isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
12,018 Commits 1 Branch 0 Tags
f0530b66d31282d5ff18f03377d25592e36f43a9
Commit Graph

588 Commits

Author SHA1 Message Date
Todd C. Miller
fa71679b5a Add gmtime_r and localtime_r tests and compat if missing. 2021-09-17 10:55:06 -06:00
Todd C. Miller
46d71c4360 Store milliseconds in the debug file timestamp. 
Sometime second granularity is not enough.
 2021-09-17 10:55:06 -06:00
Todd C. Miller
921bc1c697 Use the EVP digest routines instead of calling SHA2 functions directly. 
Avoids compiler warnings with OpenSSL 3.0.  EVP_MD_CTX_new() is
only available for OpenSSL 1.1 and higher--we will fall back to
sudo's SHA2 code if necessary.
 2021-09-17 10:55:06 -06:00
Todd C. Miller
38d884a62d Do not compile intercept code if --disable-intercept is specified. 2021-09-01 13:35:47 -06:00
Todd C. Miller
4bff82cab4 Fix random uuid generation, no need to convert between byte order. 
Also add regression test.
 2021-08-31 19:53:28 -06:00
Todd C. Miller
dcab17900b Add sudo_debug_register_v2() stub for fuzzing build. 2021-08-26 10:43:15 -06:00
Todd C. Miller
70aef0eb2d sudo_debug_register: add minfd argument to specify lowest fd number 
Use this in sudo_intercept.so to avoid allocating a low-numbered
fd which the shell reserves for use by scripts.
 2021-08-26 09:57:24 -06:00
Alexandru Ardelean
a12b15b436 lib: util: Makefile.in: use host CFLAGS and CPPFLAGS for mksig{name,list} 
When cross-build support was added for mkig{name,list} was added, the
CFLAGS and CPPFLAGS should have been updated to the HOSTCFLAGS/HOSTCPPFLAGS
vars.

In a cross-build scenario, some of these flags don't match what the
compiler can understand (because they may be architecture specific) and
may fail the build.

Using the HOSTCFLAGS/HOSTCPPFLAGS works and builds successfully.
Also the output binary works on the target.

This is in continuation of
- https://github.com/sudo-project/sudo/pull/104
- https://github.com/sudo-project/sudo/pull/109

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
 2021-08-25 15:24:21 +03:00
Todd C. Miller
d333f484ec Fix mksiglist and mksigname dependencies. 2021-08-19 10:30:02 -06:00
Todd C. Miller
b40f74cb24 Cross-build support for mksigname and mksiglist 
We must build these with the host C compiler but use the target
preprocessor to generate the output.
 2021-08-19 09:50:05 -06:00
Todd C. Miller
ef91b90ad6 Sync siglist.in with the generated files. 
The change to prefer SIGSYS over SIGUNUSED wasn't made to siglist.in.
Also, mksigname.c doesn't need to explicitly set sudo_sys_signame[0].
 2021-08-10 19:55:28 -06:00
Todd C. Miller
6287e8ca7d Add support for loading the sudo_intercept.so DSO. 2021-08-09 15:50:25 -06:00
Todd C. Miller
cc3b4ffb04 Remove vsyslog(3) emulation, it is no longer used. 2021-06-14 13:11:39 -06:00
Todd C. Miller
c5247845ac Add NSS_TRYAGAIN and correct buflen in struct nss_XbyY_buf_t. 
Add some function argument names.  Also use struct nss_db_state *
instead of void * in nss_db_root_t.  We don't define struct
nss_db_state but since it is a pointer all we need is a forward
declaration.
 2021-06-08 14:25:02 -06:00
Todd C. Miller
b913a832e8 Make sure we link with libsudo_util *after* libfuzzstub. 
This only affects builds with a static libsudo_util.
Also fix a warning on HP-UX about main not being public.
 2021-06-07 15:53:57 -06:00
Todd C. Miller
dfaa9b95f1 Add getgids utility to simular "id -G" using sudo_getgrouplist2() 2021-06-07 14:18:09 -06:00
Todd C. Miller
3104d8ba0b Make sure we don't read or write past the end of the group buffer. 
We need to leave room for the terminating NULL in gr_mem.
It is possible for gbm->numgids > gbm->maxgids if we ran out of room.
 2021-06-07 13:08:10 -06:00
Todd C. Miller
4b73c98c06 Add some debugging to sudo_getgrouplist2(). 2021-06-04 11:28:48 -06:00
Todd C. Miller
468e9c7f48 Awful hack to pass on macOS where group_source=dynamic by default. 2021-05-04 13:58:29 -06:00
Todd C. Miller
9077daee93 Avoid clobbering errno in warning(). 2021-05-01 11:35:19 -06:00
Todd C. Miller
ac878d3e27 Quiet clang analyzer false positive in regress tests. 2021-04-27 15:56:24 -06:00
Todd C. Miller
2db9e64214 Move reference-counted string code from sudoers to libsudo_util. 
It will be used by sudo_logsrvd too.
 2021-04-06 14:44:19 -06:00
Todd C. Miller
d4517e0a1c Move autoconf auxiliary files to the scripts directory. 2021-04-06 14:23:38 -06:00
Todd C. Miller
dfff132122 Add a new "fuzz" target that executes the fuzzers for 8192 runs each. 
To run indefinately, set FUZZ_RUNS=-1, e.g. "make FUZZ_RUNS=-1 fuzz"
 2021-03-18 16:48:19 -06:00
Todd C. Miller
6eff3b313b Move corpus files to a seed subdirectory. 2021-03-18 15:28:29 -06:00
Todd C. Miller
95bfd65fec Flush stdout before successful return from LLVMFuzzerTestOneInput(). 
Fixes a problem with diag lines from libFuzzer being interspersed
with test output.
 2021-03-18 13:08:30 -06:00
Todd C. Miller
4c182c90f1 Rename "fuzz" makefile target to "check-fuzzer". 
It's purpose is to run the fuzzers are part of a normal "make check"
to avoid bit rot, not to perform a fuzzer run.
The fuzz_logsrvd_conf fuzzer was not wired up to "make check" previously.
 2021-03-18 09:08:16 -06:00
Todd C. Miller
d9d450292d Remove compatibility defines for POSIX sys/stat.h macros. 
Modern systems have them and we no longer support pre-POSIX systems.
This fixes potential redefinition of the macros if sys/stat.h is
included after sudo_compat.h.  Bug #968.
 2021-03-10 12:26:11 -07:00
Todd C. Miller
0cf7c3a951 Set locale for all "make check" targets. 2021-03-08 12:51:48 -07:00
Todd C. Miller
5ffa0ce053 Make "group_source=dynamic" the default on macOS. 
Recent versions of macOS do not reliably return all of a user's
non-local groups via getgroups(2), even when _DARWIN_UNLIMITED_GETGROUPS
is defined.  Bug #946.
 2021-03-02 14:09:31 -07:00
Todd C. Miller
9bbf120bd8 For regess/fuzz set LC_ALL to C.UTF-8 if possible, falling back on C. 
Works around a crash in leak sanitizer when the locale is set to C
and TLS support is enabled.
 2021-03-02 13:40:23 -07:00
Todd C. Miller
7f27b04616 In sudo_lbuf_destroy(), reset error, len and size. 2021-03-01 16:05:51 -07:00
Todd C. Miller
79dbf9f17e Disable debug code for FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION 
It will not be used and just confuses the coverage stats.
 2021-02-28 19:52:03 -07:00
Todd C. Miller
1ae4c1bf67 Remove fuzzer targets in "make clean" 2021-02-24 15:25:44 -07:00
Todd C. Miller
a3f38fac0c Set program name in fuzzers so we get consisten warnings. 2021-02-24 15:14:58 -07:00
Todd C. Miller
03e610dab5 Strings in dictionary files need to be quoted. 2021-02-23 12:38:02 -07:00
Todd C. Miller
081e219e23 Add dictionary files for fuzzers where possible. 2021-02-23 11:28:47 -07:00
Todd C. Miller
387169ac67 Add support on AIX for loading plugins that are .a (not .so) files. 
It is possible to specify the member name in parens after the path,
e.g. sudoers.a(shr.o) for 32-bit or sudoers.a(shr_64.o) for 64-bit.
If no member is specified in the path and dlopen() fails with ENOEXEC,
try again with an explicit member, either shr.o or shr_64.o.
 2021-02-19 11:03:26 -07:00
Todd C. Miller
14c71eaa86 Add clean rules to .PHONY target. 2021-02-19 08:54:04 -07:00
Todd C. Miller
9f1e016cde Add install-fuzz Makefile target to install the fuzzers and seed corpus. 
The FUZZ_DESTDIR make variable needs to be set in the environment
or on the command line.
 2021-02-18 19:38:54 -07:00
Todd C. Miller
a7e2dd15e1 Test the error case by closing the underlying fd. 
Note that we don't use ferror() here since our getdelim() has no
way to set the error flag if there is a memory allocation error.
 2021-02-18 13:15:35 -07:00
Todd C. Miller
db70a70d07 Test the case where getdelim() must reallocate the buffer. 
Reproduces Bug #960.
 2021-02-18 10:42:04 -07:00
Todd C. Miller
75004b7059 Reset end pointer when reallocing the line buffer in getdelim(). 
Fixes excessive memory allocations for long lines.  Bug #960.
 2021-02-17 16:46:02 -07:00
Todd C. Miller
a18b2a9ddf Limit max_groups in sudo.conf to 1024. 
The max_groups setting should no longer be needed anyway.
 2021-02-16 12:37:23 -07:00
Todd C. Miller
25f50e2f07 Add simple fuzzer for sudo.conf parser. 2021-02-15 13:17:26 -07:00
Todd C. Miller
a9f204aef8 regen 2021-02-12 15:31:26 -07:00
Todd C. Miller
0663ffbc3f Use sudo_basename() instead of doing the equivalent manually. 2021-02-10 15:14:08 -07:00
Todd C. Miller
41fa461fe1 Add a GNU-compatible version of basename(3). 
Unlike POSIX basename(3), the GNU variant does not modify its argument.
Note that basename of a path ending in "/" returns an empty string.
 2021-02-10 14:26:26 -07:00
Todd C. Miller
63a3f62547 Add fuzz Makefile target and run fuzzer corpus in make check. 2021-02-08 04:56:17 -07:00
Todd C. Miller
eec4f42366 Allow getprogname() to succeed as long as __progname is present. 
Also simplify the progname code so we only need a single implementation.
 2021-02-02 11:20:53 -07:00