isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
12,255 Commits 1 Branch 0 Tags
8049e4e32f81424b01ac9c83eacefc3de3640ef5
Commit Graph

12255 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Todd C. Miller
b44ad49bf7 Enable non-executable heap and stack options for Solaris ld. 2023-01-18 14:54:20 -07:00
Todd C. Miller
73c52e731a Limit some of the hardening tests to compilers that define __GNUC__. 
This should avoid false positives on other compilers.
 2023-01-18 14:39:52 -07:00
Todd C. Miller
7ff70c09fe Update expected plugin version. 2023-01-18 13:53:33 -07:00
Todd C. Miller
0865e61d9e Pass back the number of files to edit when using sudoedit. 
The sudo front-end can use this to determine where the list of files
to edit begins.
 2023-01-18 13:38:15 -07:00
Todd C. Miller
334daf92b3 Escape control characters in log messages and "sudoreplay -l" output. 
The log message contains user-controlled strings that could include
things like terminal control characters.  Space characters in the
command path are now also escaped.

Command line arguments that contain spaces are surrounded with
single quotes and any literal single quote or backslash characters
are escaped with a backslash.  This makes it possible to distinguish
multiple command line arguments from a single argument that contains
spaces.

Issue found by Matthieu Barjole and Victor Cutillas of Synacktiv
(https://synacktiv.com).
 2023-01-18 08:21:34 -07:00
Todd C. Miller
77557f8f19 Merge in sudo 1.9.12p2 changes. 2023-01-18 08:21:25 -07:00
trackers-love
326f013cfa Return value does not match 2023-01-17 12:24:45 +08:00
Todd C. Miller
3726e38394 Stop using 8n width in tagged lists. 
Use either 4n, when the body is expected to wrap or the width of
the longest tag when no wrapping is expected.
 2023-01-16 08:53:35 -07:00
Todd C. Miller
0814749132 Use -width Ds for the options list, not -width Fl. 2023-01-16 08:29:39 -07:00
Todd C. Miller
a7e8a20d0d Reduce the offset of bullet lists to 1n. 2023-01-16 08:15:46 -07:00
Todd C. Miller
1eae385af1 Shorten --with-passprompt and --with-mailsubject arguments to a single word. 
The script that generates the web version of this file doesn't
expect options to include whitespace.
 2023-01-16 07:51:47 -07:00
Todd C. Miller
f0665166bd Shorten --with-badpass-message argument to a single word. 
The fix_install script can't deal with whitespace in options.
 2023-01-15 17:53:09 -07:00
Todd C. Miller
e5634ae991 Make numbered lists more markdown-friendly. 
Also add line breaks when there are multiple authors.
 2023-01-15 16:48:38 -07:00
Todd C. Miller
49ad30efa3 Make lists of directories more markdown-friendly. 2023-01-15 16:34:06 -07:00
Todd C. Miller
6725c37e3c Check for errors when removing the temp directory. 
If we cannot remove the directory tree that may indicate a file or
directory mode problem.
 2023-01-12 19:20:17 -07:00
Todd C. Miller
8d7feb76ed iolog_mkdtemp: fix pasto in last commit 
Set mode to iolog_dirmode, not iolog_filemode
 2023-01-12 19:15:22 -07:00
Todd C. Miller
0274a4f3b4 sudoedit: do not permit editor arguments to include "--" (CVE-2023-22809) 
We use "--" to separate the editor and arguments from the files to edit.
If the editor arguments include "--", sudo can be tricked into allowing
the user to edit a file not permitted by the security policy.
Thanks to Matthieu Barjole and Victor Cutillas of Synacktiv
(https://synacktiv.com) for finding this bug.
 2023-01-12 15:55:27 -07:00
Todd C. Miller
a960d2c45f Add back the linker check for -fstack-clash-protection. 
This is expected to fix GitHub issue #231.
 2023-01-17 16:19:29 -07:00
Todd C. Miller
0b2f9cbe7c In SHA256Pad and SHA512Pad use 511 and 1023 respectively for bitwise AND. 
Previously we were using 504 and 1016 which still produces the
correct result since padding is done in 8-bit bytes.  However, using
size-1 for the bitwise AND makes the intent clearer and likely would
have prevented the previous bug in SHA512Pad.
From Matthieu Barjole and Victor Cutillas of Synacktiv (https://synacktiv.com)
 2023-01-09 14:37:47 -07:00
Todd C. Miller
3878ce8d49 env_file_next_local: change the order of the val_len check. 
It makes more sense to verify that val_len > 1 before using it.
This is not a problem in practice because val[val_len - 1] is
guaranteed not to underflow but it can confuse reviewers and static
analyzers.
 2023-01-09 14:26:07 -07:00
Todd C. Miller
d781ab0a89 Fix typo in check for environment variables that start with '='. 2023-01-09 14:23:50 -07:00
Todd C. Miller
1b7604e5cb sudo_lbuf_print: no longer need to check for lbuf->len > 0. 
Now that lbuf length is unsigned the earlier check for len == 0 is
sufficient.
 2023-01-09 14:16:59 -07:00
Todd C. Miller
ca297658dd Increase minimum allocation size from 256 to 1024 bytes. 2023-01-09 14:15:23 -07:00
Todd C. Miller
1f58e5a8e0 Fix IS_IDLOG macro, it was testing the wrong byte for the NUL. 
This causes the macro to evaluate to false even for valid TSIDs.
 2023-01-09 13:03:55 -07:00
Todd C. Miller
8309fbb970 sudoers_trace_print: this is a no-op if not debugging 2023-01-04 10:44:58 -07:00
Todd C. Miller
532023f7b6 sudo_lbuf_expand: don't allocate less than 256 bytes at a time. 2023-01-04 10:36:09 -07:00
Todd C. Miller
dc9ef69021 sudo_lbuf_expand: round nearest power of two instead of multiple of 256. 2023-01-03 21:34:20 -07:00
Todd C. Miller
dd934d6a21 Update copyright year. 2023-01-03 20:04:35 -07:00
Todd C. Miller
13df52889f sudo_lbuf_expand: check for possible integer overflow 
The numeric fields in struct sudo_lbuf are now unsigned so that
wraparound is defined, this make the overflow checks simpler.
Problem deteced by oss-fuzz using the fuzz_sudoers fuzzer.
 2023-01-03 20:02:01 -07:00
Todd C. Miller
6b80ab74ea Decode \u00XX in a JSON string now that we escape control chars. 
We don't write Unicode to the log.json file, only 8-bit ASCII.
 2023-01-03 15:59:23 -07:00
Todd C. Miller
e5d98da014 Move hexchar() from the sudoers plugin to lib/util. 2023-01-03 15:50:42 -07:00
Todd C. Miller
0cb3835111 sudo_open_parent_dir: adjust loop terminating condition 
Checking for ep < pathend should be a bit clearer than ep != '\0'
and has the advantage of working when pathend doesn't point to a
NUL byte.  No intended change in behavior.
 2023-01-03 15:22:29 -07:00
Todd C. Miller
311d8e82df iolog_mkdtemp: fix failure when the specified path contains subdirectories. 
This fixes a bug introduced in sudo 1.9.12.
 2023-01-03 14:30:48 -07:00
Todd C. Miller
bfd7d586b5 check_iolog_mkpath: fix exit value 2023-01-03 14:02:23 -07:00
Todd C. Miller
6f94854673 Merge pull request #227 from sohomdatta1/integer_underflow 
Prevent integer underflow due to environment variable
 2023-01-02 08:41:22 -07:00
Sohom
761ffb3bfe Prevent integer underflow due to environment variable 
Gaurd against replacing quotes when the environment variable
val_len is 1.
 2023-01-02 11:47:52 +05:30
Todd C. Miller
8b5037a211 glibc allows the ',' in {low,high} to be escaped with a backslash. 
Adjust bound parsing to match this.
 2023-01-01 10:12:09 -07:00
Todd C. Miller
acee3ea6ef Fix logic goof in 05781ba6f1f3, disable replacements when fuzzing. 
Not the other way around.
 2022-12-31 09:31:37 -07:00
Todd C. Miller
4b0dc2eecb Substitute python plugin file name in sudo_plugin_python documentation. 
Also use prefix for group plugin fallback path section in sudoers manual.
 2022-12-30 13:38:40 -07:00
Todd C. Miller
ad55f8ccee Use correct dictionary file format. 
Also use the new dictionaries in the Makefile fuzz target.
 2022-12-30 11:26:49 -07:00
Todd C. Miller
224a3b6470 Add some addition entries for the I/O log fuzzer seed corpus. 2022-12-30 11:10:40 -07:00
Todd C. Miller
148e5ad95b Add dictionaries for fuzz_iolog_legacy and fuzz_iolog_timing. 2022-12-30 10:52:54 -07:00
Todd C. Miller
774b3c6e68 Don't send warn/fatal output to the debug file when fuzzing. 2022-12-30 08:03:05 -07:00
Todd C. Miller
a9a3a8e37b Back out the genentropy.c portion of c648cfe9ff0f 
We don't need to special-case FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
now that we use the glibc arc4random() where available.
 2022-12-30 08:02:39 -07:00
Todd C. Miller
91d7592e8a Use initprogname(), not setprogname() in the fuzzers. 
This results in better coverage for progname.c.
 2022-12-29 15:52:21 -07:00
Todd C. Miller
206155e603 Add probe_interfaces and intercept_path. 2022-12-29 15:44:54 -07:00
Todd C. Miller
bd98868518 Exercise getter functions. 2022-12-29 15:44:33 -07:00
Todd C. Miller
3068ec000c Avoid using our function replacements when fuzzing (where possible). 
We don't want to fuzz the function replacements themselves as this
can skew the coverage reports.
 2022-12-29 13:22:29 -07:00
Todd C. Miller
3f095ff1b5 Disable sudo_debug tests when fuzzing. 
The debug code is disable when fuzzing is enabled to avoid coverage
issues.
 2022-12-29 12:38:00 -07:00
Todd C. Miller
2e9e1c80f5 Avoid compiling some code paths that are unreachable when fuzzing. 2022-12-29 10:40:48 -07:00