isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
11,003 Commits 1 Branch 0 Tags
b3e86c65b1ed7b86be4fc12ae26f7760e3aa4cf5
Commit Graph

3109 Commits

Author SHA1 Message Date
Todd C. Miller
b3e86c65b1 expand_prompt: use correct strlcpy() size parameter 
The available size passed to strlcpy() was computed incorrectly.
Switch to updating the length after writing to the new prompt instead
of computing it each time.  The actual buffer size is computed and
allocated correctly so there is no real consequence to this bug.
Found by Qualys.
 2021-08-09 08:19:40 -06:00
Todd C. Miller
d1c29fb008 Add some debugging info to find_path() 2021-08-02 08:57:35 -06:00
Todd C. Miller
8b009f62eb Plug memory leak in error path when sudoers cannot be opened. 2021-07-29 15:26:04 -06:00
Todd C. Miller
1032fca5b8 Trying to use "+=" or "-=" operators on a non-list is an error. 
Previously, they were simply treated as "=" for non-lists.
 2021-07-29 09:29:10 -06:00
Todd C. Miller
36fbb13c4c Use TLS_method() instead of TLS_client_method() throughout. 
OpenSSL returns an error for SSL_accept() if TLS_client_method()
was used to generate the context (LibreSSL doesn't care).

Prior to sudo 1.9.7, TLS_client_method() and TLS_server_method()
were used in the TLS client and server initialization code respectively.
This was refactored in sudo 1.9.7 to allow the code to be shared.
Bug #988
 2021-07-26 13:40:25 -06:00
Todd C. Miller
532e00aa2b Only replace getaddrinfo for FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION. 
This works around an issue on SCO which uses inline functions in
the header files which call the actual, versioned, library function.
 2021-07-26 11:39:41 -06:00
Todd C. Miller
b48cd11a4b Include signal.h for SIG2STR_MAX and sig2str(). 2021-07-23 15:02:26 -06:00
Todd C. Miller
c234bab7b2 Remove unused info_cb and info arguments from eventlog_exit() 2021-07-15 11:07:25 -06:00
Todd C. Miller
fa7250ead7 Create a UUID and log it in the JSON version of the event log. 2021-07-15 11:07:25 -06:00
Todd C. Miller
17a415ae77 Add log_exit_status sudoers option to log when a command exits. 
This option defaults to off.
 2021-07-09 11:08:44 -06:00
Todd C. Miller
657897b8bf Check that the python module we actually loaded is what we intended. 
This is intended to provide a more useful error message if the
user defines a module which conflicts with a system python module.
For example, a module called test.py would conflicts with the system
python test module.
 2021-07-08 15:50:04 -06:00
Todd C. Miller
ae0e25cf2e Move definition of INADDR_NONE from interfaces.c to net_ifs.c. 
Fixes compilation on Solaris 9.
 2021-06-21 10:09:32 -06:00
Todd C. Miller
b7e81c46b1 Make sure we store an octal number (like umask) as a string. 
JSON doesn't (portably) support octal numbers with a leading zero.
 2021-06-16 16:19:12 -06:00
Todd C. Miller
024f4475b7 regen 2021-06-15 14:25:26 -06:00
Todd C. Miller
8f7cae69cc Check arrays that are passed in for NULL before using them. 2021-06-09 16:07:49 -06:00
Todd C. Miller
82f5592d67 T_TIMEOUT is not a bitwise flag so doesn't need to be a power of 2. 2021-06-02 07:21:40 -06:00
Todd C. Miller
cc647c32e1 Fix group list ref leak in sudoers_policy_store_result() on error path. 2021-05-26 07:31:19 -06:00
Todd C. Miller
958066eddb Update comment to match reality. 2021-05-24 13:10:53 -06:00
Todd C. Miller
78849e6728 Don't include errno in "unable to connect to log server" message. 
There should be a more specific message, usually with an error
string, displayed earlier.
 2021-05-12 12:19:44 -06:00
Todd C. Miller
ec0dcab3ce Updated translations from translationproject.org 2021-05-10 13:52:55 -06:00
Todd C. Miller
f2155c704f Better warning when close function is passed a non-terminal signal. 2021-05-10 13:45:25 -06:00
Todd C. Miller
6cdf49d33d Quiet -Wshadow warnings from gcc. 2021-05-07 15:10:51 -06:00
Todd C. Miller
bfc17bc666 Updated translations from translationproject.org 2021-05-06 21:14:35 -06:00
Todd C. Miller
0e9a5e4f90 Updated translations from translationproject.org 2021-05-04 12:26:07 -06:00
Todd C. Miller
109a0331a5 Don't hard-code the TLS connect timeout, use normal connect timeout. 
For sudo_logsrvd, this is the relay connect_timeout setting.
For sudoers, this is the log_server_timeout setting.
 2021-05-03 09:01:00 -06:00
Todd C. Miller
d883213f55 regen 2021-04-27 16:40:09 -06:00
Todd C. Miller
af0345e238 Fix cut & pasto that prevented the verify_server option from being set. 
The "log_server_verify" setting passed from the policy plugin was
applied to the "keepalive" option instead of "verify_server".
From Krisztian Kovacs.
 2021-04-30 11:03:23 -06:00
Todd C. Miller
ac878d3e27 Quiet clang analyzer false positive in regress tests. 2021-04-27 15:56:24 -06:00
Todd C. Miller
8a65893435 Add a suppression file for the libpython leaks. 
This is a big hammer but it seems like the best we can do for now.
Allows "make check" to succeed when address sanitizer is used.
 2021-04-26 08:58:00 -06:00
Todd C. Miller
6907376ae9 When spliting EDITOR check for escaped quote characters. 
Also add check_editor to sudoers "make check".
 2021-04-25 19:12:50 -06:00
Todd C. Miller
5e5131dec3 Treat a lone backslash at the end of a string as a literal backslash. 
GitHub issue #99
 2021-04-24 14:19:46 -06:00
Todd C. Miller
a85c6b41a6 Avoid a potential NULL dereference when mutating args_str. 
Coverit CID 221401
 2021-04-23 19:05:45 -06:00
Todd C. Miller
7c2224584d Regenerate test output with python 3.10a7 
Also adjust debug tests so they pass on older python versions
 2021-04-16 15:24:12 -06:00
Todd C. Miller
c2909e20ee Sanity check struct timespec in timestamp file. 
Coverity CID 220564
 2021-04-07 11:10:17 -06:00
Todd C. Miller
394673cbf5 Check lseek(fd, 0, SEEK_CUR) for -1 return value. 
Not actually possible in practice.  Coverity CID 220568.
 2021-04-07 10:59:12 -06:00
Todd C. Miller
a2e4f53642 Cast NULL terminator argument to char * when calling sudo_mkgrent(). 
Avoids a portability issue on systems where NULL is not a pointer.
 2021-04-06 18:57:33 -06:00
Todd C. Miller
2db9e64214 Move reference-counted string code from sudoers to libsudo_util. 
It will be used by sudo_logsrvd too.
 2021-04-06 14:44:19 -06:00
Todd C. Miller
d4517e0a1c Move autoconf auxiliary files to the scripts directory. 2021-04-06 14:23:38 -06:00
Todd C. Miller
8fa897d3ae Move log_server_accept() out from under the #ifdef SUDOERS_LOG_CLIENT 
Fixes a link error when sudo is configured with --disable-log-client.
 2021-04-01 15:10:32 -06:00
Todd C. Miller
dfff132122 Add a new "fuzz" target that executes the fuzzers for 8192 runs each. 
To run indefinately, set FUZZ_RUNS=-1, e.g. "make FUZZ_RUNS=-1 fuzz"
 2021-03-18 16:48:19 -06:00
Todd C. Miller
6eff3b313b Move corpus files to a seed subdirectory. 2021-03-18 15:28:29 -06:00
Todd C. Miller
bac0579134 Fix fuzz_sudoers output comparison when fuzzing is enabled. 
libFuzzer outputs additional info to stderr that our stub doesn't.
 2021-03-18 13:20:45 -06:00
Todd C. Miller
95bfd65fec Flush stdout before successful return from LLVMFuzzerTestOneInput(). 
Fixes a problem with diag lines from libFuzzer being interspersed
with test output.
 2021-03-18 13:08:30 -06:00
Todd C. Miller
3e5cf7baa3 Do not redefine system group and passwd functions for testsudoers. 
Instead, prefix the replacements with "testsudoers_" and use a
custom pwutil backend so they get used.
 2021-03-18 11:39:54 -06:00
Todd C. Miller
4c182c90f1 Rename "fuzz" makefile target to "check-fuzzer". 
It's purpose is to run the fuzzers are part of a normal "make check"
to avoid bit rot, not to perform a fuzzer run.
The fuzz_logsrvd_conf fuzzer was not wired up to "make check" previously.
 2021-03-18 09:08:16 -06:00
Alexandru Ardelean
058fde9251 plugins: sudoers: policy: add MODE_IMPLIED_SHELL to RUN_VALID_FLAGS 
Since this flag isn't set, the sudo_mode variable gets invalidated and
running the 'sudo' command seems to error out with message
'sudoers_policy_check: invalid mode flags from sudo front end: 0x80001"'
 2021-03-15 09:18:11 -06:00
Todd C. Miller
843c4b632c Updated translations from translationproject.org 2021-03-10 13:13:53 -07:00
Todd C. Miller
d7d80e703f Use HAVE_STDINT_H instead of trying to guess based on __STDC_VERSION__. 
Fixes compilation with pre-C99 headers when the compiler supports C99.
 2021-03-10 12:27:14 -07:00
Todd C. Miller
3f11e8d9a6 Quiet a few Solaris Studio compiler warnings. 2021-03-10 08:57:28 -07:00
Todd C. Miller
07af7caf73 Add @SUDOERS_LIBS@ to FUZZ_LIBS for -lutil on FreeBSD and NetBSD 2021-03-08 12:55:15 -07:00