isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
8,436 Commits 1 Branch 0 Tags
ba91ebb14befa5aad77c8c0e08eeee4977e6fb8c
Commit Graph

8436 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Todd C. Miller
8b4de84049 Remove unnecessary NULL checks in the RUNAS_CHANGED macro. The 
only place where the pointers could be NULL is in visudo_json.c but
we already check for "next" being NULL there.  Quiets a cppcheck
warning.
 2016-05-10 06:32:55 -06:00
Todd C. Miller
398ddd0467 In replay_session() free iov at the end of the function (if needed) 
instead of after processing each line from the timing file.
Coverity CID 104843.
 2016-05-09 14:54:26 -06:00
Todd C. Miller
e528cad795 Add io_log_read() and io_log_gets() to hide differences between 
gzread/fread and gzgets/fgets.  Check for premature EOF and error
from io_log_read().  Also sanity check the index in the timing file.
Coverity CID 104630.
 2016-05-09 14:27:33 -06:00
Todd C. Miller
b04c49dbd3 Break up io_callback() into read_callback() and write_callback() 
to make it clear that we can't get an event with both read and write
set.
 2016-05-09 10:53:20 -06:00
Todd C. Miller
094854adfe In io_callback() make sure we clear SUDO_EV_READ if we close the 
fd.  It should not be possible for SUDO_EV_READ to be set when
revent is non-NULL but this makes static analyzers happier.
Coverity CID 104124.
 2016-05-07 14:51:37 -06:00
Todd C. Miller
194c7c8069 In sudo_krb5_copy_cc_file() move the close(ofd) to the done: label 
so we only have to cleanup in one place.  Coverity CID 104577.
 2016-05-07 08:18:27 -06:00
Todd C. Miller
0568fa90cf Fix memory leak in sudo_netgroup_lookup() in the non-error case. 
Coverity CID 104572, 104573, 104574, 104575.
 2016-05-07 07:57:15 -06:00
Todd C. Miller
334b8f36a8 Fix fd leak in sudo_krb5_copy_cc_file() if restore_perms() fails. 
Coverity CID 104571.
 2016-05-07 07:49:35 -06:00
Todd C. Miller
b84b2e6805 Free the events and event base before returning from replay_session(). 
Coverity CID 104116, 104117.
 2016-05-07 05:16:03 -06:00
Todd C. Miller
e99e3c26c8 In sudo_edit_create_tfiles(), fix fd leak if sudo_edit_mktemp() fails. 
Coverity CID 104114.
 2016-05-07 05:10:11 -06:00
Todd C. Miller
355cce4570 Fix fd leak in sudo_edit_open_nonwritable() if dir_is_writable() 
returns an error.  Coverity CID 104113.
 2016-05-07 05:07:38 -06:00
Todd C. Miller
d733dd7783 Fix memory leak of sesh_args in selinux_edit_copy_tfiles(). 
Coverity CID 104112.
 2016-05-07 05:05:30 -06:00
Todd C. Miller
bbda2e7b5b Fix memory leak in get_editor() if resolve_editor() fails with 
an error.  Coverity CID 104107.
 2016-05-07 04:59:56 -06:00
Todd C. Miller
0f359e038c Fix memory leak on error if sudo_new_key_val() fails. 
Coverity CID 104103.
 2016-05-07 04:57:11 -06:00
Todd C. Miller
96f5fe4cd0 Ignore the return value of the initial sudoersparse(), before 
we have actually edited any files.  Coverity CID 104078.
 2016-05-07 04:52:21 -06:00
Todd C. Miller
00727a310c Ignore the result of send() on exec error, if it fails the other 
end of the pipe is gone and we are headed for exit.
Coverity CID 104066.
 2016-05-07 04:47:12 -06:00
Todd C. Miller
edd1a1cac5 In fill_args() clean up properly if there is an internal overflow 
(which should not be possible).  Coverity CID 104569.
 2016-05-07 04:37:55 -06:00
Todd C. Miller
0ecc6025a2 Fix logic inversion in sudoers_gc_remove(), currently unused. 
Coverity CID 104568
 2016-05-07 04:33:45 -06:00
Todd C. Miller
c56a812ea2 In io_mkdirs(), change the order from stat then mkdir, to mkdir then stat. 
This more closely matches what "mkdir -p" does.
Coverity CID 104120.
 2016-05-06 16:42:42 -06:00
Todd C. Miller
602ed0c747 In ts_mkdirs(), change the order from stat then mkdir, to mkdir then stat. 
This more closely matches what "mkdir -p" does.
Coverity CID 104119.
 2016-05-06 16:37:20 -06:00
Todd C. Miller
5ee1e5bbcb Newer versions of Ubuntu have switched from using the "admin" group 
to the "sudo" group to align with Debian.  create_admin_success_flag()
now accepts either one.
https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/1387347
 2016-05-06 14:30:46 -06:00
Todd C. Miller
7a86430d41 Cast off_t printed via printf(3) instead of assuming it is long long. 2016-05-06 14:17:32 -06:00
Todd C. Miller
151e03fb5b Instead of using stat(2) to see if the admin flag file exists and 
creating it if not, just try to create the file and treat EEXIST
as a non-error.  Coverity CID 104121.
 2016-05-06 14:12:08 -06:00
Todd C. Miller
bb12328064 README file for the sample plugin that tells the user how to build, 
install and enable it.
 2016-05-06 11:30:02 -06:00
Todd C. Miller
cc82c3193e Fix compilation error and export sample_policy struct. 
From Michael Evans
 2016-05-06 11:12:45 -06:00
Todd C. Miller
3b4f2bbfff Update for 1.8.17 2016-05-06 09:44:52 -06:00
Todd C. Miller
3b043207b2 Sudo 1.8.17 2016-05-06 09:28:42 -06:00
Todd C. Miller
7b302e09ae Check return value of restore_perms() in vlog_warning(). 
Coverity CID 104079.
 2016-05-06 09:26:45 -06:00
Todd C. Miller
b4cb1c0a1f Fix memory leaks in resolve_editor() in the error path. 
Coverity CID 104109, 104110
 2016-05-06 09:23:22 -06:00
Todd C. Miller
61c53c8e66 Fix memory leak of gid_list in sudoers_policy_exec_setup() in the 
error path.  Coverity CID 104111.
 2016-05-06 09:17:14 -06:00
Todd C. Miller
0690793c25 Fix fd leak in do_logfile() if we fail to lock the log file. 
Coverity CID 104115.
 2016-05-06 09:12:39 -06:00
Todd C. Miller
7a5149d738 Fix memory leak of sss_result in sudo_sss_lookup() 
Coverity CID 104106
 2016-05-06 08:22:03 -06:00
Todd C. Miller
4bfdf0c2b4 Fix fd leak in open_io_fd() if gzdopen/fdopen fails. 
Coverity CID 104105
 2016-05-06 08:11:34 -06:00
Todd C. Miller
444d2a5c3e Fix fd leak in io_nextid() in error path. 
Coverity CID 104104
 2016-05-06 08:07:40 -06:00
Todd C. Miller
562b5cb59b Check lseek() return value. 
Coverity CID 104061.
 2016-05-05 16:46:25 -06:00
Todd C. Miller
60e740dd60 Ignore ts_write() return value when disabling an entry with a bogus 
timestamp.  We ignore the timestamp entry even it doesn't succeed.
Coverity CID 104062.
 2016-05-05 16:30:11 -06:00
Todd C. Miller
6473d55aa7 Cast the return value of fcntl() to void when setting FD_CLOEXEC. 
Coverity CID 104063, 104064, 104069, 104070, 104071, 104072, 104073, 104074
 2016-05-05 16:16:24 -06:00
Todd C. Miller
9471ec45a1 Cast the return value of fcntl() to void when setting FD_CLOEXEC. 
Coverity CID 104075, 104076, 104077.
 2016-05-05 16:09:51 -06:00
Todd C. Miller
a7fa036d42 Avoid a false positive. Coverity CID 104056. 2016-05-05 15:54:06 -06:00
Todd C. Miller
c0a3c6bb9d Avoid calling fclose(NULL) on error in export_sudoers(). 
Coverity CID 104091.
 2016-05-05 15:14:57 -06:00
Todd C. Miller
a09e45d339 In fill_args(), check for "arg_size == 0" instead of 
"sudoerslval.command.args == NULL" since the latter leads Coverity
to imply that sudoerslval.command.args could be NULL later on.
Coverity CID 104093.
 2016-05-05 15:12:37 -06:00
Todd C. Miller
64142f9da2 Avoid calling fclose(NULL) if the sudoers file is not secure and 
restore_perms() fails.  Coverity CID 104090.
 2016-05-05 15:01:22 -06:00
Todd C. Miller
5725acd1c4 In fill_args(), replace loop that increments arg_size() with 
a simple add and mask.  Should prevent a false positive from
Coverity CID 104094.
 2016-05-04 16:59:04 -06:00
Todd C. Miller
bf734419bf In parse_expr(), move the "bad" label after the "default" case in 
the switch(), not before it.  This seemed to confuse Covertity,
resulting in a false positive, CID 104095.
 2016-05-04 16:48:02 -06:00
Todd C. Miller
ea44d3757e For "sudoreplay -l", not all predicates may be shortened to a single 
character.  Both 'c' and 't' have more than one possibility.
 2016-05-04 16:44:52 -06:00
Todd C. Miller
829917f008 pid_t is defined by POSIX as a signed integer type so we don't need 
a cast when comparing to -1.
 2016-05-04 14:14:38 -06:00
Todd C. Miller
c70da6dcdf In dispatch_signal() for stopped processes check for tcgetpgrp() 
returning -1.  Also change checks from "saved_pgrp != -1" to
"fd != -1".  Coverity CID 104098.
 2016-05-04 14:13:44 -06:00
Todd C. Miller
2cd22f2906 In relabel_tty() always jump to bad: on error, regardless of the 
value of se_state.enforcing.  On error, return -1 if enforcing,
else 0.  Coverity CID 104099.
 2016-05-04 13:48:44 -06:00
Todd C. Miller
b20b411e71 Define NO_LEAKS when sudo is built with Coverity. 2016-05-04 13:01:57 -06:00
Todd C. Miller
4ce39df38f In io_callback() if we write the complete buffer and find that there 
is no associated reader just return as there is nothing else to be
done.  In practice is it not possible for SUDO_EV_READ to be set
if revent is NULL but an early return is harmless and possibly
easier to understand.  Coverity CID 104124.
 2016-05-04 12:53:20 -06:00