isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
10,711 Commits 1 Branch 0 Tags
c702957879e42f0d1067003b6043c80a6a3ea020
Commit Graph

3012 Commits

Author SHA1 Message Date
Todd C. Miller
c702957879 Move alias checking code out of visudo.c and into check_aliases.c. 2021-02-23 19:07:12 -07:00
Todd C. Miller
2a0ba4008c Check aliases in fuzz_sudoers if the policy parsed correctly. 2021-02-23 18:48:47 -07:00
Todd C. Miller
5a85543c16 Move alias checking code out of visudo.c and into check_aliases.c. 2021-02-23 18:42:37 -07:00
Todd C. Miller
c71a397368 We don't need to link fuzz_sudoers with file.c. 2021-02-23 16:39:32 -07:00
Todd C. Miller
03e610dab5 Strings in dictionary files need to be quoted. 2021-02-23 12:38:02 -07:00
Todd C. Miller
081e219e23 Add dictionary files for fuzzers where possible. 2021-02-23 11:28:47 -07:00
Todd C. Miller
e0761b9e3b Also free safe_cmnd so it doesn't leak. 2021-02-22 20:18:49 -07:00
Todd C. Miller
322e0b3693 Return NOT_FOUND from the set_cmnd_path() stub since we don't set user_cmnd. 
The purpose of set_cmnd_path() is to reset user_cmnd based on a new
runchroot.  For the stub version we don't modify user_cmnd and so
must not return a status of FOUND.
Fixes oss-fuzz issue #31250 which only affected the fuzzer and not sudo.
 2021-02-22 19:53:08 -07:00
Todd C. Miller
5fc6b8c177 Fix fuzz_sudoers output matching. 2021-02-22 16:43:34 -07:00
Todd C. Miller
39db44b041 Support passing sudo_make_gidlist_item() an array of gids. 
The gids are formatted as strings, not gid_t.
 2021-02-22 12:33:21 -07:00
Todd C. Miller
f92080be62 Prime user/group cached and set the interface list. 
Also match parsed policy against multiple users.
 2021-02-22 10:59:58 -07:00
Todd C. Miller
7463a1989f Add sudo_mkgrent(), to be used to prime the group cache in tests/fuzzers. 2021-02-22 08:00:46 -07:00
Todd C. Miller
df42c0c1d2 Perform matching in fuzz_sudoers for inputs that parse correctly. 
The fuzzer now exercised the normal match code as well as the
pseudo-command (list, validate, etc) match code.
Privileges are also listed for well-formed sudoers file.
 2021-02-21 14:59:29 -07:00
Todd C. Miller
921097cb67 Add back SUDOERS_NAME_MATCH and enable it when fuzzing. 
This avoids the test environment from influencing sudoers matching.
 2021-02-21 13:39:56 -07:00
Todd C. Miller
ecbe95589a Add missing globfree(3) in command_matches_glob() when matching a directory. 2021-02-21 13:35:00 -07:00
Todd C. Miller
14c71eaa86 Add clean rules to .PHONY target. 2021-02-19 08:54:04 -07:00
Todd C. Miller
9f1e016cde Add install-fuzz Makefile target to install the fuzzers and seed corpus. 
The FUZZ_DESTDIR make variable needs to be set in the environment
or on the command line.
 2021-02-18 19:38:54 -07:00
Todd C. Miller
5ea2acc4c2 Only display fuzz_policy output if the fuzzer exits with an error. 2021-02-18 15:12:42 -07:00
Todd C. Miller
d02cc9c3ac Call list, validate and invalidate entry points too. 
We need a separate open/close for each one.
 2021-02-18 15:09:26 -07:00
Todd C. Miller
f76c59fc8f Restore the check for sudoers_policy.close == NULL. 
The fuzzers run as part of "make check" too in which case NO_LEAKS
won't be defined and the close function will be set to NULL.
 2021-02-18 07:58:34 -07:00
Todd C. Miller
5813358b2b Don't print a NULL as a string if role/type/privs/limitprivs is not set. 
We can't rely on printf("%s", NULL) not crashing.
 2021-02-18 06:09:08 -07:00
Todd C. Miller
aaf3d5643b Fix compilation error on Solaris introduced with sudo_user_free(). 2021-02-18 05:41:20 -07:00
Todd C. Miller
9937d08031 Distinguish between EOF and error using feof(3), not ferror(3). 
Our getdelim(3) emulation won't set the error flag if the error is
due to an allocation failure.  This explains the premature EOF
without error seen in Bug #960.
 2021-02-17 18:57:21 -07:00
Todd C. Miller
abdef93f72 Remove duplicated MALLOC_OPTIONS and MALLOC_CONF env variables. 2021-02-17 13:06:35 -07:00
Todd C. Miller
79a18cb419 regen 2021-02-17 09:57:36 -07:00
Todd C. Miller
a5504148a5 Add admin_flag sudoers option and make --enable-admin-flag take a path. 
It is now possible to disable the Ubuntu admin flag in sudoers
or change its location.
GitHub issue #56
 2021-02-16 13:20:02 -07:00
Todd C. Miller
5ec59cddc2 Fix tilde expansion of paths with no user like ~/foo. 
The '/' separator was missing in the resulting path.
 2021-02-16 13:19:58 -07:00
Todd C. Miller
a18b2a9ddf Limit max_groups in sudo.conf to 1024. 
The max_groups setting should no longer be needed anyway.
 2021-02-16 12:37:23 -07:00
Todd C. Miller
df91e15b82 In sudoers_policy_close() call sudoers_cleanup() instead of sudo_user_free(). 
If we didn't call sudoers_policy_main() due to an early error there
may be more things to clean up.
 2021-02-16 10:37:04 -07:00
Todd C. Miller
ecdf732adc Check for invalid flag combinations from front-end for all cases. 
The checks are now performed in the check_policy, list, validate
and invalidate functions instead of as part of the open function.
We can't perform the checks in open because we don't yet know what
operation is going to be performed.
 2021-02-16 09:33:39 -07:00
Todd C. Miller
ae3a098d2f Always dynamically allocate user_cmnd, it is freed in sudo_user_free(). 
Instead of setting user_cmnd in the policy functions, always set argv.
Calling sudoers_policy_main() with argc of 0 is no longer allowed.
 2021-02-16 09:32:34 -07:00
Todd C. Miller
c09169e812 No need for sudoers_cleanup() in sudoers_policy_invalidate(). 
The sudoers close() function is now called even for "sudo -k".
Also no need to set user_cmnd, it is not used in this code path.
 2021-02-16 08:26:49 -07:00
Todd C. Miller
de2a47f273 Set MALLOC_OPTIONS and MALLOC_CONF for all regress targets. 2021-02-15 13:17:46 -07:00
Todd C. Miller
52e3fcc795 Free struct sudo_user in sudoers_policy_close() and sudoers_cleanup(). 
Also, do not NULL out the close function if NO_LEAKS is defined.
 2021-02-15 08:29:47 -07:00
Todd C. Miller
ea7a70e85d For "make fuzz" only fuzz the seed corpus. 
This way we avoid files generated by the fuzzer itself.
 2021-02-15 07:35:19 -07:00
Todd C. Miller
7f3c670a13 Fix sudoers garbage collection and run it in policy fuzzer. 2021-02-14 14:01:31 -07:00
Todd C. Miller
7f0b269238 Do not include errno string for invalid params from front-end. 2021-02-14 07:48:58 -07:00
Todd C. Miller
561740cd54 Always dynamically allocate user_role, user_type, user_privs, user_limitprivs 2021-02-14 07:47:48 -07:00
Todd C. Miller
5c0454495c Remove dead code, front-end does not set runas_privs or runas_limitprivs 2021-02-14 07:39:41 -07:00
Todd C. Miller
d1969b4f0b Plug memory leak if there are duplicate user_info or command_info entries. 2021-02-14 07:21:00 -07:00
Todd C. Miller
776c57a81e Move create_admin_success_flag() to timestamp.c. 2021-02-13 15:48:21 -07:00
Todd C. Miller
651a225a4a The push() function was not updating the size after reallocating. 2021-02-13 12:54:22 -07:00
Todd C. Miller
41eae91206 If sudo_getgrouplist2() returns -1, clamp ngroups based on max_groups. 
The ngroups parameter is an out parameter that is filled in with
the actual number of groups, which may be less than the static
number allocated when max_groups is set in sudo.conf.
Fixes a potential out of bounds read found by LLVM libFuzzer.
 2021-02-13 11:54:21 -07:00
Todd C. Miller
e89a8133ac Reset sudoers path, owner and mode before parsing plugin arguments. 
This is only needed when calling sudoers_policy_deserialize_info()
more than once, which is true for the policy fuzzer.
 2021-02-12 21:15:36 -07:00
Todd C. Miller
197d6600fa Cleanup sudoers sources on denial and error too. 2021-02-12 19:52:11 -07:00
Todd C. Miller
520db741b5 Fix sudo_getgrgid reference count bug when gid doesn't exist. 
This one was missed when the other user/group lookup functions
were fixed.
 2021-02-12 19:27:47 -07:00
Todd C. Miller
df2931588a Fuzz sudoers policy module API. 
Includes a test case to reproduce CVE-2021-3156.
 2021-02-12 15:36:18 -07:00
Todd C. Miller
ed79627699 Plug memory leak if there are duplicate user_info entries. 2021-02-12 19:04:37 -07:00
Todd C. Miller
eedc72d7b9 Make fuzz targets depend on fuzzer stub library. 
We really want a dependency on $(LIB_FUZZING_ENGINE) but that could
be a flag like "-fsanitize=fuzzer" instead of a path.
 2021-02-12 15:35:18 -07:00
Todd C. Miller
1f97ef92b7 Move audit.c from libparsesudoers to the sudoers module itself. 
Now that audit.c contains the audit module it doesn't belong in
libparsesudoers.
 2021-02-12 11:13:52 -07:00