isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
10,974 Commits 1 Branch 0 Tags
7a309d70bbd9a6acf3699af28b48280a24bcc0f7
Commit Graph

3098 Commits

Author SHA1 Message Date
Todd C. Miller
ae0e25cf2e Move definition of INADDR_NONE from interfaces.c to net_ifs.c. 
Fixes compilation on Solaris 9.
 2021-06-21 10:09:32 -06:00
Todd C. Miller
b7e81c46b1 Make sure we store an octal number (like umask) as a string. 
JSON doesn't (portably) support octal numbers with a leading zero.
 2021-06-16 16:19:12 -06:00
Todd C. Miller
024f4475b7 regen 2021-06-15 14:25:26 -06:00
Todd C. Miller
8f7cae69cc Check arrays that are passed in for NULL before using them. 2021-06-09 16:07:49 -06:00
Todd C. Miller
82f5592d67 T_TIMEOUT is not a bitwise flag so doesn't need to be a power of 2. 2021-06-02 07:21:40 -06:00
Todd C. Miller
cc647c32e1 Fix group list ref leak in sudoers_policy_store_result() on error path. 2021-05-26 07:31:19 -06:00
Todd C. Miller
958066eddb Update comment to match reality. 2021-05-24 13:10:53 -06:00
Todd C. Miller
78849e6728 Don't include errno in "unable to connect to log server" message. 
There should be a more specific message, usually with an error
string, displayed earlier.
 2021-05-12 12:19:44 -06:00
Todd C. Miller
ec0dcab3ce Updated translations from translationproject.org 2021-05-10 13:52:55 -06:00
Todd C. Miller
f2155c704f Better warning when close function is passed a non-terminal signal. 2021-05-10 13:45:25 -06:00
Todd C. Miller
6cdf49d33d Quiet -Wshadow warnings from gcc. 2021-05-07 15:10:51 -06:00
Todd C. Miller
bfc17bc666 Updated translations from translationproject.org 2021-05-06 21:14:35 -06:00
Todd C. Miller
0e9a5e4f90 Updated translations from translationproject.org 2021-05-04 12:26:07 -06:00
Todd C. Miller
109a0331a5 Don't hard-code the TLS connect timeout, use normal connect timeout. 
For sudo_logsrvd, this is the relay connect_timeout setting.
For sudoers, this is the log_server_timeout setting.
 2021-05-03 09:01:00 -06:00
Todd C. Miller
d883213f55 regen 2021-04-27 16:40:09 -06:00
Todd C. Miller
af0345e238 Fix cut & pasto that prevented the verify_server option from being set. 
The "log_server_verify" setting passed from the policy plugin was
applied to the "keepalive" option instead of "verify_server".
From Krisztian Kovacs.
 2021-04-30 11:03:23 -06:00
Todd C. Miller
ac878d3e27 Quiet clang analyzer false positive in regress tests. 2021-04-27 15:56:24 -06:00
Todd C. Miller
8a65893435 Add a suppression file for the libpython leaks. 
This is a big hammer but it seems like the best we can do for now.
Allows "make check" to succeed when address sanitizer is used.
 2021-04-26 08:58:00 -06:00
Todd C. Miller
6907376ae9 When spliting EDITOR check for escaped quote characters. 
Also add check_editor to sudoers "make check".
 2021-04-25 19:12:50 -06:00
Todd C. Miller
5e5131dec3 Treat a lone backslash at the end of a string as a literal backslash. 
GitHub issue #99
 2021-04-24 14:19:46 -06:00
Todd C. Miller
a85c6b41a6 Avoid a potential NULL dereference when mutating args_str. 
Coverit CID 221401
 2021-04-23 19:05:45 -06:00
Todd C. Miller
7c2224584d Regenerate test output with python 3.10a7 
Also adjust debug tests so they pass on older python versions
 2021-04-16 15:24:12 -06:00
Todd C. Miller
c2909e20ee Sanity check struct timespec in timestamp file. 
Coverity CID 220564
 2021-04-07 11:10:17 -06:00
Todd C. Miller
394673cbf5 Check lseek(fd, 0, SEEK_CUR) for -1 return value. 
Not actually possible in practice.  Coverity CID 220568.
 2021-04-07 10:59:12 -06:00
Todd C. Miller
a2e4f53642 Cast NULL terminator argument to char * when calling sudo_mkgrent(). 
Avoids a portability issue on systems where NULL is not a pointer.
 2021-04-06 18:57:33 -06:00
Todd C. Miller
2db9e64214 Move reference-counted string code from sudoers to libsudo_util. 
It will be used by sudo_logsrvd too.
 2021-04-06 14:44:19 -06:00
Todd C. Miller
d4517e0a1c Move autoconf auxiliary files to the scripts directory. 2021-04-06 14:23:38 -06:00
Todd C. Miller
8fa897d3ae Move log_server_accept() out from under the #ifdef SUDOERS_LOG_CLIENT 
Fixes a link error when sudo is configured with --disable-log-client.
 2021-04-01 15:10:32 -06:00
Todd C. Miller
dfff132122 Add a new "fuzz" target that executes the fuzzers for 8192 runs each. 
To run indefinately, set FUZZ_RUNS=-1, e.g. "make FUZZ_RUNS=-1 fuzz"
 2021-03-18 16:48:19 -06:00
Todd C. Miller
6eff3b313b Move corpus files to a seed subdirectory. 2021-03-18 15:28:29 -06:00
Todd C. Miller
bac0579134 Fix fuzz_sudoers output comparison when fuzzing is enabled. 
libFuzzer outputs additional info to stderr that our stub doesn't.
 2021-03-18 13:20:45 -06:00
Todd C. Miller
95bfd65fec Flush stdout before successful return from LLVMFuzzerTestOneInput(). 
Fixes a problem with diag lines from libFuzzer being interspersed
with test output.
 2021-03-18 13:08:30 -06:00
Todd C. Miller
3e5cf7baa3 Do not redefine system group and passwd functions for testsudoers. 
Instead, prefix the replacements with "testsudoers_" and use a
custom pwutil backend so they get used.
 2021-03-18 11:39:54 -06:00
Todd C. Miller
4c182c90f1 Rename "fuzz" makefile target to "check-fuzzer". 
It's purpose is to run the fuzzers are part of a normal "make check"
to avoid bit rot, not to perform a fuzzer run.
The fuzz_logsrvd_conf fuzzer was not wired up to "make check" previously.
 2021-03-18 09:08:16 -06:00
Alexandru Ardelean
058fde9251 plugins: sudoers: policy: add MODE_IMPLIED_SHELL to RUN_VALID_FLAGS 
Since this flag isn't set, the sudo_mode variable gets invalidated and
running the 'sudo' command seems to error out with message
'sudoers_policy_check: invalid mode flags from sudo front end: 0x80001"'
 2021-03-15 09:18:11 -06:00
Todd C. Miller
843c4b632c Updated translations from translationproject.org 2021-03-10 13:13:53 -07:00
Todd C. Miller
d7d80e703f Use HAVE_STDINT_H instead of trying to guess based on __STDC_VERSION__. 
Fixes compilation with pre-C99 headers when the compiler supports C99.
 2021-03-10 12:27:14 -07:00
Todd C. Miller
3f11e8d9a6 Quiet a few Solaris Studio compiler warnings. 2021-03-10 08:57:28 -07:00
Todd C. Miller
07af7caf73 Add @SUDOERS_LIBS@ to FUZZ_LIBS for -lutil on FreeBSD and NetBSD 2021-03-08 12:55:15 -07:00
Todd C. Miller
0cf7c3a951 Set locale for all "make check" targets. 2021-03-08 12:51:48 -07:00
Todd C. Miller
ce497bf30b Updated translations from translationproject.org 2021-03-06 16:10:59 -07:00
Todd C. Miller
08b0b626f1 Fix a potential use-after-free in conversation function. 
The prompt passed in to sudo_pam_verify() will be freed later by
check_user_interactive() so we need to reset the stashed value.
From Pavel Heimlich.  Bug #967.
 2021-03-03 08:19:44 -07:00
Todd C. Miller
f0761a9810 No need to update cp after storing gr->gr_name, it is not used, 
Coverity CID 219314
 2021-03-03 07:13:25 -07:00
Todd C. Miller
4285153275 regen 2021-03-02 19:30:02 -07:00
Todd C. Miller
9bbf120bd8 For regess/fuzz set LC_ALL to C.UTF-8 if possible, falling back on C. 
Works around a crash in leak sanitizer when the locale is set to C
and TLS support is enabled.
 2021-03-02 13:40:23 -07:00
Todd C. Miller
ac8f23ef9a Initialize the lbuf used by sudoers_trace_print() in init_lexer(). 
Free the old buffer if there is one, otherwise it would never be freed.
 2021-03-01 18:57:05 -07:00
Todd C. Miller
4a28b5d587 In find_path() stub only make a copy in outfile if returning FOUND. 
Fixed a recently-introduced memory leak in the fuzzer.
 2021-03-01 07:22:57 -07:00
Todd C. Miller
0c944576e9 Expand stub getaddrinfo() to resolve "localhost". 2021-02-28 19:52:02 -07:00
Todd C. Miller
cfcbc42ec7 Improve fuzz_policy coverage and set defaults in setdefs not parse. 
Now exercises session open/close and set additional defaults to
exercise more code paths.
 2021-02-28 19:52:01 -07:00
Todd C. Miller
f34a3072e5 Improve SUDOERS_NAME_MATCH support. 
Now supports digests and performs better directory matching.
 2021-02-28 19:51:46 -07:00