Todd C. Miller
5768d374cc
libsudo_util: silence most -Wconversion warnings.
2023-07-07 15:07:04 -06:00
Todd C. Miller
f6340068d1
check_pattern: handle escaped digits since GNU libc accepts them.
2023-01-23 08:02:25 -07:00
Todd C. Miller
ee2f2287a6
check_pattern: accept a backslash before the numeric bound like glibc.
...
This helps avoid out-of-memory conditions when fuzzing on Linux.
2023-01-19 19:50:09 -07:00
Todd C. Miller
8b5037a211
glibc allows the ',' in {low,high} to be escaped with a backslash.
...
Adjust bound parsing to match this.
2023-01-01 10:12:09 -07:00
Todd C. Miller
ee5b43280b
Check for bound values larger than 255 and reject them.
...
This is to prevent the fuzzers from running out of memory.
2022-12-27 13:22:29 -07:00
Todd C. Miller
0614c1f626
check_pattern: check bounds as a repetition operator too.
...
Add regess to verify check_pattern() via sudo_regex_compile().
2022-12-17 15:09:30 -07:00
Todd C. Miller
f0530b66d3
Instead of collapsing duplicate repetition characters, reject them.
...
This is implementation-specific behavior--some regcomp(3) will
reject duplicate repetition characters (BSD), others will try to
support them (Glibc) but may allocate excessive amounts of memory.
2022-12-17 11:32:24 -07:00
Todd C. Miller
33f54c853b
Limit regular expressions to 1024 characters each.
...
Avoids a problem with the fuzzer creating large regular expressions
that blow up the glibc regcomp().
2022-02-12 09:33:02 -07:00
Todd C. Miller
7c17f84a35
Add helper function to compile a regex that supports (?i).
2022-02-11 12:01:31 -07:00
