isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
12,322 Commits 1 Branch 0 Tags
978aa90021c439235a504b2405d0d6ca2cb15c1c
Commit Graph

842 Commits

Author SHA1 Message Date
Todd C. Miller
8c85fefaee Plug memory leaks in store_sudo_test found by LSAN. 2023-04-25 09:28:34 -06:00
Todd C. Miller
80b85bdd50 get_user_info: call sudo_get_ttysize() even if no /dev/tty 
We still want to initialize rows and cols based on the environment
if possible.
 2023-04-17 07:27:05 -06:00
Todd C. Miller
cc22cca34f Add an fd argument to sudo_get_ttysize() instead of always using stderr. 
For sudoreplay we open /dev/tty, so use that instead of stderr when
determining the terminal size.
 2023-04-16 15:45:19 -06:00
Todd C. Miller
5650b436e6 Check whether stderr is a tty before trying TIOCGWINSZ. 2023-04-16 15:31:14 -06:00
Todd C. Miller
3e734fa51b Correct a comment. 2023-03-23 08:20:48 -06:00
Todd C. Miller
f5d0b7abf7 Remove portable getcwd.c, nothing uses it anymore. 
Any operating system supported by sudo already includes getcwd(3).
 2023-03-16 15:01:41 -06:00
Todd C. Miller
708cdc61ba nanosleep: clear remainder on successful completion 
Also switch to doing everything in terms of struct timespec except
for the actual select(2) call.
 2023-03-15 13:50:33 -06:00
Todd C. Miller
3f5e7df3cd Add lib dependencies for fuzzer and test targets. 2023-03-15 13:13:38 -06:00
Todd C. Miller
7683ba1b88 eventlog_free: free peeraddr 2023-03-15 11:38:42 -06:00
Todd C. Miller
027b42d5a6 Fix static compilation. 2023-03-14 13:27:45 -06:00
Todd C. Miller
1b3991b717 Add tests for JSON and sudo-style log output. 2023-03-13 19:42:54 -06:00
Todd C. Miller
0f46ffa9f1 Add support for parsing all fields of struct eventlog. 2023-03-14 11:24:02 -06:00
Todd C. Miller
918af413f3 Add missing definition of $(SED). 2023-03-13 15:03:58 -06:00
Todd C. Miller
86ab362fd4 Move JSON log parsing from libsudo_iolog.la to libsudo_eventlog.la 
It will be used in the upcoming log output tests.
 2023-03-13 15:02:03 -06:00
Todd C. Miller
12648b4e0a Add missing " ; " separator between environment variables and command. 
This is a regression introduced in sudo 1.9.13.
GitHub issue #254.
 2023-03-13 08:04:32 -06:00
Todd C. Miller
cb7b1dd89c Pass closure to callback, not the callback pointer itself. 2023-03-10 11:19:37 -07:00
Todd C. Miller
d2582c2cdb fix typo in uninstall target 2023-03-08 19:32:11 -07:00
bin-ly
ec255dca1e fix command error for lib/util/Makefile.in 2023-03-09 10:10:45 +08:00
Todd C. Miller
dea110a848 Add tests for SHA2 digest support. 
This uses the NIST byte-oriented short message test vectors.
 2023-03-07 12:45:13 -07:00
Todd C. Miller
0be5a51918 Add missing include of errno.h. 2023-02-23 09:14:28 -07:00
Todd C. Miller
3281d0eec4 sudo_lbuf_expand: check for overflow when rounding to the nearest power of 2. 
Problem deteced by oss-fuzz using the fuzz_sudoers fuzzer.
 2023-02-23 08:19:18 -07:00
Todd C. Miller
8bb1160624 Replace LIBMD with LIBCRYPTO display crypto/tls libs in summary. 
We can only have one of either -lmd, -lgcrypt or -lcrypto so there
is no need to have more than one variable.
 2023-02-22 08:49:33 -07:00
Todd C. Miller
0339337103 Run the editor in its own process group. 
This fixes suspending the editor on GNU Hurd which doesn't seem to
have proper process group signal handling.
 2023-02-21 16:14:14 -07:00
Todd C. Miller
0443d14578 Add checks for realpath(3) and a version from NetBSD for those without it. 2023-02-12 13:27:17 -07:00
Todd C. Miller
2845ceafb0 Handle "locale -a" returning both C.UTF-8 and C.utf8. 
It is possible to have mutiple matches from the output of "locale
-a".  Just take the first one.  Fixes GitHub issue #241.
 2023-02-15 13:49:04 -07:00
Todd C. Miller
4f50692acc Add some missing files to the clean and distclean targets. 2023-02-15 10:22:42 -07:00
Todd C. Miller
b333d16878 Add eventlog_mail() to send a log message via mail. 
This is used by mail_parse_errors() to send multi-line messages.
Previously, the newlines would be escaped as control characters.
 2023-02-09 11:09:24 -07:00
Todd C. Miller
b6caacfe4e send_mail: pass a single string instead of using varargs 
These days we only ever pass in a const string.
 2023-02-09 11:09:03 -07:00
Todd C. Miller
e63eeee7b4 Add debug tracing to tcsetattr_nobg(). 2023-02-02 09:31:25 -07:00
Todd C. Miller
6d945448ef Merge pull request #230 from trackers-lover/main 
Return value does not match
 2023-01-29 07:12:25 -07:00
bianguangze@uniontech.com
8797f0ceb9 Modify return value parameter 2023-01-29 11:08:38 +08:00
Todd C. Miller
e11bb93e26 Add tests for escaped digits. 2023-01-23 08:48:21 -07:00
Todd C. Miller
f6340068d1 check_pattern: handle escaped digits since GNU libc accepts them. 2023-01-23 08:02:25 -07:00
Todd C. Miller
2d9c0d9034 Add eventlog_store_sudo() and use it in sudoreplay. 
This replaces the custom log formatting used by "sudoreplay -l".
 2023-01-22 15:27:53 -07:00
Todd C. Miller
ee2f2287a6 check_pattern: accept a backslash before the numeric bound like glibc. 
This helps avoid out-of-memory conditions when fuzzing on Linux.
 2023-01-19 19:50:09 -07:00
Todd C. Miller
334daf92b3 Escape control characters in log messages and "sudoreplay -l" output. 
The log message contains user-controlled strings that could include
things like terminal control characters.  Space characters in the
command path are now also escaped.

Command line arguments that contain spaces are surrounded with
single quotes and any literal single quote or backslash characters
are escaped with a backslash.  This makes it possible to distinguish
multiple command line arguments from a single argument that contains
spaces.

Issue found by Matthieu Barjole and Victor Cutillas of Synacktiv
(https://synacktiv.com).
 2023-01-18 08:21:34 -07:00
trackers-love
326f013cfa Return value does not match 2023-01-17 12:24:45 +08:00
Todd C. Miller
6725c37e3c Check for errors when removing the temp directory. 
If we cannot remove the directory tree that may indicate a file or
directory mode problem.
 2023-01-12 19:20:17 -07:00
Todd C. Miller
8d7feb76ed iolog_mkdtemp: fix pasto in last commit 
Set mode to iolog_dirmode, not iolog_filemode
 2023-01-12 19:15:22 -07:00
Todd C. Miller
0b2f9cbe7c In SHA256Pad and SHA512Pad use 511 and 1023 respectively for bitwise AND. 
Previously we were using 504 and 1016 which still produces the
correct result since padding is done in 8-bit bytes.  However, using
size-1 for the bitwise AND makes the intent clearer and likely would
have prevented the previous bug in SHA512Pad.
From Matthieu Barjole and Victor Cutillas of Synacktiv (https://synacktiv.com)
 2023-01-09 14:37:47 -07:00
Todd C. Miller
1b7604e5cb sudo_lbuf_print: no longer need to check for lbuf->len > 0. 
Now that lbuf length is unsigned the earlier check for len == 0 is
sufficient.
 2023-01-09 14:16:59 -07:00
Todd C. Miller
ca297658dd Increase minimum allocation size from 256 to 1024 bytes. 2023-01-09 14:15:23 -07:00
Todd C. Miller
532023f7b6 sudo_lbuf_expand: don't allocate less than 256 bytes at a time. 2023-01-04 10:36:09 -07:00
Todd C. Miller
dc9ef69021 sudo_lbuf_expand: round nearest power of two instead of multiple of 256. 2023-01-03 21:34:20 -07:00
Todd C. Miller
13df52889f sudo_lbuf_expand: check for possible integer overflow 
The numeric fields in struct sudo_lbuf are now unsigned so that
wraparound is defined, this make the overflow checks simpler.
Problem deteced by oss-fuzz using the fuzz_sudoers fuzzer.
 2023-01-03 20:02:01 -07:00
Todd C. Miller
6b80ab74ea Decode \u00XX in a JSON string now that we escape control chars. 
We don't write Unicode to the log.json file, only 8-bit ASCII.
 2023-01-03 15:59:23 -07:00
Todd C. Miller
e5d98da014 Move hexchar() from the sudoers plugin to lib/util. 2023-01-03 15:50:42 -07:00
Todd C. Miller
0cb3835111 sudo_open_parent_dir: adjust loop terminating condition 
Checking for ep < pathend should be a bit clearer than ep != '\0'
and has the advantage of working when pathend doesn't point to a
NUL byte.  No intended change in behavior.
 2023-01-03 15:22:29 -07:00
Todd C. Miller
311d8e82df iolog_mkdtemp: fix failure when the specified path contains subdirectories. 
This fixes a bug introduced in sudo 1.9.12.
 2023-01-03 14:30:48 -07:00
Todd C. Miller
bfd7d586b5 check_iolog_mkpath: fix exit value 2023-01-03 14:02:23 -07:00