isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
10,808 Commits 1 Branch 0 Tags
cf8feb2876762a24f0ee7b7991a7a53e7567537c
Commit Graph

10808 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Todd C. Miller
cf8feb2876 Remove support for obsolete ISC UNIX and MIPS RISC/OS systems. 
They were getting in the way of net_its.c simplification.
 2021-03-24 08:54:17 -06:00
Todd C. Miller
9d6a37a49b Use SIOCGLIFCONF to get interface list where supported (Solaris). 
HP-UX has a SIOCGLIFCONF but it is incompatible (and appears to only
return IPv6 addresses).
Also add IPv6 support using SIOCGIFCONF (probably AIX only) and make
sure ifr_tmpbuf[] is properly aligned.
 2021-03-22 19:51:40 -06:00
Todd C. Miller
06df3a1b47 Add simple regress check to display the network interfaces found. 2021-03-22 12:26:36 -06:00
Todd C. Miller
009069115c Suggest clang 11 or higher, some fuzzers may hang when used with clang 10. 2021-03-19 08:04:39 -06:00
Todd C. Miller
977f238d35 Add dictionary file for fuzz_logsrvd_conf. 2021-03-18 19:46:08 -06:00
Todd C. Miller
dfff132122 Add a new "fuzz" target that executes the fuzzers for 8192 runs each. 
To run indefinately, set FUZZ_RUNS=-1, e.g. "make FUZZ_RUNS=-1 fuzz"
 2021-03-18 16:48:19 -06:00
Todd C. Miller
6eff3b313b Move corpus files to a seed subdirectory. 2021-03-18 15:28:29 -06:00
Todd C. Miller
5498c6a938 We can now rely on LLVMFuzzerTestOneInput to flush stdout. 2021-03-18 13:40:26 -06:00
Todd C. Miller
bac0579134 Fix fuzz_sudoers output comparison when fuzzing is enabled. 
libFuzzer outputs additional info to stderr that our stub doesn't.
 2021-03-18 13:20:45 -06:00
Todd C. Miller
95bfd65fec Flush stdout before successful return from LLVMFuzzerTestOneInput(). 
Fixes a problem with diag lines from libFuzzer being interspersed
with test output.
 2021-03-18 13:08:30 -06:00
Todd C. Miller
d03805c413 Use --allow-multiple-definition to work around an issue with ld.lld. 
For fuzz_policy we redefine getaddrinfo/freeaddrinfo to work around
a DNS timeout problem with name resolution and CIfuzz.  However,
this causes a link failure when sanitizers are enabled on systems
that use ld.lld as their linker.  Use a big hammer to avoid the
link error.
 2021-03-18 11:45:41 -06:00
Todd C. Miller
3e5cf7baa3 Do not redefine system group and passwd functions for testsudoers. 
Instead, prefix the replacements with "testsudoers_" and use a
custom pwutil backend so they get used.
 2021-03-18 11:39:54 -06:00
Todd C. Miller
4c182c90f1 Rename "fuzz" makefile target to "check-fuzzer". 
It's purpose is to run the fuzzers are part of a normal "make check"
to avoid bit rot, not to perform a fuzzer run.
The fuzz_logsrvd_conf fuzzer was not wired up to "make check" previously.
 2021-03-18 09:08:16 -06:00
Todd C. Miller
85d77fb3d9 Sudo 1.9.6p1 2021-03-15 10:49:47 -06:00
Alexandru Ardelean
058fde9251 plugins: sudoers: policy: add MODE_IMPLIED_SHELL to RUN_VALID_FLAGS 
Since this flag isn't set, the sudo_mode variable gets invalidated and
running the 'sudo' command seems to error out with message
'sudoers_policy_check: invalid mode flags from sudo front end: 0x80001"'
 2021-03-15 09:18:11 -06:00
Todd C. Miller
f57ab1a638 fix typo 2021-03-13 08:44:46 -07:00
Todd C. Miller
bc32789af2 Bug #968 2021-03-10 19:20:24 -07:00
Todd C. Miller
843c4b632c Updated translations from translationproject.org 2021-03-10 13:13:53 -07:00
Todd C. Miller
d7d80e703f Use HAVE_STDINT_H instead of trying to guess based on __STDC_VERSION__. 
Fixes compilation with pre-C99 headers when the compiler supports C99.
 2021-03-10 12:27:14 -07:00
Todd C. Miller
d9d450292d Remove compatibility defines for POSIX sys/stat.h macros. 
Modern systems have them and we no longer support pre-POSIX systems.
This fixes potential redefinition of the macros if sys/stat.h is
included after sudo_compat.h.  Bug #968.
 2021-03-10 12:26:11 -07:00
Todd C. Miller
3f11e8d9a6 Quiet a few Solaris Studio compiler warnings. 2021-03-10 08:57:28 -07:00
Todd C. Miller
b8e588565b Add -Wno-unknown-pragmas along with -Wall. 
We don't want warnings about unknown pragmas in system headers.
 2021-03-10 07:47:23 -07:00
Todd C. Miller
42fbc185ab Solaris 11.4 removed /usr/bin/optisa, use /usr/bin/isainfo instead. 2021-03-10 07:29:52 -07:00
Todd C. Miller
0e2ba920ee Compare OS name against freebsd* and netbsd* not freebsd and netbsd. 
Fixes an issue on NetBSD where host_os starts with netbsdelf.
 2021-03-08 14:05:39 -07:00
Todd C. Miller
07af7caf73 Add @SUDOERS_LIBS@ to FUZZ_LIBS for -lutil on FreeBSD and NetBSD 2021-03-08 12:55:15 -07:00
Todd C. Miller
0cf7c3a951 Set locale for all "make check" targets. 2021-03-08 12:51:48 -07:00
Todd C. Miller
7bce330ffa AIX 6.1 may have a broken fmemopen(). 
We only use it for the fuzzers so ignore it for AIX < 7.1.
 2021-03-07 07:51:59 -07:00
Todd C. Miller
2b564cd7b2 Only put specific directories in the ROOT section of the AIX package. 
Previously, /usr and /opt were placed in USR and everything else
went in ROOT.  Now, only /dev, /etc, /sbin and /var go in ROOT.
 2021-03-06 16:23:24 -07:00
Todd C. Miller
ce497bf30b Updated translations from translationproject.org 2021-03-06 16:10:59 -07:00
Todd C. Miller
1c6080f135 Remove unused tls parameter, we now use a per-address tls flag. 2021-03-05 14:48:08 -07:00
Todd C. Miller
2759920b86 Document double escaping of backslashes. Bug #961. 2021-03-03 15:49:18 -07:00
Todd C. Miller
06beb6f064 No longer need to define _DARWIN_UNLIMITED_GETGROUPS on macOS. 
We now define _DARWIN_C_SOURCE which accomplishes the same thing.
 2021-03-03 11:26:02 -07:00
Todd C. Miller
08b0b626f1 Fix a potential use-after-free in conversation function. 
The prompt passed in to sudo_pam_verify() will be freed later by
check_user_interactive() so we need to reset the stashed value.
From Pavel Heimlich.  Bug #967.
 2021-03-03 08:19:44 -07:00
Todd C. Miller
f0761a9810 No need to update cp after storing gr->gr_name, it is not used, 
Coverity CID 219314
 2021-03-03 07:13:25 -07:00
Todd C. Miller
a31bbbfbb6 Mention GitHub issue #56. 2021-03-02 19:39:47 -07:00
Todd C. Miller
4285153275 regen 2021-03-02 19:30:02 -07:00
Todd C. Miller
d452678787 Log peer address in sudo_logsrvd JSON-format logs. 
The peer that connected to us might not be the same host where the
log entry originated.
 2021-03-02 18:37:35 -07:00
Todd C. Miller
5ffa0ce053 Make "group_source=dynamic" the default on macOS. 
Recent versions of macOS do not reliably return all of a user's
non-local groups via getgroups(2), even when _DARWIN_UNLIMITED_GETGROUPS
is defined.  Bug #946.
 2021-03-02 14:09:31 -07:00
Todd C. Miller
9bbf120bd8 For regess/fuzz set LC_ALL to C.UTF-8 if possible, falling back on C. 
Works around a crash in leak sanitizer when the locale is set to C
and TLS support is enabled.
 2021-03-02 13:40:23 -07:00
Todd C. Miller
ac8f23ef9a Initialize the lbuf used by sudoers_trace_print() in init_lexer(). 
Free the old buffer if there is one, otherwise it would never be freed.
 2021-03-01 18:57:05 -07:00
Todd C. Miller
7f27b04616 In sudo_lbuf_destroy(), reset error, len and size. 2021-03-01 16:05:51 -07:00
Todd C. Miller
c8a8afba79 Mention the integer overflow check in store_timespec(). 2021-03-01 14:00:59 -07:00
Todd C. Miller
4a28b5d587 In find_path() stub only make a copy in outfile if returning FOUND. 
Fixed a recently-introduced memory leak in the fuzzer.
 2021-03-01 07:22:57 -07:00
Todd C. Miller
79dbf9f17e Disable debug code for FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION 
It will not be used and just confuses the coverage stats.
 2021-02-28 19:52:03 -07:00
Todd C. Miller
0c944576e9 Expand stub getaddrinfo() to resolve "localhost". 2021-02-28 19:52:02 -07:00
Todd C. Miller
cfcbc42ec7 Improve fuzz_policy coverage and set defaults in setdefs not parse. 
Now exercises session open/close and set additional defaults to
exercise more code paths.
 2021-02-28 19:52:01 -07:00
Todd C. Miller
f34a3072e5 Improve SUDOERS_NAME_MATCH support. 
Now supports digests and performs better directory matching.
 2021-02-28 19:51:46 -07:00
Todd C. Miller
f86c11c4a1 Add MODE_CHECK to LIST_VALID_FLAGS, fixes "sudo -l command". 2021-02-28 08:55:18 -07:00
Todd C. Miller
851247e58c Split iolog_fileio.c into multiple files. 2021-02-26 21:07:48 -07:00
Todd C. Miller
fc9170d809 Update file that was missed in test27 changes. 2021-02-26 15:06:46 -07:00