isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
11,089 Commits 1 Branch 0 Tags
0aedc965f88a08912eae945cd6cb15ca4f8faae2
Commit Graph

3133 Commits

Author SHA1 Message Date
Todd C. Miller
ecdf732adc Check for invalid flag combinations from front-end for all cases. 
The checks are now performed in the check_policy, list, validate
and invalidate functions instead of as part of the open function.
We can't perform the checks in open because we don't yet know what
operation is going to be performed.
 2021-02-16 09:33:39 -07:00
Todd C. Miller
ae3a098d2f Always dynamically allocate user_cmnd, it is freed in sudo_user_free(). 
Instead of setting user_cmnd in the policy functions, always set argv.
Calling sudoers_policy_main() with argc of 0 is no longer allowed.
 2021-02-16 09:32:34 -07:00
Todd C. Miller
c09169e812 No need for sudoers_cleanup() in sudoers_policy_invalidate(). 
The sudoers close() function is now called even for "sudo -k".
Also no need to set user_cmnd, it is not used in this code path.
 2021-02-16 08:26:49 -07:00
Todd C. Miller
de2a47f273 Set MALLOC_OPTIONS and MALLOC_CONF for all regress targets. 2021-02-15 13:17:46 -07:00
Todd C. Miller
52e3fcc795 Free struct sudo_user in sudoers_policy_close() and sudoers_cleanup(). 
Also, do not NULL out the close function if NO_LEAKS is defined.
 2021-02-15 08:29:47 -07:00
Todd C. Miller
ea7a70e85d For "make fuzz" only fuzz the seed corpus. 
This way we avoid files generated by the fuzzer itself.
 2021-02-15 07:35:19 -07:00
Todd C. Miller
7f3c670a13 Fix sudoers garbage collection and run it in policy fuzzer. 2021-02-14 14:01:31 -07:00
Todd C. Miller
7f0b269238 Do not include errno string for invalid params from front-end. 2021-02-14 07:48:58 -07:00
Todd C. Miller
561740cd54 Always dynamically allocate user_role, user_type, user_privs, user_limitprivs 2021-02-14 07:47:48 -07:00
Todd C. Miller
5c0454495c Remove dead code, front-end does not set runas_privs or runas_limitprivs 2021-02-14 07:39:41 -07:00
Todd C. Miller
d1969b4f0b Plug memory leak if there are duplicate user_info or command_info entries. 2021-02-14 07:21:00 -07:00
Todd C. Miller
776c57a81e Move create_admin_success_flag() to timestamp.c. 2021-02-13 15:48:21 -07:00
Todd C. Miller
651a225a4a The push() function was not updating the size after reallocating. 2021-02-13 12:54:22 -07:00
Todd C. Miller
41eae91206 If sudo_getgrouplist2() returns -1, clamp ngroups based on max_groups. 
The ngroups parameter is an out parameter that is filled in with
the actual number of groups, which may be less than the static
number allocated when max_groups is set in sudo.conf.
Fixes a potential out of bounds read found by LLVM libFuzzer.
 2021-02-13 11:54:21 -07:00
Todd C. Miller
e89a8133ac Reset sudoers path, owner and mode before parsing plugin arguments. 
This is only needed when calling sudoers_policy_deserialize_info()
more than once, which is true for the policy fuzzer.
 2021-02-12 21:15:36 -07:00
Todd C. Miller
197d6600fa Cleanup sudoers sources on denial and error too. 2021-02-12 19:52:11 -07:00
Todd C. Miller
520db741b5 Fix sudo_getgrgid reference count bug when gid doesn't exist. 
This one was missed when the other user/group lookup functions
were fixed.
 2021-02-12 19:27:47 -07:00
Todd C. Miller
df2931588a Fuzz sudoers policy module API. 
Includes a test case to reproduce CVE-2021-3156.
 2021-02-12 15:36:18 -07:00
Todd C. Miller
ed79627699 Plug memory leak if there are duplicate user_info entries. 2021-02-12 19:04:37 -07:00
Todd C. Miller
eedc72d7b9 Make fuzz targets depend on fuzzer stub library. 
We really want a dependency on $(LIB_FUZZING_ENGINE) but that could
be a flag like "-fsanitize=fuzzer" instead of a path.
 2021-02-12 15:35:18 -07:00
Todd C. Miller
1f97ef92b7 Move audit.c from libparsesudoers to the sudoers module itself. 
Now that audit.c contains the audit module it doesn't belong in
libparsesudoers.
 2021-02-12 11:13:52 -07:00
Todd C. Miller
53e3dca7a6 Fix up some .la file library dependencies. 
libsudo_iolog.la already depends on libsudo_util.la and libsudo_eventlog.la
so we don't need to list those explicitly when libsudo_iolog.la is listed.
 2021-02-10 16:47:38 -07:00
Todd C. Miller
0663ffbc3f Use sudo_basename() instead of doing the equivalent manually. 2021-02-10 15:14:08 -07:00
Todd C. Miller
cbf73e19bb Portable workaround for getdelim(3) implementations modify buf on EOF. 
We should assume that the contents of buf are undefined when getdelim(3)
returns -1.  We now peek ahead one char and skip the getdelim(3) call if
EOF is detected.  This will preserve the original value of the last line.
 2021-02-09 18:23:23 -07:00
Todd C. Miller
cf18011466 Some getdelim(3) implementations write a NUL to the buffer on EOF. 
AIX and Illumos appear to have this behavior.  We now preserve the
first character of the buffer on EOF to work around this.
Fixes reporting of syntax errors on the last line of a file.
 2021-02-09 09:06:17 -07:00
Todd C. Miller
1412695a4a Fuzz the example sudoers file, not the default one. 
The default sudoers uses @includedir which can result in different
output, depending on the permissions of /etc/sudoers.d.
 2021-02-09 09:04:05 -07:00
Todd C. Miller
3d55bca8ac Silence a clang analyzer false positive. 2021-02-08 16:06:08 -07:00
Todd C. Miller
aae168c485 Make open_sudoers() always return NULL like fuzz_sudoers.c 2021-02-08 14:20:40 -07:00
Todd C. Miller
19d8d4a549 Update *.toke.ok now that lexer doesn't call sudoerserror() itself. 2021-02-08 13:46:33 -07:00
Todd C. Miller
04de04f544 The lexer now sets an error string before returning ERROR. 
The parser will use that when reporting on an ERROR state.  This
prevents the lexer from reporting errors about tokens that are not
actually consumed by the parser and we don't have to worry about
both the lexer and the parser reporting errors.  It also means we
only get one error per sudoers line.
 2021-02-08 13:43:49 -07:00
Todd C. Miller
9325a342b5 Go back to storing the last error file/line in sudoerserrorf(). 
This is still the best way to avoid displaying more than one error
per line.
 2021-02-08 08:00:04 -07:00
Todd C. Miller
63a3f62547 Add fuzz Makefile target and run fuzzer corpus in make check. 2021-02-08 04:56:17 -07:00
Todd C. Miller
30d9497eb6 Add stub library that just feeds files to the fuzzing target. 
This will allow the fuzzers to be run as part of "make check".
 2021-02-07 15:43:51 -07:00
Todd C. Miller
a72d743ec8 Fall back to a temp file if fmemopen() is not available(). 2021-02-07 13:56:15 -07:00
Todd C. Miller
c19cb388bc Add missing return statement when NO_LEAKS is not defined. 2021-02-07 13:37:21 -07:00
Todd C. Miller
55df5efdce Add --enable-fuzzer-linker and --enable-fuzzer-engine options. 
These will allow the fuzzers to be built as part of oss-fuzz.
 2021-02-07 05:52:45 -07:00
Todd C. Miller
a3dae6f2c9 Fix linking of sudoers fuzzers with static libsudo_util. 2021-02-06 16:25:50 -07:00
Todd C. Miller
6216fb3cca Add --enable-fuzzer option to use when building fuzzers 2021-02-06 13:28:39 -07:00
Todd C. Miller
4480e26972 Build (but don't run) fuzzers as part of "make check". 
Uses a stub to make it possible to link w/o libfuzzer.
The goal is to ensure the fuzzers are always buildable and avoid bit rot.
 2021-02-06 08:38:38 -07:00
Todd C. Miller
ecaa9cd08d Add libsudo_eventlog.la as a dependency of libsudo_iolog.la 
No longer need to link against libsudo_eventlog.la in sudoers.
 2021-02-06 08:36:01 -07:00
Todd C. Miller
665f8d2e3e Only strip double quotes from an include path if len >= 2. 
Found locally using libfuzzer/oss-fuzz.
 2021-02-03 16:50:04 -07:00
Todd C. Miller
e675f4c078 Don't allow the sudoers fuzzer to open include files. 
If we allow the fuzzer to choose include paths it will include
random files in the file system.  This leads to bug reports that
cannot be reproduced.
 2021-02-03 15:20:54 -07:00
Todd C. Miller
f5fc5d6417 If getdelim() returns a string with embedded NULs, truncate on first one. 
This should avoid some issues with the fuzzer.
 2021-02-03 15:13:18 -07:00
Todd C. Miller
10e37223b5 Reallocate the buffer correctly when appending a newline. 
Fixes a potential buffer overflow introduced in the last commit.
 2021-02-03 15:13:03 -07:00
Todd C. Miller
b4cabdb394 Don't free the alias name in alias_add() if the alias already exists. 
We need to be able to display it using alias_error().
Only free what we actually allocated in alias_add() on error and
let the caller handle cleanup.  Note that we cannot completely fill
in the alias until it is inserted.  Otherwise, we will have modified
the file and members parameters even if there was an error.
As a result, we have to remove those from the leak list after
alias_add(), not before.
 2021-02-03 14:17:37 -07:00
Todd C. Miller
884b2fb86b Fix NUL termination when parsing a sudoers file with no ending newline. 
oss-fuzz issue #30252
 2021-02-03 13:49:21 -07:00
Todd C. Miller
077c9b0c74 sudoersrestart() does not reset state to INITIAL, do it in init_lexer(). 
Fixes spurious errors from fuzz_sudoers, which calls the parser multiple times.
 2021-02-03 13:00:09 -07:00
Todd C. Miller
63a63680b6 Push lexer leak tracking down into check_fill.c. 
This lets us track things correctly when buffers are realloc()d.
Rewrote fill() and append() to be more readable.
 2021-02-03 12:57:04 -07:00
Todd C. Miller
3237a18ee3 Use sudoersrestart() in fuzz_sudoers.c 
Since we run the parser multiple times we need to restart it each time.
 2021-02-03 12:52:15 -07:00
Todd C. Miller
e66b132d76 Parser needs user_shost for the %h escape in @include expansion. 
Fixes oss-fuzz issue #30238
 2021-02-03 08:56:32 -07:00