isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
10,632 Commits 1 Branch 0 Tags
91351d57f48dbccd243a4b96f1882ece8b49e406
Commit Graph

2957 Commits

Author SHA1 Message Date
Todd C. Miller
3d55bca8ac Silence a clang analyzer false positive. 2021-02-08 16:06:08 -07:00
Todd C. Miller
aae168c485 Make open_sudoers() always return NULL like fuzz_sudoers.c 2021-02-08 14:20:40 -07:00
Todd C. Miller
19d8d4a549 Update *.toke.ok now that lexer doesn't call sudoerserror() itself. 2021-02-08 13:46:33 -07:00
Todd C. Miller
04de04f544 The lexer now sets an error string before returning ERROR. 
The parser will use that when reporting on an ERROR state.  This
prevents the lexer from reporting errors about tokens that are not
actually consumed by the parser and we don't have to worry about
both the lexer and the parser reporting errors.  It also means we
only get one error per sudoers line.
 2021-02-08 13:43:49 -07:00
Todd C. Miller
9325a342b5 Go back to storing the last error file/line in sudoerserrorf(). 
This is still the best way to avoid displaying more than one error
per line.
 2021-02-08 08:00:04 -07:00
Todd C. Miller
63a3f62547 Add fuzz Makefile target and run fuzzer corpus in make check. 2021-02-08 04:56:17 -07:00
Todd C. Miller
30d9497eb6 Add stub library that just feeds files to the fuzzing target. 
This will allow the fuzzers to be run as part of "make check".
 2021-02-07 15:43:51 -07:00
Todd C. Miller
a72d743ec8 Fall back to a temp file if fmemopen() is not available(). 2021-02-07 13:56:15 -07:00
Todd C. Miller
c19cb388bc Add missing return statement when NO_LEAKS is not defined. 2021-02-07 13:37:21 -07:00
Todd C. Miller
55df5efdce Add --enable-fuzzer-linker and --enable-fuzzer-engine options. 
These will allow the fuzzers to be built as part of oss-fuzz.
 2021-02-07 05:52:45 -07:00
Todd C. Miller
a3dae6f2c9 Fix linking of sudoers fuzzers with static libsudo_util. 2021-02-06 16:25:50 -07:00
Todd C. Miller
6216fb3cca Add --enable-fuzzer option to use when building fuzzers 2021-02-06 13:28:39 -07:00
Todd C. Miller
4480e26972 Build (but don't run) fuzzers as part of "make check". 
Uses a stub to make it possible to link w/o libfuzzer.
The goal is to ensure the fuzzers are always buildable and avoid bit rot.
 2021-02-06 08:38:38 -07:00
Todd C. Miller
ecaa9cd08d Add libsudo_eventlog.la as a dependency of libsudo_iolog.la 
No longer need to link against libsudo_eventlog.la in sudoers.
 2021-02-06 08:36:01 -07:00
Todd C. Miller
665f8d2e3e Only strip double quotes from an include path if len >= 2. 
Found locally using libfuzzer/oss-fuzz.
 2021-02-03 16:50:04 -07:00
Todd C. Miller
e675f4c078 Don't allow the sudoers fuzzer to open include files. 
If we allow the fuzzer to choose include paths it will include
random files in the file system.  This leads to bug reports that
cannot be reproduced.
 2021-02-03 15:20:54 -07:00
Todd C. Miller
f5fc5d6417 If getdelim() returns a string with embedded NULs, truncate on first one. 
This should avoid some issues with the fuzzer.
 2021-02-03 15:13:18 -07:00
Todd C. Miller
10e37223b5 Reallocate the buffer correctly when appending a newline. 
Fixes a potential buffer overflow introduced in the last commit.
 2021-02-03 15:13:03 -07:00
Todd C. Miller
b4cabdb394 Don't free the alias name in alias_add() if the alias already exists. 
We need to be able to display it using alias_error().
Only free what we actually allocated in alias_add() on error and
let the caller handle cleanup.  Note that we cannot completely fill
in the alias until it is inserted.  Otherwise, we will have modified
the file and members parameters even if there was an error.
As a result, we have to remove those from the leak list after
alias_add(), not before.
 2021-02-03 14:17:37 -07:00
Todd C. Miller
884b2fb86b Fix NUL termination when parsing a sudoers file with no ending newline. 
oss-fuzz issue #30252
 2021-02-03 13:49:21 -07:00
Todd C. Miller
077c9b0c74 sudoersrestart() does not reset state to INITIAL, do it in init_lexer(). 
Fixes spurious errors from fuzz_sudoers, which calls the parser multiple times.
 2021-02-03 13:00:09 -07:00
Todd C. Miller
63a63680b6 Push lexer leak tracking down into check_fill.c. 
This lets us track things correctly when buffers are realloc()d.
Rewrote fill() and append() to be more readable.
 2021-02-03 12:57:04 -07:00
Todd C. Miller
3237a18ee3 Use sudoersrestart() in fuzz_sudoers.c 
Since we run the parser multiple times we need to restart it each time.
 2021-02-03 12:52:15 -07:00
Todd C. Miller
e66b132d76 Parser needs user_shost for the %h escape in @include expansion. 
Fixes oss-fuzz issue #30238
 2021-02-03 08:56:32 -07:00
Todd C. Miller
bd4e8bc699 Remove options from the leak list before freeing them. 
Should fix oss-fuzz issue #30236
 2021-02-03 07:52:38 -07:00
Todd C. Miller
29f5f3c53e Fix uninstall target; there were missing line continuation chars. 
GitHub issue #87
 2021-02-03 07:35:33 -07:00
Todd C. Miller
aaa2e8ddec Don't close fp in sudoers_parse_ldif() 
The caller should be the one to handle this.
 2021-02-02 15:06:38 -07:00
Todd C. Miller
bdb02b1eff Got back to calling alias_free() on alias_add() failure. 
We now need to remove the name and members from the leak list
*before* calling alias_add() since alias_add() will consume them
for both success and failure.
 2021-02-02 14:40:37 -07:00
Todd C. Miller
8f2254594f close sudoersin, not fp, and reset it to be safe 2021-02-02 14:12:43 -07:00
Todd C. Miller
20b3904f4f Add missing fclose(3) of fmemopen(3) stream; it does not modify the data. 2021-02-02 13:58:31 -07:00
Todd C. Miller
0d34fa4285 Parse into a local parse_tree and add missing cleanup. 
Since parsed_policy is for the sudoers parser we should declare our own.
 2021-02-01 21:04:49 -07:00
Todd C. Miller
d3735b98e9 Call init_parser() after parsing to clean up completely. 2021-02-01 20:37:59 -07:00
Todd C. Miller
f30670a42f Plug a few more parser leaks. 2021-02-01 19:56:52 -07:00
Todd C. Miller
f59a8f3035 Make parser_leak_remove(type, NULL) a no-op. 2021-02-01 18:23:55 -07:00
Todd C. Miller
1e3cecc608 Add initial fuzzers to be used by oss-fuzz. 
These are not yet hooked up to the sudo build.
 2021-02-01 15:17:57 -07:00
Todd C. Miller
568931035d Move new_member_all to ldap_util.c, it is only used by ldap/sssd. 2021-01-31 05:44:40 -07:00
Todd C. Miller
a74e8502c0 Garbage collect unused gc_remove() function. 2021-02-01 15:08:08 -07:00
Todd C. Miller
66cd61a9bd The parser should be leak free, re-enable leak detection in ASAN. 2021-02-01 15:07:10 -07:00
Todd C. Miller
9ed14870c6 Add garbage collection to the sudoers parser to clean up on error. 
This makes it possible to avoid memory leaks when there is a parse error.
 2021-02-01 15:06:20 -07:00
Todd C. Miller
439660c7fb Strict tz offset parsing. 
Fixes an out of bounds read found locally using libfuzzer/oss-fuzz.
 2021-01-30 09:29:31 -07:00
Todd C. Miller
9f81e8a109 Don't leak memory for duplicate command options. 
The last option wins but we also now warn about the duplicate.
Found locally using libfuzzer/oss-fuzz.
 2021-01-30 08:53:55 -07:00
Todd C. Miller
4eb591c6f3 Copy command options when converting a sudoRole with multiple sudoCommands. 
A sudoRole with multiple sudoCommands is converted to a privilege
with multiple cmndspecs.  However, we were not copying some of the
command options to subsequent cmndspecs in the list.
 2021-01-30 08:26:58 -07:00
Todd C. Miller
75f76eba81 Fix memory leak if the last line is folded. 
Fixes issue 30080 by ClusterFuzz-External
 2021-01-30 06:15:21 -07:00
Todd C. Miller
995601c621 Stricter parsing of generalized time. 
Fixes potential out of bounds read found by libfuzzer/oss-fuzz.
 2021-01-30 05:39:23 -07:00
Todd C. Miller
419c895240 Don't bother calling ldif_to_sudoers() if there are no roles to convert. 2021-01-29 09:31:27 -07:00
Todd C. Miller
6c8242c357 Update comment about return values for resolve_host(). 2021-01-29 06:24:31 -07:00
Todd C. Miller
e5ad88488d Fix NO_ROOT_MAILER, broken by the eventlog refactor in sudo 1.9.4. 
init_eventlog_config() is called immediately after initializing the
Defaults settings, which is before struct sudo_user is setup.  This
adds a call to eventlog_set_mailuid() if NO_ROOT_MAILER is defined
after the invoking user is determined.  Reported by Roman Fiedler.
 2021-01-29 05:42:34 -07:00
Todd C. Miller
8ca47cc99d Fix compilation on systems without a native strlcpy() function. 2021-01-28 09:15:36 -07:00
Todd C. Miller
c9eff93854 strvec_join: free result on error and actually use separator char 2021-01-28 05:57:23 -07:00
Todd C. Miller
888f63a9c8 Test strvec_join() using strlcpy_unesc(). 
Emulates an overflow like: sudoedit -s '\' `perl -e 'print "A" x 65536'`
 2021-01-27 21:46:19 -07:00