isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
12,819 Commits 1 Branch 0 Tags
ecdf0c80f36e971f3090c495377b03a11931816c
Commit Graph

12819 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Todd C. Miller
d1625f9c83 Only allow the user to specify -D or -R for the special "*" value. 
The sudoers file must now explicitly allow the user to specify a
directory (sudo -D) or chroot (sudo -R) by setting cwd or chroot
to "*".  If a specific cwd or chroot value is set in sudoers, the
user may not use the -D or -R options, even if they match the value
in sudoers.
 2023-07-10 14:30:40 -06:00
Todd C. Miller
44cfa9e132 Add restrict keyword to sudo_printf_t in plugin docs. 2023-07-10 14:30:39 -06:00
Todd C. Miller
db6baf2caf Convert sudo_debug_enter and sudo_debug_exit into macros. 
In most cases, these simply expand to a call to sudo_debug_printf2().
We need to keep the function versions around in libsudo_util for
backwards compatibility.
 2023-07-10 14:30:38 -06:00
Todd C. Miller
2d12a41940 Fix sudo_debug_exit_uint_v1 declaration for fuzzers. 2023-07-10 11:27:28 -06:00
Todd C. Miller
eff4e1c0c5 Add missing sudo_debug_exit_uint_v1 stub for fuzzers. 2023-07-10 11:23:06 -06:00
Todd C. Miller
dbb95ad214 sudo frontend: make more bit flags unsigned. 2023-07-10 11:06:34 -06:00
Todd C. Miller
cbcb1d2506 sudoers plugin: make more bit flags unsigned. 2023-07-10 11:06:23 -06:00
Todd C. Miller
4f097eebd3 libsudo_util: make more bit flags unsigned. 2023-07-10 11:06:04 -06:00
Todd C. Miller
9f7128fe83 parse_timeout: move overflow check to the correct location 
It was not covering all cases in its original location.
Fixes oss-fuzz issue 60454 with fuzz_sudoers.
 2023-07-08 10:16:35 -06:00
Todd C. Miller
fc02df111c Merge pull request #287 from AtariDreams/restrict 
Give every printf-like function restrict qualifiers
 2023-07-07 19:48:05 -06:00
Rose
5d758264ab Give every printf-like function restrict qualifiers 
The format value has to be a string literal, every time.

Otherwise, you are not using these functions correctly. To reinforce this fact, I putrestrict over every non-contrib example of this I could find.
 2023-07-07 20:23:20 -04:00
Todd C. Miller
92860c717d struct exec_closure: make rows and cols int, not short 
There's no real space saved by using short and using int avoids a
few casts.
 2023-07-07 15:42:53 -06:00
Todd C. Miller
548e3e3125 testsudoers: avoid extern definitions where possible 2023-07-07 15:23:54 -06:00
Todd C. Miller
32f4b98f6b sudo frontend: silence most -Wconversion warnings. 2023-07-07 15:07:04 -06:00
Todd C. Miller
0c85f10c80 python plugin: silence -Wconversion warnings. 2023-07-07 15:07:04 -06:00
Todd C. Miller
a38b714667 sudoers plugin: silence most -Wconversion warnings. 2023-07-07 15:07:04 -06:00
Todd C. Miller
4891f37a45 sudo_logsrvd: silence most -Wconversion warnings. 2023-07-07 15:07:04 -06:00
Todd C. Miller
6734a99f8a libiolog: silence -Wconversion warnings. 2023-07-07 15:07:04 -06:00
Todd C. Miller
e93913e2bb libfuzzstub: silence -Wconversion warnings. 2023-07-07 15:07:04 -06:00
Todd C. Miller
c95423a8f9 libevent: silence -Wconversion warnings. 2023-07-07 15:07:04 -06:00
Todd C. Miller
5768d374cc libsudo_util: silence most -Wconversion warnings. 2023-07-07 15:07:04 -06:00
Todd C. Miller
f7801f2160 Add configure check for restrict keyword. 2023-07-07 15:06:53 -06:00
Todd C. Miller
0205f6fc75 sudoers_check_common: remove extraneous return statement. 2023-07-07 14:54:10 -06:00
Todd C. Miller
bced0a7786 Make the remaining instances of digest_type unsigned. 2023-07-06 08:01:15 -06:00
Todd C. Miller
43e914a5d3 Copy, don't append group ID in fill_group() and fill_runas_group() 
This only affects the case where a group ID cannot be resolved.
 2023-07-05 11:49:07 -06:00
Todd C. Miller
17c09dfd27 Remove regress corpus directories correctly 2023-07-05 10:51:23 -06:00
Todd C. Miller
2d1b3c369f Change sudo_strtomode() to return mode_t. 2023-07-05 09:54:22 -06:00
Todd C. Miller
2848dddd87 Rename print_usage() to display_usage() 2023-07-04 19:48:41 -06:00
Todd C. Miller
f6d1542416 Move display of usage text into display_usage() so usage() always exits. 2023-07-04 19:47:28 -06:00
Todd C. Miller
1f0f6b7c78 Fix some indentation. 2023-07-04 18:03:47 -06:00
Todd C. Miller
fd061e4d69 Include testsudoers_pwutil.h for testsudoers_pwutil.c prototypes. 2023-07-04 16:24:48 -06:00
Todd C. Miller
f1d9063477 Fix wrapping of libc getpwnam/getpwuid/getgrnam/getgrgid on NetBSD. 2023-07-04 14:14:07 -06:00
Todd C. Miller
bfb6132d9c Add configure tests for __builtin_clz/__builtin_clzl 2023-07-04 12:39:31 -06:00
Todd C. Miller
0f69939d71 Add fallback for compilers without __builtin_clz/__builtin_clzl 2023-07-04 12:29:52 -06:00
Todd C. Miller
3a7ca0a834 sudo_pow2_roundup: fix 64-bit version when shifting 31 or more places 
Shift 1UL instead of 1 to avoid overflowing an int.
 2023-07-04 08:21:21 -06:00
Todd C. Miller
d900e7a933 Merge pull request #286 from AtariDreams/one-more 
Optimize sudo_pow2_roundup_v1
 2023-07-04 08:09:37 -06:00
Rose
8c3e4a33cd Optimize sudo_pow2_roundup_v1 
No need to call sudo_pow2_roundup_v2.
 2023-07-03 22:32:02 -04:00
Todd C. Miller
fa69ee5e1b Merge pull request #285 from AtariDreams/bug 
Remove comment about algorithm being from bit-twiddling hacks
 2023-07-03 20:26:20 -06:00
Rose
76d7aefb33 Remove comment about algorithm being from bit-twiddling hacks 
Said comment no longer applies.
 2023-07-03 22:24:55 -04:00
Todd C. Miller
f884514b30 Merge pull request #284 from AtariDreams/fix 
Fix fuzzing errors
 2023-07-03 20:21:11 -06:00
Rose
732110428e Fix fuzzing errors 
We should be checking for integer overflow, rather than checking if size is 0.

Additionally, we should set errno to ENOMEM when this overflow happens.

Finally, the most efficient implementation of the round-up-to-2 algorithm involves the clz intrinsic.
 2023-07-03 22:20:05 -04:00
Todd C. Miller
9266966ab9 Merge pull request #283 from AtariDreams/bug 
Fixed even more signedness and conversion issues
 2023-07-03 20:09:32 -06:00
Rose
cbed9daa46 Fixed even more signedness and conversion issues 
This should be the last of them.
 2023-07-03 22:07:35 -04:00
Todd C. Miller
f5eb1e0550 sudo_lbuf_expand: limit allocation to UINT_MAX 2023-07-03 19:46:37 -06:00
Todd C. Miller
d3dc70ab62 sudo_parseln: use sudo_pow2_roundup() instead of hand-rolling it. 2023-07-03 17:17:47 -06:00
Todd C. Miller
e95bd883d7 Promote length/size/offset in struct connection_buffer to size_t. 2023-07-03 17:02:24 -06:00
Todd C. Miller
56a431f7ea Make sudo_pow2_roundup() operate on size_t. 2023-07-03 16:51:05 -06:00
Todd C. Miller
b926df1df2 Make the debug subsystem unsigned. 
It was already unsigned in sudoers but not in the front-end or the
python plugin.  Making this consistent resolves a lot of -Wconversion
warnings.  Also clean up some other -Wconversion warnings in sudo_debug.c.
 2023-07-01 16:14:50 -06:00
Todd C. Miller
04c7e910ef Fix up indentation. 2023-07-01 16:03:33 -06:00
Todd C. Miller
575e4ab2fe Merge pull request #280 from AtariDreams/bug 
Mark functions not returning as sudo_noreturn
 2023-07-01 15:45:02 -06:00