isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
12,003 Commits 1 Branch 0 Tags
f5488d733d0010dfc3231560e00e5e65a7ad9c03
Commit Graph

3447 Commits

Author SHA1 Message Date
Todd C. Miller
f5488d733d Fix potential crash introduced in the fix for GitHub issue #134. 
If a user's sudoers entry did not have any RunAs user's set, running
"sudo -U otheruser -l" would dereference a NULL pointer.  We need
to compare the default RunAs user if the sudoers entry does not
specify one explicitly.  Problem reported by Andreas Mueller who
also suggested a different solution in PR #219.
 2022-12-07 10:25:00 -07:00
Todd C. Miller
3df7b64d80 Fix failure in check targets when there is no UTF-8 C locale. 2022-12-06 16:26:34 -07:00
Todd C. Miller
e707ffe58b Place C23 attributes before keywords in function declarations. 
In practice this means we must use "sudo_noreturn static foo(void)"
instead of "static sudo_noreturn foo(void)".
 2022-12-01 12:54:53 -07:00
modric
26cf125fb9 check_syntax(): Remove duplicate calls to init_defaults() 2022-11-24 09:42:05 +08:00
Todd C. Miller
46d286947e build_command_info: free command_info on failure. 
Once upon a time, command_info was a stack variable, now it is
dynamically allocated.  Coverity CID 299987.
 2022-11-22 17:26:24 -07:00
Todd C. Miller
eb4ae10ab4 Better handling of out-of-memory conditions. 2022-11-22 11:57:42 -07:00
Todd C. Miller
9fff5a5fae Keep group file open until the call to myendgrent(). 
This restores the previous behavior.
 2022-11-22 11:55:34 -07:00
Todd C. Miller
f066ff9e01 Eliminate a few harmless dead stores. 
Quiets warnings from Infer.
 2022-11-22 11:18:24 -07:00
Todd C. Miller
2f97da316e sudo_ldap_parse_option: add explicit NULL check for strchr(). 
This should not be needed since we only use the returned pointer
if it is larger than the string passed to strchr().
Quiets a warning from Infer.
 2022-11-22 11:17:30 -07:00
Todd C. Miller
a37ecb2666 sudo_ldap_result_add_entry: check sudo_ldap_get_values_len() return value. 
Previously, we just compared the error code with LDAP_NO_MEMORY
when checking for sudoOrder since this is the only error we care about.
We now return NULL for LDAP_NO_MEMORY and ignore other errors.
Quiets a warning from Infer.
 2022-11-22 11:05:26 -07:00
Todd C. Miller
1c9c7bd34a Refactor code to open passwd/group file and add setpassent/setgroupent. 
This makes the "stayopen" semantics match the system passwd/group
functions.  The getpwent/getgrent functions now open the database
if it is not already open.
 2022-11-22 08:45:14 -07:00
Todd C. Miller
4d7823e518 gram.h: #line directives should reference gram.h not y.tab.h. 2022-11-22 07:27:11 -07:00
Todd C. Miller
3396267291 Add a reminder to the default lecture that the password will not echo. 
This line is only displayed when the pwfeedback option is disabled.
GitHub issue #195.
 2022-11-21 09:48:50 -07:00
modric
cbdc4883d1 Fix some typos 2022-11-21 14:50:22 +08:00
Todd C. Miller
ad220d72d4 Merge pull request #200 from BornThisWay/fix_mem_leak_converse 
Fix memory leak of pass in converse().
 2022-11-17 08:16:40 -07:00
Todd C. Miller
b3834bbf24 sudo_passwd_cleanup: Set auth->data to NULL after freeing. 
GitHub issue #201
 2022-11-17 08:10:35 -07:00
modric
f5cae905ca Fix memory leak of pass in converse(). 2022-11-17 16:08:59 +08:00
Todd C. Miller
fe8e1f3d38 Fix typo; excerise -> exercise 2022-11-16 19:23:11 -07:00
Todd C. Miller
3ecfa025b8 sudo_debug_group_list: short-circuit if groups is NULL 2022-11-11 11:05:12 -07:00
Todd C. Miller
b8e9fc1b12 Add a regress check for the cvtsudoers filter crash. 
GitHub issue #198.
 2022-11-11 07:05:24 -07:00
Todd C. Miller
264326de57 Fix a potential use-after-free bug with cvtsudoers filtering. 
In role_to_sudoers() when merging a privilege to the previous one
where the runas lists are the same we need to re-use the runas lists
of the last command in the previous privilege, not the first.
Otherwise, the check in free_cmndspec() will not notice the re-used
runas lists.  Reported/analyzed by Sohom Datta.  GitHub issue #198.
 2022-11-10 14:55:56 -07:00
Todd C. Miller
5683fc6f7a The name of the C locale w/ UTF-8 support is not always C.UTF-8. 
Use a pattern to find it (if present) and use that value instead
of hard-coding C.UTF-8.  This works around a leak sanitizer crash
on certain inputs.
 2022-11-11 07:05:21 -07:00
Todd C. Miller
75008a0570 Copy some LDIF test data from the cvtsudoers tests to the seed corpus. 
This includes a test to exercise the fix in PR #196.
 2022-11-10 09:54:59 -07:00
Todd C. Miller
455f250ac5 Set LDAP base for sudoers_parse_ldif(). 
Without this set the fuzzer will not exercise the dn parsing.
 2022-11-10 09:34:44 -07:00
Todd C. Miller
0b1335f54e Use a consistent base when testing cvtsudoers conversion from ldif. 2022-11-09 13:00:48 -07:00
Todd C. Miller
8b898b2ca2 Test parsing LDIF when a backslash is the last char of the file. 
If run with address sanitizer, this test will crash when the fix
in ceaf706ab74b is reverted.
 2022-11-09 12:58:41 -07:00
Sohom
902271f441 [cvtsudoers]: Prevent sudo from reading into undefined memory 2022-11-09 23:46:39 +05:30
Todd C. Miller
9f948224ac sudo_passwd_verify: zero out des_pass before returning. 2022-11-08 13:17:11 -07:00
Todd C. Miller
7ec1ee0e5c bsdauth_verify: do not write to prompt, it is now const 2022-11-01 09:33:19 -06:00
Todd C. Miller
d242261dd4 Store raw sudoers lines in the debug log. 
Also add a "sudoerslex" prefix to the token debug info in
sudoers_trace_print().
 2022-11-01 09:32:14 -06:00
Todd C. Miller
966731311d The line numbers in sudoers_trace_print() were off by one. 
The line counter is incremented when a newline is seen so the output
actually refers to the previous line.
 2022-10-31 10:21:39 -06:00
Todd C. Miller
4da22b101e Make the second arg to the sudo auth verify function const. 
This may be either a plaintext password or a password prompt.
Either way it should not be modified by the verify function.
 2022-10-31 09:11:32 -06:00
Todd C. Miller
bd209b9f16 Fix CVE-2022-43995, potential heap overflow for passwords < 8 characters. 
Starting with sudo 1.8.0 the plaintext password buffer is dynamically
sized so it is not safe to assume that it is at least 9 bytes in size.
Found by Hugo Lefeuvre (University of Manchester) with ConfFuzz.
 2022-10-28 07:29:55 -06:00
Todd C. Miller
c78e78dc5e Move debugging info from hostname_matches() to host_matches(). 2022-10-29 11:39:05 -06:00
Todd C. Miller
6a3fb3fd73 Add debugging to sudo_set_grlist() and sudo_set_gidlist(). 2022-10-28 16:58:16 -06:00
Todd C. Miller
ebd285850d Sync clean target with other Makefile.in files. 2022-10-21 11:24:38 -06:00
Todd C. Miller
8087604e5a Build the sample plugin but do not install it by default. 
We no longer install the sample approval plugin.
 2022-10-21 09:12:11 -06:00
Todd C. Miller
45ea248335 Adapt to current plugin API and fix warnings. 2022-10-21 07:51:00 -06:00
Todd C. Miller
9b9404b6fa Disable admin_flag by setting to NULL, not false. 
Found by cppcheck.
 2022-10-20 13:45:36 -06:00
Todd C. Miller
e7db62f645 Don't NULL out the plugin close function when logging to a log server. 
If sudo calls execve(2) directly the accept info will not be sent.
We also need the sudo front-end to wait until the command finishes
to send the exit status.
 2022-10-19 17:05:36 -06:00
Todd C. Miller
5dbb8ac6e4 Updated translations from translationproject.org 2022-10-14 12:37:20 -06:00
Todd C. Miller
3b205bc412 Update .pot files for 1.9.12 2022-10-10 09:13:22 -06:00
Todd C. Miller
8d5e59c8a8 Update the description of intercept_verify 2022-10-10 09:12:47 -06:00
Todd C. Miller
57b5ff8e8c Avoid a -Wshadow warning on Solaris 9. 2022-10-07 11:00:17 -06:00
Todd C. Miller
af83e3c10f Fix display of command tags and options in "sudo -l" when RunAs changes. 
A new line is started when RunAs changes which means we need to display
the command tags and options again.  GitHub issue #184
 2022-10-06 16:29:54 -06:00
Todd C. Miller
6a0f7ccc41 Fix printing of MYSELF when listing another user's privileges. 
We need to use list_pw if it is set instead of user_name.
GitHub issue #183
 2022-10-06 15:02:09 -06:00
Todd C. Miller
2e2dd48bef Add test for matching a literal "" command line argument as "" in sudoers. 
GitHub issue #182.
 2022-10-05 10:10:31 -06:00
Todd C. Miller
fa952bfbb7 Add -I flag to disable editing include files unless there is an error. 
This can be used when you only want to edit a single sudoers file
unless there is a pre-existing syntax error.
 2022-10-04 16:11:45 -06:00
Todd C. Miller
575200e734 Do not match a literal "" command line argument as "" in sudoers. 
If the empty string is specified in sudoers, no user args are allowed.
GitHub issue #182.
 2022-10-04 13:37:32 -06:00
Todd C. Miller
3940020c94 sudo_secure_open_{file,dir}: always check thatreturn value is not -1. 
Avoids false positives from static analyzers that can't figure out
that the fd is always valid when error is SUDO_PATH_SECURE.
 2022-10-04 09:33:44 -06:00