isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
10,739 Commits 1 Branch 0 Tags
65df01dd71b5da06e5ae3f1fcabb577f96e6cf8c
Commit Graph

10739 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Todd C. Miller
41fa461fe1 Add a GNU-compatible version of basename(3). 
Unlike POSIX basename(3), the GNU variant does not modify its argument.
Note that basename of a path ending in "/" returns an empty string.
 2021-02-10 14:26:26 -07:00
Todd C. Miller
bbfd430cf9 feof(3) returns non-zero at EOF, not necessarily 1. 
On Illumos at least it returns a value other than 1.
 2021-02-09 18:25:03 -07:00
Todd C. Miller
cbf73e19bb Portable workaround for getdelim(3) implementations modify buf on EOF. 
We should assume that the contents of buf are undefined when getdelim(3)
returns -1.  We now peek ahead one char and skip the getdelim(3) call if
EOF is detected.  This will preserve the original value of the last line.
 2021-02-09 18:23:23 -07:00
Todd C. Miller
cf18011466 Some getdelim(3) implementations write a NUL to the buffer on EOF. 
AIX and Illumos appear to have this behavior.  We now preserve the
first character of the buffer on EOF to work around this.
Fixes reporting of syntax errors on the last line of a file.
 2021-02-09 09:06:17 -07:00
Todd C. Miller
1412695a4a Fuzz the example sudoers file, not the default one. 
The default sudoers uses @includedir which can result in different
output, depending on the permissions of /etc/sudoers.d.
 2021-02-09 09:04:05 -07:00
Todd C. Miller
a527c583dc illumos has a broken fmemopen(3), don't use it. 2021-02-09 08:59:11 -07:00
Todd C. Miller
e392646ed4 Add configure check for SSIZE_MAX 2021-02-08 18:38:17 -07:00
Todd C. Miller
91351d57f4 Suppress PVS Studio false positives. 2021-02-08 16:31:03 -07:00
Todd C. Miller
63d043fae2 Silence a clang analyzer false positive. 2021-02-08 16:16:23 -07:00
Todd C. Miller
3d55bca8ac Silence a clang analyzer false positive. 2021-02-08 16:06:08 -07:00
Todd C. Miller
722759d0b9 Fix CID 217123, size check always false on 64-bit systems. 2021-02-08 15:57:19 -07:00
Todd C. Miller
aae168c485 Make open_sudoers() always return NULL like fuzz_sudoers.c 2021-02-08 14:20:40 -07:00
Todd C. Miller
19d8d4a549 Update *.toke.ok now that lexer doesn't call sudoerserror() itself. 2021-02-08 13:46:33 -07:00
Todd C. Miller
04de04f544 The lexer now sets an error string before returning ERROR. 
The parser will use that when reporting on an ERROR state.  This
prevents the lexer from reporting errors about tokens that are not
actually consumed by the parser and we don't have to worry about
both the lexer and the parser reporting errors.  It also means we
only get one error per sudoers line.
 2021-02-08 13:43:49 -07:00
Todd C. Miller
9325a342b5 Go back to storing the last error file/line in sudoerserrorf(). 
This is still the best way to avoid displaying more than one error
per line.
 2021-02-08 08:00:04 -07:00
Todd C. Miller
a046e3bbb0 Add -fsanitize=fuzzer-no-link to ASAN_LDFLAGS too, not just ASAN_CFLAGS. 2021-02-08 05:27:26 -07:00
Todd C. Miller
63a3f62547 Add fuzz Makefile target and run fuzzer corpus in make check. 2021-02-08 04:56:17 -07:00
Todd C. Miller
30d9497eb6 Add stub library that just feeds files to the fuzzing target. 
This will allow the fuzzers to be run as part of "make check".
 2021-02-07 15:43:51 -07:00
Todd C. Miller
db4ee0a903 Append to CFLAGS and LDFLAGS instead of overriding them when adding -m64. 2021-02-07 15:38:11 -07:00
Todd C. Miller
a72d743ec8 Fall back to a temp file if fmemopen() is not available(). 2021-02-07 13:56:15 -07:00
Todd C. Miller
c19cb388bc Add missing return statement when NO_LEAKS is not defined. 2021-02-07 13:37:21 -07:00
Todd C. Miller
c140b5942c Remove remnants of liblogsrv. 2021-02-07 08:58:41 -07:00
Todd C. Miller
55df5efdce Add --enable-fuzzer-linker and --enable-fuzzer-engine options. 
These will allow the fuzzers to be built as part of oss-fuzz.
 2021-02-07 05:52:45 -07:00
Todd C. Miller
38f1e55cdc Sync ignore files. 2021-02-06 16:42:07 -07:00
Todd C. Miller
a3dae6f2c9 Fix linking of sudoers fuzzers with static libsudo_util. 2021-02-06 16:25:50 -07:00
Todd C. Miller
6216fb3cca Add --enable-fuzzer option to use when building fuzzers 2021-02-06 13:28:39 -07:00
Todd C. Miller
7a2a211dfc Replace --enable-asan with --enable-sanitizer 
It is not possible to set the sanitizer flags at configure time.
 2021-02-06 12:42:11 -07:00
Todd C. Miller
4480e26972 Build (but don't run) fuzzers as part of "make check". 
Uses a stub to make it possible to link w/o libfuzzer.
The goal is to ensure the fuzzers are always buildable and avoid bit rot.
 2021-02-06 08:38:38 -07:00
Todd C. Miller
ecaa9cd08d Add libsudo_eventlog.la as a dependency of libsudo_iolog.la 
No longer need to link against libsudo_eventlog.la in sudoers.
 2021-02-06 08:36:01 -07:00
Anton Bershanskiy
fecb68617d Fix comment typo in src/copy_file.c 2021-02-06 12:23:31 -07:00
Todd C. Miller
1c02c14c35 Add more test files for fuzzers. 2021-02-05 19:30:00 -07:00
Daniel Milnes
d51c49789e Fix the typo in the mdoc 2021-02-05 16:03:55 -07:00
Daniel Milnes
2b2e5d0c40 Fix a tiny typo in the Sudo manpage 2021-02-05 16:03:55 -07:00
Todd C. Miller
5c2a21350d fuzzer for I/O log timing files 2021-02-04 19:22:15 -07:00
Todd C. Miller
47f08e986f In JSON, name/value pairs must be separated by a comma. 
Previously we didn't require the comma to be there.
 2021-02-04 18:01:53 -07:00
Todd C. Miller
92cf172eda Detect integer overflow when converting JSON_ARRAY to string vector. 
Extremely unlikely to happen but better safe than sorry.
 2021-02-04 16:10:35 -07:00
Todd C. Miller
665f8d2e3e Only strip double quotes from an include path if len >= 2. 
Found locally using libfuzzer/oss-fuzz.
 2021-02-03 16:50:04 -07:00
Todd C. Miller
e675f4c078 Don't allow the sudoers fuzzer to open include files. 
If we allow the fuzzer to choose include paths it will include
random files in the file system.  This leads to bug reports that
cannot be reproduced.
 2021-02-03 15:20:54 -07:00
Todd C. Miller
f5fc5d6417 If getdelim() returns a string with embedded NULs, truncate on first one. 
This should avoid some issues with the fuzzer.
 2021-02-03 15:13:18 -07:00
Todd C. Miller
10e37223b5 Reallocate the buffer correctly when appending a newline. 
Fixes a potential buffer overflow introduced in the last commit.
 2021-02-03 15:13:03 -07:00
Todd C. Miller
b4cabdb394 Don't free the alias name in alias_add() if the alias already exists. 
We need to be able to display it using alias_error().
Only free what we actually allocated in alias_add() on error and
let the caller handle cleanup.  Note that we cannot completely fill
in the alias until it is inserted.  Otherwise, we will have modified
the file and members parameters even if there was an error.
As a result, we have to remove those from the leak list after
alias_add(), not before.
 2021-02-03 14:17:37 -07:00
Todd C. Miller
884b2fb86b Fix NUL termination when parsing a sudoers file with no ending newline. 
oss-fuzz issue #30252
 2021-02-03 13:49:21 -07:00
Todd C. Miller
077c9b0c74 sudoersrestart() does not reset state to INITIAL, do it in init_lexer(). 
Fixes spurious errors from fuzz_sudoers, which calls the parser multiple times.
 2021-02-03 13:00:09 -07:00
Todd C. Miller
63a63680b6 Push lexer leak tracking down into check_fill.c. 
This lets us track things correctly when buffers are realloc()d.
Rewrote fill() and append() to be more readable.
 2021-02-03 12:57:04 -07:00
Todd C. Miller
3237a18ee3 Use sudoersrestart() in fuzz_sudoers.c 
Since we run the parser multiple times we need to restart it each time.
 2021-02-03 12:52:15 -07:00
Todd C. Miller
e66b132d76 Parser needs user_shost for the %h escape in @include expansion. 
Fixes oss-fuzz issue #30238
 2021-02-03 08:56:32 -07:00
Todd C. Miller
bde4411867 The --disable-leaks option is not recommended for production use. 2021-02-03 07:57:10 -07:00
Todd C. Miller
bd4e8bc699 Remove options from the leak list before freeing them. 
Should fix oss-fuzz issue #30236
 2021-02-03 07:52:38 -07:00
Todd C. Miller
d2901f4121 Add fuzzer for legacy I/O log info file. 2021-02-03 07:41:20 -07:00
Todd C. Miller
29f5f3c53e Fix uninstall target; there were missing line continuation chars. 
GitHub issue #87
 2021-02-03 07:35:33 -07:00