isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
10,568 Commits 1 Branch 0 Tags
9f81e8a10941168b88b4855a2bc753c6f5919f9d
Commit Graph

2917 Commits

Author SHA1 Message Date
Todd C. Miller
9f81e8a109 Don't leak memory for duplicate command options. 
The last option wins but we also now warn about the duplicate.
Found locally using libfuzzer/oss-fuzz.
 2021-01-30 08:53:55 -07:00
Todd C. Miller
4eb591c6f3 Copy command options when converting a sudoRole with multiple sudoCommands. 
A sudoRole with multiple sudoCommands is converted to a privilege
with multiple cmndspecs.  However, we were not copying some of the
command options to subsequent cmndspecs in the list.
 2021-01-30 08:26:58 -07:00
Todd C. Miller
75f76eba81 Fix memory leak if the last line is folded. 
Fixes issue 30080 by ClusterFuzz-External
 2021-01-30 06:15:21 -07:00
Todd C. Miller
995601c621 Stricter parsing of generalized time. 
Fixes potential out of bounds read found by libfuzzer/oss-fuzz.
 2021-01-30 05:39:23 -07:00
Todd C. Miller
419c895240 Don't bother calling ldif_to_sudoers() if there are no roles to convert. 2021-01-29 09:31:27 -07:00
Todd C. Miller
6c8242c357 Update comment about return values for resolve_host(). 2021-01-29 06:24:31 -07:00
Todd C. Miller
e5ad88488d Fix NO_ROOT_MAILER, broken by the eventlog refactor in sudo 1.9.4. 
init_eventlog_config() is called immediately after initializing the
Defaults settings, which is before struct sudo_user is setup.  This
adds a call to eventlog_set_mailuid() if NO_ROOT_MAILER is defined
after the invoking user is determined.  Reported by Roman Fiedler.
 2021-01-29 05:42:34 -07:00
Todd C. Miller
8ca47cc99d Fix compilation on systems without a native strlcpy() function. 2021-01-28 09:15:36 -07:00
Todd C. Miller
c9eff93854 strvec_join: free result on error and actually use separator char 2021-01-28 05:57:23 -07:00
Todd C. Miller
888f63a9c8 Test strvec_join() using strlcpy_unesc(). 
Emulates an overflow like: sudoedit -s '\' `perl -e 'print "A" x 65536'`
 2021-01-27 21:46:19 -07:00
Todd C. Miller
29acc64192 Refactor code to flatten an argument vector into a string. 
This is used when building up the user_args string.
 2021-01-27 21:27:14 -07:00
Todd C. Miller
2804c2c78e Add strlcpy_unescape() function to undo escaping from front-end. 
Includes unit test.
 2021-01-27 15:41:54 -07:00
Todd C. Miller
aa50aaf8da Add missing check for reallocarray() failure. 
Found by OSS-Fuzz.
 2021-01-27 09:00:49 -07:00
Todd C. Miller
bca213959b Remove Py_SSIZE2SIZE to quiet cppcheck warnings. 
Tuple size cannot be negative and we already handle the case where
it is zero.
 2021-01-26 11:33:06 -07:00
Todd C. Miller
0754533d24 Fix the memset offset when converting a v1 timestamp to TS_LOCKEXCL. 
We want to zero the struct starting at flags, not type (which was just set).
Found by Qualys.
 2021-01-23 08:44:00 -07:00
Todd C. Miller
1f8638577d Fix potential buffer overflow when unescaping backslashes in user_args. 
Also, do not try to unescaping backslashes unless in run mode *and*
we are running the command via a shell.
Found by Qualys, this fixes CVE-2021-3156.
 2021-01-23 08:43:59 -07:00
Todd C. Miller
c4d384082f Add sudoedit flag checks in plugin that are consistent with front-end. 
Don't assume the sudo front-end is sending reasonable mode flags.
These checks need to be kept consistent between the sudo front-end
and the sudoers plugin.
 2021-01-23 08:43:59 -07:00
Pavel Březina
3b7977a42c pam: pass KRB5CCNAME to pam_authenticate environment if available 
If a PAM module wants to authenticate user using GSSAPI, the authentication
is broken if non-default ccache name is used in KRB5CCNAME environment
variable.

One way to mitigate this would be to add this to env_keep, but this also
makes the variable available in the executed command which may not
be always desirable.

This patch sets KRB5CCNAME for pam_authenticate only, if it is available
and not yet set.
 2021-01-22 07:28:14 -07:00
Todd C. Miller
376ad5e6b4 Do not add an unfinished write buffer to the queue if it is already present. 
In client_msg_cb() we only remove a buffer from the queue when it is
finished.  Inserting the buf again can cause a cycle in the queue.
 2021-01-21 12:46:48 -07:00
Todd C. Miller
eb536d8b7c Fix problem when SSL_read() returns SSL_ERROR_WANT_WRITE. This can 
happen when the socket cannot be written to immediately.
We need to set the read_instead_of_write flag in that case, _not_
write_instead_of_read.  Also sync comments with sendlog.c.
Bug #954
 2021-01-20 11:25:23 -07:00
Todd C. Miller
250cccfe4c Update .pot files for 1.9.5. 2021-01-09 12:59:48 -07:00
Todd C. Miller
1b72d6a5cc Allow SELinux support to be disabled via the sudoers file. 
Defaults to true if sudo is built with SELinux support and SELinux
is not disabled on the system.
 2021-01-08 19:29:17 -07:00
Todd C. Miller
4603da02af Add a comment to verify_import() to clarify its purpose. 2021-01-06 19:16:26 -07:00
Todd C. Miller
4e11bc0e26 Suppress PVS Studio false positives. 2021-01-06 14:27:09 -07:00
Todd C. Miller
108e29446d Plug a memory leak in sudoerserrorf(). 2021-01-06 14:12:04 -07:00
Todd C. Miller
92c88d4105 Quiet a few harmless cppcheck warnings. 2021-01-06 13:01:10 -07:00
Todd C. Miller
84b3a1dae1 Remove the --force option from the cppcheck args, it causes errors. 2021-01-06 13:01:09 -07:00
Todd C. Miller
71339c574f Check the return value of fcntl() when setting FD_CLOEXEC. 
This should never fail unless the fd is invalid.
Problem reported by Matthias Gerstner of SUSE.
 2021-01-06 10:16:00 -07:00
Todd C. Miller
295f099cfc Updated translations from translationproject.org 2021-01-06 10:12:40 -07:00
Todd C. Miller
741cf082a3 Use debug_return_int() not debug_return_bool() to return -1. 
Found by PVS Studio.
 2021-01-04 14:48:43 -07:00
Todd C. Miller
4ea6f73060 Fix a crash introduced in 1.9.4 when running "sudo -i" as an unknown user. 2021-01-04 14:48:42 -07:00
Todd C. Miller
7f34b8bbbd Make sure lecture file is a regular file before reading it. 2021-01-03 14:29:38 -07:00
Todd C. Miller
6e1986e915 Remove #ifdefs around code using pread(3) and pwrite(3). 2021-01-02 10:43:34 -07:00
Todd C. Miller
8617833385 Minor fixes pointed out by cppcheck. 
Also add compareBoolExpressionWithInt to suppression list.
 2021-01-02 10:43:34 -07:00
Todd C. Miller
8ea19e294b Regen now that ldap.c and sssd.c no longer need gram.h 2021-01-02 10:32:21 -07:00
Todd C. Miller
b3173fdedc The runas user must be set before applying runas-based Defaults. 
This effectively backs out changeset f738f5ac5350, which made
it possible to log the command when an invalid user was specified.
The policy plugin API doesn't supply the command until the check
function, at which point we've already denied the command due to
the invalid user.  Bug #951.
 2020-12-20 08:43:34 -07:00
Todd C. Miller
4551b19f6c The lower bounds for the "closefrom" option is 3, not 4. 
This is a regression introduced in sudo 1.8.9 with the strtonum()
conversion.  Bug #950.
 2020-12-16 18:22:40 -07:00
Todd C. Miller
5c66e9532e Set sudoers_audit.close to NULL if not using a log server. 2020-12-11 08:46:39 -07:00
Todd C. Miller
63739dd326 Store the user-provided runas user and group name in struct sudo_user. 
This makes it available for event logging in case the name doesn't resolve.
 2020-12-05 09:05:42 -07:00
Todd C. Miller
bac76512fb Log submit group to event log. 2020-12-05 08:51:06 -07:00
Todd C. Miller
008a0e8dc1 Store iolog_path in struct sudo_user for use in the event log. 2020-12-05 08:31:46 -07:00
Todd C. Miller
fd39e2d7d6 Defer lookup of runas user until sudoers_main() for better logging. 
The log message now includes user info and the command attempted.
 2020-12-04 13:49:37 -07:00
Todd C. Miller
a7d670ee34 Fix a crash introduced in 1.9.4 when running command as an unknown user. 
Bug #948
 2020-12-04 06:45:48 -07:00
Todd C. Miller
67e6e2085a Reduce the number of error messages when we can't connect to the audit server. 
Add the error string to "unable to connect to log server" instead of
using an extra error message for the connect(2) failure.
 2020-12-03 13:20:18 -07:00
Todd C. Miller
a19f242796 Use correct error message when the TLS connection is dropped. 
Was: "recv: Unknown error 0", now: "lost connection to log server".
 2020-12-03 11:42:20 -07:00
Todd C. Miller
d98374753c Change alias_add() to return bool and set errno on failure. 
This fixes a localization problem where the error message could
have been reported in the wrong locale.
 2020-12-02 13:12:09 -07:00
Todd C. Miller
833e273ad9 Updated translations from translationproject.org 2020-11-29 15:11:34 -07:00
Todd C. Miller
94c5052ebf Fix typo detected by codespell 2.0.0 
Also avoid some new false positives
 2020-11-24 07:40:38 -07:00
Todd C. Miller
bdf5530014 Set pp_ignore_define_body=false in uncrustify config. 
Need to work around a bug that produces closed brace errors,
see https://github.com/uncrustify/uncrustify/issues/2569
 2020-11-23 10:47:47 -07:00
Todd C. Miller
7bbd7c8e05 Updated translations from translationproject.org 2020-11-23 09:09:32 -07:00