isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
12,536 Commits 1 Branch 0 Tags
f6291bf83e434c44b51b47322a19d5c93f4eb956
Commit Graph

12536 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Todd C. Miller
0f69939d71 Add fallback for compilers without __builtin_clz/__builtin_clzl 2023-07-04 12:29:52 -06:00
Todd C. Miller
3a7ca0a834 sudo_pow2_roundup: fix 64-bit version when shifting 31 or more places 
Shift 1UL instead of 1 to avoid overflowing an int.
 2023-07-04 08:21:21 -06:00
Todd C. Miller
d900e7a933 Merge pull request #286 from AtariDreams/one-more 
Optimize sudo_pow2_roundup_v1
 2023-07-04 08:09:37 -06:00
Rose
8c3e4a33cd Optimize sudo_pow2_roundup_v1 
No need to call sudo_pow2_roundup_v2.
 2023-07-03 22:32:02 -04:00
Todd C. Miller
fa69ee5e1b Merge pull request #285 from AtariDreams/bug 
Remove comment about algorithm being from bit-twiddling hacks
 2023-07-03 20:26:20 -06:00
Rose
76d7aefb33 Remove comment about algorithm being from bit-twiddling hacks 
Said comment no longer applies.
 2023-07-03 22:24:55 -04:00
Todd C. Miller
f884514b30 Merge pull request #284 from AtariDreams/fix 
Fix fuzzing errors
 2023-07-03 20:21:11 -06:00
Rose
732110428e Fix fuzzing errors 
We should be checking for integer overflow, rather than checking if size is 0.

Additionally, we should set errno to ENOMEM when this overflow happens.

Finally, the most efficient implementation of the round-up-to-2 algorithm involves the clz intrinsic.
 2023-07-03 22:20:05 -04:00
Todd C. Miller
9266966ab9 Merge pull request #283 from AtariDreams/bug 
Fixed even more signedness and conversion issues
 2023-07-03 20:09:32 -06:00
Rose
cbed9daa46 Fixed even more signedness and conversion issues 
This should be the last of them.
 2023-07-03 22:07:35 -04:00
Todd C. Miller
f5eb1e0550 sudo_lbuf_expand: limit allocation to UINT_MAX 2023-07-03 19:46:37 -06:00
Todd C. Miller
d3dc70ab62 sudo_parseln: use sudo_pow2_roundup() instead of hand-rolling it. 2023-07-03 17:17:47 -06:00
Todd C. Miller
e95bd883d7 Promote length/size/offset in struct connection_buffer to size_t. 2023-07-03 17:02:24 -06:00
Todd C. Miller
56a431f7ea Make sudo_pow2_roundup() operate on size_t. 2023-07-03 16:51:05 -06:00
Todd C. Miller
b926df1df2 Make the debug subsystem unsigned. 
It was already unsigned in sudoers but not in the front-end or the
python plugin.  Making this consistent resolves a lot of -Wconversion
warnings.  Also clean up some other -Wconversion warnings in sudo_debug.c.
 2023-07-01 16:14:50 -06:00
Todd C. Miller
04c7e910ef Fix up indentation. 2023-07-01 16:03:33 -06:00
Todd C. Miller
575e4ab2fe Merge pull request #280 from AtariDreams/bug 
Mark functions not returning as sudo_noreturn
 2023-07-01 15:45:02 -06:00
Rose
45fdfa18f1 Mark functions not returning as sudo_noreturn 
We also put NOTREACHED where it applies.
 2023-07-01 17:40:16 -04:00
Todd C. Miller
97e574091a Avoid passing debug_return_size_t() a negative number. 2023-07-01 10:39:25 -06:00
Todd C. Miller
2a4939a1c5 Merge pull request #279 from AtariDreams/bison 
Regenerate toke.c using updated flex
 2023-07-01 10:23:40 -06:00
Rose
6ea68d208e Regenerate toke.c using updated flex 
Use the current version of flex to generate toke.c
 2023-07-01 11:47:04 -04:00
Todd C. Miller
5fbf431c42 Fix a few memory leaks in the tests. 2023-06-30 19:08:04 -06:00
Todd C. Miller
ac9b6c94d9 Add test for runas_check_shell and check_user_shell() 2023-06-30 10:43:39 -06:00
Todd C. Miller
bdc8a7f35e testsudoers: add -D and -R options to set cwd and chroot like sudo 2023-06-30 10:43:37 -06:00
Todd C. Miller
01ad570e24 Move check_user_* functions to check_util.c so testsudoers can use them. 2023-06-30 10:43:18 -06:00
Todd C. Miller
689efe3cdd testsudoers: make lbuf private to dump_sudoers() 
It is no longer used directly in main.
 2023-06-29 20:17:22 -06:00
Todd C. Miller
260c2fb835 testsudoers: display "Parse error" if there was a parse error. 
Previously, we just printed "Command unmatched" which makes it
harder to see that an error occurred.
 2023-06-29 20:10:15 -06:00
Todd C. Miller
6a21aec0a6 testsudoers: use allowed/denied/unmatched instead of just matched/unmatched 
This makes it possible to tell whether an entry was rejected due
to a negative match (explicitly denied) as opposed to a non-match.
Also fixes a bug where the runas status was only printed for positive
matches.
 2023-06-29 20:02:32 -06:00
Todd C. Miller
fd25bfc892 testsudoers: use sudoers_lookup() instead of a custom loop. 2023-06-29 17:31:55 -06:00
Todd C. Miller
e025cca440 Add callbacks to sudoers_lookup() so we can use it in testsudoers. 
Also pass in the time to be used for NOTBEFORE/NOTAFTER checks.
 2023-06-29 17:30:39 -06:00
Todd C. Miller
41b82006de Merge pull request #278 from AtariDreams/types 
Avoid compiler casting warnings Part 2
 2023-06-29 12:26:07 -06:00
Todd C. Miller
1c7a20d744 check_user_runcwd: only allow sudo's -D option if sudoers specifies a runcwd. 
Previously, the user could specify the runas user's home dir for
"sudo -i" or the user's existing cwd when -i is not specified.
This behavior was never documented and is inconsistent with how
the -R option is handled.
 2023-06-29 11:24:04 -06:00
Todd C. Miller
2c1a473ddc testsudoers: add support for NOTBEFORE and NOTAFTER 
Also adds -T option to set the value of "now".
 2023-06-29 11:13:01 -06:00
Rose
22079c3072 Avoid compiler casting warnings Part 2 
This saves instructions that are related to casting as well as compiler warnings.
 2023-06-29 13:10:27 -04:00
Todd C. Miller
f2a274b061 Rename parse.c -> lookup.c now that it only contains sudoers_lookup. 2023-06-29 10:52:44 -06:00
Todd C. Miller
8b640329d3 Split display_privs() and display_cmnd() out of parse.c into display.c 2023-06-29 10:31:09 -06:00
Todd C. Miller
1ba61cd13a No need to round up to page size with sudo_mmap_alloc(). 2023-06-29 10:17:39 -06:00
Todd C. Miller
f437c66a2a Merge pull request #265 from AtariDreams/types 
Avoid compiler casting warnings by assigning to variables of the same type where possible
 2023-06-29 10:06:30 -06:00
Todd C. Miller
e0238ab210 Merge pull request #277 from AtariDreams/debug_return_int(1); 
We should be returning 0, not 1, when logservd finishes without errors
 2023-06-29 09:50:20 -06:00
Rose
2c13d7130c We should be returning 0, not 1, when logservd finishes without errors 
1 is for failure, 0 is for no failure, and this does not look like a failure.
 2023-06-28 17:27:13 -04:00
Rose
e54ba33ea0 Avoid compiler casting warnings by assigning to the same type where possible 
This saves instructions that are related to casting as well as compiler warnings.
 2023-06-28 17:25:26 -04:00
Todd C. Miller
a0b074cc9c Fix undefined symbol on macOS for intercept mode and log_subcmds. 
macOS does not support direct access to the environ pointer from a
shared object.  We need to redirect through _NSGetEnviron() instead.
Fixes GitHub issue #276.
 2023-06-28 10:59:26 -06:00
Todd C. Miller
e7d4c05ace check_user_runcwd: allow -D option if it matches the cwd in sudoers 
Previously, check_user_runcwd() would return true if the runcwd
matched the user's cwd, even if sudoers specified a different one.
The user-specified runcwd was ignored but it is better to error out
in this case.  It is now also possible to use "sudo -D" with the
directory specified in sudoers.
 2023-06-28 09:59:33 -06:00
Todd C. Miller
a2a87323eb Merge pull request #275 from AtariDreams/emergency 
Set command_info to NULL once it is freed
 2023-06-26 13:52:48 -06:00
Rose
0bb41ed82a Set command_info to NULL once it is freed 
The lack of setting to NULL is a holdover from when command_info was a local variable and not a global one. However, we given how other global variables are set to NULL, it is best that we do the same here to avoid potential issues should sudoers_policy_store_result be called again after the first time failed, otherwise we could get a double-free.
 2023-06-26 15:08:51 -04:00
Todd C. Miller
676066e2aa Merge pull request #274 from bin-ly/main 
Modify the is_script function for match_command.c
 2023-06-25 07:55:54 -06:00
binlingyu
f8a45e8a54 Modify the is_script function for match_command.c 2023-06-25 11:15:17 +08:00
Todd C. Miller
7fb98a9a33 Mention C99 requirement. 2023-06-21 07:56:17 -06:00
Todd C. Miller
e0ee845dfc Reference SETENV-related settings in the command environment section. 
Based on GitHub PR #273 from Ilya Kulakov.
 2023-06-20 15:12:43 -06:00
Todd C. Miller
733d5291b4 Sudo requires a C99 compiler due to the use of flexible array members. 2023-06-20 13:39:10 -06:00