]> granicus.if.org Git - sudo/log
sudo
8 years agoFix fd leak in sudo_edit_open_nonwritable() if dir_is_writable()
Todd C. Miller [Sat, 7 May 2016 11:07:38 +0000 (05:07 -0600)]
Fix fd leak in sudo_edit_open_nonwritable() if dir_is_writable()
returns an error.  Coverity CID 104113.

8 years agoFix memory leak of sesh_args in selinux_edit_copy_tfiles().
Todd C. Miller [Sat, 7 May 2016 11:05:30 +0000 (05:05 -0600)]
Fix memory leak of sesh_args in selinux_edit_copy_tfiles().
Coverity CID 104112.

8 years agoFix memory leak in get_editor() if resolve_editor() fails with
Todd C. Miller [Sat, 7 May 2016 10:59:56 +0000 (04:59 -0600)]
Fix memory leak in get_editor() if resolve_editor() fails with
an error.  Coverity CID 104107.

8 years agoFix memory leak on error if sudo_new_key_val() fails.
Todd C. Miller [Sat, 7 May 2016 10:57:11 +0000 (04:57 -0600)]
Fix memory leak on error if sudo_new_key_val() fails.
Coverity CID 104103.

8 years agoIgnore the return value of the initial sudoersparse(), before
Todd C. Miller [Sat, 7 May 2016 10:52:21 +0000 (04:52 -0600)]
Ignore the return value of the initial sudoersparse(), before
we have actually edited any files.  Coverity CID 104078.

8 years agoIgnore the result of send() on exec error, if it fails the other
Todd C. Miller [Sat, 7 May 2016 10:47:12 +0000 (04:47 -0600)]
Ignore the result of send() on exec error, if it fails the other
end of the pipe is gone and we are headed for exit.
Coverity CID 104066.

8 years agoIn fill_args() clean up properly if there is an internal overflow
Todd C. Miller [Sat, 7 May 2016 10:37:55 +0000 (04:37 -0600)]
In fill_args() clean up properly if there is an internal overflow
(which should not be possible).  Coverity CID 104569.

8 years agoFix logic inversion in sudoers_gc_remove(), currently unused.
Todd C. Miller [Sat, 7 May 2016 10:33:45 +0000 (04:33 -0600)]
Fix logic inversion in sudoers_gc_remove(), currently unused.
Coverity CID 104568

8 years agoIn io_mkdirs(), change the order from stat then mkdir, to mkdir then stat.
Todd C. Miller [Fri, 6 May 2016 22:42:42 +0000 (16:42 -0600)]
In io_mkdirs(), change the order from stat then mkdir, to mkdir then stat.
This more closely matches what "mkdir -p" does.
Coverity CID 104120.

8 years agoIn ts_mkdirs(), change the order from stat then mkdir, to mkdir then stat.
Todd C. Miller [Fri, 6 May 2016 22:37:20 +0000 (16:37 -0600)]
In ts_mkdirs(), change the order from stat then mkdir, to mkdir then stat.
This more closely matches what "mkdir -p" does.
Coverity CID 104119.

8 years agoNewer versions of Ubuntu have switched from using the "admin" group
Todd C. Miller [Fri, 6 May 2016 20:30:46 +0000 (14:30 -0600)]
Newer versions of Ubuntu have switched from using the "admin" group
to the "sudo" group to align with Debian.  create_admin_success_flag()
now accepts either one.
https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/1387347

8 years agoCast off_t printed via printf(3) instead of assuming it is long long.
Todd C. Miller [Fri, 6 May 2016 20:17:32 +0000 (14:17 -0600)]
Cast off_t printed via printf(3) instead of assuming it is long long.

8 years agoInstead of using stat(2) to see if the admin flag file exists and
Todd C. Miller [Fri, 6 May 2016 20:12:08 +0000 (14:12 -0600)]
Instead of using stat(2) to see if the admin flag file exists and
creating it if not, just try to create the file and treat EEXIST
as a non-error.  Coverity CID 104121.

8 years agoREADME file for the sample plugin that tells the user how to build,
Todd C. Miller [Fri, 6 May 2016 17:30:02 +0000 (11:30 -0600)]
README file for the sample plugin that tells the user how to build,
install and enable it.

8 years agoFix compilation error and export sample_policy struct.
Todd C. Miller [Fri, 6 May 2016 17:12:45 +0000 (11:12 -0600)]
Fix compilation error and export sample_policy struct.
From Michael Evans

8 years agoUpdate for 1.8.17
Todd C. Miller [Fri, 6 May 2016 15:44:52 +0000 (09:44 -0600)]
Update for 1.8.17

8 years agoSudo 1.8.17
Todd C. Miller [Fri, 6 May 2016 15:28:42 +0000 (09:28 -0600)]
Sudo 1.8.17

8 years agoCheck return value of restore_perms() in vlog_warning().
Todd C. Miller [Fri, 6 May 2016 15:26:45 +0000 (09:26 -0600)]
Check return value of restore_perms() in vlog_warning().
Coverity CID 104079.

8 years agoFix memory leaks in resolve_editor() in the error path.
Todd C. Miller [Fri, 6 May 2016 15:23:22 +0000 (09:23 -0600)]
Fix memory leaks in resolve_editor() in the error path.
Coverity CID 104109, 104110

8 years agoFix memory leak of gid_list in sudoers_policy_exec_setup() in the
Todd C. Miller [Fri, 6 May 2016 15:17:14 +0000 (09:17 -0600)]
Fix memory leak of gid_list in sudoers_policy_exec_setup() in the
error path.  Coverity CID 104111.

8 years agoFix fd leak in do_logfile() if we fail to lock the log file.
Todd C. Miller [Fri, 6 May 2016 15:12:39 +0000 (09:12 -0600)]
Fix fd leak in do_logfile() if we fail to lock the log file.
Coverity CID 104115.

8 years agoFix memory leak of sss_result in sudo_sss_lookup()
Todd C. Miller [Fri, 6 May 2016 14:22:03 +0000 (08:22 -0600)]
Fix memory leak of sss_result in sudo_sss_lookup()
Coverity CID 104106

8 years agoFix fd leak in open_io_fd() if gzdopen/fdopen fails.
Todd C. Miller [Fri, 6 May 2016 14:11:34 +0000 (08:11 -0600)]
Fix fd leak in open_io_fd() if gzdopen/fdopen fails.
Coverity CID 104105

8 years agoFix fd leak in io_nextid() in error path.
Todd C. Miller [Fri, 6 May 2016 14:07:40 +0000 (08:07 -0600)]
Fix fd leak in io_nextid() in error path.
Coverity CID 104104

8 years agoCheck lseek() return value.
Todd C. Miller [Thu, 5 May 2016 22:46:25 +0000 (16:46 -0600)]
Check lseek() return value.
Coverity CID 104061.

8 years agoIgnore ts_write() return value when disabling an entry with a bogus
Todd C. Miller [Thu, 5 May 2016 22:30:11 +0000 (16:30 -0600)]
Ignore ts_write() return value when disabling an entry with a bogus
timestamp.  We ignore the timestamp entry even it doesn't succeed.
Coverity CID 104062.

8 years agoCast the return value of fcntl() to void when setting FD_CLOEXEC.
Todd C. Miller [Thu, 5 May 2016 22:16:24 +0000 (16:16 -0600)]
Cast the return value of fcntl() to void when setting FD_CLOEXEC.
Coverity CID 104063, 104064, 104069, 104070, 104071, 104072, 104073, 104074

8 years agoCast the return value of fcntl() to void when setting FD_CLOEXEC.
Todd C. Miller [Thu, 5 May 2016 22:09:51 +0000 (16:09 -0600)]
Cast the return value of fcntl() to void when setting FD_CLOEXEC.
Coverity CID 104075, 104076, 104077.

8 years agoAvoid a false positive. Coverity CID 104056.
Todd C. Miller [Thu, 5 May 2016 21:54:06 +0000 (15:54 -0600)]
Avoid a false positive.  Coverity CID 104056.

8 years agoAvoid calling fclose(NULL) on error in export_sudoers().
Todd C. Miller [Thu, 5 May 2016 21:14:57 +0000 (15:14 -0600)]
Avoid calling fclose(NULL) on error in export_sudoers().
Coverity CID 104091.

8 years agoIn fill_args(), check for "arg_size == 0" instead of
Todd C. Miller [Thu, 5 May 2016 21:12:37 +0000 (15:12 -0600)]
In fill_args(), check for "arg_size == 0" instead of
"sudoerslval.command.args == NULL" since the latter leads Coverity
to imply that sudoerslval.command.args could be NULL later on.
Coverity CID 104093.

8 years agoAvoid calling fclose(NULL) if the sudoers file is not secure and
Todd C. Miller [Thu, 5 May 2016 21:01:22 +0000 (15:01 -0600)]
Avoid calling fclose(NULL) if the sudoers file is not secure and
restore_perms() fails.  Coverity CID 104090.

8 years agoIn fill_args(), replace loop that increments arg_size() with
Todd C. Miller [Wed, 4 May 2016 22:59:04 +0000 (16:59 -0600)]
In fill_args(), replace loop that increments arg_size() with
a simple add and mask.  Should prevent a false positive from
Coverity CID 104094.

8 years agoIn parse_expr(), move the "bad" label after the "default" case in
Todd C. Miller [Wed, 4 May 2016 22:48:02 +0000 (16:48 -0600)]
In parse_expr(), move the "bad" label after the "default" case in
the switch(), not before it.  This seemed to confuse Covertity,
resulting in a false positive, CID 104095.

8 years agoFor "sudoreplay -l", not all predicates may be shortened to a single
Todd C. Miller [Wed, 4 May 2016 22:44:52 +0000 (16:44 -0600)]
For "sudoreplay -l", not all predicates may be shortened to a single
character.  Both 'c' and 't' have more than one possibility.

8 years agopid_t is defined by POSIX as a signed integer type so we don't need
Todd C. Miller [Wed, 4 May 2016 20:14:38 +0000 (14:14 -0600)]
pid_t is defined by POSIX as a signed integer type so we don't need
a cast when comparing to -1.

8 years agoIn dispatch_signal() for stopped processes check for tcgetpgrp()
Todd C. Miller [Wed, 4 May 2016 20:13:44 +0000 (14:13 -0600)]
In dispatch_signal() for stopped processes check for tcgetpgrp()
returning -1.  Also change checks from "saved_pgrp != -1" to
"fd != -1".  Coverity CID 104098.

8 years agoIn relabel_tty() always jump to bad: on error, regardless of the
Todd C. Miller [Wed, 4 May 2016 19:48:44 +0000 (13:48 -0600)]
In relabel_tty() always jump to bad: on error, regardless of the
value of se_state.enforcing.  On error, return -1 if enforcing,
else 0.  Coverity CID 104099.

8 years agoDefine NO_LEAKS when sudo is built with Coverity.
Todd C. Miller [Wed, 4 May 2016 19:01:57 +0000 (13:01 -0600)]
Define NO_LEAKS when sudo is built with Coverity.

8 years agoIn io_callback() if we write the complete buffer and find that there
Todd C. Miller [Wed, 4 May 2016 18:53:20 +0000 (12:53 -0600)]
In io_callback() if we write the complete buffer and find that there
is no associated reader just return as there is nothing else to be
done.  In practice is it not possible for SUDO_EV_READ to be set
if revent is NULL but an early return is harmless and possibly
easier to understand.  Coverity CID 104124.

8 years agoHandle read() returning -1 when creating temporary files.
Todd C. Miller [Wed, 4 May 2016 18:48:17 +0000 (12:48 -0600)]
Handle read() returning -1 when creating temporary files.
Coverity CID 104100

8 years agoFix cut and paste error when checking cols for 0.
Todd C. Miller [Wed, 4 May 2016 17:15:20 +0000 (11:15 -0600)]
Fix cut and paste error when checking cols for 0.
Coverity CID 104081

8 years agoUse a single debug message for cache hit or store to avoid another
Todd C. Miller [Wed, 4 May 2016 15:15:12 +0000 (09:15 -0600)]
Use a single debug message for cache hit or store to avoid another
situation where they get out of sync.  Bug #743

8 years agoSync the "cache hit" debug messages with the "cached" debug messages.
Todd C. Miller [Wed, 4 May 2016 14:55:21 +0000 (08:55 -0600)]
Sync the "cache hit" debug messages with the "cached" debug messages.
This fixes a bug where we could dereference a NULL pointer when we
look up a negative cached entry which is stored as a NULL passwd
or group struct pointer.  Bug #743.

8 years agoRemove the check for __sprintf_chk when checking for _FORTIFY_SOURCE,
Todd C. Miller [Thu, 28 Apr 2016 21:27:53 +0000 (15:27 -0600)]
Remove the check for __sprintf_chk when checking for _FORTIFY_SOURCE,
Some implementations are purely header-file based.  As long as we
can link a test program using sprintf() when _FORTIFY_SOURCE=2 it
should be safe to use.

8 years agoRemove configure checks for dev_t, id_t, ino_t, ptrdiff_t, size_t
Todd C. Miller [Thu, 28 Apr 2016 21:09:46 +0000 (15:09 -0600)]
Remove configure checks for dev_t, id_t, ino_t, ptrdiff_t, size_t
and ssize_t.  These have been specified by either ANSI C or POSIX
for long enough that if the system doesn't support them, it is
unlikely to be able to compile sudo anyway.

8 years agoDo group setup in policy_init_session() before calling out to the
Todd C. Miller [Thu, 28 Apr 2016 17:01:58 +0000 (11:01 -0600)]
Do group setup in policy_init_session() before calling out to the
plugin.  This makes it possible for the pam_group module to change
the group in pam_setcred().  It's a bit bogus since pam_setcred()
is documented as not changing the group or user ID, but pam_group
is shipped with stock Linux-PAM so we need to support it.

8 years agoAdd missing newline when logging to a file (not syslog) and
Todd C. Miller [Tue, 26 Apr 2016 20:39:42 +0000 (14:39 -0600)]
Add missing newline when logging to a file (not syslog) and
loglinelen is set to a non-positive number.  Bug #742

8 years agostyle fix; fork_cmnd should start on a new line
Todd C. Miller [Mon, 25 Apr 2016 15:58:32 +0000 (09:58 -0600)]
style fix; fork_cmnd should start on a new line

8 years agoIgnore SIGPIPE for the duration of sudo and not just in a few select
Todd C. Miller [Fri, 22 Apr 2016 22:36:36 +0000 (16:36 -0600)]
Ignore SIGPIPE for the duration of sudo and not just in a few select
places.  We have no control over what nss, PAM modules or sudo
plugins might do so ignoring SIGPIPE is safest.

8 years agoUse string_to_security_class() instead of pulling SECCLASS_CHR_FILE
Todd C. Miller [Fri, 22 Apr 2016 17:36:08 +0000 (11:36 -0600)]
Use string_to_security_class() instead of pulling SECCLASS_CHR_FILE
from flask.h.  Avoids a warning with new SELinux includes.

8 years agoWhen determining whether or not "sudo -l" or "sudo -b" should prompt
Todd C. Miller [Tue, 19 Apr 2016 16:08:51 +0000 (10:08 -0600)]
When determining whether or not "sudo -l" or "sudo -b" should prompt
for a password, take all sudoers sources into account.  In other
words, if both file and ldap sudoers sources are in use, "sudo -v"
will now require that all entries in both sources be have NOPASSWD
(file) or !authenticate (ldap) in the entries.

8 years agoIf the auth_type setting in /etc/security/login.cfg is set to
Todd C. Miller [Tue, 22 Mar 2016 22:31:28 +0000 (16:31 -0600)]
If the auth_type setting in /etc/security/login.cfg is set to
PAM_AUTH but pam_start() fails, fall back to use AIX authentication.
Skip the auth_type check if sudo is not compiled with PAM support.

8 years agoThe header for sudo.conf(5) should be SUDO.CONF(5) not SUDO(5).
Todd C. Miller [Thu, 17 Mar 2016 16:46:23 +0000 (10:46 -0600)]
The header for sudo.conf(5) should be SUDO.CONF(5) not SUDO(5).

8 years agohook_version and hook_type are unsigned so use 0, not -1 in the
Todd C. Miller [Wed, 16 Mar 2016 16:53:43 +0000 (10:53 -0600)]
hook_version and hook_type are unsigned so use 0, not -1 in the
final (empty) entry.  Quiets a warning on Solaris Studio 12.2.

8 years agoWork around an ambiguity in the PAM spec with respect to the conversation
Todd C. Miller [Wed, 9 Mar 2016 16:39:46 +0000 (09:39 -0700)]
Work around an ambiguity in the PAM spec with respect to the conversation
function.  It is not clear whether the "struct pam_message **msg" is an
array of pointers or a pointer to an array.  Linux-PAM and OpenPAM use
an array of pointers while Solaris/HP-UX/AIX uses a pointer to an array.
Bug #726.

8 years agosync with translationproject.org
Todd C. Miller [Tue, 8 Mar 2016 17:04:46 +0000 (10:04 -0700)]
sync with translationproject.org

8 years agoBug #738
Todd C. Miller [Sat, 27 Feb 2016 23:56:56 +0000 (16:56 -0700)]
Bug #738

8 years agosync with translationproject.org
Todd C. Miller [Fri, 26 Feb 2016 21:39:00 +0000 (14:39 -0700)]
sync with translationproject.org

8 years agoBetter test for negated character classes.
Todd C. Miller [Fri, 26 Feb 2016 18:24:25 +0000 (11:24 -0700)]
Better test for negated character classes.

8 years agoAdd test for negated character class
Todd C. Miller [Fri, 26 Feb 2016 18:14:50 +0000 (11:14 -0700)]
Add test for negated character class

8 years agosync with translationproject.org
Todd C. Miller [Fri, 26 Feb 2016 18:02:29 +0000 (11:02 -0700)]
sync with translationproject.org

8 years agosync
Todd C. Miller [Fri, 26 Feb 2016 17:58:52 +0000 (10:58 -0700)]
sync

8 years agoFix negation of character classes.
Todd C. Miller [Fri, 26 Feb 2016 17:52:55 +0000 (10:52 -0700)]
Fix negation of character classes.

8 years agoFix the check for whether a user is allowed to lists another user's
Todd C. Miller [Fri, 26 Feb 2016 16:32:08 +0000 (09:32 -0700)]
Fix the check for whether a user is allowed to lists another user's
privileges.  The "matched" variable is not boolean, it can also
have the value UNSPEC so we need to check explicitly for true.
Bug #738

8 years agoLog the number of PAM messages in the conversation function at debug
Todd C. Miller [Fri, 26 Feb 2016 16:30:31 +0000 (09:30 -0700)]
Log the number of PAM messages in the conversation function at debug
level.

8 years agoDon't check for posix_spawn() or posix_spawnp() if we were unable
Todd C. Miller [Wed, 24 Feb 2016 23:00:08 +0000 (16:00 -0700)]
Don't check for posix_spawn() or posix_spawnp() if we were unable
to find spawn.h.  This should only be a problem on systems with
broken headers.  Bug #730

8 years agoupdate for 1.8.16
Todd C. Miller [Tue, 23 Feb 2016 00:03:42 +0000 (17:03 -0700)]
update for 1.8.16

8 years agoFix documented bug with duplicate role names and turn on perl warnings.
Todd C. Miller [Mon, 22 Feb 2016 18:07:33 +0000 (11:07 -0700)]
Fix documented bug with duplicate role names and turn on perl warnings.
Based on a diff from Aaron Peschel

8 years agoAdd declaration of getauthdb() for AIX 5.1
Todd C. Miller [Sat, 20 Feb 2016 23:42:34 +0000 (16:42 -0700)]
Add declaration of getauthdb() for AIX 5.1

8 years agoregen
Todd C. Miller [Fri, 19 Feb 2016 22:50:38 +0000 (15:50 -0700)]
regen

8 years agosync with translationproject.org
Todd C. Miller [Fri, 19 Feb 2016 22:48:39 +0000 (15:48 -0700)]
sync with translationproject.org

8 years agoAdd a note that --with-solaris-audit is only for Solaris 11 and
Todd C. Miller [Fri, 19 Feb 2016 20:37:43 +0000 (13:37 -0700)]
Add a note that --with-solaris-audit is only for Solaris 11 and
above.  Bug #737

8 years agoRemove last remnants of the deprecated --with-stow option.
Todd C. Miller [Thu, 18 Feb 2016 23:18:30 +0000 (16:18 -0700)]
Remove last remnants of the deprecated --with-stow option.

8 years agosrc/load_plugins.c needs _PATH_SUDO_CONF so allow it to be overridden
Todd C. Miller [Thu, 18 Feb 2016 23:13:51 +0000 (16:13 -0700)]
src/load_plugins.c needs _PATH_SUDO_CONF so allow it to be overridden
via the Makefile like other consumers of _PATH_SUDO_CONF.  Bug #735

8 years agoAdd an administrative domain to the passwd/group cache key for
Todd C. Miller [Mon, 1 Feb 2016 18:08:58 +0000 (11:08 -0700)]
Add an administrative domain to the passwd/group cache key for
AIX which can have different name <-> ID mappings depending
on whether the database is local, LDAP, etc.

8 years agoFedora dropped "core" from the name some time ago so just match on
Todd C. Miller [Mon, 1 Feb 2016 18:07:10 +0000 (11:07 -0700)]
Fedora dropped "core" from the name some time ago so just match on
f[0-9] for the rpm distro name provided by pp.  Since the version
numbers of Fedora and RHEL are so different switch to defining
variables to indicate which features should be enabled.  Works for
Fedora 23.

8 years agoTreat fedora core like centos/rhel for package building.
Todd C. Miller [Sun, 31 Jan 2016 14:36:44 +0000 (07:36 -0700)]
Treat fedora core like centos/rhel for package building.

8 years agoPlug some memory leaks in the tests.
Todd C. Miller [Fri, 29 Jan 2016 18:34:09 +0000 (11:34 -0700)]
Plug some memory leaks in the tests.

8 years agoIf realloc of sudoerslval.command.args fails, reset sudoerslval.command.args
Todd C. Miller [Fri, 29 Jan 2016 18:10:36 +0000 (11:10 -0700)]
If realloc of sudoerslval.command.args fails, reset sudoerslval.command.args
as well as arg_len and arg_size after freeing sudoerslval.command.args.

8 years agoWhen freeing the iobs after pty tear-down, also free the associated
Todd C. Miller [Fri, 29 Jan 2016 17:31:54 +0000 (10:31 -0700)]
When freeing the iobs after pty tear-down, also free the associated
event structures.  Quiets a memory leak warnings from address
sanitizer and valgrind.

8 years agoiolog_compress should be bool, not int
Todd C. Miller [Thu, 28 Jan 2016 22:36:15 +0000 (15:36 -0700)]
iolog_compress should be bool, not int

8 years agoQuiet address sanitizer leak detector.
Todd C. Miller [Thu, 28 Jan 2016 22:07:54 +0000 (15:07 -0700)]
Quiet address sanitizer leak detector.

8 years agoSimple garbage collection (really a to-be-freed list) for the sudoers
Todd C. Miller [Thu, 28 Jan 2016 21:53:48 +0000 (14:53 -0700)]
Simple garbage collection (really a to-be-freed list) for the sudoers
plugin.  Almost identical to what sudo.c uses.  Currenly only the
environment strings are collected at exit time which is enough to
quiet address sanitizer's leak detector.

8 years agoRename gc_cleanup to gc_run and remove I/O plugins from the plugin
Todd C. Miller [Thu, 28 Jan 2016 21:48:11 +0000 (14:48 -0700)]
Rename gc_cleanup to gc_run and remove I/O plugins from the plugin
list when freeing them.

8 years agoFree up the garbage via an atexit() handler instead of requiring
Todd C. Miller [Thu, 28 Jan 2016 18:01:42 +0000 (11:01 -0700)]
Free up the garbage via an atexit() handler instead of requiring
a call to gc_exit.

8 years agoPlug a memory leak in sudo_edit.
Todd C. Miller [Thu, 28 Jan 2016 17:54:34 +0000 (10:54 -0700)]
Plug a memory leak in sudo_edit.

8 years agomention --enable-asan
Todd C. Miller [Wed, 27 Jan 2016 23:49:24 +0000 (16:49 -0700)]
mention --enable-asan

8 years agoTry to deconfuse static analyzers a bit.
Todd C. Miller [Wed, 27 Jan 2016 23:19:22 +0000 (16:19 -0700)]
Try to deconfuse static analyzers a bit.

8 years agoAvoid possible NULL deref found by clang analyzer.
Todd C. Miller [Wed, 27 Jan 2016 23:07:35 +0000 (16:07 -0700)]
Avoid possible NULL deref found by clang analyzer.

8 years agoAdd --enable-asan configure flag to enable address sanitizer
Todd C. Miller [Wed, 27 Jan 2016 22:37:25 +0000 (15:37 -0700)]
Add --enable-asan configure flag to enable address sanitizer

8 years agoAdd support for garbage collecting info passed to the plugin before
Todd C. Miller [Wed, 27 Jan 2016 22:37:15 +0000 (15:37 -0700)]
Add support for garbage collecting info passed to the plugin before
exit to appease address sanitizer's leak detector (and valgrind's
leak checker).  We can't free these sooner since the plugin may be
using the memory.  For plugin API 2.0 it should be make clear that
the plugin must make a copy of the data in the arrays passed in to
the plugin's open() function.  Only enabled if NO_LEAKS is defined.

8 years agoauth_getpass() returns a dynamically allocated copy of the plaintext
Todd C. Miller [Wed, 27 Jan 2016 22:36:50 +0000 (15:36 -0700)]
auth_getpass() returns a dynamically allocated copy of the plaintext
password which needs to be freed after checking (and clearing) it.

8 years agoRemove sudo_fatalx() calls from format_plugin_settings().
Todd C. Miller [Wed, 27 Jan 2016 20:59:04 +0000 (13:59 -0700)]
Remove sudo_fatalx() calls from format_plugin_settings().

8 years agofn_free_result() (aka sss_sudo_free_result() in sss_sudo.c) handles
Todd C. Miller [Wed, 27 Jan 2016 16:28:08 +0000 (09:28 -0700)]
fn_free_result() (aka sss_sudo_free_result() in sss_sudo.c) handles
a NULL poiner so there's no need to check before calling it.  Add
missing initialization of sss_sudo_result to NULL in sudo_sss_setdefs().

8 years agoAdd missing return when user is not found in sudo_sss_result_get().
Todd C. Miller [Wed, 27 Jan 2016 16:20:04 +0000 (09:20 -0700)]
Add missing return when user is not found in sudo_sss_result_get().
Previously we fell through to the default case which just logged a
debug message and returned so this just avoids the extra (generic)
debug message.

8 years agoFix a warning on AIX.
Todd C. Miller [Tue, 26 Jan 2016 21:35:14 +0000 (14:35 -0700)]
Fix a warning on AIX.

8 years agoPass updated user_env_out, not envp, to the I/O open function.
Todd C. Miller [Tue, 26 Jan 2016 14:42:57 +0000 (07:42 -0700)]
Pass updated user_env_out, not envp, to the I/O open function.

8 years agoPass updated argv/envp to the I/O open function like the plugin API
Todd C. Miller [Tue, 26 Jan 2016 14:39:43 +0000 (07:39 -0700)]
Pass updated argv/envp to the I/O open function like the plugin API
documents.

8 years agoAdd check for I/O log file handle being NULL. This could only
Todd C. Miller [Mon, 25 Jan 2016 23:18:22 +0000 (16:18 -0700)]
Add check for I/O log file handle being NULL.  This could only
happen if the front-end calls iolog_open with argc == 0 but actually
runs a command.