isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
11,874 Commits 1 Branch 0 Tags
57b5ff8e8cba59b09b1ec2bc192a799f5ca19e65
Commit Graph

3229 Commits

Author SHA1 Message Date
Todd C. Miller
bfc17bc666 Updated translations from translationproject.org 2021-05-06 21:14:35 -06:00
Todd C. Miller
0e9a5e4f90 Updated translations from translationproject.org 2021-05-04 12:26:07 -06:00
Todd C. Miller
109a0331a5 Don't hard-code the TLS connect timeout, use normal connect timeout. 
For sudo_logsrvd, this is the relay connect_timeout setting.
For sudoers, this is the log_server_timeout setting.
 2021-05-03 09:01:00 -06:00
Todd C. Miller
d883213f55 regen 2021-04-27 16:40:09 -06:00
Todd C. Miller
af0345e238 Fix cut & pasto that prevented the verify_server option from being set. 
The "log_server_verify" setting passed from the policy plugin was
applied to the "keepalive" option instead of "verify_server".
From Krisztian Kovacs.
 2021-04-30 11:03:23 -06:00
Todd C. Miller
ac878d3e27 Quiet clang analyzer false positive in regress tests. 2021-04-27 15:56:24 -06:00
Todd C. Miller
6907376ae9 When spliting EDITOR check for escaped quote characters. 
Also add check_editor to sudoers "make check".
 2021-04-25 19:12:50 -06:00
Todd C. Miller
5e5131dec3 Treat a lone backslash at the end of a string as a literal backslash. 
GitHub issue #99
 2021-04-24 14:19:46 -06:00
Todd C. Miller
c2909e20ee Sanity check struct timespec in timestamp file. 
Coverity CID 220564
 2021-04-07 11:10:17 -06:00
Todd C. Miller
394673cbf5 Check lseek(fd, 0, SEEK_CUR) for -1 return value. 
Not actually possible in practice.  Coverity CID 220568.
 2021-04-07 10:59:12 -06:00
Todd C. Miller
a2e4f53642 Cast NULL terminator argument to char * when calling sudo_mkgrent(). 
Avoids a portability issue on systems where NULL is not a pointer.
 2021-04-06 18:57:33 -06:00
Todd C. Miller
2db9e64214 Move reference-counted string code from sudoers to libsudo_util. 
It will be used by sudo_logsrvd too.
 2021-04-06 14:44:19 -06:00
Todd C. Miller
d4517e0a1c Move autoconf auxiliary files to the scripts directory. 2021-04-06 14:23:38 -06:00
Todd C. Miller
8fa897d3ae Move log_server_accept() out from under the #ifdef SUDOERS_LOG_CLIENT 
Fixes a link error when sudo is configured with --disable-log-client.
 2021-04-01 15:10:32 -06:00
Todd C. Miller
dfff132122 Add a new "fuzz" target that executes the fuzzers for 8192 runs each. 
To run indefinately, set FUZZ_RUNS=-1, e.g. "make FUZZ_RUNS=-1 fuzz"
 2021-03-18 16:48:19 -06:00
Todd C. Miller
6eff3b313b Move corpus files to a seed subdirectory. 2021-03-18 15:28:29 -06:00
Todd C. Miller
bac0579134 Fix fuzz_sudoers output comparison when fuzzing is enabled. 
libFuzzer outputs additional info to stderr that our stub doesn't.
 2021-03-18 13:20:45 -06:00
Todd C. Miller
95bfd65fec Flush stdout before successful return from LLVMFuzzerTestOneInput(). 
Fixes a problem with diag lines from libFuzzer being interspersed
with test output.
 2021-03-18 13:08:30 -06:00
Todd C. Miller
3e5cf7baa3 Do not redefine system group and passwd functions for testsudoers. 
Instead, prefix the replacements with "testsudoers_" and use a
custom pwutil backend so they get used.
 2021-03-18 11:39:54 -06:00
Todd C. Miller
4c182c90f1 Rename "fuzz" makefile target to "check-fuzzer". 
It's purpose is to run the fuzzers are part of a normal "make check"
to avoid bit rot, not to perform a fuzzer run.
The fuzz_logsrvd_conf fuzzer was not wired up to "make check" previously.
 2021-03-18 09:08:16 -06:00
Alexandru Ardelean
058fde9251 plugins: sudoers: policy: add MODE_IMPLIED_SHELL to RUN_VALID_FLAGS 
Since this flag isn't set, the sudo_mode variable gets invalidated and
running the 'sudo' command seems to error out with message
'sudoers_policy_check: invalid mode flags from sudo front end: 0x80001"'
 2021-03-15 09:18:11 -06:00
Todd C. Miller
843c4b632c Updated translations from translationproject.org 2021-03-10 13:13:53 -07:00
Todd C. Miller
d7d80e703f Use HAVE_STDINT_H instead of trying to guess based on __STDC_VERSION__. 
Fixes compilation with pre-C99 headers when the compiler supports C99.
 2021-03-10 12:27:14 -07:00
Todd C. Miller
07af7caf73 Add @SUDOERS_LIBS@ to FUZZ_LIBS for -lutil on FreeBSD and NetBSD 2021-03-08 12:55:15 -07:00
Todd C. Miller
ce497bf30b Updated translations from translationproject.org 2021-03-06 16:10:59 -07:00
Todd C. Miller
08b0b626f1 Fix a potential use-after-free in conversation function. 
The prompt passed in to sudo_pam_verify() will be freed later by
check_user_interactive() so we need to reset the stashed value.
From Pavel Heimlich.  Bug #967.
 2021-03-03 08:19:44 -07:00
Todd C. Miller
f0761a9810 No need to update cp after storing gr->gr_name, it is not used, 
Coverity CID 219314
 2021-03-03 07:13:25 -07:00
Todd C. Miller
4285153275 regen 2021-03-02 19:30:02 -07:00
Todd C. Miller
9bbf120bd8 For regess/fuzz set LC_ALL to C.UTF-8 if possible, falling back on C. 
Works around a crash in leak sanitizer when the locale is set to C
and TLS support is enabled.
 2021-03-02 13:40:23 -07:00
Todd C. Miller
ac8f23ef9a Initialize the lbuf used by sudoers_trace_print() in init_lexer(). 
Free the old buffer if there is one, otherwise it would never be freed.
 2021-03-01 18:57:05 -07:00
Todd C. Miller
4a28b5d587 In find_path() stub only make a copy in outfile if returning FOUND. 
Fixed a recently-introduced memory leak in the fuzzer.
 2021-03-01 07:22:57 -07:00
Todd C. Miller
0c944576e9 Expand stub getaddrinfo() to resolve "localhost". 2021-02-28 19:52:02 -07:00
Todd C. Miller
cfcbc42ec7 Improve fuzz_policy coverage and set defaults in setdefs not parse. 
Now exercises session open/close and set additional defaults to
exercise more code paths.
 2021-02-28 19:52:01 -07:00
Todd C. Miller
f34a3072e5 Improve SUDOERS_NAME_MATCH support. 
Now supports digests and performs better directory matching.
 2021-02-28 19:51:46 -07:00
Todd C. Miller
f86c11c4a1 Add MODE_CHECK to LIST_VALID_FLAGS, fixes "sudo -l command". 2021-02-28 08:55:18 -07:00
Todd C. Miller
fc9170d809 Update file that was missed in test27 changes. 2021-02-26 15:06:46 -07:00
Todd C. Miller
7144955b07 regen Makefile.in 2021-02-26 14:30:16 -07:00
Todd C. Miller
bdfc07f330 Add some missing files to the clean target 2021-02-26 14:27:27 -07:00
Todd C. Miller
d1cc1c59e8 Correct the integer overflow check in store_timespec(). 
Fixes oss-fuzz issue #31463
 2021-02-26 16:43:48 -07:00
Todd C. Miller
963ea4151e Add netgroup check to sudoers test27 2021-02-26 12:54:24 -07:00
Todd C. Miller
ddb1350b79 Sync with fuzz_sudoers changes. 2021-02-26 12:52:49 -07:00
Todd C. Miller
963475a9bc Fuzz with runuser and rungroup specified too. 2021-02-26 12:49:13 -07:00
Todd C. Miller
d160dac355 Add test to exercise RunasSpec without a RunasUser. 2021-02-26 10:05:45 -07:00
Todd C. Miller
2e0ca52b50 Remove unused regress files. 2021-02-26 10:04:51 -07:00
Todd C. Miller
3fc5932be0 Add a stub getaddrinfo(3) to avoid a DNS timeout in CIfuzz. 2021-02-25 21:12:03 -07:00
Todd C. Miller
8b545e561c Fix runchroot, runcwd, tty_tickets. Add timestampowner. 2021-02-25 20:06:35 -07:00
Todd C. Miller
65b598602b Only add command_info to garbage collector on successful return. 
Otherwise it will be freed on failure.
 2021-02-25 19:48:46 -07:00
Todd C. Miller
3595fd5504 Add user millert to group sudo, which is often the exempt group. 2021-02-25 19:41:31 -07:00
Todd C. Miller
d75db837bd Add some defaults settings in sudo_file_parse(). 
We don't have a real policy file but we still want to exercise callbacks
in sudoers.c.
 2021-02-25 19:40:46 -07:00
Todd C. Miller
48669edd35 Do not free sudo_user.iolog_{file,path} in sudo_user_free(). 
They are not dynamically allocated.
 2021-02-25 19:37:27 -07:00