isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
11,309 Commits 1 Branch 0 Tags
e64a089aea42710098666e55427fce9c97a1c94d
Commit Graph

512 Commits

Author SHA1 Message Date
Todd C. Miller
70c0d35faa Add missing dependencies for timegm. 2021-11-18 13:28:19 -07:00
Todd C. Miller
5faf46de6f Use $(SED), not sed, when generating mksiglist.h/mksigname.h 2021-11-10 13:35:44 -07:00
Todd C. Miller
09b82a22ca Add configure check for sha1sum and use "openssh dgst -sha1" if missing. 
Only needed when building the seed corpus zip files.
 2021-11-10 13:31:42 -07:00
Todd C. Miller
4eebd53bce parse_gentime: use timegm() to generate time since the epoch 
The timegm() function is non-standard but widely available.
Provide an implementation for those systems that lack it.
Bug #1006
 2021-10-31 09:27:34 -06:00
Todd C. Miller
b506497fe4 Fix pasto in gmtime_r and localtime_r macros. 
Also add missing Makefile targets for them.
 2021-10-31 09:01:18 -06:00
Todd C. Miller
cc6157d7d4 Add support for WolfSSL's OpenSSL compatibility layer. 
Based on changes from Hayden Roche
 2021-10-25 13:17:57 -06:00
Todd C. Miller
465bfbba72 regenerate dependencies 2021-10-25 12:32:02 -06:00
Todd C. Miller
ef3eb25a1b arc4random: need to include sys/random.h on Solaris too. 
This was removed when Linux genentropy() was disabled.
 2021-10-22 10:44:34 -06:00
Todd C. Miller
88c577171e Make sure INET_ADDRSTRLEN and INET6_ADDRSTRLEN are defined. 2021-10-21 19:53:48 -06:00
Larkin Nickle
07bdfeedb8 Define MAP_FAILED where relevant if undefined 
On systems such as HP-UX 10.20, MAP_FAILED is not
defined.
 2021-10-21 19:16:28 -04:00
Todd C. Miller
9fbbca7b7a Always link libsudo_util.so with libcrypto.so if using OpenSSL. 
We may need to use RAND_bytes() in the getentropy() emulation.
 2021-10-20 18:59:13 -06:00
Todd C. Miller
23eef895f4 Add an explicit check for sys/sysctl.h. 
This test needs to be done after AC_LANG_WERROR to avoid including
sys/sysctl.h on systems where it is marked as deprecated via a
#warning directive.
 2021-10-20 10:31:35 -06:00
Todd C. Miller
00e53b32e5 Use our own getentropy() by default on Linux. 
The glibc getentropy() emulation will fail on older kernels that
don't support getrandom().
Also use sudo_fatal() instead of sending SIGKILL on getentropy() failure.
GitHub issue #117.
 2021-10-20 09:53:01 -06:00
Todd C. Miller
de4fd4a31d Use the OpenSSL RAND_bytes() function if getrandom() fails. 2021-10-20 09:51:17 -06:00
Todd C. Miller
badd6267bd Fix compilation of standalone arc4random_buf(). 
Apparently this code was never compiled anywhere.
 2021-10-20 08:52:04 -06:00
Todd C. Miller
9dd6304940 sudo_uuid_create: no longer need a union for the uuid. 2021-10-20 07:55:35 -06:00
Todd C. Miller
de5ca187b8 regenerate dependencies 2021-10-10 14:23:13 -06:00
Todd C. Miller
eefb7b0d54 Use a consistent version of fuzz_conversation() with all fuzzers. 
Also undo a change to fuzz_sudoers.c that snuck in to the last commit.
 2021-09-28 20:20:28 -06:00
Todd C. Miller
7d964875df Fuzzers should not produce output. 
Excessive output makes the fuzzer runs much less efficient.
 2021-09-28 18:53:49 -06:00
Todd C. Miller
476f00b82f Emulate closefrom() on macOS using proc_pidinfo(). 
This avoids relying on /dev/fd which may not exist in a chroot jail.
Adapted from a change in OpenSSH by likan_999.student AT sina.com
 2021-09-27 13:44:41 -06:00
Todd C. Miller
a7367ce47d Move cppcheck suppression annotation to where it needs to be. 2021-09-22 15:51:45 -06:00
Todd C. Miller
99655f28de format string fix: print signal number as unsigned. 
Quiets a cppcheck warning; mksiglist.c already has this fixed.
 2021-09-22 11:23:41 -06:00
Todd C. Miller
55171df5e5 Check strftime(3) return value in all cases. 
Old versions of strftime(3) didn't guarantee to NUL-terminate the buffer
so we explicitly clear the last byte of the buffer and check it.
 2021-09-17 14:01:28 -06:00
Todd C. Miller
18f1884ddc Use gmtime_r() and localtime_r() instead of gmtime() and localtime(). 2021-09-17 10:55:06 -06:00
Todd C. Miller
fa71679b5a Add gmtime_r and localtime_r tests and compat if missing. 2021-09-17 10:55:06 -06:00
Todd C. Miller
46d71c4360 Store milliseconds in the debug file timestamp. 
Sometime second granularity is not enough.
 2021-09-17 10:55:06 -06:00
Todd C. Miller
921bc1c697 Use the EVP digest routines instead of calling SHA2 functions directly. 
Avoids compiler warnings with OpenSSL 3.0.  EVP_MD_CTX_new() is
only available for OpenSSL 1.1 and higher--we will fall back to
sudo's SHA2 code if necessary.
 2021-09-17 10:55:06 -06:00
Todd C. Miller
38d884a62d Do not compile intercept code if --disable-intercept is specified. 2021-09-01 13:35:47 -06:00
Todd C. Miller
4bff82cab4 Fix random uuid generation, no need to convert between byte order. 
Also add regression test.
 2021-08-31 19:53:28 -06:00
Todd C. Miller
dcab17900b Add sudo_debug_register_v2() stub for fuzzing build. 2021-08-26 10:43:15 -06:00
Todd C. Miller
70aef0eb2d sudo_debug_register: add minfd argument to specify lowest fd number 
Use this in sudo_intercept.so to avoid allocating a low-numbered
fd which the shell reserves for use by scripts.
 2021-08-26 09:57:24 -06:00
Alexandru Ardelean
a12b15b436 lib: util: Makefile.in: use host CFLAGS and CPPFLAGS for mksig{name,list} 
When cross-build support was added for mkig{name,list} was added, the
CFLAGS and CPPFLAGS should have been updated to the HOSTCFLAGS/HOSTCPPFLAGS
vars.

In a cross-build scenario, some of these flags don't match what the
compiler can understand (because they may be architecture specific) and
may fail the build.

Using the HOSTCFLAGS/HOSTCPPFLAGS works and builds successfully.
Also the output binary works on the target.

This is in continuation of
- https://github.com/sudo-project/sudo/pull/104
- https://github.com/sudo-project/sudo/pull/109

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
 2021-08-25 15:24:21 +03:00
Todd C. Miller
d333f484ec Fix mksiglist and mksigname dependencies. 2021-08-19 10:30:02 -06:00
Todd C. Miller
b40f74cb24 Cross-build support for mksigname and mksiglist 
We must build these with the host C compiler but use the target
preprocessor to generate the output.
 2021-08-19 09:50:05 -06:00
Todd C. Miller
ef91b90ad6 Sync siglist.in with the generated files. 
The change to prefer SIGSYS over SIGUNUSED wasn't made to siglist.in.
Also, mksigname.c doesn't need to explicitly set sudo_sys_signame[0].
 2021-08-10 19:55:28 -06:00
Todd C. Miller
6287e8ca7d Add support for loading the sudo_intercept.so DSO. 2021-08-09 15:50:25 -06:00
Todd C. Miller
cc3b4ffb04 Remove vsyslog(3) emulation, it is no longer used. 2021-06-14 13:11:39 -06:00
Todd C. Miller
c5247845ac Add NSS_TRYAGAIN and correct buflen in struct nss_XbyY_buf_t. 
Add some function argument names.  Also use struct nss_db_state *
instead of void * in nss_db_root_t.  We don't define struct
nss_db_state but since it is a pointer all we need is a forward
declaration.
 2021-06-08 14:25:02 -06:00
Todd C. Miller
b913a832e8 Make sure we link with libsudo_util *after* libfuzzstub. 
This only affects builds with a static libsudo_util.
Also fix a warning on HP-UX about main not being public.
 2021-06-07 15:53:57 -06:00
Todd C. Miller
dfaa9b95f1 Add getgids utility to simular "id -G" using sudo_getgrouplist2() 2021-06-07 14:18:09 -06:00
Todd C. Miller
3104d8ba0b Make sure we don't read or write past the end of the group buffer. 
We need to leave room for the terminating NULL in gr_mem.
It is possible for gbm->numgids > gbm->maxgids if we ran out of room.
 2021-06-07 13:08:10 -06:00
Todd C. Miller
4b73c98c06 Add some debugging to sudo_getgrouplist2(). 2021-06-04 11:28:48 -06:00
Todd C. Miller
468e9c7f48 Awful hack to pass on macOS where group_source=dynamic by default. 2021-05-04 13:58:29 -06:00
Todd C. Miller
9077daee93 Avoid clobbering errno in warning(). 2021-05-01 11:35:19 -06:00
Todd C. Miller
ac878d3e27 Quiet clang analyzer false positive in regress tests. 2021-04-27 15:56:24 -06:00
Todd C. Miller
2db9e64214 Move reference-counted string code from sudoers to libsudo_util. 
It will be used by sudo_logsrvd too.
 2021-04-06 14:44:19 -06:00
Todd C. Miller
d4517e0a1c Move autoconf auxiliary files to the scripts directory. 2021-04-06 14:23:38 -06:00
Todd C. Miller
dfff132122 Add a new "fuzz" target that executes the fuzzers for 8192 runs each. 
To run indefinately, set FUZZ_RUNS=-1, e.g. "make FUZZ_RUNS=-1 fuzz"
 2021-03-18 16:48:19 -06:00
Todd C. Miller
6eff3b313b Move corpus files to a seed subdirectory. 2021-03-18 15:28:29 -06:00
Todd C. Miller
95bfd65fec Flush stdout before successful return from LLVMFuzzerTestOneInput(). 
Fixes a problem with diag lines from libFuzzer being interspersed
with test output.
 2021-03-18 13:08:30 -06:00