isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
11,386 Commits 1 Branch 0 Tags
9d79a0767ccd0dadfaf7f41565b44b01ed938c24
Commit Graph

674 Commits

Author SHA1 Message Date
Todd C. Miller
1ae4c1bf67 Remove fuzzer targets in "make clean" 2021-02-24 15:25:44 -07:00
Todd C. Miller
a3f38fac0c Set program name in fuzzers so we get consisten warnings. 2021-02-24 15:14:58 -07:00
Todd C. Miller
b93aad4e95 Move iolog info log writing to iolog_loginfo.c 2021-02-24 15:01:37 -07:00
Todd C. Miller
a56f7daeea Split iolog_util.c into iolog_loginfo.c and iolog_timing.c. 
Also rename check_iolog_util -> check_iolog_timing.
 2021-02-24 14:40:33 -07:00
Todd C. Miller
2a657e2a12 Move legacy I/O log info file parsing to iolog_legacy.c 2021-02-24 14:34:14 -07:00
Todd C. Miller
4128582723 Move eventlog config code into eventlog_conf.c 2021-02-24 14:25:39 -07:00
Todd C. Miller
f399c449ad Move eventlog_free() into its own file. 2021-02-24 13:59:17 -07:00
Todd C. Miller
03e610dab5 Strings in dictionary files need to be quoted. 2021-02-23 12:38:02 -07:00
Todd C. Miller
081e219e23 Add dictionary files for fuzzers where possible. 2021-02-23 11:28:47 -07:00
Todd C. Miller
4adc11e335 Print "running" and "executed" lines to stderr like libfuzzer does. 2021-02-22 15:43:45 -07:00
Todd C. Miller
387169ac67 Add support on AIX for loading plugins that are .a (not .so) files. 
It is possible to specify the member name in parens after the path,
e.g. sudoers.a(shr.o) for 32-bit or sudoers.a(shr_64.o) for 64-bit.
If no member is specified in the path and dlopen() fails with ENOEXEC,
try again with an explicit member, either shr.o or shr_64.o.
 2021-02-19 11:03:26 -07:00
Todd C. Miller
14c71eaa86 Add clean rules to .PHONY target. 2021-02-19 08:54:04 -07:00
Todd C. Miller
9f1e016cde Add install-fuzz Makefile target to install the fuzzers and seed corpus. 
The FUZZ_DESTDIR make variable needs to be set in the environment
or on the command line.
 2021-02-18 19:38:54 -07:00
Todd C. Miller
a7e2dd15e1 Test the error case by closing the underlying fd. 
Note that we don't use ferror() here since our getdelim() has no
way to set the error flag if there is a memory allocation error.
 2021-02-18 13:15:35 -07:00
Todd C. Miller
db70a70d07 Test the case where getdelim() must reallocate the buffer. 
Reproduces Bug #960.
 2021-02-18 10:42:04 -07:00
Todd C. Miller
e5c1778e7d When logging JSON to syslog, wrap the contents in a "sudo" object. 
This makes it easier for log parsers to identify what is a sudo log entry.
 2021-02-18 08:32:13 -07:00
Todd C. Miller
e047e99306 Use %td when printing the difference of two pointers. 2021-02-18 07:22:36 -07:00
Todd C. Miller
75004b7059 Reset end pointer when reallocing the line buffer in getdelim(). 
Fixes excessive memory allocations for long lines.  Bug #960.
 2021-02-17 16:46:02 -07:00
Todd C. Miller
abdef93f72 Remove duplicated MALLOC_OPTIONS and MALLOC_CONF env variables. 2021-02-17 13:06:35 -07:00
Todd C. Miller
dc45ac5bc7 On parse error, display line and column instead of the offending line. 2021-02-17 11:29:08 -07:00
Todd C. Miller
4a279d5767 Pass I/O log memory allocation errors up to the caller. 2021-02-16 16:55:25 -07:00
Todd C. Miller
a18b2a9ddf Limit max_groups in sudo.conf to 1024. 
The max_groups setting should no longer be needed anyway.
 2021-02-16 12:37:23 -07:00
Todd C. Miller
25f50e2f07 Add simple fuzzer for sudo.conf parser. 2021-02-15 13:17:26 -07:00
Todd C. Miller
d81d7e0cf2 Fix unlinking of timing temp file. 2021-02-15 13:46:11 -07:00
Todd C. Miller
de2a47f273 Set MALLOC_OPTIONS and MALLOC_CONF for all regress targets. 2021-02-15 13:17:46 -07:00
Todd C. Miller
ea7a70e85d For "make fuzz" only fuzz the seed corpus. 
This way we avoid files generated by the fuzzer itself.
 2021-02-15 07:35:19 -07:00
Todd C. Miller
eedc72d7b9 Make fuzz targets depend on fuzzer stub library. 
We really want a dependency on $(LIB_FUZZING_ENGINE) but that could
be a flag like "-fsanitize=fuzzer" instead of a path.
 2021-02-12 15:35:18 -07:00
Todd C. Miller
a9f204aef8 regen 2021-02-12 15:31:26 -07:00
Todd C. Miller
53e3dca7a6 Fix up some .la file library dependencies. 
libsudo_iolog.la already depends on libsudo_util.la and libsudo_eventlog.la
so we don't need to list those explicitly when libsudo_iolog.la is listed.
 2021-02-10 16:47:38 -07:00
Todd C. Miller
0663ffbc3f Use sudo_basename() instead of doing the equivalent manually. 2021-02-10 15:14:08 -07:00
Todd C. Miller
41fa461fe1 Add a GNU-compatible version of basename(3). 
Unlike POSIX basename(3), the GNU variant does not modify its argument.
Note that basename of a path ending in "/" returns an empty string.
 2021-02-10 14:26:26 -07:00
Todd C. Miller
bbfd430cf9 feof(3) returns non-zero at EOF, not necessarily 1. 
On Illumos at least it returns a value other than 1.
 2021-02-09 18:25:03 -07:00
Todd C. Miller
91351d57f4 Suppress PVS Studio false positives. 2021-02-08 16:31:03 -07:00
Todd C. Miller
722759d0b9 Fix CID 217123, size check always false on 64-bit systems. 2021-02-08 15:57:19 -07:00
Todd C. Miller
63a3f62547 Add fuzz Makefile target and run fuzzer corpus in make check. 2021-02-08 04:56:17 -07:00
Todd C. Miller
30d9497eb6 Add stub library that just feeds files to the fuzzing target. 
This will allow the fuzzers to be run as part of "make check".
 2021-02-07 15:43:51 -07:00
Todd C. Miller
a72d743ec8 Fall back to a temp file if fmemopen() is not available(). 2021-02-07 13:56:15 -07:00
Todd C. Miller
c140b5942c Remove remnants of liblogsrv. 2021-02-07 08:58:41 -07:00
Todd C. Miller
55df5efdce Add --enable-fuzzer-linker and --enable-fuzzer-engine options. 
These will allow the fuzzers to be built as part of oss-fuzz.
 2021-02-07 05:52:45 -07:00
Todd C. Miller
6216fb3cca Add --enable-fuzzer option to use when building fuzzers 2021-02-06 13:28:39 -07:00
Todd C. Miller
4480e26972 Build (but don't run) fuzzers as part of "make check". 
Uses a stub to make it possible to link w/o libfuzzer.
The goal is to ensure the fuzzers are always buildable and avoid bit rot.
 2021-02-06 08:38:38 -07:00
Todd C. Miller
ecaa9cd08d Add libsudo_eventlog.la as a dependency of libsudo_iolog.la 
No longer need to link against libsudo_eventlog.la in sudoers.
 2021-02-06 08:36:01 -07:00
Todd C. Miller
1c02c14c35 Add more test files for fuzzers. 2021-02-05 19:30:00 -07:00
Todd C. Miller
5c2a21350d fuzzer for I/O log timing files 2021-02-04 19:22:15 -07:00
Todd C. Miller
47f08e986f In JSON, name/value pairs must be separated by a comma. 
Previously we didn't require the comma to be there.
 2021-02-04 18:01:53 -07:00
Todd C. Miller
92cf172eda Detect integer overflow when converting JSON_ARRAY to string vector. 
Extremely unlikely to happen but better safe than sorry.
 2021-02-04 16:10:35 -07:00
Todd C. Miller
d2901f4121 Add fuzzer for legacy I/O log info file. 2021-02-03 07:41:20 -07:00
Todd C. Miller
20b3904f4f Add missing fclose(3) of fmemopen(3) stream; it does not modify the data. 2021-02-02 13:58:31 -07:00
Todd C. Miller
2fd4a2ad71 Check for unexpected value after checking the name, not before. 2021-02-02 13:32:29 -07:00
Todd C. Miller
71997da168 Fix potential leak of evlog->runuser. 
Also warn if we find an unexpected JSON type.
 2021-02-02 10:27:27 -07:00