isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
11,616 Commits 1 Branch 0 Tags
0b541c2029c58e7bd7f6e7bdfbf206fe84fb4cc6
Commit Graph

333 Commits

Author SHA1 Message Date
Todd C. Miller
583e8bf538 Use explicit library dependencies instead of implicit. 
We now include all the dependent libraries when linking.
Fixes a linking problem on CentOS Stream 9.
 2022-05-19 17:01:14 -06:00
Todd C. Miller
69fa04f069 Include the cert or ca file in error messages where applicable. 2022-05-17 10:44:18 -06:00
Todd C. Miller
a82fe9aa06 Add missing include of string.h for strerror(3). 2022-05-17 09:31:22 -06:00
Todd C. Miller
d7df7abf87 If ERR_reason_error_string() returns NULL, fall back on strerror(errno). 
That way we get reasonable error messages for missing files, etc.
 2022-05-17 09:18:03 -06:00
Todd C. Miller
3ba807b70f set_dhparams: pass BIO_new_file() "r" for the file mode, not O_RDONLY. 
Unlike BIO_new_fp(), BIO_new_file() takes an fopen-style mode string.
 2022-05-17 08:38:49 -06:00
Todd C. Miller
c7ed03c986 sudo_logsrvd: update elapsed time for winsize and suspend in journal mode 
Fixes a bug in store-first relay mode where the commit point messages
sent by the server were incorrect.
 2022-04-24 17:26:05 -06:00
Todd C. Miller
dcb2fb26a5 Rename SSP_(C|LD)FLAGS -> HARDENING_(C|LD)FLAGS 2022-04-01 11:14:59 -06:00
Todd C. Miller
1f64aca229 Unset LANGUAGE when running tests, otherwise it may override LC_ALL. 
Bug #1025.
 2022-03-14 13:51:03 -06:00
Todd C. Miller
c131b27474 For 'make check-verbose' run fuzzers with -verbose=1 
This is the default for libFuzzer but not for the stub fuzzer lib.
 2022-03-03 10:45:56 -07:00
Todd C. Miller
cdee5d48da Add check-verbose Makefile target that runs tests in verbose mode. 2022-03-02 13:32:08 -07:00
Todd C. Miller
e703feeae2 sudo_regex_compile_v1 stub: set errstr on error 2022-02-25 14:07:22 -07:00
Todd C. Miller
590c4cf62f fuzz_logsrvd_conf: add stub version of sudo_regex_compile_v1(). 
We want to fuzz our parser, not the libc regular expression code.
 2022-02-25 10:13:34 -07:00
Todd C. Miller
8290a1e57a iolog_seekto: initialize struct timing_closure before using. 
Coverity CID 249977
 2022-02-23 20:47:18 -07:00
Todd C. Miller
2315c0b3bb iolog_rewrite: initialize struct timing_closure before using. 
Coverity CID 249971
 2022-02-23 20:17:58 -07:00
Todd C. Miller
41bc52302b Do not disable fuzzer output if SUDO_FUZZ_VERBOSE env variable is set. 2022-02-22 12:04:10 -07:00
Todd C. Miller
3c1ce4bf72 store_iobuf_local: fix potential double free on the error path. 2022-02-10 13:33:24 -07:00
Todd C. Miller
c4e67624e3 Add missing default return in last commit. 2022-02-03 10:24:10 -07:00
Todd C. Miller
d18ee79354 sudo_logsrvd: make sure journal exists before writing the alert message. 
Fixes a potential NULL dereference when journaling an alert message.
 2022-02-03 10:19:40 -07:00
Todd C. Miller
6564f1ae4c Work around a glibc regcomp() bug with repeated '+' operators. 
Glibc regcomp() has a bug where it uses excessive memory for repeated
'+' ops.  Collapse them to avoid running the fuzzer out of memory.
 2022-02-01 13:12:19 -07:00
Todd C. Miller
ac555d454f Rebase seed corpus on updated sudo_logsrvd.conf example. 2022-02-01 13:10:05 -07:00
Todd C. Miller
ad719d06be Fix parsing of "retry_interval" in the relay section. 
The setting was present but the callback was missing so it could
not be parsed in the conf file.
 2022-02-01 13:08:40 -07:00
Todd C. Miller
2df2276d56 Use TIME_T_MAX as the upper limit when parsing timeouts. 2022-02-01 13:07:27 -07:00
Todd C. Miller
be4d62e9a4 Check for garbage after [section] in sudo_logsrvd.conf. 2022-01-29 10:50:03 -07:00
Todd C. Miller
9303aec0de Sync fuzzing dictionary with current configuration keyword list. 2022-01-29 10:30:37 -07:00
Todd C. Miller
9b93961b3e Add new log_passwords and passprompt_regex settings. 
When logging terminal input, if log_passwords is false and any
of the regular expressions in the passprompt_regex list are found
in the terminal output, terminal input will be replaced with '*'
characters until a newline or carriage return is found in the input
or an output character is received.
 2022-01-28 08:52:42 -07:00
Todd C. Miller
c13b21c199 Avoid TOCTOU in sudo_mkdir_parents() using openat(2) and mkdirat(2). 
This also allows us to make path const as it should be.
 2021-12-11 08:35:18 -07:00
Todd C. Miller
09b82a22ca Add configure check for sha1sum and use "openssh dgst -sha1" if missing. 
Only needed when building the seed corpus zip files.
 2021-11-10 13:31:42 -07:00
Todd C. Miller
7c4c61be0f Use iolog_openat() when opening the log.json file in the I/O log dir. 2021-10-27 07:45:22 -06:00
Todd C. Miller
ed13faf9f6 Use BIO_new_file() not BIO_new_fd() to read dhparams file. 
Older versions of OpenSSL and wolfSSL lack BIO_new_fd().
Also explicitly include openssl/bio.h and openssl/dh.h for wolfSSL.
 2021-10-26 19:26:20 -06:00
Todd C. Miller
cc6157d7d4 Add support for WolfSSL's OpenSSL compatibility layer. 
Based on changes from Hayden Roche
 2021-10-25 13:17:57 -06:00
Todd C. Miller
87c1dd9d7d Move include of log_server.pb-c.h into logsrvd.h and sendlog.h 
This way there is no include file order issue with the
PROTOBUF_C_VERSION_NUMBER check.
 2021-10-25 12:25:24 -06:00
Todd C. Miller
8a9c8794d0 Use SSL_FILETYPE_PEM with SSL_CTX_use_PrivateKey_file, not X509_FILETYPE_PEM 
While they are defined to the same value in OpenSSL one should not
rely on this.
 2021-10-24 14:47:49 -06:00
Todd C. Miller
e73e9d5e47 sudo_sendlog: send runenv, rungid and runuid from log.json too 
With this change, sudo_sendlog can now round-trip sudo-style I/O
logs that use the newer log.json format without losing any information.
 2021-10-23 09:04:26 -06:00
Todd C. Miller
88c577171e Make sure INET_ADDRSTRLEN and INET6_ADDRSTRLEN are defined. 2021-10-21 19:53:48 -06:00
Todd C. Miller
14873832c6 sudo_sendlog: send multiple I/O log records together if possible 
Try to fill the write buffer and then send to the server instead
of sending records one at a time.
 2021-10-20 19:16:23 -06:00
Todd C. Miller
1a26d2c883 sudo_sendlog: support multiple write buffers like sudo_logsrvd 2021-10-20 19:03:19 -06:00
Todd C. Miller
02e77e656b Fix potential use-after-free when calling iolog_flush_all(). 
We need to call iolog_flush_all() _before_ scheduling the commit point.
If we fail to schedule to commit point, the closure will be freed.
Coverity CID 220557
 2021-10-19 11:57:32 -06:00
Todd C. Miller
5eebc30987 sendlog: use runargv from log.json if available 2021-10-19 09:42:48 -06:00
Todd C. Miller
a71d1f7ce6 sudo_sendlog: send exit data in eventlog if present 2021-10-19 09:42:46 -06:00
Todd C. Miller
bddf03fe45 No longer need to pass exit params to eventlog_exit(), use struct eventlog. 
Now that struct eventlog includes the exit parameters we can simplify
how eventlog_exit() is called.
 2021-10-19 08:58:34 -06:00
Todd C. Miller
d415624ffc Read command run_time, signal and exit_value from I/O log log.json file. 2021-10-19 08:58:33 -06:00
Todd C. Miller
d21c935a15 Log the command run-time and exit status in the I/O log. 2021-10-19 08:50:02 -06:00
Todd C. Miller
77c339858d Handle a missing run_time in an ExitMessage. 
It is now possible to pass a NULL run_time to eventlog_exit().
 2021-10-18 15:34:48 -06:00
Todd C. Miller
15b4427b9a No need to flush logs before commit point if we flush after each write. 
Also document that logs are flushed before sending a commit point
even when flushing is disabled.
 2021-10-16 07:58:44 -06:00
Todd C. Miller
a554629d84 Flush I/O logs before we send a commit point. 
The commit point message means we have written the data to disk so
we should not be buffering it any longer.
We do not currently fsync(2) the data after flushing, perhaps we should.
 2021-10-15 19:10:34 -06:00
Todd C. Miller
3e4f6aa2e3 Do not treat a resume point of [0, 0] as an error. 
If the connecton is interrupted before sudo sends back a commit_point
message, resuming at [0, 0] is correct.
Also add a warning on unexpected EOF parsing the timing file.
 2021-10-15 12:24:53 -06:00
Todd C. Miller
de5ca187b8 regenerate dependencies 2021-10-10 14:23:13 -06:00
Todd C. Miller
eefb7b0d54 Use a consistent version of fuzz_conversation() with all fuzzers. 
Also undo a change to fuzz_sudoers.c that snuck in to the last commit.
 2021-09-28 20:20:28 -06:00
Todd C. Miller
7d964875df Fuzzers should not produce output. 
Excessive output makes the fuzzer runs much less efficient.
 2021-09-28 18:53:49 -06:00
Todd C. Miller
dea7e6aefd expand_buf: fix conditional for when we need to preserve existing data 
It is possible for the buffer offset to be zero when the length is
non-zero.  The proper value to use is the same as is used for the
memcpy/memmove size.  Fixes buffer corruption caused by a very long
command line that usually results in a dropped connection.
 2021-09-28 13:24:21 -06:00