Todd C. Miller [Thu, 5 Jan 2017 13:22:58 +0000 (06:22 -0700)]
Avoid using the system strnlen/strndup on AIX < 6. Even if configure
correctly detects it is working on the build machine, the sudo
package may be run on a system with an old libc were it is broken.
Todd C. Miller [Thu, 1 Dec 2016 17:52:05 +0000 (10:52 -0700)]
Ignore a boot time that is in the future, which can happen when the
clock is corrected down after boot. Otherwise, the timestamp file
will be unlinked each time sudo is run and a password is always
required.
Todd C. Miller [Wed, 30 Nov 2016 02:46:25 +0000 (19:46 -0700)]
Fix the "all" setting for verifypw and listpw; nopass would never
be true even if all the user's entries had the NOPASSWD tag.
Regression introduce in sudo 1.8.17. Bug #762
Todd C. Miller [Mon, 21 Nov 2016 16:37:23 +0000 (06:37 -1000)]
Add SUDO_DEBUG_INSTANCE_ERROR return value for sudo_debug_register()
and check for it in places where we check the return value of
sudo_debug_register().
Todd C. Miller [Tue, 15 Nov 2016 22:41:41 +0000 (15:41 -0700)]
Get rid of struct sudo_conf_paths and just use #defined index values
to access the path values.
Make all accessors available even when the feature is not enabled.
Todd C. Miller [Tue, 15 Nov 2016 17:15:36 +0000 (10:15 -0700)]
Add ASAN_CFLAGS and ASAN_LDFLAGS and use -Wc prefix in ASAN_LDFLAGS
to prevent libtool from strippign them out.
Avoid using ASAN flags when building sudo_noexec.so.
Todd C. Miller [Mon, 14 Nov 2016 18:04:29 +0000 (11:04 -0700)]
Unbreak sudo_noexec on macOS where shared libraries and dynamic
modules are different. We still want to install sudo_noexec.so
without the "lib" prefix so some hackery is required.
Todd C. Miller [Fri, 11 Nov 2016 23:18:27 +0000 (16:18 -0700)]
Add simple reference-counted string allocator and use it for passing
around references to the sudoers path. This lets us avoid making
copies of the sudoers path for the errorfile as well as each Defaults
entry.
Todd C. Miller [Wed, 9 Nov 2016 23:00:12 +0000 (16:00 -0700)]
Go back to parsing Defaults entries in update_defaults instead of
as sudoers is read. Otherwise, we cannot properly support early
defaults like sudoers_locale.
Todd C. Miller [Mon, 7 Nov 2016 01:55:18 +0000 (18:55 -0700)]
Use "struct defaults *d" instead of "struct defaults *def" throughout
for consistency and to avoid confusino with "struct def_values *def".
Use "str" not "var" for the string argument to convert and store in
sd_un for the store_* functions.
Todd C. Miller [Wed, 2 Nov 2016 23:07:32 +0000 (17:07 -0600)]
Add file:linenumber prefix to all Defaults warnings so we can see
them when running sudo too. For LDAP/SSSD we print the sudoRole
instead of the file name and omit the line number.
Todd C. Miller [Tue, 1 Nov 2016 20:22:32 +0000 (14:22 -0600)]
Instead of checking Defaults values after the fact, check them at
sudoers parse time. This makes it possible to display the file and
line number with the problem and for visudo to go right to the
error.
Todd C. Miller [Mon, 31 Oct 2016 21:57:05 +0000 (15:57 -0600)]
The fix for Bug #408 broke editing of files in an include dir that
have a syntax error. Normally, visudo does not edit those files,
but if a syntax error is detected in one, the user gets a chance
to fix it.
Todd C. Miller [Mon, 31 Oct 2016 21:21:18 +0000 (15:21 -0600)]
Make a copy of the current sudoers path when assigning errorfile.
Fixes a potential use after free in visudo when there is an error
in one of the include files.
Todd C. Miller [Mon, 31 Oct 2016 19:36:35 +0000 (13:36 -0600)]
sudoers_debug_register() was not setting the active debug instance
to sudoers_debug_instance when called from the I/O log plugin. This
is because it relied on sudo_debug_register to do that but
sudoers_debug_parse_flags() doesn't set debug_files[]
sudoers_debug_instance is already set (we can only init sudoers
debug once).
To work around this, just make sudoers_debug_instance the active
debug instance in sudoers_debug_register() when it is already set.
Todd C. Miller [Wed, 26 Oct 2016 19:49:05 +0000 (13:49 -0600)]
Check for sudo_ldap_result_last_search() returning NULL. This can't
happen in practice because we always call sudo_ldap_result_add_search()
first which guarantees there is a result to be found.
Quiets a PVS-Studio warning.
Todd C. Miller [Wed, 26 Oct 2016 17:25:59 +0000 (11:25 -0600)]
Fix incorrect strncmp() lengths. The check for USERNAME was only
looking at the first 5 characters (copy and paste error). The check
for SUDO_PS1 was not checking the trailing '=' character (off by
one error). Found by PVS-Studio.
Todd C. Miller [Wed, 26 Oct 2016 17:22:30 +0000 (11:22 -0600)]
When checking for old-style bash functions in the environment, check
for values starting with "() " (note the trailing space) rather
than "()". Bash will only treat the value as a function if the
space after "()" is present. The trailing space was already present
in the compare string but when it was added, the length passed to
strncmp() was not updated from 3 to 4.
Found by PVS-Studio. No security impact.