isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
10,725 Commits 1 Branch 0 Tags
1ae4c1bf671fc45dab3b58dec9e135ff74a299cc
Commit Graph

10725 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Todd C. Miller
a74e8502c0 Garbage collect unused gc_remove() function. 2021-02-01 15:08:08 -07:00
Todd C. Miller
66cd61a9bd The parser should be leak free, re-enable leak detection in ASAN. 2021-02-01 15:07:10 -07:00
Todd C. Miller
9ed14870c6 Add garbage collection to the sudoers parser to clean up on error. 
This makes it possible to avoid memory leaks when there is a parse error.
 2021-02-01 15:06:20 -07:00
Todd C. Miller
4cd6350cad Fix crashes trying to parse invalid JSON. 
Found locally using libfuzzer/oss-fuzz.
 2021-01-30 16:16:23 -07:00
Todd C. Miller
de82d08e70 Plug memory leak if a key is listed more than once in the log.json file. 2021-01-30 16:15:24 -07:00
Todd C. Miller
5dc297d300 Fix crash when file does not exist. 2021-01-30 14:04:05 -07:00
Todd C. Miller
439660c7fb Strict tz offset parsing. 
Fixes an out of bounds read found locally using libfuzzer/oss-fuzz.
 2021-01-30 09:29:31 -07:00
Todd C. Miller
9f81e8a109 Don't leak memory for duplicate command options. 
The last option wins but we also now warn about the duplicate.
Found locally using libfuzzer/oss-fuzz.
 2021-01-30 08:53:55 -07:00
Todd C. Miller
4eb591c6f3 Copy command options when converting a sudoRole with multiple sudoCommands. 
A sudoRole with multiple sudoCommands is converted to a privilege
with multiple cmndspecs.  However, we were not copying some of the
command options to subsequent cmndspecs in the list.
 2021-01-30 08:26:58 -07:00
Todd C. Miller
75f76eba81 Fix memory leak if the last line is folded. 
Fixes issue 30080 by ClusterFuzz-External
 2021-01-30 06:15:21 -07:00
Todd C. Miller
bd10bb5cfe Add --disable-leaks configure option. 
This enables the extra freeing of memory before exit also enabled
by --enable-asan.  To be used by oss-fuzz.
 2021-01-30 06:01:48 -07:00
Todd C. Miller
995601c621 Stricter parsing of generalized time. 
Fixes potential out of bounds read found by libfuzzer/oss-fuzz.
 2021-01-30 05:39:23 -07:00
Todd C. Miller
419c895240 Don't bother calling ldif_to_sudoers() if there are no roles to convert. 2021-01-29 09:31:27 -07:00
Todd C. Miller
8781560e1b In json_stack_push() treat stack exhaustion like memory allocation failure. 
Return NULL instead of treating as a fatal error.
This should make life a little easier for oss-fuzz.
 2021-01-29 09:23:51 -07:00
Todd C. Miller
6c8242c357 Update comment about return values for resolve_host(). 2021-01-29 06:24:31 -07:00
Todd C. Miller
e5ad88488d Fix NO_ROOT_MAILER, broken by the eventlog refactor in sudo 1.9.4. 
init_eventlog_config() is called immediately after initializing the
Defaults settings, which is before struct sudo_user is setup.  This
adds a call to eventlog_set_mailuid() if NO_ROOT_MAILER is defined
after the invoking user is determined.  Reported by Roman Fiedler.
 2021-01-29 05:42:34 -07:00
Todd C. Miller
da5c6c6c45 Regenerate configure script with autoconf 2.71. 
Also fix some warnings from the new version.
 2020-12-08 12:35:21 -07:00
Todd C. Miller
8f114c2aae Add plugins/sudoers/strvec_join.c 2021-01-28 16:25:48 -07:00
Todd C. Miller
8ca47cc99d Fix compilation on systems without a native strlcpy() function. 2021-01-28 09:15:36 -07:00
Todd C. Miller
dceab7d756 Break up the long help string into multiple printf() statements. 
AIX xlc compiler doesn't like cpp directives in between strings.
Also fixes a complaint from cppcheck and makes translation easier.
 2021-01-28 08:53:25 -07:00
Todd C. Miller
c9eff93854 strvec_join: free result on error and actually use separator char 2021-01-28 05:57:23 -07:00
Todd C. Miller
888f63a9c8 Test strvec_join() using strlcpy_unesc(). 
Emulates an overflow like: sudoedit -s '\' `perl -e 'print "A" x 65536'`
 2021-01-27 21:46:19 -07:00
Todd C. Miller
29acc64192 Refactor code to flatten an argument vector into a string. 
This is used when building up the user_args string.
 2021-01-27 21:27:14 -07:00
Todd C. Miller
2804c2c78e Add strlcpy_unescape() function to undo escaping from front-end. 
Includes unit test.
 2021-01-27 15:41:54 -07:00
Todd C. Miller
aa50aaf8da Add missing check for reallocarray() failure. 
Found by OSS-Fuzz.
 2021-01-27 09:00:49 -07:00
Todd C. Miller
bca213959b Remove Py_SSIZE2SIZE to quiet cppcheck warnings. 
Tuple size cannot be negative and we already handle the case where
it is zero.
 2021-01-26 11:33:06 -07:00
Todd C. Miller
19d5845f8b The program name may now only be "sudo" or "sudoedit". 
We no longer need to check for any string that ends in "edit".
 2021-01-26 11:33:05 -07:00
Todd C. Miller
98d5cc2a85 Sudo 1.9.5p2 2021-01-23 08:44:00 -07:00
Todd C. Miller
c0eecf85c8 Don't assume that argv is allocated as a single flat buffer. 
While this is how the kernel behaves it is not a portable assumption.
The assumption may also be violated if getopt_long(3) permutes arguments.
Found by Qualys.
 2021-01-23 08:44:00 -07:00
Todd C. Miller
0754533d24 Fix the memset offset when converting a v1 timestamp to TS_LOCKEXCL. 
We want to zero the struct starting at flags, not type (which was just set).
Found by Qualys.
 2021-01-23 08:44:00 -07:00
Todd C. Miller
1f8638577d Fix potential buffer overflow when unescaping backslashes in user_args. 
Also, do not try to unescaping backslashes unless in run mode *and*
we are running the command via a shell.
Found by Qualys, this fixes CVE-2021-3156.
 2021-01-23 08:43:59 -07:00
Todd C. Miller
c4d384082f Add sudoedit flag checks in plugin that are consistent with front-end. 
Don't assume the sudo front-end is sending reasonable mode flags.
These checks need to be kept consistent between the sudo front-end
and the sudoers plugin.
 2021-01-23 08:43:59 -07:00
Todd C. Miller
b301b46b79 Reset valid_flags to MODE_NONINTERACTIVE for sudoedit. 
This is consistent with how the -e option is handled.
Also reject -H and -P flags for sudoedit as was done in sudo 1.7.
Found by Qualys, this is part of the fix for CVE-2021-3156.
 2021-01-23 08:43:59 -07:00
Pavel Březina
3b7977a42c pam: pass KRB5CCNAME to pam_authenticate environment if available 
If a PAM module wants to authenticate user using GSSAPI, the authentication
is broken if non-default ccache name is used in KRB5CCNAME environment
variable.

One way to mitigate this would be to add this to env_keep, but this also
makes the variable available in the executed command which may not
be always desirable.

This patch sets KRB5CCNAME for pam_authenticate only, if it is available
and not yet set.
 2021-01-22 07:28:14 -07:00
Fabrice Fontaine
c05fe93669 lib/eventlog/Makefile.in: fix static build without closefrom 
Since version 1.9.4 and
bd1ca79cca,
when closefrom is not available, libsudo_eventlog.a depends on
libsudo_util.a. So reflect this dependency in the libtool file to avoid
the following static build failure of logsrvd:

/bin/bash ../libtool --tag=disable-static --mode=link /home/buildroot/autobuild/instance-1/output-1/host/bin/powerpc-linux-gcc -o sudo_logsrvd logsrv_util.o iolog_writer.o logsrvd.o logsrvd_conf.o -static -Wl,--enable-new-dtags -Wl,-z,relro    ../lib/iolog/libsudo_iolog.la ../lib/eventlog/libsudo_eventlog.la ../lib/logsrv/liblogsrv.la
/bin/bash ../libtool --tag=disable-static --mode=link /home/buildroot/autobuild/instance-1/output-1/host/bin/powerpc-linux-gcc -o sudo_sendlog logsrv_util.o sendlog.o -static -Wl,--enable-new-dtags -Wl,-z,relro    ../lib/iolog/libsudo_iolog.la ../lib/eventlog/libsudo_eventlog.la ../lib/logsrv/liblogsrv.la
libtool: link: /home/buildroot/autobuild/instance-1/output-1/host/bin/powerpc-linux-gcc -o sudo_logsrvd logsrv_util.o iolog_writer.o logsrvd.o logsrvd_conf.o -static -Wl,--enable-new-dtags -Wl,-z -Wl,relro  ../lib/iolog/.libs/libsudo_iolog.a /home/buildroot/autobuild/instance-1/output-1/build/sudo-1.9.5p1/lib/util/.libs/libsudo_util.a -lpthread -lz ../lib/eventlog/.libs/libsudo_eventlog.a ../lib/logsrv/.libs/liblogsrv.a
/home/buildroot/autobuild/instance-1/output-1/host/opt/ext-toolchain/bin/../lib/gcc/powerpc-buildroot-linux-uclibc/8.3.0/../../../../powerpc-buildroot-linux-uclibc/bin/ld: ../lib/eventlog/.libs/libsudo_eventlog.a(eventlog.o): in function `send_mail.constprop.1':
eventlog.c:(.text+0x149c): undefined reference to `sudo_closefrom'
collect2: error: ld returned 1 exit status

Fixes:
 - http://autobuild.buildroot.org/results/515b45f876fa9de03c9235f86017f4dc10eb3b54

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
 2021-01-22 07:00:18 -07:00
Todd C. Miller
376ad5e6b4 Do not add an unfinished write buffer to the queue if it is already present. 
In client_msg_cb() we only remove a buffer from the queue when it is
finished.  Inserting the buf again can cause a cycle in the queue.
 2021-01-21 12:46:48 -07:00
Todd C. Miller
eb536d8b7c Fix problem when SSL_read() returns SSL_ERROR_WANT_WRITE. This can 
happen when the socket cannot be written to immediately.
We need to set the read_instead_of_write flag in that case, _not_
write_instead_of_read.  Also sync comments with sendlog.c.
Bug #954
 2021-01-20 11:25:23 -07:00
Todd C. Miller
d98dd5f98d Fix setprogname() emulation on systems without it. 
For fully-qualified paths, store the string starting after the last slash,
not at the slash itself.
 2021-01-15 15:25:44 -07:00
Todd C. Miller
e60ff9058b Sudo 1.9.5p1 2021-01-11 18:47:22 -07:00
Todd C. Miller
3a13f1bf0c Run the editor with the user's real and effective uid and gid. 
Fixes a bug introduced in sudo 1.9.5 where the editor was run setuid
root unless SELinux RBAC was in use.
 2021-01-11 18:41:19 -07:00
Todd C. Miller
ea150d5918 fix typo 2021-01-11 08:16:53 -07:00
Todd C. Miller
01d0bbfb85 Add casts to quiet two warnings on Solaris. 2021-01-11 07:35:33 -07:00
Todd C. Miller
9e111eae57 Sudo 1.9.5 2021-01-08 19:52:45 -07:00
Todd C. Miller
250cccfe4c Update .pot files for 1.9.5. 2021-01-09 12:59:48 -07:00
Todd C. Miller
1b72d6a5cc Allow SELinux support to be disabled via the sudoers file. 
Defaults to true if sudo is built with SELinux support and SELinux
is not disabled on the system.
 2021-01-08 19:29:17 -07:00
Todd C. Miller
4603da02af Add a comment to verify_import() to clarify its purpose. 2021-01-06 19:16:26 -07:00
Todd C. Miller
4e11bc0e26 Suppress PVS Studio false positives. 2021-01-06 14:27:09 -07:00
Todd C. Miller
108e29446d Plug a memory leak in sudoerserrorf(). 2021-01-06 14:12:04 -07:00
Todd C. Miller
92c88d4105 Quiet a few harmless cppcheck warnings. 2021-01-06 13:01:10 -07:00
Todd C. Miller
84b3a1dae1 Remove the --force option from the cppcheck args, it causes errors. 2021-01-06 13:01:09 -07:00