isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
12,018 Commits 1 Branch 0 Tags
f0530b66d31282d5ff18f03377d25592e36f43a9
Commit Graph

777 Commits

Author SHA1 Message Date
Todd C. Miller
fccf3c9c56 Add sudo_mmap_{alloc,allocarrary,strdup,free} functions. 
These allocate memory via mmap anonymous regions and store the mapped
size immediately before the returned pointer as an unsigned long.
They are intended to be used in cases where malloc(3) and free(3)
are unsuitable due to concerns about corrupting global state in
multi-threaded programs or signal handlers.
 2022-07-25 15:08:11 -06:00
Todd C. Miller
e5652fc65a Linux execve(2) allows argv or envp to be NULL. 
Add checks to make sure we don't deference a NULL pointer.
 2022-07-14 09:29:40 -06:00
Todd C. Miller
f6e4d2765a Add explicit include of unistd.h for getopt(3) and related variables. 2022-07-05 11:35:25 -06:00
Todd C. Miller
42c6d9fb50 In timegm() initialize tm_isdst to 0 like tzcode does. 2022-07-01 14:23:28 -06:00
Todd C. Miller
3badff39ca Define _LARGEFILE64_SOURCE if _FILE_OFFSET_BITS == 64. 
Fixes a -Wwrite-strings warning on 32-bit systems.
 2022-06-29 16:59:50 -06:00
Todd C. Miller
50813f8160 Quiet another -Wwrite-strings warning. 2022-06-29 16:41:11 -06:00
Todd C. Miller
bfc6249902 Fix a clang analyzer 14 warning about a possible NULL deref. 2022-06-29 11:18:16 -06:00
Todd C. Miller
5f534979ef Regenerate dependencies 2022-06-29 10:18:56 -06:00
Todd C. Miller
3e21c8da5c Add missing PVS Studio Open Source comments. 
Also avoid checking protobuf-c source and protobuf-c generated files.
 2022-06-29 09:45:04 -06:00
Todd C. Miller
e5834bd405 Use #include <config.h> not #include "config.h" for consistency. 
Otherwise, some compilers may do the wrong thing in a build
dir if there is a config.h file in the source dir too.
 2022-06-29 08:47:16 -06:00
Todd C. Miller
13672f28df Make sudo pass -Wwrite-strings 2022-06-28 16:33:15 -06:00
Todd C. Miller
89666e7c37 Define _LFS64_LARGEFILE, _LARGEFILE64_SOURCE if 64-bit or _LARGE_FILES set. 
autoconf does not define _LARGEFILE64_SOURCE by default but zlib
expects it (its own configure script will define it).
Fixes a missing prototype for crc32_combine_gen64() on AIX and HP-UX.
 2022-06-27 13:02:13 -06:00
Todd C. Miller
f5ac1317c4 Make sudo pass -Wmissing-prototypes 2022-06-27 12:48:03 -06:00
Todd C. Miller
5787da7b21 Quiet a compiler warning on macOS. 
The getgrouplist() groups array on macOS is int * instead of gid_t *.
 2022-06-13 14:59:00 -06:00
Todd C. Miller
b6a6451482 Fix regression with zero-length messages introduced in protobuf-c PR 500. 2022-06-09 07:34:55 -06:00
Todd C. Miller
e4ea5ad8af Only shift unsigned values to avoid implementation-specific behavior. 
This converts the arithmetic shifts to logical shifts.
 2022-06-06 20:15:37 -06:00
Todd C. Miller
263fdc6b06 Fix issue protobuf-c#499: unsigned integer overflow 
Signed-off-by: 10054172 <hui.zhang@thalesgroup.com>
 2022-06-06 20:15:03 -06:00
Todd C. Miller
b77cbb2e67 Fix building with select (not poll) when fd_set is not defined in sys/types.h. 
We can use a void * for the fd_set arrays and just add a cast when
using the FD_SET macros.
 2022-06-06 19:42:29 -06:00
Todd C. Miller
ac06fb7f29 Define WORDS_BIGENDIAN on big endian systems. 
Instead of a configure check, we use endian.h (or a fallback).
 2022-06-03 12:51:21 -06:00
Todd C. Miller
71c07579ba Update to protobuf-c 1.4.0 2022-06-03 12:50:31 -06:00
Todd C. Miller
51b64780c0 Plug a memory leak. 2022-06-01 15:24:28 -06:00
Todd C. Miller
583e8bf538 Use explicit library dependencies instead of implicit. 
We now include all the dependent libraries when linking.
Fixes a linking problem on CentOS Stream 9.
 2022-05-19 17:01:14 -06:00
Todd C. Miller
dcb2fb26a5 Rename SSP_(C|LD)FLAGS -> HARDENING_(C|LD)FLAGS 2022-04-01 11:14:59 -06:00
Todd C. Miller
5c0436f0b3 Update embedded copy of zlib to version 1.2.12. 
Fixes CVE-2018-25032
 2022-03-28 08:51:41 -06:00
Todd C. Miller
de47380350 Block SIGCHLD when forking the mailer. 
Otherwise, it may be picked up by the signal handler instead of our
waitpid(2) call.
Don't warn if waitpid() returns 0 in a SIGCHLD handler.
 2022-03-14 13:54:12 -06:00
Todd C. Miller
1f64aca229 Unset LANGUAGE when running tests, otherwise it may override LC_ALL. 
Bug #1025.
 2022-03-14 13:51:03 -06:00
Todd C. Miller
b2a32f95ee getdelim_test: increase longstr to check end pointer after realloc 
This would have caught the recent bug in our getdelim replacement
when run under address-sanitizer or valgrind.
 2022-03-11 09:03:55 -07:00
Todd C. Miller
c48c511e91 Correctly update the end pointer when we expand the buffer. 
From Robert Manner.
 2022-03-11 08:00:38 -07:00
Todd C. Miller
6ff33922f4 sudo_secure_path: pass the struct stat * argument directly to stat(2) 
Set the pointer to a struct stat on the stack if st is NULL.
Avoids a needless memcpy() at the end.
 2022-03-10 20:16:51 -07:00
Todd C. Miller
eb2803c3e9 For alert messages, the command or runuser may not be set. 
This fixes the logging of parse errors when JSON logging is enabled.
 2022-03-10 13:59:34 -07:00
Todd C. Miller
31ab2e2297 Plug a few test memory leaks now that they return from main(). 2022-03-08 13:34:38 -07:00
Todd C. Miller
346dce4358 Remove extra newline in sudo_warnx() calls. 2022-03-06 18:56:28 -07:00
Todd C. Miller
c131b27474 For 'make check-verbose' run fuzzers with -verbose=1 
This is the default for libFuzzer but not for the stub fuzzer lib.
 2022-03-03 10:45:56 -07:00
Todd C. Miller
cdee5d48da Add check-verbose Makefile target that runs tests in verbose mode. 2022-03-02 13:32:08 -07:00
Todd C. Miller
43cc80d795 Add -v option parsing to regress tests, currently a no-op. 
This will be used by a "check-verbose" target in the future.
 2022-03-02 11:09:51 -07:00
Todd C. Miller
75a0e51590 Add sudo_closefrom() regression test. 2022-03-01 11:31:19 -07:00
Todd C. Miller
f1a697a8ff Use close_range(2) in closefrom() emulation if available. 
On Linux, prefer our own closefrom() emulation since the glibc
version may fail if /proc is not present and close_range() is not
supported.  On FreeBSD, closefrom(3) will either call the closefrom
or close_range system call, depending on which is available.
 2022-03-01 09:54:23 -07:00
Todd C. Miller
c2bd52edf8 Allow test harness to be run from any directory. 
Also add missing copyright notice.
 2022-02-28 19:39:33 -07:00
Todd C. Miller
a4f847b1d6 Adapt test harness for lib/util and move to regress directory. 2022-02-28 19:23:41 -07:00
Todd C. Miller
a57e979962 Adapt test harness for lib/util and move to regress directory. 2022-02-28 14:15:43 -07:00
Todd C. Miller
6a84523671 Make fuzzer stub main() quiet by default. 
LLVM LibFuzzer displays the input and running time by default but
we don't care about that for the stub fuzzer library.
 2022-02-28 13:33:54 -07:00
Todd C. Miller
330b4e821b For alert messages it is possible for evlog to be NULL. 
Coverity CID 238641
 2022-02-23 20:55:46 -07:00
Todd C. Miller
eaf76278ec Fix compilation on systems without a real openat(2). 2022-02-22 14:13:15 -07:00
Todd C. Miller
41bc52302b Do not disable fuzzer output if SUDO_FUZZ_VERBOSE env variable is set. 2022-02-22 12:04:10 -07:00
Todd C. Miller
cadfbfedb9 Add tests for iolog filtering. 
This is the functionality used by the log_passwords and passprompt_regex
options.
 2022-02-18 09:40:40 -07:00
Todd C. Miller
b19bd98531 iolog_pwfilt_run: apply regex on ttyout even if we disabled filtering. 
The heuristic used to decide when to disable filtering is when we
see another ttyout buffer or find a cr or nl in the ttyin buffer.
However, we should also check the buffer that caused us to disable
filtering for a matching regex that would re-enable filtering.
Programs that prompt for a password twice might otherwise not have
the second password filtered.
 2022-02-18 09:14:35 -07:00
Todd C. Miller
274468d7d2 do_logfile_sudo: plug memory leak of full_line 
Coverity CID 249329
 2022-02-15 19:53:35 -07:00
Todd C. Miller
33f54c853b Limit regular expressions to 1024 characters each. 
Avoids a problem with the fuzzer creating large regular expressions
that blow up the glibc regcomp().
 2022-02-12 09:33:02 -07:00
Todd C. Miller
7c17f84a35 Add helper function to compile a regex that supports (?i). 2022-02-11 12:01:31 -07:00
Todd C. Miller
b6a2fcf59f iolog_pwfilt_run: fix types in error return 2022-02-10 09:43:33 -07:00