isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
10,977 Commits 1 Branch 0 Tags
657897b8bf608b51e675545f6086567d23e9ee79
Commit Graph

10977 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Todd C. Miller
06beb6f064 No longer need to define _DARWIN_UNLIMITED_GETGROUPS on macOS. 
We now define _DARWIN_C_SOURCE which accomplishes the same thing.
 2021-03-03 11:26:02 -07:00
Todd C. Miller
08b0b626f1 Fix a potential use-after-free in conversation function. 
The prompt passed in to sudo_pam_verify() will be freed later by
check_user_interactive() so we need to reset the stashed value.
From Pavel Heimlich.  Bug #967.
 2021-03-03 08:19:44 -07:00
Todd C. Miller
f0761a9810 No need to update cp after storing gr->gr_name, it is not used, 
Coverity CID 219314
 2021-03-03 07:13:25 -07:00
Todd C. Miller
a31bbbfbb6 Mention GitHub issue #56. 2021-03-02 19:39:47 -07:00
Todd C. Miller
4285153275 regen 2021-03-02 19:30:02 -07:00
Todd C. Miller
d452678787 Log peer address in sudo_logsrvd JSON-format logs. 
The peer that connected to us might not be the same host where the
log entry originated.
 2021-03-02 18:37:35 -07:00
Todd C. Miller
5ffa0ce053 Make "group_source=dynamic" the default on macOS. 
Recent versions of macOS do not reliably return all of a user's
non-local groups via getgroups(2), even when _DARWIN_UNLIMITED_GETGROUPS
is defined.  Bug #946.
 2021-03-02 14:09:31 -07:00
Todd C. Miller
9bbf120bd8 For regess/fuzz set LC_ALL to C.UTF-8 if possible, falling back on C. 
Works around a crash in leak sanitizer when the locale is set to C
and TLS support is enabled.
 2021-03-02 13:40:23 -07:00
Todd C. Miller
ac8f23ef9a Initialize the lbuf used by sudoers_trace_print() in init_lexer(). 
Free the old buffer if there is one, otherwise it would never be freed.
 2021-03-01 18:57:05 -07:00
Todd C. Miller
7f27b04616 In sudo_lbuf_destroy(), reset error, len and size. 2021-03-01 16:05:51 -07:00
Todd C. Miller
c8a8afba79 Mention the integer overflow check in store_timespec(). 2021-03-01 14:00:59 -07:00
Todd C. Miller
4a28b5d587 In find_path() stub only make a copy in outfile if returning FOUND. 
Fixed a recently-introduced memory leak in the fuzzer.
 2021-03-01 07:22:57 -07:00
Todd C. Miller
79dbf9f17e Disable debug code for FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION 
It will not be used and just confuses the coverage stats.
 2021-02-28 19:52:03 -07:00
Todd C. Miller
0c944576e9 Expand stub getaddrinfo() to resolve "localhost". 2021-02-28 19:52:02 -07:00
Todd C. Miller
cfcbc42ec7 Improve fuzz_policy coverage and set defaults in setdefs not parse. 
Now exercises session open/close and set additional defaults to
exercise more code paths.
 2021-02-28 19:52:01 -07:00
Todd C. Miller
f34a3072e5 Improve SUDOERS_NAME_MATCH support. 
Now supports digests and performs better directory matching.
 2021-02-28 19:51:46 -07:00
Todd C. Miller
f86c11c4a1 Add MODE_CHECK to LIST_VALID_FLAGS, fixes "sudo -l command". 2021-02-28 08:55:18 -07:00
Todd C. Miller
851247e58c Split iolog_fileio.c into multiple files. 2021-02-26 21:07:48 -07:00
Todd C. Miller
fc9170d809 Update file that was missed in test27 changes. 2021-02-26 15:06:46 -07:00
Todd C. Miller
d51d4af7a6 Break out I/O log config handling into iolog_conf.c. 2021-02-26 15:02:58 -07:00
Todd C. Miller
7144955b07 regen Makefile.in 2021-02-26 14:30:16 -07:00
Todd C. Miller
bdfc07f330 Add some missing files to the clean target 2021-02-26 14:27:27 -07:00
Todd C. Miller
d1cc1c59e8 Correct the integer overflow check in store_timespec(). 
Fixes oss-fuzz issue #31463
 2021-02-26 16:43:48 -07:00
Todd C. Miller
963ea4151e Add netgroup check to sudoers test27 2021-02-26 12:54:24 -07:00
Todd C. Miller
ddb1350b79 Sync with fuzz_sudoers changes. 2021-02-26 12:52:49 -07:00
Todd C. Miller
963475a9bc Fuzz with runuser and rungroup specified too. 2021-02-26 12:49:13 -07:00
Todd C. Miller
d160dac355 Add test to exercise RunasSpec without a RunasUser. 2021-02-26 10:05:45 -07:00
Todd C. Miller
2e0ca52b50 Remove unused regress files. 2021-02-26 10:04:51 -07:00
Todd C. Miller
b3ef60312c Don't try to run getters if we failed to parse the config file. 2021-02-26 05:37:50 -07:00
Todd C. Miller
3fc5932be0 Add a stub getaddrinfo(3) to avoid a DNS timeout in CIfuzz. 2021-02-25 21:12:03 -07:00
Todd C. Miller
8b545e561c Fix runchroot, runcwd, tty_tickets. Add timestampowner. 2021-02-25 20:06:35 -07:00
Todd C. Miller
65b598602b Only add command_info to garbage collector on successful return. 
Otherwise it will be freed on failure.
 2021-02-25 19:48:46 -07:00
Todd C. Miller
3595fd5504 Add user millert to group sudo, which is often the exempt group. 2021-02-25 19:41:31 -07:00
Todd C. Miller
d75db837bd Add some defaults settings in sudo_file_parse(). 
We don't have a real policy file but we still want to exercise callbacks
in sudoers.c.
 2021-02-25 19:40:46 -07:00
Todd C. Miller
48669edd35 Do not free sudo_user.iolog_{file,path} in sudo_user_free(). 
They are not dynamically allocated.
 2021-02-25 19:37:27 -07:00
Todd C. Miller
80e223b6c8 Remove unnecessary warnings, we want to fail silently. 2021-02-25 16:15:47 -07:00
Todd C. Miller
df1b431110 No longer need to stub out eventlog config functions. 2021-02-25 16:08:55 -07:00
Todd C. Miller
f5d7db56e7 Call public getters in logsrvd.conf fuzzer and add to corpus. 
Now exercises the syslog config erorr path.
 2021-02-25 16:00:31 -07:00
Todd C. Miller
65df01dd71 Add more passes to policy fuzzer 
Now execises list, list other user and show_version.
 2021-02-25 15:27:46 -07:00
Todd C. Miller
b3b80fe6df Implement sudoers_policy_deregister_hooks() 
Register/deregister hooks in fuzz_policy and also call show_version().
 2021-02-25 15:02:09 -07:00
Todd C. Miller
e6dc13229f Add sudoers debug register/deregister. 2021-02-25 13:35:29 -07:00
Todd C. Miller
7bafd52fac Remove unnecessary break statement. 2021-02-25 13:19:55 -07:00
Todd C. Miller
0d04bbdbe2 Include a sha384 digest in the test corpus. 2021-02-25 13:13:32 -07:00
Todd C. Miller
ea341e2d34 Parse sudoers file in the C locale. 2021-02-25 13:08:12 -07:00
Todd C. Miller
24e1774ce3 Add regress test with all current Defaults settings. 
Currently skips SELinux and Solaris privilege settings.
 2021-02-25 11:26:55 -07:00
Todd C. Miller
e7b414ce4e Move env hooks into sudoers_hooks.c. 2021-02-24 19:09:46 -07:00
Todd C. Miller
f82890e5d7 No need to call check_defaults() and check_aliases() in quiet mode. 2021-02-24 19:09:16 -07:00
Todd C. Miller
b4e86a911f sudoers_gc_init() is not currently used 2021-02-24 19:08:43 -07:00
Todd C. Miller
38c381a0cc Split fmtsudoers.c into the parts used by sudoers plugin and cvtsudoers. 
Only testsudoers and cvtsudoers use the full set of formatting functions.
 2021-02-24 17:14:51 -07:00
Todd C. Miller
39e80e47ba Check defaults settings too. 2021-02-24 16:44:15 -07:00