diff --git a/MANIFEST b/MANIFEST index dde8e3925..f247de77f 100644 --- a/MANIFEST +++ b/MANIFEST @@ -246,6 +246,7 @@ lib/util/getusershell.c lib/util/gidlist.c lib/util/glob.c lib/util/gmtime_r.c +lib/util/hexchar.c lib/util/inet_ntop.c lib/util/inet_pton.c lib/util/isblank.c @@ -290,6 +291,7 @@ lib/util/regress/glob/files lib/util/regress/glob/globtest.c lib/util/regress/glob/globtest.in lib/util/regress/harness.in +lib/util/regress/hexchar/hexchar_test.c lib/util/regress/json/json_test.c lib/util/regress/mktemp/mktemp_test.c lib/util/regress/multiarch/multiarch_test.c @@ -630,7 +632,6 @@ plugins/sudoers/gram.c plugins/sudoers/gram.h plugins/sudoers/gram.y plugins/sudoers/group_plugin.c -plugins/sudoers/hexchar.c plugins/sudoers/ins_2001.h plugins/sudoers/ins_classic.h plugins/sudoers/ins_csops.h @@ -858,7 +859,6 @@ plugins/sudoers/regress/parser/check_digest.c plugins/sudoers/regress/parser/check_digest.out.ok plugins/sudoers/regress/parser/check_fill.c plugins/sudoers/regress/parser/check_gentime.c -plugins/sudoers/regress/parser/check_hexchar.c plugins/sudoers/regress/serialize_list/check_serialize_list.c plugins/sudoers/regress/starttime/check_starttime.c plugins/sudoers/regress/sudoers/test1.in diff --git a/include/sudo_util.h b/include/sudo_util.h index 2325d5a03..100d5eb8c 100644 --- a/include/sudo_util.h +++ b/include/sudo_util.h @@ -222,6 +222,10 @@ sudo_dso_public int sudo_parse_gids_v1(const char *gidstr, const gid_t *basegid, sudo_dso_public int sudo_getgrouplist2_v1(const char *name, gid_t basegid, GETGROUPS_T **groupsp, int *ngroupsp); #define sudo_getgrouplist2(_a, _b, _c, _d) sudo_getgrouplist2_v1((_a), (_b), (_c), (_d)) +/* hexchar.c */ +sudo_dso_public int sudo_hexchar_v1(const char *s); +#define sudo_hexchar(_a) sudo_hexchar_v1(_a) + /* key_val.c */ sudo_dso_public char *sudo_new_key_val_v1(const char *key, const char *value); #define sudo_new_key_val(_a, _b) sudo_new_key_val_v1((_a), (_b)) diff --git a/lib/util/Makefile.in b/lib/util/Makefile.in index 484fdec47..45d0eedff 100644 --- a/lib/util/Makefile.in +++ b/lib/util/Makefile.in @@ -1,7 +1,7 @@ # # SPDX-License-Identifier: ISC # -# Copyright (c) 2011-2022 Todd C. Miller +# Copyright (c) 2011-2023 Todd C. Miller # # Permission to use, copy, modify, and distribute this software for any # purpose with or without fee is hereby granted, provided that the above @@ -111,8 +111,8 @@ PVS_IGNORE = 'V707,V011,V002,V536' PVS_LOG_OPTS = -a 'GA:1,2' -e -t errorfile -d $(PVS_IGNORE) # Regression tests -TEST_PROGS = conf_test getgids getgrouplist_test hltq_test json_test \ - multiarch_test open_parent_dir_test parse_gids_test \ +TEST_PROGS = conf_test getgids getgrouplist_test hexchar_test hltq_test \ + json_test multiarch_test open_parent_dir_test parse_gids_test \ parseln_test progname_test regex_test strsplit_test \ strtobool_test strtoid_test strtomode_test strtonum_test \ uuid_test @COMPAT_TEST_PROGS@ @@ -145,12 +145,13 @@ DEVEL = @DEVEL@ SHELL = @SHELL@ LTOBJS = basename.lo @DIGEST@ event.lo fatal.lo key_val.lo gethostname.lo \ - gettime.lo getgrouplist.lo gidlist.lo json.lo lbuf.lo locking.lo \ - logfac.lo logpri.lo mkdir_parents.lo mmap_alloc.lo multiarch.lo \ - parseln.lo progname.lo rcstr.lo regex.lo roundup.lo secure_path.lo \ - setgroups.lo strsplit.lo strtobool.lo strtoid.lo strtomode.lo \ - strtonum.lo sudo_conf.lo sudo_debug.lo sudo_dso.lo term.lo \ - ttyname_dev.lo ttysize.lo uuid.lo @COMMON_OBJS@ @LTLIBOBJS@ + gettime.lo getgrouplist.lo gidlist.lo hexchar.lo json.lo lbuf.lo \ + locking.lo logfac.lo logpri.lo mkdir_parents.lo mmap_alloc.lo \ + multiarch.lo parseln.lo progname.lo rcstr.lo regex.lo roundup.lo \ + secure_path.lo setgroups.lo strsplit.lo strtobool.lo strtoid.lo \ + strtomode.lo strtonum.lo sudo_conf.lo sudo_debug.lo sudo_dso.lo \ + term.lo ttyname_dev.lo ttysize.lo uuid.lo \ + @COMMON_OBJS@ @LTLIBOBJS@ IOBJS = $(LTOBJS:.lo=.i) @@ -174,6 +175,8 @@ GETDELIM_TEST_OBJS = getdelim_test.lo getdelim.lo HLTQ_TEST_OBJS = hltq_test.lo +HEXCHAR_TEST_OBJS = hexchar_test.lo hexchar.lo + JSON_TEST_OBJS = json_test.lo json.lo MULTIARCH_TEST_OBJS = multiarch_test.lo multiarch.lo @@ -290,6 +293,9 @@ getdelim_test: $(GETDELIM_TEST_OBJS) libsudo_util.la hltq_test: $(HLTQ_TEST_OBJS) libsudo_util.la $(LIBTOOL) $(LTFLAGS) --mode=link $(CC) -o $@ $(HLTQ_TEST_OBJS) libsudo_util.la $(ASAN_LDFLAGS) $(PIE_LDFLAGS) $(HARDENING_LDFLAGS) $(TEST_LDFLAGS) $(TEST_LIBS) +hexchar_test: $(HEXCHAR_TEST_OBJS) libsudo_util.la + $(LIBTOOL) $(LTFLAGS) --mode=link $(CC) -o $@ $(HEXCHAR_TEST_OBJS) libsudo_util.la $(ASAN_LDFLAGS) $(PIE_LDFLAGS) $(HARDENING_LDFLAGS) $(TEST_LDFLAGS) $(TEST_LIBS) + json_test: $(JSON_TEST_OBJS) libsudo_util.la $(LIBTOOL) $(LTFLAGS) --mode=link $(CC) -o $@ $(JSON_TEST_OBJS) libsudo_util.la $(ASAN_LDFLAGS) $(PIE_LDFLAGS) $(HARDENING_LDFLAGS) $(TEST_LDFLAGS) $(TEST_LIBS) @@ -476,6 +482,7 @@ check: $(TEST_PROGS) check-fuzzer ./strtonum_test || rval=`expr $$rval + $$?`; \ ./uuid_test || rval=`expr $$rval + $$?`; \ ./hltq_test || rval=`expr $$rval + $$?`; \ + ./hexchar_test || rval=`expr $$rval + $$?`; \ ./json_test || rval=`expr $$rval + $$?`; \ ./progname_test || rval=`expr $$rval + $$?`; \ rm -f ./progname_test2; ln -s ./progname_test ./progname_test2; \ @@ -945,6 +952,28 @@ gmtime_r.i: $(srcdir)/gmtime_r.c $(incdir)/compat/stdbool.h \ $(CC) -E -o $@ $(CPPFLAGS) $< gmtime_r.plog: gmtime_r.i rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/gmtime_r.c --i-file $< --output-file $@ +hexchar.lo: $(srcdir)/hexchar.c $(incdir)/compat/stdbool.h \ + $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \ + $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ + $(top_builddir)/config.h + $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(HARDENING_CFLAGS) $(srcdir)/hexchar.c +hexchar.i: $(srcdir)/hexchar.c $(incdir)/compat/stdbool.h \ + $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \ + $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ + $(top_builddir)/config.h + $(CC) -E -o $@ $(CPPFLAGS) $< +hexchar.plog: hexchar.i + rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/hexchar.c --i-file $< --output-file $@ +hexchar_test.lo: $(srcdir)/regress/hexchar/hexchar_test.c \ + $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ + $(incdir)/sudo_util.h $(top_builddir)/config.h + $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(HARDENING_CFLAGS) $(srcdir)/regress/hexchar/hexchar_test.c +hexchar_test.i: $(srcdir)/regress/hexchar/hexchar_test.c \ + $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ + $(incdir)/sudo_util.h $(top_builddir)/config.h + $(CC) -E -o $@ $(CPPFLAGS) $< +hexchar_test.plog: hexchar_test.i + rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/regress/hexchar/hexchar_test.c --i-file $< --output-file $@ hltq_test.lo: $(srcdir)/regress/tailq/hltq_test.c $(incdir)/compat/stdbool.h \ $(incdir)/sudo_compat.h $(incdir)/sudo_fatal.h \ $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ diff --git a/plugins/sudoers/hexchar.c b/lib/util/hexchar.c similarity index 87% rename from plugins/sudoers/hexchar.c rename to lib/util/hexchar.c index 510d27c64..81cd619df 100644 --- a/plugins/sudoers/hexchar.c +++ b/lib/util/hexchar.c @@ -1,7 +1,7 @@ /* * SPDX-License-Identifier: ISC * - * Copyright (c) 2013-2015 Todd C. Miller + * Copyright (c) 2013-2015, 2023 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -23,18 +23,20 @@ #include -#include "sudoers.h" +#include "sudo_compat.h" +#include "sudo_debug.h" +#include "sudo_util.h" /* * Converts a two-byte hex string to decimal. - * Returns the decimal value or -1 for invalid input. + * Returns a value 0-255 on success or -1 for invalid input. */ int -hexchar(const char *s) +sudo_hexchar_v1(const char *s) { unsigned char result[2]; int i; - debug_decl(hexchar, SUDOERS_DEBUG_UTIL); + debug_decl(sudo_hexchar, SUDO_DEBUG_UTIL); for (i = 0; i < 2; i++) { switch (s[i]) { diff --git a/plugins/sudoers/regress/parser/check_hexchar.c b/lib/util/regress/hexchar/hexchar_test.c similarity index 90% rename from plugins/sudoers/regress/parser/check_hexchar.c rename to lib/util/regress/hexchar/hexchar_test.c index b7382c14b..a51bf7f01 100644 --- a/plugins/sudoers/regress/parser/check_hexchar.c +++ b/lib/util/regress/hexchar/hexchar_test.c @@ -1,7 +1,7 @@ /* * SPDX-License-Identifier: ISC * - * Copyright (c) 2014-2015 Todd C. Miller + * Copyright (c) 2014-2015, 2023 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -27,8 +27,6 @@ #include "sudo_compat.h" #include "sudo_util.h" -int hexchar(const char *s); - sudo_dso_public int main(int argc, char *argv[]); struct hexchar_test { @@ -44,7 +42,7 @@ main(int argc, char *argv[]) static const char xdigs_lower[] = "0123456789abcdef"; static const char xdigs_upper[] = "0123456789ABCDEF"; - initprogname(argc > 0 ? argv[0] : "check_hexchar"); + initprogname(argc > 0 ? argv[0] : "hexchar_test"); /* Build up test data. */ ntests = 256 + 256 + 3; @@ -68,9 +66,9 @@ main(int argc, char *argv[]) test_data[ntests - 1].value = -1; for (i = 0; i < ntests; i++) { - result = hexchar(test_data[i].hex); + result = sudo_hexchar(test_data[i].hex); if (result != test_data[i].value) { - fprintf(stderr, "check_hexchar: expected %d, got %d\n", + fprintf(stderr, "%s: expected %d, got %d\n", getprogname(), test_data[i].value, result); errors++; } diff --git a/lib/util/util.exp.in b/lib/util/util.exp.in index d650c9ace..554904c5f 100644 --- a/lib/util/util.exp.in +++ b/lib/util/util.exp.in @@ -88,6 +88,7 @@ sudo_gethostname_v1 sudo_gettime_awake_v1 sudo_gettime_mono_v1 sudo_gettime_real_v1 +sudo_hexchar_v1 sudo_json_add_value_as_object_v1 sudo_json_add_value_v1 sudo_json_close_array_v1 diff --git a/plugins/sudoers/Makefile.in b/plugins/sudoers/Makefile.in index d7c5d8181..c34090c15 100644 --- a/plugins/sudoers/Makefile.in +++ b/plugins/sudoers/Makefile.in @@ -159,7 +159,7 @@ PROGS = sudoers.la visudo sudoreplay cvtsudoers testsudoers # Regression tests TEST_PROGS = check_addr check_base64 check_digest check_editor \ check_env_pattern check_exptilde check_fill check_gentime \ - check_hexchar check_iolog_plugin check_serialize_list \ + check_iolog_plugin check_serialize_list \ check_starttime check_unesc @SUDOERS_TEST_PROGS@ TEST_VERBOSE = HARNESS = $(SHELL) regress/harness $(TEST_VERBOSE) @@ -178,7 +178,7 @@ AUTH_OBJS = sudo_auth.lo @AUTH_OBJS@ LIBPARSESUDOERS_OBJS = alias.lo b64_decode.lo defaults.lo digestname.lo \ exptilde.lo filedigest.lo gentime.lo gram.lo \ - hexchar.lo match.lo match_addr.lo match_command.lo \ + match.lo match_addr.lo match_command.lo \ match_digest.lo pwutil.lo pwutil_impl.lo \ redblack.lo strlist.lo sudoers_debug.lo timeout.lo \ timestr.lo toke.lo toke_util.lo @@ -237,12 +237,10 @@ CHECK_ENV_MATCH_OBJS = check_env_pattern.o env_pattern.lo sudoers_debug.lo CHECK_EXPTILDE_OBJS = check_exptilde.o exptilde.lo pwutil.lo pwutil_impl.lo redblack.lo sudoers_debug.lo -CHECK_FILL_OBJS = check_fill.o hexchar.lo toke_util.lo sudoers_debug.lo +CHECK_FILL_OBJS = check_fill.o toke_util.lo sudoers_debug.lo CHECK_GENTIME_OBJS = check_gentime.o gentime.lo sudoers_debug.lo -CHECK_HEXCHAR_OBJS = check_hexchar.o hexchar.lo sudoers_debug.lo - CHECK_IOLOG_PLUGIN_OBJS = check_iolog_plugin.o iolog.lo log_client.lo \ locale.lo pwutil.lo pwutil_impl.lo redblack.lo \ strlist.lo sudoers_debug.lo unesc_str.lo @@ -393,9 +391,6 @@ check_fill: $(CHECK_FILL_OBJS) $(LIBUTIL) check_gentime: $(CHECK_GENTIME_OBJS) $(LIBUTIL) $(LIBTOOL) $(LTFLAGS) --mode=link $(CC) -o $@ $(CHECK_GENTIME_OBJS) $(LDFLAGS) $(ASAN_LDFLAGS) $(PIE_LDFLAGS) $(HARDENING_LDFLAGS) $(LIBS) -check_hexchar: $(CHECK_HEXCHAR_OBJS) $(LIBUTIL) - $(LIBTOOL) $(LTFLAGS) --mode=link $(CC) -o $@ $(CHECK_HEXCHAR_OBJS) $(LDFLAGS) $(ASAN_LDFLAGS) $(PIE_LDFLAGS) $(HARDENING_LDFLAGS) $(LIBS) - check_iolog_plugin: $(CHECK_IOLOG_PLUGIN_OBJS) $(LIBUTIL) $(LIBIOLOG) $(LIBLOGSRV) $(LIBTOOL) $(LTFLAGS) --mode=link $(CC) -o $@ $(CHECK_IOLOG_PLUGIN_OBJS) $(LDFLAGS) $(ASAN_LDFLAGS) $(PIE_LDFLAGS) $(HARDENING_LDFLAGS) $(LIBIOLOG) $(LIBLOGSRV) @LIBTLS@ @@ -667,7 +662,6 @@ check: $(TEST_PROGS) visudo testsudoers cvtsudoers check-fuzzer ./check_exptilde || rval=`expr $$rval + $$?`; \ ./check_fill || rval=`expr $$rval + $$?`; \ ./check_gentime || rval=`expr $$rval + $$?`; \ - ./check_hexchar || rval=`expr $$rval + $$?`; \ mkdir -p regress/iolog_plugin; \ ./check_iolog_plugin regress/iolog_plugin/iolog || rval=`expr $$rval + $$?`; \ ./check_serialize_list || rval=`expr $$rval + $$?`; \ @@ -1118,16 +1112,6 @@ check_gentime.i: $(srcdir)/regress/parser/check_gentime.c \ $(CC) -E -o $@ $(CPPFLAGS) $< check_gentime.plog: check_gentime.i rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/regress/parser/check_gentime.c --i-file $< --output-file $@ -check_hexchar.o: $(srcdir)/regress/parser/check_hexchar.c \ - $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ - $(incdir)/sudo_util.h $(top_builddir)/config.h - $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(HARDENING_CFLAGS) $(srcdir)/regress/parser/check_hexchar.c -check_hexchar.i: $(srcdir)/regress/parser/check_hexchar.c \ - $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ - $(incdir)/sudo_util.h $(top_builddir)/config.h - $(CC) -E -o $@ $(CPPFLAGS) $< -check_hexchar.plog: check_hexchar.i - rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/regress/parser/check_hexchar.c --i-file $< --output-file $@ check_iolog_plugin.o: $(srcdir)/regress/iolog_plugin/check_iolog_plugin.c \ $(devdir)/def_data.c $(devdir)/def_data.h \ $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ @@ -1924,28 +1908,6 @@ group_plugin.i: $(srcdir)/group_plugin.c $(devdir)/def_data.h \ $(CC) -E -o $@ $(CPPFLAGS) $< group_plugin.plog: group_plugin.i rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/group_plugin.c --i-file $< --output-file $@ -hexchar.lo: $(srcdir)/hexchar.c $(devdir)/def_data.h \ - $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ - $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \ - $(incdir)/sudo_eventlog.h $(incdir)/sudo_fatal.h \ - $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ - $(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/defaults.h \ - $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/sudo_nss.h \ - $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ - $(top_builddir)/config.h $(top_builddir)/pathnames.h - $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(HARDENING_CFLAGS) $(srcdir)/hexchar.c -hexchar.i: $(srcdir)/hexchar.c $(devdir)/def_data.h \ - $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ - $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \ - $(incdir)/sudo_eventlog.h $(incdir)/sudo_fatal.h \ - $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ - $(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/defaults.h \ - $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/sudo_nss.h \ - $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ - $(top_builddir)/config.h $(top_builddir)/pathnames.h - $(CC) -E -o $@ $(CPPFLAGS) $< -hexchar.plog: hexchar.i - rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/hexchar.c --i-file $< --output-file $@ interfaces.lo: $(srcdir)/interfaces.c $(devdir)/def_data.h \ $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \ diff --git a/plugins/sudoers/match_digest.c b/plugins/sudoers/match_digest.c index f1655951e..bae7bdd8c 100644 --- a/plugins/sudoers/match_digest.c +++ b/plugins/sudoers/match_digest.c @@ -97,7 +97,7 @@ digest_matches(int fd, const char *path, const char *runchroot, /* Convert ascii hex to binary. */ unsigned int i; for (i = 0; i < digest_len; i++) { - const int h = hexchar(&digest->digest_str[i + i]); + const int h = sudo_hexchar(&digest->digest_str[i + i]); if (h == -1) goto bad_format; sudoers_digest[i] = (unsigned char)h; diff --git a/plugins/sudoers/parse.h b/plugins/sudoers/parse.h index cac32b611..d9f4872d9 100644 --- a/plugins/sudoers/parse.h +++ b/plugins/sudoers/parse.h @@ -417,9 +417,6 @@ struct gid_list *runas_getgroups(void); /* toke.c */ void init_lexer(void); -/* hexchar.c */ -int hexchar(const char *s); - /* base64.c */ size_t base64_decode(const char *str, unsigned char *dst, size_t dsize); size_t base64_encode(const unsigned char *in, size_t in_len, char *out, size_t out_len); diff --git a/plugins/sudoers/toke_util.c b/plugins/sudoers/toke_util.c index 8860fa431..d38ae96ca 100644 --- a/plugins/sudoers/toke_util.c +++ b/plugins/sudoers/toke_util.c @@ -51,7 +51,7 @@ copy_string(char *dst, const char *src, size_t len) while (len--) { if (*src == '\\' && len) { - if (src[1] == 'x' && len >= 3 && (h = hexchar(src + 2)) != -1) { + if (src[1] == 'x' && len >= 3 && (h = sudo_hexchar(src + 2)) != -1) { *dst++ = h; src += 4; len -= 3;