isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
12,027 Commits 1 Branch 0 Tags
49f2d67070b51f6b72f8189b53abe9de6e2c727b
Commit Graph

3453 Commits

Author SHA1 Message Date
Todd C. Miller
797cc917a8 Add basic regress for JSON functions. 
Fix a bug in escaped control character handling.
Roll back changes to buffer if sudo_json_add_value() fails.
 2022-12-15 19:49:11 -07:00
Todd C. Miller
0e6482e827 Add missing memory allocation failure checks. 
Inspired by GitHub PR #221
 2022-12-15 09:30:49 -07:00
Todd C. Miller
62dd5734a2 Plug a memory leak of list_cmnd in the fuzzers. 2022-12-11 14:29:14 -07:00
Todd C. Miller
25c709c4d8 Suppress PVS Studio watning about reassigning a variable the same value. 
Working around the warning would result in more fragile code.
 2022-12-11 13:46:06 -07:00
Todd C. Miller
f26a2e7626 Fix some dead stores noted by PVS Studio. 
Since rc is initialized to SUDO_RC_ERROR there is no need to set
it to SUDO_RC_ERROR again on failure if rc has not been changed
since initialization.
 2022-12-11 13:46:04 -07:00
Todd C. Miller
a514a6eed5 Add "list" pseudo-command to allow a user to list another user's 
privs.  Previously, only root or a user with the ability to run any
command as either root or the target user on the current host could
use the -U option.  For "sudo -l [-U otheruser] command", NewArgv[0]
is now set to "list" (just like "sudo -l") and the actual command
to be checked starts with NewArgv[1].
 2022-12-11 13:46:00 -07:00
Todd C. Miller
f5488d733d Fix potential crash introduced in the fix for GitHub issue #134. 
If a user's sudoers entry did not have any RunAs user's set, running
"sudo -U otheruser -l" would dereference a NULL pointer.  We need
to compare the default RunAs user if the sudoers entry does not
specify one explicitly.  Problem reported by Andreas Mueller who
also suggested a different solution in PR #219.
 2022-12-07 10:25:00 -07:00
Todd C. Miller
3df7b64d80 Fix failure in check targets when there is no UTF-8 C locale. 2022-12-06 16:26:34 -07:00
Todd C. Miller
e707ffe58b Place C23 attributes before keywords in function declarations. 
In practice this means we must use "sudo_noreturn static foo(void)"
instead of "static sudo_noreturn foo(void)".
 2022-12-01 12:54:53 -07:00
modric
26cf125fb9 check_syntax(): Remove duplicate calls to init_defaults() 2022-11-24 09:42:05 +08:00
Todd C. Miller
46d286947e build_command_info: free command_info on failure. 
Once upon a time, command_info was a stack variable, now it is
dynamically allocated.  Coverity CID 299987.
 2022-11-22 17:26:24 -07:00
Todd C. Miller
eb4ae10ab4 Better handling of out-of-memory conditions. 2022-11-22 11:57:42 -07:00
Todd C. Miller
9fff5a5fae Keep group file open until the call to myendgrent(). 
This restores the previous behavior.
 2022-11-22 11:55:34 -07:00
Todd C. Miller
f066ff9e01 Eliminate a few harmless dead stores. 
Quiets warnings from Infer.
 2022-11-22 11:18:24 -07:00
Todd C. Miller
2f97da316e sudo_ldap_parse_option: add explicit NULL check for strchr(). 
This should not be needed since we only use the returned pointer
if it is larger than the string passed to strchr().
Quiets a warning from Infer.
 2022-11-22 11:17:30 -07:00
Todd C. Miller
a37ecb2666 sudo_ldap_result_add_entry: check sudo_ldap_get_values_len() return value. 
Previously, we just compared the error code with LDAP_NO_MEMORY
when checking for sudoOrder since this is the only error we care about.
We now return NULL for LDAP_NO_MEMORY and ignore other errors.
Quiets a warning from Infer.
 2022-11-22 11:05:26 -07:00
Todd C. Miller
1c9c7bd34a Refactor code to open passwd/group file and add setpassent/setgroupent. 
This makes the "stayopen" semantics match the system passwd/group
functions.  The getpwent/getgrent functions now open the database
if it is not already open.
 2022-11-22 08:45:14 -07:00
Todd C. Miller
4d7823e518 gram.h: #line directives should reference gram.h not y.tab.h. 2022-11-22 07:27:11 -07:00
Todd C. Miller
3396267291 Add a reminder to the default lecture that the password will not echo. 
This line is only displayed when the pwfeedback option is disabled.
GitHub issue #195.
 2022-11-21 09:48:50 -07:00
modric
cbdc4883d1 Fix some typos 2022-11-21 14:50:22 +08:00
Todd C. Miller
ad220d72d4 Merge pull request #200 from BornThisWay/fix_mem_leak_converse 
Fix memory leak of pass in converse().
 2022-11-17 08:16:40 -07:00
Todd C. Miller
b3834bbf24 sudo_passwd_cleanup: Set auth->data to NULL after freeing. 
GitHub issue #201
 2022-11-17 08:10:35 -07:00
modric
f5cae905ca Fix memory leak of pass in converse(). 2022-11-17 16:08:59 +08:00
Todd C. Miller
fe8e1f3d38 Fix typo; excerise -> exercise 2022-11-16 19:23:11 -07:00
Todd C. Miller
3ecfa025b8 sudo_debug_group_list: short-circuit if groups is NULL 2022-11-11 11:05:12 -07:00
Todd C. Miller
b8e9fc1b12 Add a regress check for the cvtsudoers filter crash. 
GitHub issue #198.
 2022-11-11 07:05:24 -07:00
Todd C. Miller
264326de57 Fix a potential use-after-free bug with cvtsudoers filtering. 
In role_to_sudoers() when merging a privilege to the previous one
where the runas lists are the same we need to re-use the runas lists
of the last command in the previous privilege, not the first.
Otherwise, the check in free_cmndspec() will not notice the re-used
runas lists.  Reported/analyzed by Sohom Datta.  GitHub issue #198.
 2022-11-10 14:55:56 -07:00
Todd C. Miller
5683fc6f7a The name of the C locale w/ UTF-8 support is not always C.UTF-8. 
Use a pattern to find it (if present) and use that value instead
of hard-coding C.UTF-8.  This works around a leak sanitizer crash
on certain inputs.
 2022-11-11 07:05:21 -07:00
Todd C. Miller
75008a0570 Copy some LDIF test data from the cvtsudoers tests to the seed corpus. 
This includes a test to exercise the fix in PR #196.
 2022-11-10 09:54:59 -07:00
Todd C. Miller
455f250ac5 Set LDAP base for sudoers_parse_ldif(). 
Without this set the fuzzer will not exercise the dn parsing.
 2022-11-10 09:34:44 -07:00
Todd C. Miller
0b1335f54e Use a consistent base when testing cvtsudoers conversion from ldif. 2022-11-09 13:00:48 -07:00
Todd C. Miller
8b898b2ca2 Test parsing LDIF when a backslash is the last char of the file. 
If run with address sanitizer, this test will crash when the fix
in ceaf706ab74b is reverted.
 2022-11-09 12:58:41 -07:00
Sohom
902271f441 [cvtsudoers]: Prevent sudo from reading into undefined memory 2022-11-09 23:46:39 +05:30
Todd C. Miller
9f948224ac sudo_passwd_verify: zero out des_pass before returning. 2022-11-08 13:17:11 -07:00
Todd C. Miller
7ec1ee0e5c bsdauth_verify: do not write to prompt, it is now const 2022-11-01 09:33:19 -06:00
Todd C. Miller
d242261dd4 Store raw sudoers lines in the debug log. 
Also add a "sudoerslex" prefix to the token debug info in
sudoers_trace_print().
 2022-11-01 09:32:14 -06:00
Todd C. Miller
966731311d The line numbers in sudoers_trace_print() were off by one. 
The line counter is incremented when a newline is seen so the output
actually refers to the previous line.
 2022-10-31 10:21:39 -06:00
Todd C. Miller
4da22b101e Make the second arg to the sudo auth verify function const. 
This may be either a plaintext password or a password prompt.
Either way it should not be modified by the verify function.
 2022-10-31 09:11:32 -06:00
Todd C. Miller
bd209b9f16 Fix CVE-2022-43995, potential heap overflow for passwords < 8 characters. 
Starting with sudo 1.8.0 the plaintext password buffer is dynamically
sized so it is not safe to assume that it is at least 9 bytes in size.
Found by Hugo Lefeuvre (University of Manchester) with ConfFuzz.
 2022-10-28 07:29:55 -06:00
Todd C. Miller
c78e78dc5e Move debugging info from hostname_matches() to host_matches(). 2022-10-29 11:39:05 -06:00
Todd C. Miller
6a3fb3fd73 Add debugging to sudo_set_grlist() and sudo_set_gidlist(). 2022-10-28 16:58:16 -06:00
Todd C. Miller
ebd285850d Sync clean target with other Makefile.in files. 2022-10-21 11:24:38 -06:00
Todd C. Miller
8087604e5a Build the sample plugin but do not install it by default. 
We no longer install the sample approval plugin.
 2022-10-21 09:12:11 -06:00
Todd C. Miller
45ea248335 Adapt to current plugin API and fix warnings. 2022-10-21 07:51:00 -06:00
Todd C. Miller
9b9404b6fa Disable admin_flag by setting to NULL, not false. 
Found by cppcheck.
 2022-10-20 13:45:36 -06:00
Todd C. Miller
e7db62f645 Don't NULL out the plugin close function when logging to a log server. 
If sudo calls execve(2) directly the accept info will not be sent.
We also need the sudo front-end to wait until the command finishes
to send the exit status.
 2022-10-19 17:05:36 -06:00
Todd C. Miller
5dbb8ac6e4 Updated translations from translationproject.org 2022-10-14 12:37:20 -06:00
Todd C. Miller
3b205bc412 Update .pot files for 1.9.12 2022-10-10 09:13:22 -06:00
Todd C. Miller
8d5e59c8a8 Update the description of intercept_verify 2022-10-10 09:12:47 -06:00
Todd C. Miller
57b5ff8e8c Avoid a -Wshadow warning on Solaris 9. 2022-10-07 11:00:17 -06:00