIGEST ");
return DIGEST; return DIGEST;
@@ -500,6 +511,7 @@ NOFOLLOW[[:blank:]]*: {
/* netgroup */ /* netgroup */
if (!fill(sudoerstext, sudoersleng)) if (!fill(sudoerstext, sudoersleng))
yyterminate(); yyterminate();
parser_leak_add(LEAK_PTR, sudoerslval.string);
LEXTRACE("NETGROUP "); LEXTRACE("NETGROUP ");
return NETGROUP; return NETGROUP;
} }
@@ -508,6 +520,7 @@ NOFOLLOW[[:blank:]]*: {
/* group */ /* group */
if (!fill(sudoerstext, sudoersleng)) if (!fill(sudoerstext, sudoersleng))
yyterminate(); yyterminate();
parser_leak_add(LEAK_PTR, sudoerslval.string);
LEXTRACE("USERGROUP "); LEXTRACE("USERGROUP ");
return USERGROUP; return USERGROUP;
} }
@@ -515,6 +528,7 @@ NOFOLLOW[[:blank:]]*: {
{IPV4ADDR}(\/{IPV4ADDR})? { {IPV4ADDR}(\/{IPV4ADDR})? {
if (!fill(sudoerstext, sudoersleng)) if (!fill(sudoerstext, sudoersleng))
yyterminate(); yyterminate();
parser_leak_add(LEAK_PTR, sudoerslval.string);
LEXTRACE("NTWKADDR "); LEXTRACE("NTWKADDR ");
return NTWKADDR; return NTWKADDR;
} }
@@ -522,6 +536,7 @@ NOFOLLOW[[:blank:]]*: {
{IPV4ADDR}\/([12]?[0-9]|3[0-2]) { {IPV4ADDR}\/([12]?[0-9]|3[0-2]) {
if (!fill(sudoerstext, sudoersleng)) if (!fill(sudoerstext, sudoersleng))
yyterminate(); yyterminate();
parser_leak_add(LEAK_PTR, sudoerslval.string);
LEXTRACE("NTWKADDR "); LEXTRACE("NTWKADDR ");
return NTWKADDR; return NTWKADDR;
} }
@@ -534,6 +549,7 @@ NOFOLLOW[[:blank:]]*: {
} }
if (!fill(sudoerstext, sudoersleng)) if (!fill(sudoerstext, sudoersleng))
yyterminate(); yyterminate();
parser_leak_add(LEAK_PTR, sudoerslval.string);
LEXTRACE("NTWKADDR "); LEXTRACE("NTWKADDR ");
return NTWKADDR; return NTWKADDR;
} }
@@ -546,6 +562,7 @@ NOFOLLOW[[:blank:]]*: {
} }
if (!fill(sudoerstext, sudoersleng)) if (!fill(sudoerstext, sudoersleng))
yyterminate(); yyterminate();
parser_leak_add(LEAK_PTR, sudoerslval.string);
LEXTRACE("NTWKADDR "); LEXTRACE("NTWKADDR ");
return NTWKADDR; return NTWKADDR;
} }
@@ -624,6 +641,7 @@ ALL {
got_alias: got_alias:
if (!fill(sudoerstext, sudoersleng)) if (!fill(sudoerstext, sudoersleng))
yyterminate(); yyterminate();
parser_leak_add(LEAK_PTR, sudoerslval.string);
LEXTRACE("ALIAS "); LEXTRACE("ALIAS ");
return ALIAS; return ALIAS;
} }
@@ -633,6 +651,8 @@ ALL {
/* no command args allowed for Defaults!/path */ /* no command args allowed for Defaults!/path */
if (!fill_cmnd(sudoerstext, sudoersleng)) if (!fill_cmnd(sudoerstext, sudoersleng))
yyterminate(); yyterminate();
parser_leak_add(LEAK_PTR, sudoerslval.command.cmnd);
parser_leak_add(LEAK_PTR, sudoerslval.command.args);
LEXTRACE("COMMAND "); LEXTRACE("COMMAND ");
return COMMAND; return COMMAND;
} }
@@ -676,6 +696,7 @@ sudoedit {
BEGIN prev_state; BEGIN prev_state;
if (!fill(sudoerstext, sudoersleng)) if (!fill(sudoerstext, sudoersleng))
yyterminate(); yyterminate();
parser_leak_add(LEAK_PTR, sudoerslval.string);
LEXTRACE("WORD(5) "); LEXTRACE("WORD(5) ");
return WORD; return WORD;
} }
@@ -686,6 +707,7 @@ sudoedit {
LEXTRACE("COMMAND "); LEXTRACE("COMMAND ");
if (!fill_cmnd(sudoerstext, sudoersleng)) if (!fill_cmnd(sudoerstext, sudoersleng))
yyterminate(); yyterminate();
parser_leak_add(LEAK_PTR, sudoerslval.command.cmnd);
return COMMAND; return COMMAND;
} }
BEGIN GOTCMND; BEGIN GOTCMND;
@@ -705,6 +727,7 @@ sudoedit {
/* a word */ /* a word */
if (!fill(sudoerstext, sudoersleng)) if (!fill(sudoerstext, sudoersleng))
yyterminate(); yyterminate();
parser_leak_add(LEAK_PTR, sudoerslval.string);
LEXTRACE("WORD(6) "); LEXTRACE("WORD(6) ");
return WORD; return WORD;
} }
@@ -714,6 +737,7 @@ sudoedit {
/* include file/directory */ /* include file/directory */
if (!fill(sudoerstext, sudoersleng)) if (!fill(sudoerstext, sudoersleng))
yyterminate(); yyterminate();
parser_leak_add(LEAK_PTR, sudoerslval.string);
BEGIN INITIAL; BEGIN INITIAL;
LEXTRACE("WORD(7) "); LEXTRACE("WORD(7) ");
return WORD; return WORD;

2
plugins/sudoers/toke_util.c
View File

@@ -156,7 +156,7 @@ fill_args(const char *s, size_t len, int addspace)
if (p == NULL) { if (p == NULL) {
sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory"));
goto bad; goto bad;
} else }
sudoerslval.command.args = p; sudoerslval.command.args = p;
} }