isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
11,386 Commits 1 Branch 0 Tags
9d79a0767ccd0dadfaf7f41565b44b01ed938c24
Commit Graph

3247 Commits

Author SHA1 Message Date
Todd C. Miller
fc9170d809 Update file that was missed in test27 changes. 2021-02-26 15:06:46 -07:00
Todd C. Miller
7144955b07 regen Makefile.in 2021-02-26 14:30:16 -07:00
Todd C. Miller
bdfc07f330 Add some missing files to the clean target 2021-02-26 14:27:27 -07:00
Todd C. Miller
d1cc1c59e8 Correct the integer overflow check in store_timespec(). 
Fixes oss-fuzz issue #31463
 2021-02-26 16:43:48 -07:00
Todd C. Miller
963ea4151e Add netgroup check to sudoers test27 2021-02-26 12:54:24 -07:00
Todd C. Miller
ddb1350b79 Sync with fuzz_sudoers changes. 2021-02-26 12:52:49 -07:00
Todd C. Miller
963475a9bc Fuzz with runuser and rungroup specified too. 2021-02-26 12:49:13 -07:00
Todd C. Miller
d160dac355 Add test to exercise RunasSpec without a RunasUser. 2021-02-26 10:05:45 -07:00
Todd C. Miller
2e0ca52b50 Remove unused regress files. 2021-02-26 10:04:51 -07:00
Todd C. Miller
3fc5932be0 Add a stub getaddrinfo(3) to avoid a DNS timeout in CIfuzz. 2021-02-25 21:12:03 -07:00
Todd C. Miller
8b545e561c Fix runchroot, runcwd, tty_tickets. Add timestampowner. 2021-02-25 20:06:35 -07:00
Todd C. Miller
65b598602b Only add command_info to garbage collector on successful return. 
Otherwise it will be freed on failure.
 2021-02-25 19:48:46 -07:00
Todd C. Miller
3595fd5504 Add user millert to group sudo, which is often the exempt group. 2021-02-25 19:41:31 -07:00
Todd C. Miller
d75db837bd Add some defaults settings in sudo_file_parse(). 
We don't have a real policy file but we still want to exercise callbacks
in sudoers.c.
 2021-02-25 19:40:46 -07:00
Todd C. Miller
48669edd35 Do not free sudo_user.iolog_{file,path} in sudo_user_free(). 
They are not dynamically allocated.
 2021-02-25 19:37:27 -07:00
Todd C. Miller
65df01dd71 Add more passes to policy fuzzer 
Now execises list, list other user and show_version.
 2021-02-25 15:27:46 -07:00
Todd C. Miller
b3b80fe6df Implement sudoers_policy_deregister_hooks() 
Register/deregister hooks in fuzz_policy and also call show_version().
 2021-02-25 15:02:09 -07:00
Todd C. Miller
e6dc13229f Add sudoers debug register/deregister. 2021-02-25 13:35:29 -07:00
Todd C. Miller
7bafd52fac Remove unnecessary break statement. 2021-02-25 13:19:55 -07:00
Todd C. Miller
0d04bbdbe2 Include a sha384 digest in the test corpus. 2021-02-25 13:13:32 -07:00
Todd C. Miller
ea341e2d34 Parse sudoers file in the C locale. 2021-02-25 13:08:12 -07:00
Todd C. Miller
24e1774ce3 Add regress test with all current Defaults settings. 
Currently skips SELinux and Solaris privilege settings.
 2021-02-25 11:26:55 -07:00
Todd C. Miller
e7b414ce4e Move env hooks into sudoers_hooks.c. 2021-02-24 19:09:46 -07:00
Todd C. Miller
f82890e5d7 No need to call check_defaults() and check_aliases() in quiet mode. 2021-02-24 19:09:16 -07:00
Todd C. Miller
b4e86a911f sudoers_gc_init() is not currently used 2021-02-24 19:08:43 -07:00
Todd C. Miller
38c381a0cc Split fmtsudoers.c into the parts used by sudoers plugin and cvtsudoers. 
Only testsudoers and cvtsudoers use the full set of formatting functions.
 2021-02-24 17:14:51 -07:00
Todd C. Miller
39e80e47ba Check defaults settings too. 2021-02-24 16:44:15 -07:00
Todd C. Miller
05767145b3 Add fuzzer-specific stubs source file. 2021-02-24 16:43:59 -07:00
Todd C. Miller
1ae4c1bf67 Remove fuzzer targets in "make clean" 2021-02-24 15:25:44 -07:00
Todd C. Miller
a3f38fac0c Set program name in fuzzers so we get consisten warnings. 2021-02-24 15:14:58 -07:00
Todd C. Miller
9d27880af8 Use real eventlog config fuctions instead of stubs. 2021-02-24 15:08:53 -07:00
Todd C. Miller
cbd11c44d2 Update Defaults settings after parsing sudoers. 
Also stub out dump_defaults when fuzzing as it is not used.
 2021-02-24 12:29:34 -07:00
Todd C. Miller
33551acd1f Split base64 encode/decode functions into separate source files. 
They are independent functions.
 2021-02-24 12:20:36 -07:00
Todd C. Miller
f35d9c8be1 fuzz_printf and fuzz_conversation can be stubs. 2021-02-24 11:31:43 -07:00
Todd C. Miller
9f5aed70a1 Exercise tilde expansion if used in runcwd or runchroot. 2021-02-23 19:37:19 -07:00
Todd C. Miller
c702957879 Move alias checking code out of visudo.c and into check_aliases.c. 2021-02-23 19:07:12 -07:00
Todd C. Miller
2a0ba4008c Check aliases in fuzz_sudoers if the policy parsed correctly. 2021-02-23 18:48:47 -07:00
Todd C. Miller
5a85543c16 Move alias checking code out of visudo.c and into check_aliases.c. 2021-02-23 18:42:37 -07:00
Todd C. Miller
c71a397368 We don't need to link fuzz_sudoers with file.c. 2021-02-23 16:39:32 -07:00
Todd C. Miller
03e610dab5 Strings in dictionary files need to be quoted. 2021-02-23 12:38:02 -07:00
Todd C. Miller
081e219e23 Add dictionary files for fuzzers where possible. 2021-02-23 11:28:47 -07:00
Todd C. Miller
e0761b9e3b Also free safe_cmnd so it doesn't leak. 2021-02-22 20:18:49 -07:00
Todd C. Miller
322e0b3693 Return NOT_FOUND from the set_cmnd_path() stub since we don't set user_cmnd. 
The purpose of set_cmnd_path() is to reset user_cmnd based on a new
runchroot.  For the stub version we don't modify user_cmnd and so
must not return a status of FOUND.
Fixes oss-fuzz issue #31250 which only affected the fuzzer and not sudo.
 2021-02-22 19:53:08 -07:00
Todd C. Miller
5fc6b8c177 Fix fuzz_sudoers output matching. 2021-02-22 16:43:34 -07:00
Todd C. Miller
39db44b041 Support passing sudo_make_gidlist_item() an array of gids. 
The gids are formatted as strings, not gid_t.
 2021-02-22 12:33:21 -07:00
Todd C. Miller
f92080be62 Prime user/group cached and set the interface list. 
Also match parsed policy against multiple users.
 2021-02-22 10:59:58 -07:00
Todd C. Miller
7463a1989f Add sudo_mkgrent(), to be used to prime the group cache in tests/fuzzers. 2021-02-22 08:00:46 -07:00
Todd C. Miller
df42c0c1d2 Perform matching in fuzz_sudoers for inputs that parse correctly. 
The fuzzer now exercised the normal match code as well as the
pseudo-command (list, validate, etc) match code.
Privileges are also listed for well-formed sudoers file.
 2021-02-21 14:59:29 -07:00
Todd C. Miller
921097cb67 Add back SUDOERS_NAME_MATCH and enable it when fuzzing. 
This avoids the test environment from influencing sudoers matching.
 2021-02-21 13:39:56 -07:00
Todd C. Miller
ecbe95589a Add missing globfree(3) in command_matches_glob() when matching a directory. 2021-02-21 13:35:00 -07:00