isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
9,908 Commits 1 Branch 0 Tags
df2e3f7c7f6bfa78b6ca0cf8322dcad9b5b96e40
Commit Graph

380 Commits

Author SHA1 Message Date
Todd C. Miller
2512f6efbf Use sudo_strtonum() explicitly instead of via a macro. 2019-10-14 10:09:30 -06:00
Todd C. Miller
04a17095be Always use our own strtonum and implement sudo_strtoid in terms of it. 2019-10-14 10:09:29 -06:00
Todd C. Miller
396bc57fef Add sudo_strtoid() tests for -1 and range errors. 
Also adjust testsudoers/test5 which relied upon gid -1 parsing.
 2019-10-10 10:04:13 -06:00
Todd C. Miller
f752ae5cee Treat an ID of -1 as invalid since that means "no change". 
Fixes CVE-2019-14287.
Found by Joe Vennix from Apple Information Security.
 2019-10-10 10:04:13 -06:00
Todd C. Miller
b7b3fb72d0 _rs_random_buf is currently unused 2019-09-27 08:55:51 -06:00
Todd C. Miller
73dd3849c6 Better error message when debug log file cannot be opened. 2019-09-21 07:47:24 -06:00
Todd C. Miller
8c96df036a Fix sorting of the time-based event queue. 2019-09-13 16:49:13 -06:00
Todd C. Miller
751c0c4440 Support default base in got_exit, got_break, loopexit, loopbreak, loopcontinue 2019-09-13 16:26:09 -06:00
Todd C. Miller
b98b82e4a2 sys_signame on macOS contains lower-cases names 2019-08-19 14:25:05 -06:00
Todd C. Miller
0bbfdc9920 Add regress tests for str2sig() and sig2str(). 2019-08-19 08:37:08 -06:00
Todd C. Miller
48066e0dbd SIGIOT and SIGABRT are aliases on BSD systems. 2019-08-19 08:36:53 -06:00
Todd C. Miller
29534ad96a Fix handling of real-time signals. 2019-08-19 08:36:30 -06:00
Todd C. Miller
3e56be3564 Store signal name, not number in I/O log timing file. 
The "SIG" prefix is not used so, e.g. SIGTERM -> "TERM".
This makes the I/O log files portable from one system to another.
Older I/O log files with signal numbers can still be replayed.
 2019-08-05 16:30:58 -06:00
Todd C. Miller
e91865fb22 Link util functions being tested directly with the test harness. 
Otherwise we may get the version from the installed libsudo_util.so.
 2019-07-26 15:09:13 -06:00
Todd C. Miller
9d8f374397 Add ssizeof macro that returns ssize_t. 
We can use this instead of casting the result of size_t to int.
Also change checks for snprintf() returning <=0 to <0.
 2019-06-25 09:45:10 -06:00
Todd C. Miller
5d4142f294 libsudo_util depends on LT_DEP_LIBS even when building a static lib 2019-06-10 13:27:12 -06:00
Todd C. Miller
81c6cac81b Solaris getentropy() requires that sys/random.h be included. 2019-06-10 12:12:57 -06:00
Todd C. Miller
cd2cfeb8cb It is safe to assume _POSIX_VDISABLE is defined. 
The old compat defines were to support pre-termios systems.
 2019-05-16 12:24:48 -06:00
Todd C. Miller
1e1ef61902 Add SPDX-License-Identifier to files. 2019-04-29 07:21:51 -06:00
Todd C. Miller
30a56af6ef FreeBSD's /dev/fd only contains fds 0-2 unless fdescfs is mounted. 
In practice this doesn't matter since FreeBSD >= 8 has a native closefrom
 2019-04-26 15:21:29 -06:00
Todd C. Miller
de65d70929 Add a proper getdelim(3) replacement and use it instead of getline(3). 2019-04-08 10:37:30 -06:00
Todd C. Miller
731e796711 Fix the counting of supplementary groups on AIX. 
We should not assume that basegid will be present in the list of
gids returned by getgrset().
 2019-03-18 14:08:21 -06:00
Todd C. Miller
17ca31c381 Ignore EOVERFLOW from pstat_getproc(), it is not a fatal error. 
It just means that one of the fields in pstat lacks the precision to
store a value.  That's not an issue for pst_highestfd.
 2019-03-06 20:13:40 -07:00
Todd C. Miller
683c65b98b Only export sudo_arc4random_uniform() if arc4random_uniform() is missing. 2019-02-18 16:03:55 -07:00
Todd C. Miller
f17683482b Quiet a warning on gcc 8 2019-02-18 15:56:12 -07:00
Todd C. Miller
13c3244220 include stddef.h to make sure we get NULL 2019-02-04 14:07:20 -07:00
Todd C. Miller
985600e7f0 Minor snprintf() usage tweaks: 
1) don't assume snprintf() returns -1 on error, check for <0
2) when comparing return value of sizeof(foo), cast the sizeof, not the len
3) cast return value to void in cases where snprintf cannot fail
 2019-01-20 07:49:48 -07:00
Todd C. Miller
f7d7a9a619 Fix the default nofiles and stack hard limits. 
The table of default hard limits in /etc/security/limits was out
of date with respect to the current documentation.  The default
hard limit for nofiles should be unlimited, not 8196.  The default
hard limit for stack should be 4194304 blocks (which fits in an
unsigned long on 32-bit platforms).
 2019-01-07 09:38:03 -07:00
Todd C. Miller
716aa6e4ab Support st_nmtime in struct stat as found in HP-UX. 2018-11-14 13:37:46 -07:00
Todd C. Miller
7c5469264d If fcntl fails, fall back to the /proc implementation. 2018-11-14 13:37:45 -07:00
Todd C. Miller
537a2f9773 Only use closefrom_fallback() if no better method exists. 
The previous logic was too fragile.
 2018-11-08 15:17:39 -07:00
Todd C. Miller
cdd5bb32eb Add sudo_gai_fatal, sudo_gai_vfatal, sudo_gai_vwarn, sudo_gai_warn 
and gai_log_warning that use gai_strerror() instead of strerror().
 2018-11-05 09:08:05 -07:00
Todd C. Miller
ffe2041a02 Skip sudo_getgrouplist2() check on systems with getgrouplist_2(). 
sudo_getgrouplist2() is just a wrapper on such systems and this
avoids a test failure on macOS where a user is automatically a
member of certain groups.
 2018-10-26 11:11:58 -06:00
Todd C. Miller
e22410ba64 Add missing exported symbol sudo_term_eof 2018-10-26 10:45:12 -06:00
Todd C. Miller
a3cb22b467 Check the user's primary gid from the passwd file too. 2018-10-26 10:24:38 -06:00
Todd C. Miller
6c3d20cb41 Convert PVS-Studio comment to ANSI C. 2018-10-26 08:39:09 -06:00
Todd C. Miller
019279a4b8 Fix some mangled text in the license block. 2018-10-26 08:19:41 -06:00
Todd C. Miller
404524c4ef Add regress test for sudo_getgrouplist2(). 
This test assumes all the groups in root's group list can
be resolved by group ID.
 2018-10-26 06:52:46 -06:00
Todd C. Miller
78d35de935 Remove an errant grset++ in the AIX version of sudo_getgrouplist2(). 
Bug #857
 2018-10-25 07:17:31 -06:00
Todd C. Miller
cb588f2337 Pass --sourcetree-root to pvs-studio and don't check sudo_noexec.c. 
Since we don't auto-generate dependencies for sudo_noexec.c we
can't easily check it from outside the source tree.  This
is not a problem as it just contains stub functions.
 2018-10-22 09:12:17 -06:00
Todd C. Miller
3710d5ba07 Add support for CLOCK_MONOTONIC_RAW and CLOCK_UPTIME_RAW, present 
on macOS.
 2018-10-21 15:24:33 -06:00
Todd C. Miller
c5df091123 Add pvs-studio target and associated production rules. 2018-10-21 08:46:05 -06:00
Todd C. Miller
64e5d34c57 Add comments in .c files so PVS-Studio will check them. 2018-10-21 08:46:05 -06:00
Todd C. Miller
8c94175ba1 Avoid some PVS-Studio false positives. 2018-10-19 13:35:20 -06:00
Todd C. Miller
939585e906 tv_nsec can never be negative after timespecsub. 
Found by PVS Studio
 2018-10-17 06:21:48 -06:00
Todd C. Miller
2b56252210 Handle EOF on password input when pwfedback is enabled. 2018-10-08 06:47:53 -06:00
Todd C. Miller
d8870177c2 Pass getgrouplist() NGROUPS_MAX+1, not NGROUPS_MAX so we have room 
for the primary gid.
 2018-09-22 12:55:44 -06:00
Todd C. Miller
c639c965cf Fix a crash in the event system's poll() backend introduced with 
support for nanosecond timers.  Only affects systems without ppoll().
Bug #851
 2018-09-12 07:02:13 -06:00
Todd C. Miller
a924b4610b Fix warnings on OpenIndiana (Illumos) 2018-08-30 14:06:18 -06:00
Todd C. Miller
5fea22e514 sync 2018-08-26 19:31:20 -06:00