isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
11,089 Commits 1 Branch 0 Tags
0aedc965f88a08912eae945cd6cb15ca4f8faae2
Commit Graph

419 Commits

Author SHA1 Message Date
Todd C. Miller
9798fd86bf Add garbage collection to resolve_editor(). 
Fixes a leak when evaluating the policy multiple times if sudoedit
is set.
 2021-08-10 12:58:18 -06:00
Todd C. Miller
6907376ae9 When spliting EDITOR check for escaped quote characters. 
Also add check_editor to sudoers "make check".
 2021-04-25 19:12:50 -06:00
Todd C. Miller
5e5131dec3 Treat a lone backslash at the end of a string as a literal backslash. 
GitHub issue #99
 2021-04-24 14:19:46 -06:00
Todd C. Miller
2db9e64214 Move reference-counted string code from sudoers to libsudo_util. 
It will be used by sudo_logsrvd too.
 2021-04-06 14:44:19 -06:00
Todd C. Miller
d4517e0a1c Move autoconf auxiliary files to the scripts directory. 2021-04-06 14:23:38 -06:00
Todd C. Miller
dfff132122 Add a new "fuzz" target that executes the fuzzers for 8192 runs each. 
To run indefinately, set FUZZ_RUNS=-1, e.g. "make FUZZ_RUNS=-1 fuzz"
 2021-03-18 16:48:19 -06:00
Todd C. Miller
6eff3b313b Move corpus files to a seed subdirectory. 2021-03-18 15:28:29 -06:00
Todd C. Miller
bac0579134 Fix fuzz_sudoers output comparison when fuzzing is enabled. 
libFuzzer outputs additional info to stderr that our stub doesn't.
 2021-03-18 13:20:45 -06:00
Todd C. Miller
3e5cf7baa3 Do not redefine system group and passwd functions for testsudoers. 
Instead, prefix the replacements with "testsudoers_" and use a
custom pwutil backend so they get used.
 2021-03-18 11:39:54 -06:00
Todd C. Miller
4c182c90f1 Rename "fuzz" makefile target to "check-fuzzer". 
It's purpose is to run the fuzzers are part of a normal "make check"
to avoid bit rot, not to perform a fuzzer run.
The fuzz_logsrvd_conf fuzzer was not wired up to "make check" previously.
 2021-03-18 09:08:16 -06:00
Todd C. Miller
d7d80e703f Use HAVE_STDINT_H instead of trying to guess based on __STDC_VERSION__. 
Fixes compilation with pre-C99 headers when the compiler supports C99.
 2021-03-10 12:27:14 -07:00
Todd C. Miller
07af7caf73 Add @SUDOERS_LIBS@ to FUZZ_LIBS for -lutil on FreeBSD and NetBSD 2021-03-08 12:55:15 -07:00
Todd C. Miller
9bbf120bd8 For regess/fuzz set LC_ALL to C.UTF-8 if possible, falling back on C. 
Works around a crash in leak sanitizer when the locale is set to C
and TLS support is enabled.
 2021-03-02 13:40:23 -07:00
Todd C. Miller
7144955b07 regen Makefile.in 2021-02-26 14:30:16 -07:00
Todd C. Miller
bdfc07f330 Add some missing files to the clean target 2021-02-26 14:27:27 -07:00
Todd C. Miller
e7b414ce4e Move env hooks into sudoers_hooks.c. 2021-02-24 19:09:46 -07:00
Todd C. Miller
38c381a0cc Split fmtsudoers.c into the parts used by sudoers plugin and cvtsudoers. 
Only testsudoers and cvtsudoers use the full set of formatting functions.
 2021-02-24 17:14:51 -07:00
Todd C. Miller
05767145b3 Add fuzzer-specific stubs source file. 2021-02-24 16:43:59 -07:00
Todd C. Miller
1ae4c1bf67 Remove fuzzer targets in "make clean" 2021-02-24 15:25:44 -07:00
Todd C. Miller
9d27880af8 Use real eventlog config fuctions instead of stubs. 2021-02-24 15:08:53 -07:00
Todd C. Miller
33551acd1f Split base64 encode/decode functions into separate source files. 
They are independent functions.
 2021-02-24 12:20:36 -07:00
Todd C. Miller
2a0ba4008c Check aliases in fuzz_sudoers if the policy parsed correctly. 2021-02-23 18:48:47 -07:00
Todd C. Miller
5a85543c16 Move alias checking code out of visudo.c and into check_aliases.c. 2021-02-23 18:42:37 -07:00
Todd C. Miller
c71a397368 We don't need to link fuzz_sudoers with file.c. 2021-02-23 16:39:32 -07:00
Todd C. Miller
081e219e23 Add dictionary files for fuzzers where possible. 2021-02-23 11:28:47 -07:00
Todd C. Miller
5fc6b8c177 Fix fuzz_sudoers output matching. 2021-02-22 16:43:34 -07:00
Todd C. Miller
df42c0c1d2 Perform matching in fuzz_sudoers for inputs that parse correctly. 
The fuzzer now exercised the normal match code as well as the
pseudo-command (list, validate, etc) match code.
Privileges are also listed for well-formed sudoers file.
 2021-02-21 14:59:29 -07:00
Todd C. Miller
14c71eaa86 Add clean rules to .PHONY target. 2021-02-19 08:54:04 -07:00
Todd C. Miller
9f1e016cde Add install-fuzz Makefile target to install the fuzzers and seed corpus. 
The FUZZ_DESTDIR make variable needs to be set in the environment
or on the command line.
 2021-02-18 19:38:54 -07:00
Todd C. Miller
5ea2acc4c2 Only display fuzz_policy output if the fuzzer exits with an error. 2021-02-18 15:12:42 -07:00
Todd C. Miller
abdef93f72 Remove duplicated MALLOC_OPTIONS and MALLOC_CONF env variables. 2021-02-17 13:06:35 -07:00
Todd C. Miller
79a18cb419 regen 2021-02-17 09:57:36 -07:00
Todd C. Miller
de2a47f273 Set MALLOC_OPTIONS and MALLOC_CONF for all regress targets. 2021-02-15 13:17:46 -07:00
Todd C. Miller
ea7a70e85d For "make fuzz" only fuzz the seed corpus. 
This way we avoid files generated by the fuzzer itself.
 2021-02-15 07:35:19 -07:00
Todd C. Miller
df2931588a Fuzz sudoers policy module API. 
Includes a test case to reproduce CVE-2021-3156.
 2021-02-12 15:36:18 -07:00
Todd C. Miller
eedc72d7b9 Make fuzz targets depend on fuzzer stub library. 
We really want a dependency on $(LIB_FUZZING_ENGINE) but that could
be a flag like "-fsanitize=fuzzer" instead of a path.
 2021-02-12 15:35:18 -07:00
Todd C. Miller
1f97ef92b7 Move audit.c from libparsesudoers to the sudoers module itself. 
Now that audit.c contains the audit module it doesn't belong in
libparsesudoers.
 2021-02-12 11:13:52 -07:00
Todd C. Miller
53e3dca7a6 Fix up some .la file library dependencies. 
libsudo_iolog.la already depends on libsudo_util.la and libsudo_eventlog.la
so we don't need to list those explicitly when libsudo_iolog.la is listed.
 2021-02-10 16:47:38 -07:00
Todd C. Miller
1412695a4a Fuzz the example sudoers file, not the default one. 
The default sudoers uses @includedir which can result in different
output, depending on the permissions of /etc/sudoers.d.
 2021-02-09 09:04:05 -07:00
Todd C. Miller
63a3f62547 Add fuzz Makefile target and run fuzzer corpus in make check. 2021-02-08 04:56:17 -07:00
Todd C. Miller
55df5efdce Add --enable-fuzzer-linker and --enable-fuzzer-engine options. 
These will allow the fuzzers to be built as part of oss-fuzz.
 2021-02-07 05:52:45 -07:00
Todd C. Miller
a3dae6f2c9 Fix linking of sudoers fuzzers with static libsudo_util. 2021-02-06 16:25:50 -07:00
Todd C. Miller
6216fb3cca Add --enable-fuzzer option to use when building fuzzers 2021-02-06 13:28:39 -07:00
Todd C. Miller
4480e26972 Build (but don't run) fuzzers as part of "make check". 
Uses a stub to make it possible to link w/o libfuzzer.
The goal is to ensure the fuzzers are always buildable and avoid bit rot.
 2021-02-06 08:38:38 -07:00
Todd C. Miller
ecaa9cd08d Add libsudo_eventlog.la as a dependency of libsudo_iolog.la 
No longer need to link against libsudo_eventlog.la in sudoers.
 2021-02-06 08:36:01 -07:00
Todd C. Miller
29f5f3c53e Fix uninstall target; there were missing line continuation chars. 
GitHub issue #87
 2021-02-03 07:35:33 -07:00
Todd C. Miller
66cd61a9bd The parser should be leak free, re-enable leak detection in ASAN. 2021-02-01 15:07:10 -07:00
Todd C. Miller
888f63a9c8 Test strvec_join() using strlcpy_unesc(). 
Emulates an overflow like: sudoedit -s '\' `perl -e 'print "A" x 65536'`
 2021-01-27 21:46:19 -07:00
Todd C. Miller
29acc64192 Refactor code to flatten an argument vector into a string. 
This is used when building up the user_args string.
 2021-01-27 21:27:14 -07:00
Todd C. Miller
2804c2c78e Add strlcpy_unescape() function to undo escaping from front-end. 
Includes unit test.
 2021-01-27 15:41:54 -07:00