isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
11,430 Commits 1 Branch 0 Tags
4e3a48f2d1003b51f507a48547ab0c91cd6add99
Commit Graph

317 Commits

Author SHA1 Message Date
Todd C. Miller
c4e67624e3 Add missing default return in last commit. 2022-02-03 10:24:10 -07:00
Todd C. Miller
d18ee79354 sudo_logsrvd: make sure journal exists before writing the alert message. 
Fixes a potential NULL dereference when journaling an alert message.
 2022-02-03 10:19:40 -07:00
Todd C. Miller
6564f1ae4c Work around a glibc regcomp() bug with repeated '+' operators. 
Glibc regcomp() has a bug where it uses excessive memory for repeated
'+' ops.  Collapse them to avoid running the fuzzer out of memory.
 2022-02-01 13:12:19 -07:00
Todd C. Miller
ac555d454f Rebase seed corpus on updated sudo_logsrvd.conf example. 2022-02-01 13:10:05 -07:00
Todd C. Miller
ad719d06be Fix parsing of "retry_interval" in the relay section. 
The setting was present but the callback was missing so it could
not be parsed in the conf file.
 2022-02-01 13:08:40 -07:00
Todd C. Miller
2df2276d56 Use TIME_T_MAX as the upper limit when parsing timeouts. 2022-02-01 13:07:27 -07:00
Todd C. Miller
be4d62e9a4 Check for garbage after [section] in sudo_logsrvd.conf. 2022-01-29 10:50:03 -07:00
Todd C. Miller
9303aec0de Sync fuzzing dictionary with current configuration keyword list. 2022-01-29 10:30:37 -07:00
Todd C. Miller
9b93961b3e Add new log_passwords and passprompt_regex settings. 
When logging terminal input, if log_passwords is false and any
of the regular expressions in the passprompt_regex list are found
in the terminal output, terminal input will be replaced with '*'
characters until a newline or carriage return is found in the input
or an output character is received.
 2022-01-28 08:52:42 -07:00
Todd C. Miller
c13b21c199 Avoid TOCTOU in sudo_mkdir_parents() using openat(2) and mkdirat(2). 
This also allows us to make path const as it should be.
 2021-12-11 08:35:18 -07:00
Todd C. Miller
09b82a22ca Add configure check for sha1sum and use "openssh dgst -sha1" if missing. 
Only needed when building the seed corpus zip files.
 2021-11-10 13:31:42 -07:00
Todd C. Miller
7c4c61be0f Use iolog_openat() when opening the log.json file in the I/O log dir. 2021-10-27 07:45:22 -06:00
Todd C. Miller
ed13faf9f6 Use BIO_new_file() not BIO_new_fd() to read dhparams file. 
Older versions of OpenSSL and wolfSSL lack BIO_new_fd().
Also explicitly include openssl/bio.h and openssl/dh.h for wolfSSL.
 2021-10-26 19:26:20 -06:00
Todd C. Miller
cc6157d7d4 Add support for WolfSSL's OpenSSL compatibility layer. 
Based on changes from Hayden Roche
 2021-10-25 13:17:57 -06:00
Todd C. Miller
87c1dd9d7d Move include of log_server.pb-c.h into logsrvd.h and sendlog.h 
This way there is no include file order issue with the
PROTOBUF_C_VERSION_NUMBER check.
 2021-10-25 12:25:24 -06:00
Todd C. Miller
8a9c8794d0 Use SSL_FILETYPE_PEM with SSL_CTX_use_PrivateKey_file, not X509_FILETYPE_PEM 
While they are defined to the same value in OpenSSL one should not
rely on this.
 2021-10-24 14:47:49 -06:00
Todd C. Miller
e73e9d5e47 sudo_sendlog: send runenv, rungid and runuid from log.json too 
With this change, sudo_sendlog can now round-trip sudo-style I/O
logs that use the newer log.json format without losing any information.
 2021-10-23 09:04:26 -06:00
Todd C. Miller
88c577171e Make sure INET_ADDRSTRLEN and INET6_ADDRSTRLEN are defined. 2021-10-21 19:53:48 -06:00
Todd C. Miller
14873832c6 sudo_sendlog: send multiple I/O log records together if possible 
Try to fill the write buffer and then send to the server instead
of sending records one at a time.
 2021-10-20 19:16:23 -06:00
Todd C. Miller
1a26d2c883 sudo_sendlog: support multiple write buffers like sudo_logsrvd 2021-10-20 19:03:19 -06:00
Todd C. Miller
02e77e656b Fix potential use-after-free when calling iolog_flush_all(). 
We need to call iolog_flush_all() _before_ scheduling the commit point.
If we fail to schedule to commit point, the closure will be freed.
Coverity CID 220557
 2021-10-19 11:57:32 -06:00
Todd C. Miller
5eebc30987 sendlog: use runargv from log.json if available 2021-10-19 09:42:48 -06:00
Todd C. Miller
a71d1f7ce6 sudo_sendlog: send exit data in eventlog if present 2021-10-19 09:42:46 -06:00
Todd C. Miller
bddf03fe45 No longer need to pass exit params to eventlog_exit(), use struct eventlog. 
Now that struct eventlog includes the exit parameters we can simplify
how eventlog_exit() is called.
 2021-10-19 08:58:34 -06:00
Todd C. Miller
d415624ffc Read command run_time, signal and exit_value from I/O log log.json file. 2021-10-19 08:58:33 -06:00
Todd C. Miller
d21c935a15 Log the command run-time and exit status in the I/O log. 2021-10-19 08:50:02 -06:00
Todd C. Miller
77c339858d Handle a missing run_time in an ExitMessage. 
It is now possible to pass a NULL run_time to eventlog_exit().
 2021-10-18 15:34:48 -06:00
Todd C. Miller
15b4427b9a No need to flush logs before commit point if we flush after each write. 
Also document that logs are flushed before sending a commit point
even when flushing is disabled.
 2021-10-16 07:58:44 -06:00
Todd C. Miller
a554629d84 Flush I/O logs before we send a commit point. 
The commit point message means we have written the data to disk so
we should not be buffering it any longer.
We do not currently fsync(2) the data after flushing, perhaps we should.
 2021-10-15 19:10:34 -06:00
Todd C. Miller
3e4f6aa2e3 Do not treat a resume point of [0, 0] as an error. 
If the connecton is interrupted before sudo sends back a commit_point
message, resuming at [0, 0] is correct.
Also add a warning on unexpected EOF parsing the timing file.
 2021-10-15 12:24:53 -06:00
Todd C. Miller
de5ca187b8 regenerate dependencies 2021-10-10 14:23:13 -06:00
Todd C. Miller
eefb7b0d54 Use a consistent version of fuzz_conversation() with all fuzzers. 
Also undo a change to fuzz_sudoers.c that snuck in to the last commit.
 2021-09-28 20:20:28 -06:00
Todd C. Miller
7d964875df Fuzzers should not produce output. 
Excessive output makes the fuzzer runs much less efficient.
 2021-09-28 18:53:49 -06:00
Todd C. Miller
dea7e6aefd expand_buf: fix conditional for when we need to preserve existing data 
It is possible for the buffer offset to be zero when the length is
non-zero.  The proper value to use is the same as is used for the
memcpy/memmove size.  Fixes buffer corruption caused by a very long
command line that usually results in a dropped connection.
 2021-09-28 13:24:21 -06:00
Todd C. Miller
a78d3cc25d Reuse existing journal file for an accepted/rejected sub-command. 
Otherwise we end up with zero-length files in the incoming queue
dir and may end up relaying one of those instead of the actual
journal file.
 2021-09-20 15:33:10 -06:00
Todd C. Miller
8cc7e4bb5e sudo_logsrvd: only send log ID for first command of a session 
There is no need to send the log ID for each sub-command.
 2021-09-20 07:57:31 -06:00
Todd C. Miller
4e0b77be4b tls_init.c: use SSL_CTX_set0_tmp_dh_pkey if present. 
Fixes a warning on OpenSSL 3.0 and plugs a memory leak of dhparams
on config reload.
 2021-09-17 10:55:06 -06:00
Todd C. Miller
70aef0eb2d sudo_debug_register: add minfd argument to specify lowest fd number 
Use this in sudo_intercept.so to avoid allocating a low-numbered
fd which the shell reserves for use by scripts.
 2021-08-26 09:57:24 -06:00
Todd C. Miller
bb5843055e Replace messages like "unknown foo: %s" with "unknown foo %s". 
The colon really doesn't belong there; we generally use a colon to
separate a message from the warning detail.
 2021-08-19 09:44:11 -06:00
Todd C. Miller
e17003b35c Sync warning messages with sudoers/logging.c 
Avoids 3 translation strings that were effectively duplicated.
 2021-08-19 09:09:19 -06:00
Todd C. Miller
bfcc31b19b Print the section when warning about an illegal key in the conf file. 
This should make it easier to tell when a setting is present in the
wrong section.
 2021-08-16 10:44:48 -06:00
Todd C. Miller
9248ea6bbe Set umask to be less restrictive before creating parent directories. 
Otherwise we could end up creating them with a more restrictive
mode than indended.  Coverity CID 221592
 2021-08-14 10:49:51 -06:00
Todd C. Miller
6d3cf0ffda store_alert_local: fix memory leak on error path 
Coverity CID 238642
 2021-08-14 09:18:55 -06:00
Todd C. Miller
4add9c2c00 store_accept_local: fix return value on error 2021-08-14 08:47:44 -06:00
Todd C. Miller
4aefd43948 For intercepted commands, log an offset into the current I/O log. 
This can be used with sudoreplay to jump to when a specific command
was executed within a session log.
 2021-08-13 16:00:00 -06:00
Todd C. Miller
064981fb14 Don't overwrite closure->evlog for sub-commands. 2021-08-13 15:59:59 -06:00
Todd C. Miller
0e2094471b Call shutdown() on sockets before closing() if they are connected. 
This should ensure that the other side sees any queued data before
the connection is dropped.
 2021-08-11 14:08:48 -06:00
Todd C. Miller
79129613e5 If SSL_shutdown() returns 0 it needs to be called one more time. 2021-08-11 10:16:36 -06:00
Todd C. Miller
9d776b4e7b Allow multiple accept/reject messages during a logsrv conversation. 
The log server now advertises a subcommands flag if it supports
logging subcommands (e.g. commands run from a sudo-spawned program
like a shell).  The client should only log additional commands
during a session if this flag is set in the ServerHello message.
 2021-08-09 15:50:25 -06:00
Todd C. Miller
aee82efe45 Display the correct error message if X509_verify_cert() fails. 
We must use X509_STORE_CTX_get_error() and X509_verify_cert_error_string()
instead of the generic OpenSSL error functions.
 2021-07-27 14:49:28 -06:00