isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
12,830 Commits 1 Branch 0 Tags
main
Commit Graph

31 Commits

Author SHA1 Message Date
Todd C. Miller
27963e39f3 Pass "make spell" with updated codespell.
Some checks are pending
CodeQL / Analyze (cpp) (push) Waiting to run
Details
CodeQL / Analyze (python) (push) Waiting to run
Details
CIFuzz / Fuzzing (push) Waiting to run
Details
2024-04-29 09:19:52 -06:00
THE-Spellchecker
5eba4b48cf Typographical and Grammatical fixes 2023-11-28 15:00:04 -07:00
Todd C. Miller
2ffcda8e15 role_to_sudoers: only try to reuse a privilege if one is present 2023-11-02 14:42:42 -06:00
Todd C. Miller
e343e07543 Use #include <foo.h> instead of #include "foo.h" in most cases. 
We rely on the include path to find many of these headers.  It
especially doesn't make sense to use #include "foo.h" for headers
in the top-level include directory.
 2023-09-25 10:13:28 -06:00
Todd C. Miller
a712af5a26 sudoers_parse_ldif: do not free parse_tree before using 
The user is expected to pass in an initialized and empty parse_tree
so there is no need to free it first.
 2023-08-18 12:22:43 -06:00
Todd C. Miller
a38b714667 sudoers plugin: silence most -Wconversion warnings. 2023-07-07 15:07:04 -06:00
Todd C. Miller
264326de57 Fix a potential use-after-free bug with cvtsudoers filtering. 
In role_to_sudoers() when merging a privilege to the previous one
where the runas lists are the same we need to re-use the runas lists
of the last command in the previous privilege, not the first.
Otherwise, the check in free_cmndspec() will not notice the re-used
runas lists.  Reported/analyzed by Sohom Datta.  GitHub issue #198.
 2022-11-10 14:55:56 -07:00
Sohom
902271f441 [cvtsudoers]: Prevent sudo from reading into undefined memory 2022-11-09 23:46:39 +05:30
Todd C. Miller
89b80ea690 Fix bug in last commit, need to reinitialize role to NULL. 2022-06-01 14:49:31 -06:00
Todd C. Miller
eb0135a93a Simplify the check for when we can reuse the previous user and host specs. 
This makes the code easier to read and quiets a cppcheck false positive.
 2022-06-01 14:30:47 -06:00
Todd C. Miller
e64a089aea Add reference counting to Defaults bindings. 
Previously, we checked that the previous entry's binding pointer
was not the same while freeing.  However, to be able to merge
Defaults records we cannot rely on Defaults entries with the same
binding being immediately adjacent.  This removes the prev_binding
checks in favor of a reference count which allows us to plug the
memory leak in cvtsudoers when merging Defaults.
 2021-11-20 08:01:37 -07:00
Todd C. Miller
aaa2e8ddec Don't close fp in sudoers_parse_ldif() 
The caller should be the one to handle this.
 2021-02-02 15:06:38 -07:00
Todd C. Miller
75f76eba81 Fix memory leak if the last line is folded. 
Fixes issue 30080 by ClusterFuzz-External
 2021-01-30 06:15:21 -07:00
Todd C. Miller
419c895240 Don't bother calling ldif_to_sudoers() if there are no roles to convert. 2021-01-29 09:31:27 -07:00
Todd C. Miller
aa50aaf8da Add missing check for reallocarray() failure. 
Found by OSS-Fuzz.
 2021-01-27 09:00:49 -07:00
Todd C. Miller
84e6e6ccf9 Update copyright year on some files where it was out of date. 2020-08-31 14:09:36 -06:00
Todd C. Miller
03ad96e445 Use the fallthrough attribute instead of /* FALLTHROUGH */ comments. 2020-08-01 13:10:50 -06:00
Todd C. Miller
446ae3f507 Include string.h unconditionally and only use strings.h for strn?casecmp() 
In the pre-POSIX days BSD had strings.h, not string.h.
Now strings.h is only used for non-ANSI string functions.
 2020-05-18 07:59:24 -06:00
Todd C. Miller
dd88460800 We no longer need to include headers we don't use for sudo*.h files. 
Previously we needed to include headers required by the various
sudo*h files.  Now those files are more self-sufficient and we
should only include headers needed by code in the various .c files.
 2020-05-18 06:47:04 -06:00
Todd C. Miller
3edd30a27d A struct member of type ALL should have its name field set to NULL. 2020-03-11 11:17:52 -06:00
Todd C. Miller
486ee2b71f debug_decl and debug_decl_vars now require a semicolon at the end. 2019-12-22 08:48:16 -07:00
Todd C. Miller
3edd6afedf Reject non-LDIF input when converting from LDIF to sudoers or JSON. 2019-10-14 10:09:27 -06:00
Todd C. Miller
8e58e6715a More case-insensitive compare for LDAP attributes and string lists. 
Only the ALL keyword should be compared case-sensitive.
 2019-09-05 08:09:53 -06:00
Todd C. Miller
1e1ef61902 Add SPDX-License-Identifier to files. 2019-04-29 07:21:51 -06:00
Todd C. Miller
de65d70929 Add a proper getdelim(3) replacement and use it instead of getline(3). 2019-04-08 10:37:30 -06:00
Todd C. Miller
6c3d20cb41 Convert PVS-Studio comment to ANSI C. 2018-10-26 08:39:09 -06:00
Todd C. Miller
64e5d34c57 Add comments in .c files so PVS-Studio will check them. 2018-10-21 08:46:05 -06:00
Todd C. Miller
84ef500061 Move the allocation of role to be immediately before in_role is set. 
This makes it clear that when in_role == true, role is non-NULL.
Also remove two dead stores.
 2018-10-18 14:43:08 -06:00
Todd C. Miller
2ff8f8601b Fix trimming of non-escaped trailing space in ldif_parse_attribute(). 
Found by PVS-Studio.
 2018-10-18 14:29:33 -06:00
Todd C. Miller
fa7e6f3f04 Fix memory leak when reusing the runas list. We need to free the 
member list itself as well as its contents.
 2018-10-13 07:31:34 -06:00
Todd C. Miller
4782b22a47 Move ldif -> sudoers conversion code into parse_ldif.c 2018-08-26 20:02:49 -06:00