isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
12,444 Commits 1 Branch 0 Tags
17c09dfd2727336f755255c272f01a10ccacdf1c
Commit Graph

12444 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Todd C. Miller
f0665166bd Shorten --with-badpass-message argument to a single word. 
The fix_install script can't deal with whitespace in options.
 2023-01-15 17:53:09 -07:00
Todd C. Miller
e5634ae991 Make numbered lists more markdown-friendly. 
Also add line breaks when there are multiple authors.
 2023-01-15 16:48:38 -07:00
Todd C. Miller
49ad30efa3 Make lists of directories more markdown-friendly. 2023-01-15 16:34:06 -07:00
Todd C. Miller
6725c37e3c Check for errors when removing the temp directory. 
If we cannot remove the directory tree that may indicate a file or
directory mode problem.
 2023-01-12 19:20:17 -07:00
Todd C. Miller
8d7feb76ed iolog_mkdtemp: fix pasto in last commit 
Set mode to iolog_dirmode, not iolog_filemode
 2023-01-12 19:15:22 -07:00
Todd C. Miller
0274a4f3b4 sudoedit: do not permit editor arguments to include "--" (CVE-2023-22809) 
We use "--" to separate the editor and arguments from the files to edit.
If the editor arguments include "--", sudo can be tricked into allowing
the user to edit a file not permitted by the security policy.
Thanks to Matthieu Barjole and Victor Cutillas of Synacktiv
(https://synacktiv.com) for finding this bug.
 2023-01-12 15:55:27 -07:00
Todd C. Miller
a960d2c45f Add back the linker check for -fstack-clash-protection. 
This is expected to fix GitHub issue #231.
 2023-01-17 16:19:29 -07:00
Todd C. Miller
0b2f9cbe7c In SHA256Pad and SHA512Pad use 511 and 1023 respectively for bitwise AND. 
Previously we were using 504 and 1016 which still produces the
correct result since padding is done in 8-bit bytes.  However, using
size-1 for the bitwise AND makes the intent clearer and likely would
have prevented the previous bug in SHA512Pad.
From Matthieu Barjole and Victor Cutillas of Synacktiv (https://synacktiv.com)
 2023-01-09 14:37:47 -07:00
Todd C. Miller
3878ce8d49 env_file_next_local: change the order of the val_len check. 
It makes more sense to verify that val_len > 1 before using it.
This is not a problem in practice because val[val_len - 1] is
guaranteed not to underflow but it can confuse reviewers and static
analyzers.
 2023-01-09 14:26:07 -07:00
Todd C. Miller
d781ab0a89 Fix typo in check for environment variables that start with '='. 2023-01-09 14:23:50 -07:00
Todd C. Miller
1b7604e5cb sudo_lbuf_print: no longer need to check for lbuf->len > 0. 
Now that lbuf length is unsigned the earlier check for len == 0 is
sufficient.
 2023-01-09 14:16:59 -07:00
Todd C. Miller
ca297658dd Increase minimum allocation size from 256 to 1024 bytes. 2023-01-09 14:15:23 -07:00
Todd C. Miller
1f58e5a8e0 Fix IS_IDLOG macro, it was testing the wrong byte for the NUL. 
This causes the macro to evaluate to false even for valid TSIDs.
 2023-01-09 13:03:55 -07:00
Todd C. Miller
8309fbb970 sudoers_trace_print: this is a no-op if not debugging 2023-01-04 10:44:58 -07:00
Todd C. Miller
532023f7b6 sudo_lbuf_expand: don't allocate less than 256 bytes at a time. 2023-01-04 10:36:09 -07:00
Todd C. Miller
dc9ef69021 sudo_lbuf_expand: round nearest power of two instead of multiple of 256. 2023-01-03 21:34:20 -07:00
Todd C. Miller
dd934d6a21 Update copyright year. 2023-01-03 20:04:35 -07:00
Todd C. Miller
13df52889f sudo_lbuf_expand: check for possible integer overflow 
The numeric fields in struct sudo_lbuf are now unsigned so that
wraparound is defined, this make the overflow checks simpler.
Problem deteced by oss-fuzz using the fuzz_sudoers fuzzer.
 2023-01-03 20:02:01 -07:00
Todd C. Miller
6b80ab74ea Decode \u00XX in a JSON string now that we escape control chars. 
We don't write Unicode to the log.json file, only 8-bit ASCII.
 2023-01-03 15:59:23 -07:00
Todd C. Miller
e5d98da014 Move hexchar() from the sudoers plugin to lib/util. 2023-01-03 15:50:42 -07:00
Todd C. Miller
0cb3835111 sudo_open_parent_dir: adjust loop terminating condition 
Checking for ep < pathend should be a bit clearer than ep != '\0'
and has the advantage of working when pathend doesn't point to a
NUL byte.  No intended change in behavior.
 2023-01-03 15:22:29 -07:00
Todd C. Miller
311d8e82df iolog_mkdtemp: fix failure when the specified path contains subdirectories. 
This fixes a bug introduced in sudo 1.9.12.
 2023-01-03 14:30:48 -07:00
Todd C. Miller
bfd7d586b5 check_iolog_mkpath: fix exit value 2023-01-03 14:02:23 -07:00
Todd C. Miller
6f94854673 Merge pull request #227 from sohomdatta1/integer_underflow 
Prevent integer underflow due to environment variable
 2023-01-02 08:41:22 -07:00
Sohom
761ffb3bfe Prevent integer underflow due to environment variable 
Gaurd against replacing quotes when the environment variable
val_len is 1.
 2023-01-02 11:47:52 +05:30
Todd C. Miller
8b5037a211 glibc allows the ',' in {low,high} to be escaped with a backslash. 
Adjust bound parsing to match this.
 2023-01-01 10:12:09 -07:00
Todd C. Miller
acee3ea6ef Fix logic goof in 05781ba6f1f3, disable replacements when fuzzing. 
Not the other way around.
 2022-12-31 09:31:37 -07:00
Todd C. Miller
4b0dc2eecb Substitute python plugin file name in sudo_plugin_python documentation. 
Also use prefix for group plugin fallback path section in sudoers manual.
 2022-12-30 13:38:40 -07:00
Todd C. Miller
ad55f8ccee Use correct dictionary file format. 
Also use the new dictionaries in the Makefile fuzz target.
 2022-12-30 11:26:49 -07:00
Todd C. Miller
224a3b6470 Add some addition entries for the I/O log fuzzer seed corpus. 2022-12-30 11:10:40 -07:00
Todd C. Miller
148e5ad95b Add dictionaries for fuzz_iolog_legacy and fuzz_iolog_timing. 2022-12-30 10:52:54 -07:00
Todd C. Miller
774b3c6e68 Don't send warn/fatal output to the debug file when fuzzing. 2022-12-30 08:03:05 -07:00
Todd C. Miller
a9a3a8e37b Back out the genentropy.c portion of c648cfe9ff0f 
We don't need to special-case FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
now that we use the glibc arc4random() where available.
 2022-12-30 08:02:39 -07:00
Todd C. Miller
91d7592e8a Use initprogname(), not setprogname() in the fuzzers. 
This results in better coverage for progname.c.
 2022-12-29 15:52:21 -07:00
Todd C. Miller
206155e603 Add probe_interfaces and intercept_path. 2022-12-29 15:44:54 -07:00
Todd C. Miller
bd98868518 Exercise getter functions. 2022-12-29 15:44:33 -07:00
Todd C. Miller
3068ec000c Avoid using our function replacements when fuzzing (where possible). 
We don't want to fuzz the function replacements themselves as this
can skew the coverage reports.
 2022-12-29 13:22:29 -07:00
Todd C. Miller
3f095ff1b5 Disable sudo_debug tests when fuzzing. 
The debug code is disable when fuzzing is enabled to avoid coverage
issues.
 2022-12-29 12:38:00 -07:00
Todd C. Miller
2e9e1c80f5 Avoid compiling some code paths that are unreachable when fuzzing. 2022-12-29 10:40:48 -07:00
Todd C. Miller
8a5e9ffb43 Plug memory leak. 2022-12-29 10:35:09 -07:00
Todd C. Miller
47a211f194 Update fuzz_policy keywords to match current policy settings. 2022-12-28 16:02:25 -07:00
Todd C. Miller
a7c1b78c67 Add example users and groups to the dictionary. 2022-12-28 16:02:10 -07:00
Todd C. Miller
8eabbf8fdd parse_args: an environment variable may not start with '='. 
Also check VAR=val format in validate_env_vars() and add an error
message if insert_env_vars() fails.
 2022-12-28 14:07:43 -07:00
Todd C. Miller
c820599893 rebuild_env: avoid a potential NULL dereference in fuzz_policy 2022-12-28 11:05:17 -07:00
Todd C. Miller
b69ffd3479 sudoers_policy_main: plug memory leak of iolog_path on error. 2022-12-28 10:50:51 -07:00
Todd C. Miller
8e8a22b8e5 rebuild_env: avoid a potential NULL dereference in fuzz_policy 2022-12-28 09:45:01 -07:00
Todd C. Miller
bca945f074 The contents of the env_add array should not include the leading "env=" prefix. 
The previous fix for this was incomplete.
 2022-12-28 09:25:41 -07:00
Todd C. Miller
9c4271f737 validate_env_vars: more efficient errbuf handling 
Also avoid appending to errbuf if it is already full.
 2022-12-28 09:24:22 -07:00
Todd C. Miller
95a6c04598 Document that -k does not interfere with sudo on other terminals. 
This should help clarify the difference between "sudo -k" and "sudo -K".
 2022-12-27 20:18:56 -07:00
Todd C. Miller
ee5b43280b Check for bound values larger than 255 and reject them. 
This is to prevent the fuzzers from running out of memory.
 2022-12-27 13:22:29 -07:00