isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
10,583 Commits 1 Branch 0 Tags
71997da168ec173f4cf367f2e13bc25c6bf8fe02
Commit Graph

63 Commits

Author SHA1 Message Date
Todd C. Miller
71997da168 Fix potential leak of evlog->runuser. 
Also warn if we find an unexpected JSON type.
 2021-02-02 10:27:27 -07:00
Todd C. Miller
1e3cecc608 Add initial fuzzers to be used by oss-fuzz. 
These are not yet hooked up to the sudo build.
 2021-02-01 15:17:57 -07:00
Todd C. Miller
4cd6350cad Fix crashes trying to parse invalid JSON. 
Found locally using libfuzzer/oss-fuzz.
 2021-01-30 16:16:23 -07:00
Todd C. Miller
de82d08e70 Plug memory leak if a key is listed more than once in the log.json file. 2021-01-30 16:15:24 -07:00
Todd C. Miller
5dc297d300 Fix crash when file does not exist. 2021-01-30 14:04:05 -07:00
Todd C. Miller
8781560e1b In json_stack_push() treat stack exhaustion like memory allocation failure. 
Return NULL instead of treating as a fatal error.
This should make life a little easier for oss-fuzz.
 2021-01-29 09:23:51 -07:00
Todd C. Miller
84b3a1dae1 Remove the --force option from the cppcheck args, it causes errors. 2021-01-06 13:01:09 -07:00
Todd C. Miller
71339c574f Check the return value of fcntl() when setting FD_CLOEXEC. 
This should never fail unless the fd is invalid.
Problem reported by Matthias Gerstner of SUSE.
 2021-01-06 10:16:00 -07:00
Todd C. Miller
6e1986e915 Remove #ifdefs around code using pread(3) and pwrite(3). 2021-01-02 10:43:34 -07:00
Todd C. Miller
8617833385 Minor fixes pointed out by cppcheck. 
Also add compareBoolExpressionWithInt to suppression list.
 2021-01-02 10:43:34 -07:00
Todd C. Miller
fe6e0fb215 If no JSON callback is provided, store the contents of struct eventlog. 
This moves the JSON formatting of struct eventlog out of libsudo_iolog
and into libsudo_eventlog where it belongs.
 2020-10-26 15:43:43 -06:00
Todd C. Miller
db72498257 Use struct eventlog in place of struct iolog_info. 2020-10-26 15:31:41 -06:00
Todd C. Miller
79921387a3 regen Makefiles 2020-10-20 19:23:46 -06:00
Todd C. Miller
bd254e1042 Read/write runchroot and runcwd entries in the JSON event log. 2020-09-01 06:26:05 -06:00
Todd C. Miller
961a4afe67 Fix some warnings from pvs-studio 2020-08-12 13:45:09 -06:00
Todd C. Miller
985af422d2 Rename __dso_public -> sudo_dso_public and move to config.h. 2020-08-12 09:57:42 -06:00
Todd C. Miller
076d0376db We no longer need to include sudo_gettext.h before sudo_compat.h 2020-08-12 09:50:35 -06:00
Todd C. Miller
3175049e45 Fix typo, runas_uid should be runas_gid. 2020-07-06 12:17:58 -06:00
Todd C. Miller
d4739533fd Add regress test to catch swapids() bug when called by iolog_mkdtemp() 2020-06-18 15:14:00 -06:00
Todd C. Miller
bc6e36e940 Fix a typo that prevented swapids() from restoring the original gid. 
This led to a regression when the iolog_file setting ends in six or
more X's or when the I/O logs are stored on NFS.
 2020-06-16 05:44:57 -06:00
Todd C. Miller
c63ba01e0e In iolog_openat() enable the write bit on pre-existing files if needed. 
This prevents problems caused by the change to strip the write bit
from the timing file when it is finished.
 2020-05-19 13:14:31 -06:00
Todd C. Miller
0312292e99 Add iolog_clearerr() that acts like clearerr(3). 
Works for both compressed and uncompressed I/O logs.
 2020-05-18 14:16:47 -06:00
Todd C. Miller
446ae3f507 Include string.h unconditionally and only use strings.h for strn?casecmp() 
In the pre-POSIX days BSD had strings.h, not string.h.
Now strings.h is only used for non-ANSI string functions.
 2020-05-18 07:59:24 -06:00
Todd C. Miller
dd88460800 We no longer need to include headers we don't use for sudo*.h files. 
Previously we needed to include headers required by the various
sudo*h files.  Now those files are more self-sufficient and we
should only include headers needed by code in the various .c files.
 2020-05-18 06:47:04 -06:00
Todd C. Miller
36bbf629be Add missing sys/types.h include; fixes a compilation problem on musl libc. 2020-05-15 18:56:40 -06:00
Todd C. Miller
83d1bee918 Rename sudo_parse_host_port -> iolog_parse_host_port and mv to lib/iolog 
It is not used outside of the I/O log client and server and the
host:port syntax may change in the future.
 2020-05-11 08:47:54 -06:00
Robert Manner
8f0370cd8e lib/iolog/iolog_fileio.c: do not call fchown on invalid fd 
Fixes the warning in the log:
iolog_write_info_file_json: unable to fchown 0:0 /var/log/...: Bad file descriptor
 2020-04-06 07:31:01 -06:00
Todd C. Miller
01ceba0445 Simply the JSON parsing code a bit. 
We can use a single stack for nested objects and arrays.
There is also no need to track the current object and array separately.
This allows us to remove the array special case when assigning a value.
 2020-03-29 05:05:08 -06:00
Todd C. Miller
3cd9cbbadf Add tests for the simple json parser. 2020-03-29 05:05:08 -06:00
Todd C. Miller
cffda82e20 Do not use JSON_ARRAY with sudo_json_add_value() 2020-03-29 05:05:08 -06:00
Todd C. Miller
056173e572 Parse I/O JSON info file in JSON if present. 
The JSON version includes more information than the original "log"
file in the I/O log dir.
 2020-03-29 05:05:08 -06:00
Todd C. Miller
ea9b711a70 Write an extended I/O info log in JSON format. 
This will be used by sudoreplay if it exists to get more information
about the command being replayed.
 2020-03-29 05:05:08 -06:00
Todd C. Miller
a644c1d1d2 iolog_parse_loginfo() now opens the log file itself. 2020-03-29 05:05:08 -06:00
Todd C. Miller
d75d36b68c Include stdlib.h for malloc(3) prototype. 
We shouldn't rely on it to be implicitly included via OpenSSL headers.
 2020-03-17 17:24:46 -06:00
Todd C. Miller
5635c22f6b Add --disable-log-server and --disable-log-client configure options. 
These can be used to optionally disable building sudo_logsrvd and
support for remote I/O logging in the sudoers plugin respectively.
 2020-02-26 13:17:40 -07:00
Todd C. Miller
92e42ff548 Add compatibility define for fseeko(3). 
This is better than cluttering up the code with #ifdefs for obsolete
systems.
 2020-02-15 10:22:15 -07:00
Todd C. Miller
ac61b5655d Use EXIT_SUCCESS and EXIT_FAILURE more consistently. 2020-02-08 12:43:00 -07:00
Todd C. Miller
9d5f066180 Check return value of sudo_lock_file(); coverity CID 207991 2020-02-07 12:59:52 -07:00
Todd C. Miller
2fe127d108 Move some scripts from the top level src dir to a scripts dir. 2020-02-06 14:30:26 -07:00
Todd C. Miller
1ba8968211 Fix a few pointer signedness warnings on Linux. 2020-01-20 14:47:38 -07:00
Todd C. Miller
c3bd025052 Store the server host name and IP in client_closure_fill(). 
Also check for getpeername() and inet_ntop() failure.
 2020-01-20 14:03:41 -07:00
Todd C. Miller
5913c63642 Add abs_top_srcdir and abs_top_builddir and use them. 
Configure provides absolution versions of srcdir, builddir, top_srcdir
and top_builddir.  We can use these instead of calling pwd.
 2020-01-20 06:37:42 -07:00
Todd C. Miller
1093e7bc4b Rebuild dependencies after hostcheck.c include changes. 2020-01-19 09:11:06 -07:00
Todd C. Miller
47d9504716 Add debugging statements to certificate checks. 2020-01-18 12:57:24 -07:00
Todd C. Miller
5a86073bd0 Portability fixes and correct path to hostcheck.h in MANIFEST. 
Include sys/socket.h for getpeername().
Link with -lnsl on Solaris to get inet_pton().
 2020-01-18 11:32:45 -07:00
Todd C. Miller
d2b7148b6c Using "libtool --clean" to remove regular files is slow. 
We only need to use libtool's clean mode to remove files created by libtool.
 2020-01-18 05:53:55 -07:00
Laszlo Orban
8d111db602 implement host validation for the audit server SSL certificates 2020-01-18 05:49:54 -07:00
Todd C. Miller
9e57bea4e3 Fix coverity CID 206586. 
Potential use after free calling gzstrerror() after gzclose().
 2020-01-05 07:48:48 -07:00
Todd C. Miller
486ee2b71f debug_decl and debug_decl_vars now require a semicolon at the end. 2019-12-22 08:48:16 -07:00
Todd C. Miller
676d3fc67b Add missing depend target 2019-11-02 12:00:07 -06:00