isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
12,419 Commits 1 Branch 0 Tags
45fdfa18f1d46a1d6171a8f94f0fa9396b51de20
Commit Graph

855 Commits

Author SHA1 Message Date
Rose
45fdfa18f1 Mark functions not returning as sudo_noreturn 
We also put NOTREACHED where it applies.
 2023-07-01 17:40:16 -04:00
Rose
22079c3072 Avoid compiler casting warnings Part 2 
This saves instructions that are related to casting as well as compiler warnings.
 2023-06-29 13:10:27 -04:00
Todd C. Miller
1ba61cd13a No need to round up to page size with sudo_mmap_alloc(). 2023-06-29 10:17:39 -06:00
Rose
e54ba33ea0 Avoid compiler casting warnings by assigning to the same type where possible 
This saves instructions that are related to casting as well as compiler warnings.
 2023-06-28 17:25:26 -04:00
Rose
7fd680c983 Do variable length arrays the C99 way 
Variable length arrays are supported by C99, but having it denoted as "1" confused the compiler and is not defined.

Note that because we don't get the inferred NULL terminator, we have to increase the malloc size by one.
 2023-06-15 15:25:17 -04:00
Todd C. Miller
8fbdd414ce Avoid use of variable length arrays and add ctype(3) casts. 2023-06-10 10:48:53 -06:00
Brilliant Hanabi
932339ed9f Add %n$s support for sudo_lbuf_append_v1 2023-06-09 23:20:39 +08:00
Todd C. Miller
95cd409079 Make suspend_parent.c out of lib/util and into src. 
Nothing else uses it now.
 2023-06-04 19:08:52 -06:00
Todd C. Miller
2f4b406809 iolog_gets: change size parameter to int to match fgets/gzgets 
Return an error, setting errno to EINVAL, for negative sizes.
 2023-05-05 10:20:21 -06:00
Todd C. Miller
cda03ed13f Back out last change, len must be int, not size_t, for %.*s. 2023-05-03 13:36:07 -06:00
Rose
459a49b1fe Prefer size_t over int, as casting can take extra instructions 2023-05-03 15:18:05 -04:00
Todd C. Miller
d4c6ef1222 Add adminconfdir and --enable-adminconf to set it. 
Configuration paths in sudo are now a colon-separated list of files
with the adminconfdir instance first (if enabled), followed by a
sysconfdir instance.
 2023-05-02 10:37:39 -06:00
Todd C. Miller
4363d03ef7 Convert config file paths to colon-separated path list. 
This means that _PATH_SUDO_CONF, _PATH_SUDOERS, _PATH_SUDO_LOGSRVD_CONF,
and _PATH_CVTSUDOERS_CONF can now specify multiple files.  The first
file that exists is used.
 2023-05-02 10:37:38 -06:00
Todd C. Miller
8c85fefaee Plug memory leaks in store_sudo_test found by LSAN. 2023-04-25 09:28:34 -06:00
Todd C. Miller
80b85bdd50 get_user_info: call sudo_get_ttysize() even if no /dev/tty 
We still want to initialize rows and cols based on the environment
if possible.
 2023-04-17 07:27:05 -06:00
Todd C. Miller
cc22cca34f Add an fd argument to sudo_get_ttysize() instead of always using stderr. 
For sudoreplay we open /dev/tty, so use that instead of stderr when
determining the terminal size.
 2023-04-16 15:45:19 -06:00
Todd C. Miller
5650b436e6 Check whether stderr is a tty before trying TIOCGWINSZ. 2023-04-16 15:31:14 -06:00
Todd C. Miller
3e734fa51b Correct a comment. 2023-03-23 08:20:48 -06:00
Todd C. Miller
f5d0b7abf7 Remove portable getcwd.c, nothing uses it anymore. 
Any operating system supported by sudo already includes getcwd(3).
 2023-03-16 15:01:41 -06:00
Todd C. Miller
708cdc61ba nanosleep: clear remainder on successful completion 
Also switch to doing everything in terms of struct timespec except
for the actual select(2) call.
 2023-03-15 13:50:33 -06:00
Todd C. Miller
3f5e7df3cd Add lib dependencies for fuzzer and test targets. 2023-03-15 13:13:38 -06:00
Todd C. Miller
7683ba1b88 eventlog_free: free peeraddr 2023-03-15 11:38:42 -06:00
Todd C. Miller
027b42d5a6 Fix static compilation. 2023-03-14 13:27:45 -06:00
Todd C. Miller
1b3991b717 Add tests for JSON and sudo-style log output. 2023-03-13 19:42:54 -06:00
Todd C. Miller
0f46ffa9f1 Add support for parsing all fields of struct eventlog. 2023-03-14 11:24:02 -06:00
Todd C. Miller
918af413f3 Add missing definition of $(SED). 2023-03-13 15:03:58 -06:00
Todd C. Miller
86ab362fd4 Move JSON log parsing from libsudo_iolog.la to libsudo_eventlog.la 
It will be used in the upcoming log output tests.
 2023-03-13 15:02:03 -06:00
Todd C. Miller
12648b4e0a Add missing " ; " separator between environment variables and command. 
This is a regression introduced in sudo 1.9.13.
GitHub issue #254.
 2023-03-13 08:04:32 -06:00
Todd C. Miller
cb7b1dd89c Pass closure to callback, not the callback pointer itself. 2023-03-10 11:19:37 -07:00
Todd C. Miller
d2582c2cdb fix typo in uninstall target 2023-03-08 19:32:11 -07:00
bin-ly
ec255dca1e fix command error for lib/util/Makefile.in 2023-03-09 10:10:45 +08:00
Todd C. Miller
dea110a848 Add tests for SHA2 digest support. 
This uses the NIST byte-oriented short message test vectors.
 2023-03-07 12:45:13 -07:00
Todd C. Miller
0be5a51918 Add missing include of errno.h. 2023-02-23 09:14:28 -07:00
Todd C. Miller
3281d0eec4 sudo_lbuf_expand: check for overflow when rounding to the nearest power of 2. 
Problem deteced by oss-fuzz using the fuzz_sudoers fuzzer.
 2023-02-23 08:19:18 -07:00
Todd C. Miller
8bb1160624 Replace LIBMD with LIBCRYPTO display crypto/tls libs in summary. 
We can only have one of either -lmd, -lgcrypt or -lcrypto so there
is no need to have more than one variable.
 2023-02-22 08:49:33 -07:00
Todd C. Miller
0339337103 Run the editor in its own process group. 
This fixes suspending the editor on GNU Hurd which doesn't seem to
have proper process group signal handling.
 2023-02-21 16:14:14 -07:00
Todd C. Miller
0443d14578 Add checks for realpath(3) and a version from NetBSD for those without it. 2023-02-12 13:27:17 -07:00
Todd C. Miller
2845ceafb0 Handle "locale -a" returning both C.UTF-8 and C.utf8. 
It is possible to have mutiple matches from the output of "locale
-a".  Just take the first one.  Fixes GitHub issue #241.
 2023-02-15 13:49:04 -07:00
Todd C. Miller
4f50692acc Add some missing files to the clean and distclean targets. 2023-02-15 10:22:42 -07:00
Todd C. Miller
b333d16878 Add eventlog_mail() to send a log message via mail. 
This is used by mail_parse_errors() to send multi-line messages.
Previously, the newlines would be escaped as control characters.
 2023-02-09 11:09:24 -07:00
Todd C. Miller
b6caacfe4e send_mail: pass a single string instead of using varargs 
These days we only ever pass in a const string.
 2023-02-09 11:09:03 -07:00
Todd C. Miller
e63eeee7b4 Add debug tracing to tcsetattr_nobg(). 2023-02-02 09:31:25 -07:00
Todd C. Miller
6d945448ef Merge pull request #230 from trackers-lover/main 
Return value does not match
 2023-01-29 07:12:25 -07:00
bianguangze@uniontech.com
8797f0ceb9 Modify return value parameter 2023-01-29 11:08:38 +08:00
Todd C. Miller
e11bb93e26 Add tests for escaped digits. 2023-01-23 08:48:21 -07:00
Todd C. Miller
f6340068d1 check_pattern: handle escaped digits since GNU libc accepts them. 2023-01-23 08:02:25 -07:00
Todd C. Miller
2d9c0d9034 Add eventlog_store_sudo() and use it in sudoreplay. 
This replaces the custom log formatting used by "sudoreplay -l".
 2023-01-22 15:27:53 -07:00
Todd C. Miller
ee2f2287a6 check_pattern: accept a backslash before the numeric bound like glibc. 
This helps avoid out-of-memory conditions when fuzzing on Linux.
 2023-01-19 19:50:09 -07:00
Todd C. Miller
334daf92b3 Escape control characters in log messages and "sudoreplay -l" output. 
The log message contains user-controlled strings that could include
things like terminal control characters.  Space characters in the
command path are now also escaped.

Command line arguments that contain spaces are surrounded with
single quotes and any literal single quote or backslash characters
are escaped with a backslash.  This makes it possible to distinguish
multiple command line arguments from a single argument that contains
spaces.

Issue found by Matthieu Barjole and Victor Cutillas of Synacktiv
(https://synacktiv.com).
 2023-01-18 08:21:34 -07:00
trackers-love
326f013cfa Return value does not match 2023-01-17 12:24:45 +08:00