isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
11,359 Commits 1 Branch 0 Tags
a2d27bc9ec55b569c25ffa0481855b9c94fe8b8c
Commit Graph

65 Commits

Author SHA1 Message Date
Todd C. Miller
730ebabdba init_parse_tree() now takes ownership of lhost and shost, if any. 
This means that lhost and shost in struct sudoers_parse_tree
are no longer const and that free_parse_tree() will free lhost/shost.
The only consumer that passed in lho.st/shost was the SSSD back-end
which has been updated to avoid a double-free.
 2021-11-19 12:29:21 -07:00
Todd C. Miller
2aa6cb13a5 Stub out sudo_printf() and avoid other use of stderr in fuzzers. 
This makes it possible to parse sudoers without using quiet mode,
resulting in better coverage.
 2021-09-29 09:03:24 -06:00
Todd C. Miller
eefb7b0d54 Use a consistent version of fuzz_conversation() with all fuzzers. 
Also undo a change to fuzz_sudoers.c that snuck in to the last commit.
 2021-09-28 20:20:28 -06:00
Todd C. Miller
7d964875df Fuzzers should not produce output. 
Excessive output makes the fuzzer runs much less efficient.
 2021-09-28 18:53:49 -06:00
Todd C. Miller
b6561831b4 Re-enable error output for the sudoers parser. 
It is only the alias and defaults warnings we need to suppress.
 2021-09-20 12:46:37 -06:00
Todd C. Miller
77ef8baa97 fuzz_sudoers: don't warn about unknown defaults entries 
Some fuzzing inputs cause a huge number of warnings and displaying
them all can result in the fuzz run timing out.  If we disable the
warnings we can avoid the timeout.
 2021-09-19 19:36:25 -06:00
Todd C. Miller
bb5843055e Replace messages like "unknown foo: %s" with "unknown foo %s". 
The colon really doesn't belong there; we generally use a colon to
separate a message from the warning detail.
 2021-08-19 09:44:11 -06:00
Todd C. Miller
f9d3f46fa7 Add intercept_allow_setid sudoers option, disabled by default. 
With this change, a shell in intercept mode cannot run a setuid or
setgid binary by default.  On most systems, the dynamic loader will
ignore LD_PRELOAD for setuid/setgid binaries such as sudo which
would effectively disable intercept mode.
 2021-08-18 15:43:26 -06:00
Todd C. Miller
132936f8f0 Make it possible to call the sudoers policy check function multiple times. 
We need to reset the Defaults values to their original state.
 2021-08-09 15:50:25 -06:00
Todd C. Miller
532e00aa2b Only replace getaddrinfo for FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION. 
This works around an issue on SCO which uses inline functions in
the header files which call the actual, versioned, library function.
 2021-07-26 11:39:41 -06:00
Todd C. Miller
17a415ae77 Add log_exit_status sudoers option to log when a command exits. 
This option defaults to off.
 2021-07-09 11:08:44 -06:00
Todd C. Miller
a2e4f53642 Cast NULL terminator argument to char * when calling sudo_mkgrent(). 
Avoids a portability issue on systems where NULL is not a pointer.
 2021-04-06 18:57:33 -06:00
Todd C. Miller
95bfd65fec Flush stdout before successful return from LLVMFuzzerTestOneInput(). 
Fixes a problem with diag lines from libFuzzer being interspersed
with test output.
 2021-03-18 13:08:30 -06:00
Todd C. Miller
4a28b5d587 In find_path() stub only make a copy in outfile if returning FOUND. 
Fixed a recently-introduced memory leak in the fuzzer.
 2021-03-01 07:22:57 -07:00
Todd C. Miller
0c944576e9 Expand stub getaddrinfo() to resolve "localhost". 2021-02-28 19:52:02 -07:00
Todd C. Miller
cfcbc42ec7 Improve fuzz_policy coverage and set defaults in setdefs not parse. 
Now exercises session open/close and set additional defaults to
exercise more code paths.
 2021-02-28 19:52:01 -07:00
Todd C. Miller
ddb1350b79 Sync with fuzz_sudoers changes. 2021-02-26 12:52:49 -07:00
Todd C. Miller
963475a9bc Fuzz with runuser and rungroup specified too. 2021-02-26 12:49:13 -07:00
Todd C. Miller
3fc5932be0 Add a stub getaddrinfo(3) to avoid a DNS timeout in CIfuzz. 2021-02-25 21:12:03 -07:00
Todd C. Miller
8b545e561c Fix runchroot, runcwd, tty_tickets. Add timestampowner. 2021-02-25 20:06:35 -07:00
Todd C. Miller
3595fd5504 Add user millert to group sudo, which is often the exempt group. 2021-02-25 19:41:31 -07:00
Todd C. Miller
d75db837bd Add some defaults settings in sudo_file_parse(). 
We don't have a real policy file but we still want to exercise callbacks
in sudoers.c.
 2021-02-25 19:40:46 -07:00
Todd C. Miller
65df01dd71 Add more passes to policy fuzzer 
Now execises list, list other user and show_version.
 2021-02-25 15:27:46 -07:00
Todd C. Miller
b3b80fe6df Implement sudoers_policy_deregister_hooks() 
Register/deregister hooks in fuzz_policy and also call show_version().
 2021-02-25 15:02:09 -07:00
Todd C. Miller
e6dc13229f Add sudoers debug register/deregister. 2021-02-25 13:35:29 -07:00
Todd C. Miller
0d04bbdbe2 Include a sha384 digest in the test corpus. 2021-02-25 13:13:32 -07:00
Todd C. Miller
ea341e2d34 Parse sudoers file in the C locale. 2021-02-25 13:08:12 -07:00
Todd C. Miller
f82890e5d7 No need to call check_defaults() and check_aliases() in quiet mode. 2021-02-24 19:09:16 -07:00
Todd C. Miller
39e80e47ba Check defaults settings too. 2021-02-24 16:44:15 -07:00
Todd C. Miller
05767145b3 Add fuzzer-specific stubs source file. 2021-02-24 16:43:59 -07:00
Todd C. Miller
a3f38fac0c Set program name in fuzzers so we get consisten warnings. 2021-02-24 15:14:58 -07:00
Todd C. Miller
9d27880af8 Use real eventlog config fuctions instead of stubs. 2021-02-24 15:08:53 -07:00
Todd C. Miller
cbd11c44d2 Update Defaults settings after parsing sudoers. 
Also stub out dump_defaults when fuzzing as it is not used.
 2021-02-24 12:29:34 -07:00
Todd C. Miller
f35d9c8be1 fuzz_printf and fuzz_conversation can be stubs. 2021-02-24 11:31:43 -07:00
Todd C. Miller
9f5aed70a1 Exercise tilde expansion if used in runcwd or runchroot. 2021-02-23 19:37:19 -07:00
Todd C. Miller
2a0ba4008c Check aliases in fuzz_sudoers if the policy parsed correctly. 2021-02-23 18:48:47 -07:00
Todd C. Miller
c71a397368 We don't need to link fuzz_sudoers with file.c. 2021-02-23 16:39:32 -07:00
Todd C. Miller
03e610dab5 Strings in dictionary files need to be quoted. 2021-02-23 12:38:02 -07:00
Todd C. Miller
081e219e23 Add dictionary files for fuzzers where possible. 2021-02-23 11:28:47 -07:00
Todd C. Miller
e0761b9e3b Also free safe_cmnd so it doesn't leak. 2021-02-22 20:18:49 -07:00
Todd C. Miller
5fc6b8c177 Fix fuzz_sudoers output matching. 2021-02-22 16:43:34 -07:00
Todd C. Miller
f92080be62 Prime user/group cached and set the interface list. 
Also match parsed policy against multiple users.
 2021-02-22 10:59:58 -07:00
Todd C. Miller
df42c0c1d2 Perform matching in fuzz_sudoers for inputs that parse correctly. 
The fuzzer now exercised the normal match code as well as the
pseudo-command (list, validate, etc) match code.
Privileges are also listed for well-formed sudoers file.
 2021-02-21 14:59:29 -07:00
Todd C. Miller
d02cc9c3ac Call list, validate and invalidate entry points too. 
We need a separate open/close for each one.
 2021-02-18 15:09:26 -07:00
Todd C. Miller
f76c59fc8f Restore the check for sudoers_policy.close == NULL. 
The fuzzers run as part of "make check" too in which case NO_LEAKS
won't be defined and the close function will be set to NULL.
 2021-02-18 07:58:34 -07:00
Todd C. Miller
ae3a098d2f Always dynamically allocate user_cmnd, it is freed in sudo_user_free(). 
Instead of setting user_cmnd in the policy functions, always set argv.
Calling sudoers_policy_main() with argc of 0 is no longer allowed.
 2021-02-16 09:32:34 -07:00
Todd C. Miller
52e3fcc795 Free struct sudo_user in sudoers_policy_close() and sudoers_cleanup(). 
Also, do not NULL out the close function if NO_LEAKS is defined.
 2021-02-15 08:29:47 -07:00
Todd C. Miller
7f3c670a13 Fix sudoers garbage collection and run it in policy fuzzer. 2021-02-14 14:01:31 -07:00
Todd C. Miller
561740cd54 Always dynamically allocate user_role, user_type, user_privs, user_limitprivs 2021-02-14 07:47:48 -07:00
Todd C. Miller
776c57a81e Move create_admin_success_flag() to timestamp.c. 2021-02-13 15:48:21 -07:00