isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
10,583 Commits 1 Branch 0 Tags
71997da168ec173f4cf367f2e13bc25c6bf8fe02
Commit Graph

10583 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Todd C. Miller
71997da168 Fix potential leak of evlog->runuser. 
Also warn if we find an unexpected JSON type.
 2021-02-02 10:27:27 -07:00
Todd C. Miller
eec4f42366 Allow getprogname() to succeed as long as __progname is present. 
Also simplify the progname code so we only need a single implementation.
 2021-02-02 11:20:53 -07:00
Todd C. Miller
0d34fa4285 Parse into a local parse_tree and add missing cleanup. 
Since parsed_policy is for the sudoers parser we should declare our own.
 2021-02-01 21:04:49 -07:00
Todd C. Miller
d3735b98e9 Call init_parser() after parsing to clean up completely. 2021-02-01 20:37:59 -07:00
Todd C. Miller
f30670a42f Plug a few more parser leaks. 2021-02-01 19:56:52 -07:00
Todd C. Miller
f59a8f3035 Make parser_leak_remove(type, NULL) a no-op. 2021-02-01 18:23:55 -07:00
Todd C. Miller
1e3cecc608 Add initial fuzzers to be used by oss-fuzz. 
These are not yet hooked up to the sudo build.
 2021-02-01 15:17:57 -07:00
Todd C. Miller
568931035d Move new_member_all to ldap_util.c, it is only used by ldap/sssd. 2021-01-31 05:44:40 -07:00
Todd C. Miller
a74e8502c0 Garbage collect unused gc_remove() function. 2021-02-01 15:08:08 -07:00
Todd C. Miller
66cd61a9bd The parser should be leak free, re-enable leak detection in ASAN. 2021-02-01 15:07:10 -07:00
Todd C. Miller
9ed14870c6 Add garbage collection to the sudoers parser to clean up on error. 
This makes it possible to avoid memory leaks when there is a parse error.
 2021-02-01 15:06:20 -07:00
Todd C. Miller
4cd6350cad Fix crashes trying to parse invalid JSON. 
Found locally using libfuzzer/oss-fuzz.
 2021-01-30 16:16:23 -07:00
Todd C. Miller
de82d08e70 Plug memory leak if a key is listed more than once in the log.json file. 2021-01-30 16:15:24 -07:00
Todd C. Miller
5dc297d300 Fix crash when file does not exist. 2021-01-30 14:04:05 -07:00
Todd C. Miller
439660c7fb Strict tz offset parsing. 
Fixes an out of bounds read found locally using libfuzzer/oss-fuzz.
 2021-01-30 09:29:31 -07:00
Todd C. Miller
9f81e8a109 Don't leak memory for duplicate command options. 
The last option wins but we also now warn about the duplicate.
Found locally using libfuzzer/oss-fuzz.
 2021-01-30 08:53:55 -07:00
Todd C. Miller
4eb591c6f3 Copy command options when converting a sudoRole with multiple sudoCommands. 
A sudoRole with multiple sudoCommands is converted to a privilege
with multiple cmndspecs.  However, we were not copying some of the
command options to subsequent cmndspecs in the list.
 2021-01-30 08:26:58 -07:00
Todd C. Miller
75f76eba81 Fix memory leak if the last line is folded. 
Fixes issue 30080 by ClusterFuzz-External
 2021-01-30 06:15:21 -07:00
Todd C. Miller
bd10bb5cfe Add --disable-leaks configure option. 
This enables the extra freeing of memory before exit also enabled
by --enable-asan.  To be used by oss-fuzz.
 2021-01-30 06:01:48 -07:00
Todd C. Miller
995601c621 Stricter parsing of generalized time. 
Fixes potential out of bounds read found by libfuzzer/oss-fuzz.
 2021-01-30 05:39:23 -07:00
Todd C. Miller
419c895240 Don't bother calling ldif_to_sudoers() if there are no roles to convert. 2021-01-29 09:31:27 -07:00
Todd C. Miller
8781560e1b In json_stack_push() treat stack exhaustion like memory allocation failure. 
Return NULL instead of treating as a fatal error.
This should make life a little easier for oss-fuzz.
 2021-01-29 09:23:51 -07:00
Todd C. Miller
6c8242c357 Update comment about return values for resolve_host(). 2021-01-29 06:24:31 -07:00
Todd C. Miller
e5ad88488d Fix NO_ROOT_MAILER, broken by the eventlog refactor in sudo 1.9.4. 
init_eventlog_config() is called immediately after initializing the
Defaults settings, which is before struct sudo_user is setup.  This
adds a call to eventlog_set_mailuid() if NO_ROOT_MAILER is defined
after the invoking user is determined.  Reported by Roman Fiedler.
 2021-01-29 05:42:34 -07:00
Todd C. Miller
da5c6c6c45 Regenerate configure script with autoconf 2.71. 
Also fix some warnings from the new version.
 2020-12-08 12:35:21 -07:00
Todd C. Miller
8f114c2aae Add plugins/sudoers/strvec_join.c 2021-01-28 16:25:48 -07:00
Todd C. Miller
8ca47cc99d Fix compilation on systems without a native strlcpy() function. 2021-01-28 09:15:36 -07:00
Todd C. Miller
dceab7d756 Break up the long help string into multiple printf() statements. 
AIX xlc compiler doesn't like cpp directives in between strings.
Also fixes a complaint from cppcheck and makes translation easier.
 2021-01-28 08:53:25 -07:00
Todd C. Miller
c9eff93854 strvec_join: free result on error and actually use separator char 2021-01-28 05:57:23 -07:00
Todd C. Miller
888f63a9c8 Test strvec_join() using strlcpy_unesc(). 
Emulates an overflow like: sudoedit -s '\' `perl -e 'print "A" x 65536'`
 2021-01-27 21:46:19 -07:00
Todd C. Miller
29acc64192 Refactor code to flatten an argument vector into a string. 
This is used when building up the user_args string.
 2021-01-27 21:27:14 -07:00
Todd C. Miller
2804c2c78e Add strlcpy_unescape() function to undo escaping from front-end. 
Includes unit test.
 2021-01-27 15:41:54 -07:00
Todd C. Miller
aa50aaf8da Add missing check for reallocarray() failure. 
Found by OSS-Fuzz.
 2021-01-27 09:00:49 -07:00
Todd C. Miller
bca213959b Remove Py_SSIZE2SIZE to quiet cppcheck warnings. 
Tuple size cannot be negative and we already handle the case where
it is zero.
 2021-01-26 11:33:06 -07:00
Todd C. Miller
19d5845f8b The program name may now only be "sudo" or "sudoedit". 
We no longer need to check for any string that ends in "edit".
 2021-01-26 11:33:05 -07:00
Todd C. Miller
98d5cc2a85 Sudo 1.9.5p2 2021-01-23 08:44:00 -07:00
Todd C. Miller
c0eecf85c8 Don't assume that argv is allocated as a single flat buffer. 
While this is how the kernel behaves it is not a portable assumption.
The assumption may also be violated if getopt_long(3) permutes arguments.
Found by Qualys.
 2021-01-23 08:44:00 -07:00
Todd C. Miller
0754533d24 Fix the memset offset when converting a v1 timestamp to TS_LOCKEXCL. 
We want to zero the struct starting at flags, not type (which was just set).
Found by Qualys.
 2021-01-23 08:44:00 -07:00
Todd C. Miller
1f8638577d Fix potential buffer overflow when unescaping backslashes in user_args. 
Also, do not try to unescaping backslashes unless in run mode *and*
we are running the command via a shell.
Found by Qualys, this fixes CVE-2021-3156.
 2021-01-23 08:43:59 -07:00
Todd C. Miller
c4d384082f Add sudoedit flag checks in plugin that are consistent with front-end. 
Don't assume the sudo front-end is sending reasonable mode flags.
These checks need to be kept consistent between the sudo front-end
and the sudoers plugin.
 2021-01-23 08:43:59 -07:00
Todd C. Miller
b301b46b79 Reset valid_flags to MODE_NONINTERACTIVE for sudoedit. 
This is consistent with how the -e option is handled.
Also reject -H and -P flags for sudoedit as was done in sudo 1.7.
Found by Qualys, this is part of the fix for CVE-2021-3156.
 2021-01-23 08:43:59 -07:00
Pavel Březina
3b7977a42c pam: pass KRB5CCNAME to pam_authenticate environment if available 
If a PAM module wants to authenticate user using GSSAPI, the authentication
is broken if non-default ccache name is used in KRB5CCNAME environment
variable.

One way to mitigate this would be to add this to env_keep, but this also
makes the variable available in the executed command which may not
be always desirable.

This patch sets KRB5CCNAME for pam_authenticate only, if it is available
and not yet set.
 2021-01-22 07:28:14 -07:00
Fabrice Fontaine
c05fe93669 lib/eventlog/Makefile.in: fix static build without closefrom 
Since version 1.9.4 and
bd1ca79cca,
when closefrom is not available, libsudo_eventlog.a depends on
libsudo_util.a. So reflect this dependency in the libtool file to avoid
the following static build failure of logsrvd:

/bin/bash ../libtool --tag=disable-static --mode=link /home/buildroot/autobuild/instance-1/output-1/host/bin/powerpc-linux-gcc -o sudo_logsrvd logsrv_util.o iolog_writer.o logsrvd.o logsrvd_conf.o -static -Wl,--enable-new-dtags -Wl,-z,relro    ../lib/iolog/libsudo_iolog.la ../lib/eventlog/libsudo_eventlog.la ../lib/logsrv/liblogsrv.la
/bin/bash ../libtool --tag=disable-static --mode=link /home/buildroot/autobuild/instance-1/output-1/host/bin/powerpc-linux-gcc -o sudo_sendlog logsrv_util.o sendlog.o -static -Wl,--enable-new-dtags -Wl,-z,relro    ../lib/iolog/libsudo_iolog.la ../lib/eventlog/libsudo_eventlog.la ../lib/logsrv/liblogsrv.la
libtool: link: /home/buildroot/autobuild/instance-1/output-1/host/bin/powerpc-linux-gcc -o sudo_logsrvd logsrv_util.o iolog_writer.o logsrvd.o logsrvd_conf.o -static -Wl,--enable-new-dtags -Wl,-z -Wl,relro  ../lib/iolog/.libs/libsudo_iolog.a /home/buildroot/autobuild/instance-1/output-1/build/sudo-1.9.5p1/lib/util/.libs/libsudo_util.a -lpthread -lz ../lib/eventlog/.libs/libsudo_eventlog.a ../lib/logsrv/.libs/liblogsrv.a
/home/buildroot/autobuild/instance-1/output-1/host/opt/ext-toolchain/bin/../lib/gcc/powerpc-buildroot-linux-uclibc/8.3.0/../../../../powerpc-buildroot-linux-uclibc/bin/ld: ../lib/eventlog/.libs/libsudo_eventlog.a(eventlog.o): in function `send_mail.constprop.1':
eventlog.c:(.text+0x149c): undefined reference to `sudo_closefrom'
collect2: error: ld returned 1 exit status

Fixes:
 - http://autobuild.buildroot.org/results/515b45f876fa9de03c9235f86017f4dc10eb3b54

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
 2021-01-22 07:00:18 -07:00
Todd C. Miller
376ad5e6b4 Do not add an unfinished write buffer to the queue if it is already present. 
In client_msg_cb() we only remove a buffer from the queue when it is
finished.  Inserting the buf again can cause a cycle in the queue.
 2021-01-21 12:46:48 -07:00
Todd C. Miller
eb536d8b7c Fix problem when SSL_read() returns SSL_ERROR_WANT_WRITE. This can 
happen when the socket cannot be written to immediately.
We need to set the read_instead_of_write flag in that case, _not_
write_instead_of_read.  Also sync comments with sendlog.c.
Bug #954
 2021-01-20 11:25:23 -07:00
Todd C. Miller
d98dd5f98d Fix setprogname() emulation on systems without it. 
For fully-qualified paths, store the string starting after the last slash,
not at the slash itself.
 2021-01-15 15:25:44 -07:00
Todd C. Miller
e60ff9058b Sudo 1.9.5p1 2021-01-11 18:47:22 -07:00
Todd C. Miller
3a13f1bf0c Run the editor with the user's real and effective uid and gid. 
Fixes a bug introduced in sudo 1.9.5 where the editor was run setuid
root unless SELinux RBAC was in use.
 2021-01-11 18:41:19 -07:00
Todd C. Miller
ea150d5918 fix typo 2021-01-11 08:16:53 -07:00
Todd C. Miller
01d0bbfb85 Add casts to quiet two warnings on Solaris. 2021-01-11 07:35:33 -07:00