isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
11,314 Commits 1 Branch 0 Tags
003f9550f175f0dff7ca437ee59b5c5bc1f4b36c
Commit Graph

11314 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Todd C. Miller
ce1f0da845 SCO OpenServer uses SIOCGIFANUM, not SIOCGIFNUM. 
On OpenServer, SIOCGIFNUM is the number of network interfaces,
not the number of ifreq structs.
 2021-03-29 09:59:09 -06:00
Todd C. Miller
b269da75b8 Add support for HP-UX SIOCGLIFNUM and SIOCGLIFCONF ioctls. 
We need to use both SIOCGIFCONF and SIOCGLIFCONF since SIOCGLIFCONF
only returns IPv6 addresses.
 2021-03-27 13:55:07 -06:00
Todd C. Miller
00cdc83cb6 Move get_net_ifs stub to the top and remove unused INET_ADDRSTRLEN def. 2021-03-24 20:36:49 -06:00
Todd C. Miller
0e49dd2381 No longer need ifr_tmp variable, just reuse ifr. 
Now that we store the string version of the address before fetching
the netmask we can just re-use ifr.  This simplifies things and is
safer since if there is space for the address there must also be
space for the mask.
 2021-03-24 14:18:40 -06:00
Todd C. Miller
423e231229 SCO OpenServer 5 returns a bogus value for SIOCGIFNUM. 
Gleaned from sendmail.
 2021-03-24 08:57:43 -06:00
Todd C. Miller
45ca46d735 Use SIOCGSIZIFCONF or SIOCGIFNUM where available. 
Still falls back to a loop if not but now maxes out at 2048
interfaces instead of potentially looping forever.
 2021-03-24 08:57:40 -06:00
Todd C. Miller
cf8feb2876 Remove support for obsolete ISC UNIX and MIPS RISC/OS systems. 
They were getting in the way of net_its.c simplification.
 2021-03-24 08:54:17 -06:00
Todd C. Miller
9d6a37a49b Use SIOCGLIFCONF to get interface list where supported (Solaris). 
HP-UX has a SIOCGLIFCONF but it is incompatible (and appears to only
return IPv6 addresses).
Also add IPv6 support using SIOCGIFCONF (probably AIX only) and make
sure ifr_tmpbuf[] is properly aligned.
 2021-03-22 19:51:40 -06:00
Todd C. Miller
06df3a1b47 Add simple regress check to display the network interfaces found. 2021-03-22 12:26:36 -06:00
Todd C. Miller
009069115c Suggest clang 11 or higher, some fuzzers may hang when used with clang 10. 2021-03-19 08:04:39 -06:00
Todd C. Miller
977f238d35 Add dictionary file for fuzz_logsrvd_conf. 2021-03-18 19:46:08 -06:00
Todd C. Miller
dfff132122 Add a new "fuzz" target that executes the fuzzers for 8192 runs each. 
To run indefinately, set FUZZ_RUNS=-1, e.g. "make FUZZ_RUNS=-1 fuzz"
 2021-03-18 16:48:19 -06:00
Todd C. Miller
6eff3b313b Move corpus files to a seed subdirectory. 2021-03-18 15:28:29 -06:00
Todd C. Miller
5498c6a938 We can now rely on LLVMFuzzerTestOneInput to flush stdout. 2021-03-18 13:40:26 -06:00
Todd C. Miller
bac0579134 Fix fuzz_sudoers output comparison when fuzzing is enabled. 
libFuzzer outputs additional info to stderr that our stub doesn't.
 2021-03-18 13:20:45 -06:00
Todd C. Miller
95bfd65fec Flush stdout before successful return from LLVMFuzzerTestOneInput(). 
Fixes a problem with diag lines from libFuzzer being interspersed
with test output.
 2021-03-18 13:08:30 -06:00
Todd C. Miller
d03805c413 Use --allow-multiple-definition to work around an issue with ld.lld. 
For fuzz_policy we redefine getaddrinfo/freeaddrinfo to work around
a DNS timeout problem with name resolution and CIfuzz.  However,
this causes a link failure when sanitizers are enabled on systems
that use ld.lld as their linker.  Use a big hammer to avoid the
link error.
 2021-03-18 11:45:41 -06:00
Todd C. Miller
3e5cf7baa3 Do not redefine system group and passwd functions for testsudoers. 
Instead, prefix the replacements with "testsudoers_" and use a
custom pwutil backend so they get used.
 2021-03-18 11:39:54 -06:00
Todd C. Miller
4c182c90f1 Rename "fuzz" makefile target to "check-fuzzer". 
It's purpose is to run the fuzzers are part of a normal "make check"
to avoid bit rot, not to perform a fuzzer run.
The fuzz_logsrvd_conf fuzzer was not wired up to "make check" previously.
 2021-03-18 09:08:16 -06:00
Todd C. Miller
85d77fb3d9 Sudo 1.9.6p1 2021-03-15 10:49:47 -06:00
Alexandru Ardelean
058fde9251 plugins: sudoers: policy: add MODE_IMPLIED_SHELL to RUN_VALID_FLAGS 
Since this flag isn't set, the sudo_mode variable gets invalidated and
running the 'sudo' command seems to error out with message
'sudoers_policy_check: invalid mode flags from sudo front end: 0x80001"'
 2021-03-15 09:18:11 -06:00
Todd C. Miller
f57ab1a638 fix typo 2021-03-13 08:44:46 -07:00
Todd C. Miller
bc32789af2 Bug #968 2021-03-10 19:20:24 -07:00
Todd C. Miller
843c4b632c Updated translations from translationproject.org 2021-03-10 13:13:53 -07:00
Todd C. Miller
d7d80e703f Use HAVE_STDINT_H instead of trying to guess based on __STDC_VERSION__. 
Fixes compilation with pre-C99 headers when the compiler supports C99.
 2021-03-10 12:27:14 -07:00
Todd C. Miller
d9d450292d Remove compatibility defines for POSIX sys/stat.h macros. 
Modern systems have them and we no longer support pre-POSIX systems.
This fixes potential redefinition of the macros if sys/stat.h is
included after sudo_compat.h.  Bug #968.
 2021-03-10 12:26:11 -07:00
Todd C. Miller
3f11e8d9a6 Quiet a few Solaris Studio compiler warnings. 2021-03-10 08:57:28 -07:00
Todd C. Miller
b8e588565b Add -Wno-unknown-pragmas along with -Wall. 
We don't want warnings about unknown pragmas in system headers.
 2021-03-10 07:47:23 -07:00
Todd C. Miller
42fbc185ab Solaris 11.4 removed /usr/bin/optisa, use /usr/bin/isainfo instead. 2021-03-10 07:29:52 -07:00
Todd C. Miller
0e2ba920ee Compare OS name against freebsd* and netbsd* not freebsd and netbsd. 
Fixes an issue on NetBSD where host_os starts with netbsdelf.
 2021-03-08 14:05:39 -07:00
Todd C. Miller
07af7caf73 Add @SUDOERS_LIBS@ to FUZZ_LIBS for -lutil on FreeBSD and NetBSD 2021-03-08 12:55:15 -07:00
Todd C. Miller
0cf7c3a951 Set locale for all "make check" targets. 2021-03-08 12:51:48 -07:00
Todd C. Miller
7bce330ffa AIX 6.1 may have a broken fmemopen(). 
We only use it for the fuzzers so ignore it for AIX < 7.1.
 2021-03-07 07:51:59 -07:00
Todd C. Miller
2b564cd7b2 Only put specific directories in the ROOT section of the AIX package. 
Previously, /usr and /opt were placed in USR and everything else
went in ROOT.  Now, only /dev, /etc, /sbin and /var go in ROOT.
 2021-03-06 16:23:24 -07:00
Todd C. Miller
ce497bf30b Updated translations from translationproject.org 2021-03-06 16:10:59 -07:00
Todd C. Miller
1c6080f135 Remove unused tls parameter, we now use a per-address tls flag. 2021-03-05 14:48:08 -07:00
Todd C. Miller
2759920b86 Document double escaping of backslashes. Bug #961. 2021-03-03 15:49:18 -07:00
Todd C. Miller
06beb6f064 No longer need to define _DARWIN_UNLIMITED_GETGROUPS on macOS. 
We now define _DARWIN_C_SOURCE which accomplishes the same thing.
 2021-03-03 11:26:02 -07:00
Todd C. Miller
08b0b626f1 Fix a potential use-after-free in conversation function. 
The prompt passed in to sudo_pam_verify() will be freed later by
check_user_interactive() so we need to reset the stashed value.
From Pavel Heimlich.  Bug #967.
 2021-03-03 08:19:44 -07:00
Todd C. Miller
f0761a9810 No need to update cp after storing gr->gr_name, it is not used, 
Coverity CID 219314
 2021-03-03 07:13:25 -07:00
Todd C. Miller
a31bbbfbb6 Mention GitHub issue #56. 2021-03-02 19:39:47 -07:00
Todd C. Miller
4285153275 regen 2021-03-02 19:30:02 -07:00
Todd C. Miller
d452678787 Log peer address in sudo_logsrvd JSON-format logs. 
The peer that connected to us might not be the same host where the
log entry originated.
 2021-03-02 18:37:35 -07:00
Todd C. Miller
5ffa0ce053 Make "group_source=dynamic" the default on macOS. 
Recent versions of macOS do not reliably return all of a user's
non-local groups via getgroups(2), even when _DARWIN_UNLIMITED_GETGROUPS
is defined.  Bug #946.
 2021-03-02 14:09:31 -07:00
Todd C. Miller
9bbf120bd8 For regess/fuzz set LC_ALL to C.UTF-8 if possible, falling back on C. 
Works around a crash in leak sanitizer when the locale is set to C
and TLS support is enabled.
 2021-03-02 13:40:23 -07:00
Todd C. Miller
ac8f23ef9a Initialize the lbuf used by sudoers_trace_print() in init_lexer(). 
Free the old buffer if there is one, otherwise it would never be freed.
 2021-03-01 18:57:05 -07:00
Todd C. Miller
7f27b04616 In sudo_lbuf_destroy(), reset error, len and size. 2021-03-01 16:05:51 -07:00
Todd C. Miller
c8a8afba79 Mention the integer overflow check in store_timespec(). 2021-03-01 14:00:59 -07:00
Todd C. Miller
4a28b5d587 In find_path() stub only make a copy in outfile if returning FOUND. 
Fixed a recently-introduced memory leak in the fuzzer.
 2021-03-01 07:22:57 -07:00
Todd C. Miller
79dbf9f17e Disable debug code for FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION 
It will not be used and just confuses the coverage stats.
 2021-02-28 19:52:03 -07:00