This patch will upgrade Sudo version 1.9.7 to Sudo version 1.9.7 patchlevel 1. To apply: $ cd sudo-1.9.7 $ patch -p1 < sudo-1.9.7p1.patch diff -urNa sudo-1.9.7/ChangeLog sudo-1.9.7p1/ChangeLog --- sudo-1.9.7/ChangeLog Tue May 11 14:59:56 2021 +++ sudo-1.9.7p1/ChangeLog Fri Jun 11 13:06:19 2021 @@ -1,8 +1,150 @@ +2021-06-11 Todd C. Miller + + * Merge sudo 1.9.7p1 from tip + [d936a99e842d] [tip] <1.9> + + * NEWS, configure, configure.ac: + Sudo 1.9.7p1 + [29f478993ef3] + +2021-06-09 Todd C. Miller + + * plugins/audit_json/audit_json.c: + Check arrays that are passed in for NULL before using them. + [925ba5b0f2cb] + + * configure, configure.ac: + Disable nss_search()-based group lookups on HP-UX for now. There is + a crash when "group: compat" is used in /etc/nsswitch.conf that I + haven't been able to debug. Since HP-UX doesn't ship the appropriate + headers it is likely that there is a mismatch between + include/compat/nss_dbdefs.h and what HP actually uses. + [28b00005c785] + +2021-06-08 Todd C. Miller + + * logsrvd/logsrvd.c, logsrvd/logsrvd.h: + Remove logsrvd closure ERROR state and use a boolean flag instead. + Fixes a bug where we would not insert a journal file that failed to + relay into the queue because its state was changed from CONNECTING + to ERROR after failing to connect. + [638285a4bedb] + + * include/compat/nss_dbdefs.h, lib/util/getgrouplist.c: + Add NSS_TRYAGAIN and correct buflen in struct nss_XbyY_buf_t. Add + some function argument names. Also use struct nss_db_state * instead + of void * in nss_db_root_t. We don't define struct nss_db_state but + since it is a pointer all we need is a forward declaration. + [bc848fb97671] + +2021-06-07 Todd C. Miller + + * lib/fuzzstub/fuzzstub.c, lib/iolog/Makefile.in, + lib/util/Makefile.in, logsrvd/Makefile.in: + Make sure we link with libsudo_util *after* libfuzzstub. This only + affects builds with a static libsudo_util. Also fix a warning on HP- + UX about main not being public. + [18ff1f108c4e] + + * MANIFEST, lib/util/Makefile.in, + lib/util/regress/getgrouplist/getgids.c: + Add getgids utility to simular "id -G" using sudo_getgrouplist2() + [aed11065818d] + + * lib/util/getgrouplist.c: + Make sure we don't read or write past the end of the group buffer. + We need to leave room for the terminating NULL in gr_mem. It is + possible for gbm->numgids > gbm->maxgids if we ran out of room. + [25a3ee849fd4] + +2021-06-04 Todd C. Miller + + * lib/util/getgrouplist.c: + Add some debugging to sudo_getgrouplist2(). + [4d79e92c8ee8] + +2021-06-02 Todd C. Miller + + * src/load_plugins.c: + Fix some debug_decl typos and remove an unneeded cast. + [fafa91ac3def] + + * plugins/sudoers/defaults.h: + T_TIMEOUT is not a bitwise flag so doesn't need to be a power of 2. + [66019af6d642] + +2021-05-28 Todd C. Miller + + * src/load_plugins.c: + sudo_stat_plugin(): set errno but do not warn if plugin path too + long. The caller will display the warning (using errno) so there is + no need to do it twice. + [c8614b374a35] + +2021-05-26 Todd C. Miller + + * doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in: + sudoreplay does not parse sudoers to find the value of iolog_dir. + The default value for the I/O log directory is set at build time. + [3cf72612e992] + + * plugins/sudoers/policy.c: + Fix group list ref leak in sudoers_policy_store_result() on error + path. + [34785448a275] + +2021-05-24 Todd C. Miller + + * plugins/sudoers/policy.c: + Update comment to match reality. + [ec3e0a40d1ec] + +2021-05-13 Todd C. Miller + + * configure, configure.ac, scripts/ltmain.sh, src/Makefile.in: + Build sudo_noexec.so as a module on systems other then Darwin. On + Darwin, shared modules and shared libraries are not interchangable + and since we preload sudo_noexec.so via DYLD_INSERT_LIBRARIES it + must be a library, not a module. We must relax the requirement that + libraries begin with a "lib" prefix to work around this difference. + This does mean you must use sudo's libtool on Darwin (macOS) but + that is already a requirement on other systems (notably HP-UX and + SCO) due to a number of libtool patches we require that haven't be + accepted upstream. This is a different fix for PR #102. + [2e5454c56d3c] + + * configure, configure.ac: + Use -Wno-deprecated-declarations on macOS This quiets warnings about + LDAP and audit libraries being deprecated. We will use them until + they are removed in a future version of macOS. + [6fbdf644865c] + +2021-05-12 Todd C. Miller + + * scripts/mkpkg: + Use /usr/bin/cc on FreeBSD and macOS. + [7d6bcea0e544] + + * plugins/sudoers/log_client.c: + Don't include errno in "unable to connect to log server" message. + There should be a more specific message, usually with an error + string, displayed earlier. + [e599f9b0fd1c] + + * src/ttyname.c: + Fix compiler warning on FreeBSD. + [2c6fc866fb5b] + + * lib/iolog/hostcheck.c: + Explicitly include netinet/in.h for struct sockaddr_in and + sockaddr+_in6. Fixes a compilation problem on FreeBSD. + [2277c8f37c34] + 2021-05-11 Todd C. Miller * .hgtags: Added tag SUDO_1_9_7 for changeset f0ce54d4288c - [58968ec7a457] [tip] <1.9> + [58968ec7a457] <1.9> * Merge sudo 1.9.7 from tip [f0ce54d4288c] [SUDO_1_9_7] <1.9> @@ -590,6 +732,21 @@ * src/net_ifs.c: Check for NULL ifa->ifa_addr and ifa->ifa_netmask in both loops. [373961966099] + +2021-04-07 Radovan Sroka + + * src/sudo_edit.c: + Fixed bad condition for sesh args + + In selinux_edit_copy_tfiles() when there is only one file and the + open() fails then number of arguments is lower than expected. Sudo + should return error with or without "Defaults !sudoedit_checkdir" + set. + + This was found with regression testing of CVE-2021-23240. + + Signed-off-by: Radovan Sroka + [947ce862c0bf] 2021-04-06 Todd C. Miller diff -urNa sudo-1.9.7/MANIFEST sudo-1.9.7p1/MANIFEST --- sudo-1.9.7/MANIFEST Tue May 11 14:54:52 2021 +++ sudo-1.9.7p1/MANIFEST Fri Jun 11 13:04:29 2021 @@ -237,6 +237,7 @@ lib/util/regress/fuzz/fuzz_sudo_conf.c lib/util/regress/fuzz/fuzz_sudo_conf.dict lib/util/regress/getdelim/getdelim_test.c +lib/util/regress/getgrouplist/getgids.c lib/util/regress/getgrouplist/getgrouplist_test.c lib/util/regress/glob/files lib/util/regress/glob/globtest.c diff -urNa sudo-1.9.7/NEWS sudo-1.9.7p1/NEWS --- sudo-1.9.7/NEWS Tue May 11 14:54:52 2021 +++ sudo-1.9.7p1/NEWS Fri Jun 11 13:04:29 2021 @@ -1,3 +1,30 @@ +What's new in Sudo 1.9.7p1 + + * Fixed an SELinux sudoedit bug when the edited temporary file + could not be opened. The sesh helper would still be run even + when there are no temporary files available to install. + + * Fixed a compilation problem on FreeBSD. + + * The sudo_noexec.so file is now built as a module on all systems + other than macOS. This makes it possible to use other libtool + implementations such as slibtool. On macOS shared libraries and + modules are not interchangeable and the version of libtool shipped + with sudo must be used. + + * Fixed a few bugs in the getgrouplist() emulation on Solaris when + reading from the local group file. + + * Fixed a bug in sudo_logsrvd that prevented periodic relay server + connection retries from occurring in "store_first" mode. + + * Disabled the nss_search()-based getgrouplist() emulation on HP-UX + due to a crash when the group source is set to "compat" in + /etc/nsswitch.conf. This is probably due to a mismatch between + include/compat/nss_dbdefs.h and what HP-UX uses internally. On + HP-UX we now just cycle through groups the slow way using + getgrent(). Bug #978. + What's new in Sudo 1.9.7 * The "fuzz" Makefile target now runs all the fuzzers for 8192 diff -urNa sudo-1.9.7/configure sudo-1.9.7p1/configure --- sudo-1.9.7/configure Tue May 11 14:54:52 2021 +++ sudo-1.9.7p1/configure Fri Jun 11 13:04:29 2021 @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.71 for sudo 1.9.7. +# Generated by GNU Autoconf 2.71 for sudo 1.9.7p1. # # Report bugs to . # @@ -621,8 +621,8 @@ # Identity of this package. PACKAGE_NAME='sudo' PACKAGE_TARNAME='sudo' -PACKAGE_VERSION='1.9.7' -PACKAGE_STRING='sudo 1.9.7' +PACKAGE_VERSION='1.9.7p1' +PACKAGE_STRING='sudo 1.9.7p1' PACKAGE_BUGREPORT='https://bugzilla.sudo.ws/' PACKAGE_URL='' @@ -808,6 +808,7 @@ SELINUX_USAGE BSDAUTH_USAGE DONT_LEAK_PATH_INFO +NOEXEC_MODULE CHECK_NOEXEC INSTALL_NOEXEC INSTALL_BACKUP @@ -1616,7 +1617,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures sudo 1.9.7 to adapt to many kinds of systems. +\`configure' configures sudo 1.9.7p1 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1682,7 +1683,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of sudo 1.9.7:";; + short | recursive ) echo "Configuration of sudo 1.9.7p1:";; esac cat <<\_ACEOF @@ -1966,7 +1967,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -sudo configure 1.9.7 +sudo configure 1.9.7p1 generated by GNU Autoconf 2.71 Copyright (C) 2021 Free Software Foundation, Inc. @@ -2623,7 +2624,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by sudo $as_me 1.9.7, which was +It was created by sudo $as_me 1.9.7p1, which was generated by GNU Autoconf 2.71. Invocation command line was $ $0$ac_configure_args_raw @@ -3538,6 +3539,7 @@ + # # Begin initial values for man page substitution # @@ -3593,6 +3595,7 @@ INSTALL_BACKUP= INSTALL_NOEXEC= CHECK_NOEXEC= +NOEXEC_MODULE=-module exampledir='$(docdir)/examples' devdir='$(srcdir)' PROGS="sudo" @@ -16604,6 +16607,10 @@ fi RTLD_PRELOAD_VAR="DYLD_INSERT_LIBRARIES" + # Build sudo_noexec.so as a shared library, not a module. + # On Darwin, modules and shared libraries are incompatible. + NOEXEC_MODULE= + # Mach monotonic timer that runs while sleeping ac_fn_c_check_func "$LINENO" "mach_continuous_time" "ac_cv_func_mach_continuous_time" if test "x$ac_cv_func_mach_continuous_time" = xyes @@ -19835,40 +19842,12 @@ else $as_nop - # HP-UX - ac_fn_c_check_func "$LINENO" "__nss_XbyY_buf_alloc" "ac_cv_func___nss_XbyY_buf_alloc" -if test "x$ac_cv_func___nss_XbyY_buf_alloc" = xyes -then : - ac_fn_c_check_func "$LINENO" "__nss_initf_group" "ac_cv_func___nss_initf_group" -if test "x$ac_cv_func___nss_initf_group" = xyes -then : - - ac_fn_c_check_header_compile "$LINENO" "nss_dbdefs.h" "ac_cv_header_nss_dbdefs_h" "$ac_includes_default" -if test "x$ac_cv_header_nss_dbdefs_h" = xyes -then : - printf "%s\n" "#define HAVE_NSS_DBDEFS_H 1" >>confdefs.h - fi - printf "%s\n" "#define HAVE_NSS_SEARCH 1" >>confdefs.h - printf "%s\n" "#define HAVE___NSS_XBYY_BUF_ALLOC 1" >>confdefs.h - - printf "%s\n" "#define HAVE___NSS_INITF_GROUP 1" >>confdefs.h - - fi - -fi - - -fi - - -fi - ;; esac @@ -29244,6 +29223,10 @@ if test X"$enable_werror" = X"yes"; then CFLAGS="${CFLAGS} -Werror" fi + case "$host" in + # Avoid unwanted warnings on macOS + darwin*) CFLAGS="${CFLAGS} -Wno-deprecated-declarations";; + esac fi CROSS_COMPILING="$cross_compiling" @@ -29871,7 +29854,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by sudo $as_me 1.9.7, which was +This file was extended by sudo $as_me 1.9.7p1, which was generated by GNU Autoconf 2.71. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -29939,7 +29922,7 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config='$ac_cs_config_escaped' ac_cs_version="\\ -sudo config.status 1.9.7 +sudo config.status 1.9.7p1 configured by $0, generated by GNU Autoconf 2.71, with options \\"\$ac_cs_config\\" diff -urNa sudo-1.9.7/configure.ac sudo-1.9.7p1/configure.ac --- sudo-1.9.7/configure.ac Tue May 11 14:54:52 2021 +++ sudo-1.9.7p1/configure.ac Fri Jun 11 13:04:29 2021 @@ -18,7 +18,7 @@ dnl OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. dnl AC_PREREQ([2.70]) -AC_INIT([sudo], [1.9.7], [https://bugzilla.sudo.ws/], [sudo]) +AC_INIT([sudo], [1.9.7p1], [https://bugzilla.sudo.ws/], [sudo]) AC_CONFIG_HEADERS([config.h pathnames.h]) AC_CONFIG_SRCDIR([src/sudo.c]) AC_CONFIG_AUX_DIR([scripts]) @@ -76,6 +76,7 @@ AC_SUBST([INSTALL_BACKUP]) AC_SUBST([INSTALL_NOEXEC]) AC_SUBST([CHECK_NOEXEC]) +AC_SUBST([NOEXEC_MODULE]) AC_SUBST([DONT_LEAK_PATH_INFO]) AC_SUBST([BSDAUTH_USAGE]) AC_SUBST([SELINUX_USAGE]) @@ -227,6 +228,7 @@ INSTALL_BACKUP= INSTALL_NOEXEC= CHECK_NOEXEC= +NOEXEC_MODULE=-module exampledir='$(docdir)/examples' devdir='$(srcdir)' PROGS="sudo" @@ -2170,6 +2172,10 @@ fi RTLD_PRELOAD_VAR="DYLD_INSERT_LIBRARIES" + # Build sudo_noexec.so as a shared library, not a module. + # On Darwin, modules and shared libraries are incompatible. + NOEXEC_MODULE= + # Mach monotonic timer that runs while sleeping AC_CHECK_FUNCS([mach_continuous_time]) @@ -2547,15 +2553,16 @@ ]) ]) ], [ - # HP-UX - AC_CHECK_FUNC([__nss_XbyY_buf_alloc], [ - AC_CHECK_FUNC([__nss_initf_group], [ - AC_CHECK_HEADERS([nss_dbdefs.h]) - AC_DEFINE([HAVE_NSS_SEARCH]) - AC_DEFINE([HAVE___NSS_XBYY_BUF_ALLOC]) - AC_DEFINE([HAVE___NSS_INITF_GROUP]) - ]) - ]) + dnl HP-UX support disabled until "group: compat" fixed + dnl # HP-UX + dnl AC_CHECK_FUNC([__nss_XbyY_buf_alloc], [ + dnl AC_CHECK_FUNC([__nss_initf_group], [ + dnl AC_CHECK_HEADERS([nss_dbdefs.h]) + dnl AC_DEFINE([HAVE_NSS_SEARCH]) + dnl AC_DEFINE([HAVE___NSS_XBYY_BUF_ALLOC]) + dnl AC_DEFINE([HAVE___NSS_INITF_GROUP]) + dnl ]) + dnl]) ]) ]) ;; @@ -4681,6 +4688,10 @@ if test X"$enable_werror" = X"yes"; then CFLAGS="${CFLAGS} -Werror" fi + case "$host" in + # Avoid unwanted warnings on macOS + darwin*) CFLAGS="${CFLAGS} -Wno-deprecated-declarations";; + esac fi dnl diff -urNa sudo-1.9.7/doc/sudoreplay.man.in sudo-1.9.7p1/doc/sudoreplay.man.in --- sudo-1.9.7/doc/sudoreplay.man.in Sat Mar 13 08:46:13 2021 +++ sudo-1.9.7p1/doc/sudoreplay.man.in Fri Jun 11 13:04:29 2021 @@ -16,7 +16,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.TH "SUDOREPLAY" "@mansectsu@" "May 18, 2020" "Sudo @PACKAGE_VERSION@" "System Manager's Manual" +.TH "SUDOREPLAY" "@mansectsu@" "May 26, 2021" "Sudo @PACKAGE_VERSION@" "System Manager's Manual" .nh .if n .ad l .SH "NAME" @@ -50,17 +50,11 @@ \fIID\fR should either be a six character sequence of digits and upper case letters, e.g., -\fR0100A5\fR, -a pattern matching the -\fIiolog_file\fR -option in the -\fIsudoers\fR -file, or a path name. -Path names may be relative to the -\fIiolog_dir\fR -option in the -\fIsudoers\fR -file (unless overridden by the +\fR0100A5\fR +or a path name. +Path names may be relative to the I/O log directory +\fI@iolog_dir@\fR +(unless overridden by the \fB\-d\fR option) or fully qualified, beginning with a \(oq/\(cq diff -urNa sudo-1.9.7/doc/sudoreplay.mdoc.in sudo-1.9.7p1/doc/sudoreplay.mdoc.in --- sudo-1.9.7/doc/sudoreplay.mdoc.in Sat Mar 13 08:46:13 2021 +++ sudo-1.9.7p1/doc/sudoreplay.mdoc.in Fri Jun 11 13:04:29 2021 @@ -15,7 +15,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd May 18, 2020 +.Dd May 26, 2021 .Dt SUDOREPLAY @mansectsu@ .Os Sudo @PACKAGE_VERSION@ .Sh NAME @@ -48,17 +48,11 @@ .Em ID should either be a six character sequence of digits and upper case letters, e.g., -.Li 0100A5 , -a pattern matching the -.Em iolog_file -option in the -.Em sudoers -file, or a path name. -Path names may be relative to the -.Em iolog_dir -option in the -.Em sudoers -file (unless overridden by the +.Li 0100A5 +or a path name. +Path names may be relative to the I/O log directory +.Pa @iolog_dir@ +(unless overridden by the .Fl d option) or fully qualified, beginning with a .Ql / diff -urNa sudo-1.9.7/include/compat/nss_dbdefs.h sudo-1.9.7p1/include/compat/nss_dbdefs.h --- sudo-1.9.7/include/compat/nss_dbdefs.h Sat Mar 13 08:46:13 2021 +++ sudo-1.9.7p1/include/compat/nss_dbdefs.h Fri Jun 11 13:04:29 2021 @@ -35,7 +35,8 @@ typedef enum { NSS_SUCCESS, NSS_NOTFOUND, - NSS_UNAVAIL + NSS_UNAVAIL, + NSS_TRYAGAIN } nss_status_t; typedef struct nss_db_params { @@ -55,19 +56,20 @@ gid_t *gid_array; int maxgids; int force_slow_way; - int (*str2ent)(const char *, int, void *, char *, int); - nss_status_t (*process_cstr)(const char *, int, struct nss_groupsbymem *); + int (*str2ent)(const char *instr, int instr_len, void *ent, char *buffer, int buflen); + nss_status_t (*process_cstr)(const char *instr, int instr_len, struct nss_groupsbymem *); int numgids; }; typedef struct { void *result; /* group struct to fill in. */ char *buffer; /* string buffer for above */ - size_t buflen; /* string buffer size */ + int buflen; /* string buffer size */ } nss_XbyY_buf_t; +struct nss_db_state; typedef struct { - void *state; /* really struct nss_db_state * */ + struct nss_db_state *s; #ifdef NEED_HPUX_MUTEX lwp_mutex_t lock; #endif @@ -78,7 +80,7 @@ #else # define NSS_DB_ROOT_INIT { 0 } #endif -# define DEFINE_NSS_DB_ROOT(name) nss_db_root_t name = NSS_DB_ROOT_INIT +#define DEFINE_NSS_DB_ROOT(name) nss_db_root_t name = NSS_DB_ROOT_INIT /* Backend function to find all groups a user belongs to for initgroups(). */ #define NSS_DBOP_GROUP_BYMEMBER 6 @@ -101,8 +103,8 @@ #endif typedef void (*nss_db_initf_t)(nss_db_params_t *); -extern nss_status_t nss_search(nss_db_root_t *, nss_db_initf_t, int, void *); -extern nss_XbyY_buf_t *_nss_XbyY_buf_alloc(int, int); +extern nss_status_t nss_search(nss_db_root_t *, nss_db_initf_t, int search_fnum, void *search_args); +extern nss_XbyY_buf_t *_nss_XbyY_buf_alloc(int struct_size, int buffer_size); extern void _nss_XbyY_buf_free(nss_XbyY_buf_t *); #endif /* COMPAT_NSS_DBDEFS_H */ diff -urNa sudo-1.9.7/lib/fuzzstub/fuzzstub.c sudo-1.9.7p1/lib/fuzzstub/fuzzstub.c --- sudo-1.9.7/lib/fuzzstub/fuzzstub.c Tue May 11 14:54:52 2021 +++ sudo-1.9.7p1/lib/fuzzstub/fuzzstub.c Fri Jun 11 13:04:29 2021 @@ -44,6 +44,8 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size); +sudo_dso_public int main(int argc, char *argv[]); + /* * Simple driver for fuzzers built for LLVM libfuzzer. * This stub library allows fuzz targets to be built and run without diff -urNa sudo-1.9.7/lib/iolog/Makefile.in sudo-1.9.7p1/lib/iolog/Makefile.in --- sudo-1.9.7/lib/iolog/Makefile.in Tue May 11 14:54:52 2021 +++ sudo-1.9.7p1/lib/iolog/Makefile.in Fri Jun 11 13:04:29 2021 @@ -85,7 +85,7 @@ LIB_FUZZING_ENGINE = @FUZZ_ENGINE@ FUZZ_PROGS = fuzz_iolog_json fuzz_iolog_legacy fuzz_iolog_timing FUZZ_SEED_CORPUS = ${FUZZ_PROGS:=_seed_corpus.zip} -FUZZ_LIBS = @LIBS@ $(LIB_FUZZING_ENGINE) +FUZZ_LIBS = $(LIB_FUZZING_ENGINE) @LIBS@ FUZZ_LDFLAGS = @LDFLAGS@ FUZZ_MAX_LEN = 4096 FUZZ_RUNS = 8192 @@ -176,13 +176,13 @@ $(LIBTOOL) $(LTFLAGS) --mode=link $(CC) -o $@ $(HOST_PORT_TEST_OBJS) libsudo_iolog.la $(ASAN_LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(TEST_LDFLAGS) $(TEST_LIBS) fuzz_iolog_json: $(FUZZ_IOLOG_JSON_OBJS) $(LIBFUZZSTUB) libsudo_iolog.la - $(LIBTOOL) $(LTFLAGS) --mode=link @FUZZ_LD@ -o $@ $(FUZZ_IOLOG_JSON_OBJS) libsudo_iolog.la $(ASAN_LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(FUZZ_LDFLAGS) $(FUZZ_LIBS) + $(LIBTOOL) $(LTFLAGS) --mode=link @FUZZ_LD@ -o $@ $(FUZZ_IOLOG_JSON_OBJS) $(ASAN_LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(FUZZ_LDFLAGS) $(FUZZ_LIBS) libsudo_iolog.la fuzz_iolog_legacy: $(FUZZ_IOLOG_LEGACY_OBJS) $(LIBFUZZSTUB) libsudo_iolog.la - $(LIBTOOL) $(LTFLAGS) --mode=link @FUZZ_LD@ -o $@ $(FUZZ_IOLOG_LEGACY_OBJS) libsudo_iolog.la $(ASAN_LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(FUZZ_LDFLAGS) $(FUZZ_LIBS) + $(LIBTOOL) $(LTFLAGS) --mode=link @FUZZ_LD@ -o $@ $(FUZZ_IOLOG_LEGACY_OBJS) $(ASAN_LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(FUZZ_LDFLAGS) $(FUZZ_LIBS) libsudo_iolog.la fuzz_iolog_timing: $(FUZZ_IOLOG_TIMING_OBJS) $(LIBFUZZSTUB) libsudo_iolog.la - $(LIBTOOL) $(LTFLAGS) --mode=link @FUZZ_LD@ -o $@ $(FUZZ_IOLOG_TIMING_OBJS) libsudo_iolog.la $(ASAN_LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(FUZZ_LDFLAGS) $(FUZZ_LIBS) + $(LIBTOOL) $(LTFLAGS) --mode=link @FUZZ_LD@ -o $@ $(FUZZ_IOLOG_TIMING_OBJS) $(ASAN_LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(FUZZ_LDFLAGS) $(FUZZ_LIBS) libsudo_iolog.la fuzz_iolog_json_seed_corpus.zip: tdir=fuzz_iolog_json.$$$$; \ diff -urNa sudo-1.9.7/lib/iolog/hostcheck.c sudo-1.9.7p1/lib/iolog/hostcheck.c --- sudo-1.9.7/lib/iolog/hostcheck.c Sat Mar 13 08:46:13 2021 +++ sudo-1.9.7p1/lib/iolog/hostcheck.c Fri Jun 11 13:04:29 2021 @@ -24,6 +24,7 @@ #if defined(HAVE_OPENSSL) # include # include +# include # include # include # include diff -urNa sudo-1.9.7/lib/util/Makefile.in sudo-1.9.7p1/lib/util/Makefile.in --- sudo-1.9.7/lib/util/Makefile.in Tue May 11 14:54:52 2021 +++ sudo-1.9.7p1/lib/util/Makefile.in Fri Jun 11 13:04:29 2021 @@ -105,7 +105,7 @@ # Regression tests TEST_PROGS = conf_test hltq_test parseln_test progname_test strsplit_test \ strtobool_test strtoid_test strtomode_test strtonum_test \ - parse_gids_test getgrouplist_test @COMPAT_TEST_PROGS@ + parse_gids_test getgids getgrouplist_test @COMPAT_TEST_PROGS@ TEST_LIBS = @LIBS@ TEST_LDFLAGS = @LDFLAGS@ @@ -114,7 +114,7 @@ LIB_FUZZING_ENGINE = @FUZZ_ENGINE@ FUZZ_PROGS = fuzz_sudo_conf FUZZ_SEED_CORPUS = ${FUZZ_PROGS:=_seed_corpus.zip} -FUZZ_LIBS = @LIBS@ $(LIB_FUZZING_ENGINE) +FUZZ_LIBS = $(LIB_FUZZING_ENGINE) @LIBS@ FUZZ_LDFLAGS = @LDFLAGS@ FUZZ_MAX_LEN = 4096 FUZZ_RUNS = 8192 @@ -170,6 +170,8 @@ PARSE_GIDS_TEST_OBJS = parse_gids_test.lo gidlist.lo +GETGIDS_OBJS = getgids.lo getgrouplist.lo + GETGROUPLIST_TEST_OBJS = getgrouplist_test.lo getgrouplist.lo STRSIG_TEST_OBJS = strsig_test.lo sig2str.lo str2sig.lo @SIGNAME@ @@ -269,6 +271,9 @@ parse_gids_test: $(PARSE_GIDS_TEST_OBJS) libsudo_util.la $(LIBTOOL) $(LTFLAGS) --mode=link $(CC) -o $@ $(PARSE_GIDS_TEST_OBJS) libsudo_util.la $(ASAN_LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(TEST_LDFLAGS) $(TEST_LIBS) +getgids: $(GETGIDS_OBJS) libsudo_util.la + $(LIBTOOL) $(LTFLAGS) --mode=link $(CC) -o $@ $(GETGIDS_OBJS) libsudo_util.la $(ASAN_LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(TEST_LDFLAGS) $(TEST_LIBS) + getgrouplist_test: $(GETGROUPLIST_TEST_OBJS) libsudo_util.la $(LIBTOOL) $(LTFLAGS) --mode=link $(CC) -o $@ $(GETGROUPLIST_TEST_OBJS) libsudo_util.la $(ASAN_LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(TEST_LDFLAGS) $(TEST_LIBS) @@ -294,7 +299,7 @@ $(LIBTOOL) $(LTFLAGS) --mode=link $(CC) -o $@ $(VSYSLOG_TEST_OBJS) libsudo_util.la $(ASAN_LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(TEST_LDFLAGS) $(TEST_LIBS) fuzz_sudo_conf: $(FUZZ_SUDO_CONF_OBJS) $(LIBFUZZSTUB) libsudo_util.la - $(LIBTOOL) $(LTFLAGS) --mode=link $(CC) -o $@ $(FUZZ_SUDO_CONF_OBJS) libsudo_util.la $(ASAN_LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(FUZZ_LDFLAGS) $(FUZZ_LIBS) + $(LIBTOOL) $(LTFLAGS) --mode=link $(CC) -o $@ $(FUZZ_SUDO_CONF_OBJS) $(ASAN_LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(FUZZ_LDFLAGS) $(FUZZ_LIBS) libsudo_util.la fuzz_sudo_conf_seed_corpus.zip: tdir=fuzz_sudo_conf.$$$$; \ @@ -781,12 +786,26 @@ $(CC) -E -o $@ $(CPPFLAGS) $< getentropy.plog: getentropy.i rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/getentropy.c --i-file $< --output-file $@ +getgids.lo: $(srcdir)/regress/getgrouplist/getgids.c \ + $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ + $(incdir)/sudo_fatal.h $(incdir)/sudo_plugin.h \ + $(incdir)/sudo_util.h $(top_builddir)/config.h + $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/regress/getgrouplist/getgids.c +getgids.i: $(srcdir)/regress/getgrouplist/getgids.c \ + $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ + $(incdir)/sudo_fatal.h $(incdir)/sudo_plugin.h \ + $(incdir)/sudo_util.h $(top_builddir)/config.h + $(CC) -E -o $@ $(CPPFLAGS) $< +getgids.plog: getgids.i + rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/regress/getgrouplist/getgids.c --i-file $< --output-file $@ getgrouplist.lo: $(srcdir)/getgrouplist.c $(incdir)/compat/nss_dbdefs.h \ $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ + $(incdir)/sudo_debug.h $(incdir)/sudo_queue.h \ $(incdir)/sudo_util.h $(top_builddir)/config.h $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/getgrouplist.c getgrouplist.i: $(srcdir)/getgrouplist.c $(incdir)/compat/nss_dbdefs.h \ $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ + $(incdir)/sudo_debug.h $(incdir)/sudo_queue.h \ $(incdir)/sudo_util.h $(top_builddir)/config.h $(CC) -E -o $@ $(CPPFLAGS) $< getgrouplist.plog: getgrouplist.i @@ -1126,10 +1145,12 @@ pwrite.plog: pwrite.i rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/pwrite.c --i-file $< --output-file $@ rcstr.lo: $(srcdir)/rcstr.c $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ - $(incdir)/sudo_util.h $(top_builddir)/config.h + $(incdir)/sudo_debug.h $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ + $(top_builddir)/config.h $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/rcstr.c rcstr.i: $(srcdir)/rcstr.c $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ - $(incdir)/sudo_util.h $(top_builddir)/config.h + $(incdir)/sudo_debug.h $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ + $(top_builddir)/config.h $(CC) -E -o $@ $(CPPFLAGS) $< rcstr.plog: rcstr.i rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/rcstr.c --i-file $< --output-file $@ diff -urNa sudo-1.9.7/lib/util/getgrouplist.c sudo-1.9.7p1/lib/util/getgrouplist.c --- sudo-1.9.7/lib/util/getgrouplist.c Sat Mar 13 08:46:13 2021 +++ sudo-1.9.7p1/lib/util/getgrouplist.c Fri Jun 11 13:04:29 2021 @@ -1,7 +1,7 @@ /* * SPDX-License-Identifier: ISC * - * Copyright (c) 2010, 2011, 2013-2018 + * Copyright (c) 2010, 2011, 2013-2021 * Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any @@ -41,6 +41,7 @@ #endif #include "sudo_compat.h" +#include "sudo_debug.h" #include "sudo_util.h" #ifndef HAVE_GETGROUPLIST @@ -70,16 +71,17 @@ #ifndef HAVE_GETGROUPLIST_2 int grpsize, tries; #endif + debug_decl(sudo_getgrouplist2, SUDO_DEBUG_UTIL); /* For static group vector, just use getgrouplist(3). */ if (groups != NULL) - return getgrouplist(name, basegid, groups, ngroupsp); + debug_return_int(getgrouplist(name, basegid, groups, ngroupsp)); #ifdef HAVE_GETGROUPLIST_2 if ((ngroups = getgrouplist_2(name, basegid, groupsp)) == -1) - return -1; + debug_return_int(-1); *ngroupsp = ngroups; - return 0; + debug_return_int(0); #else grpsize = (int)sysconf(_SC_NGROUPS_MAX); if (grpsize < 0) @@ -93,12 +95,12 @@ free(groups); groups = reallocarray(NULL, grpsize, sizeof(*groups)); if (groups == NULL) - return -1; + debug_return_int(-1); ngroups = grpsize; if (getgrouplist(name, basegid, groups, &ngroups) != -1) { *groupsp = groups; *ngroupsp = ngroups; - return 0; + debug_return_int(0); } if (ngroups == grpsize) { /* Failed for some reason other than ngroups too small. */ @@ -108,7 +110,7 @@ grpsize = ngroups; } free(groups); - return -1; + debug_return_int(-1); #endif /* HAVE_GETGROUPLIST_2 */ } @@ -128,6 +130,7 @@ int grpsize = *ngroupsp; int ret = -1; gid_t gid; + debug_decl(sudo_getgrouplist2, SUDO_DEBUG_UTIL); #ifdef HAVE_SETAUTHDB aix_setauthdb((char *) name, NULL); @@ -147,11 +150,11 @@ } groups = reallocarray(NULL, grpsize, sizeof(*groups)); if (groups == NULL) - return -1; + debug_return_int(-1); } else { /* Static group vector. */ if (grpsize < 1) - return -1; + debug_return_int(-1); } /* We support BSD semantics where the first element is the base gid */ @@ -175,7 +178,7 @@ *groupsp = groups; *ngroupsp = ngroups; - return ret; + debug_return_int(ret); } #elif defined(HAVE_NSS_SEARCH) @@ -211,11 +214,12 @@ const char *errstr; int yp = 0; id_t id; + debug_decl(str2grp, SUDO_DEBUG_UTIL); /* Must at least have space to copy instr -> buf. */ if (inlen >= buflen) - return NSS_STR_PARSE_ERANGE; - + debug_return_int(NSS_STR_PARSE_ERANGE); + /* Paranoia: buf and instr should be distinct. */ if (buf != instr) { memmove(buf, instr, inlen); @@ -223,7 +227,7 @@ } if ((fieldsep = strchr(cp = fieldsep, ':')) == NULL) - return NSS_STR_PARSE_PARSE; + debug_return_int(NSS_STR_PARSE_PARSE); *fieldsep++ = '\0'; grp->gr_name = cp; @@ -237,12 +241,12 @@ } if ((fieldsep = strchr(cp = fieldsep, ':')) == NULL) - return yp ? NSS_STR_PARSE_SUCCESS : NSS_STR_PARSE_PARSE; + debug_return_int(yp ? NSS_STR_PARSE_SUCCESS : NSS_STR_PARSE_PARSE); *fieldsep++ = '\0'; grp->gr_passwd = cp; if ((fieldsep = strchr(cp = fieldsep, ':')) == NULL) - return yp ? NSS_STR_PARSE_SUCCESS : NSS_STR_PARSE_PARSE; + debug_return_int(yp ? NSS_STR_PARSE_SUCCESS : NSS_STR_PARSE_PARSE); *fieldsep++ = '\0'; id = sudo_strtoid(cp, &errstr); if (errstr != NULL) { @@ -251,8 +255,8 @@ * at the end of YP entries since it has no meaning. */ if (errno == ERANGE) - return NSS_STR_PARSE_ERANGE; - return yp ? NSS_STR_PARSE_SUCCESS : NSS_STR_PARSE_PARSE; + debug_return_int(NSS_STR_PARSE_ERANGE); + debug_return_int(yp ? NSS_STR_PARSE_SUCCESS : NSS_STR_PARSE_PARSE); } #ifdef GID_NOBODY /* Negative gids get mapped to nobody on Solaris. */ @@ -266,10 +270,10 @@ grp->gr_mem = NULL; if (*fieldsep != '\0') { grp->gr_mem = gr_mem = (char **)ALIGN(buf + inlen + 1); - gr_end = (char **)((unsigned long)(buf + buflen) & ~ALIGNBYTES); + gr_end = (char **)((unsigned long)(buf + buflen) & ~ALIGNBYTES) - 1; for (;;) { - if (gr_mem == gr_end) - return NSS_STR_PARSE_ERANGE; /* out of space! */ + if (gr_mem >= gr_end) + debug_return_int(NSS_STR_PARSE_ERANGE); /* out of space! */ *gr_mem++ = cp; if (fieldsep == NULL) break; @@ -278,7 +282,7 @@ } *gr_mem = NULL; } - return NSS_STR_PARSE_SUCCESS; + debug_return_int(NSS_STR_PARSE_SUCCESS); } static nss_status_t @@ -291,25 +295,31 @@ struct group *grp; char **gr_mem; int error, i; + debug_decl(process_cstr, SUDO_DEBUG_UTIL); + sudo_debug_printf(SUDO_DEBUG_INFO, "%s: parsing %.*s", __func__, + inlen, instr); + /* Hack to let us check whether the query was handled by nscd or us. */ if (gbm->force_slow_way != 0) gbm->force_slow_way = 2; buf = _nss_XbyY_buf_alloc(sizeof(struct group), NSS_BUFLEN_GROUP); if (buf == NULL) - return NSS_UNAVAIL; + debug_return_int(NSS_UNAVAIL); /* Parse groups file string -> struct group. */ grp = buf->result; error = (*gbm->str2ent)(instr, inlen, grp, buf->buffer, buf->buflen); - if (error || grp->gr_mem == NULL) + if (error != NSS_STR_PARSE_SUCCESS || grp->gr_mem == NULL) goto done; for (gr_mem = grp->gr_mem; *gr_mem != NULL; gr_mem++) { if (strcmp(*gr_mem, user) == 0) { + const int numgids = MIN(gbm->numgids, gbm->maxgids); + /* Append to gid_array unless gr_gid is a dupe. */ - for (i = 0; i < gbm->numgids; i++) { + for (i = 0; i < numgids; i++) { if (gbm->gid_array[i] == grp->gr_gid) goto done; /* already present */ } @@ -334,7 +344,7 @@ } done: _nss_XbyY_buf_free(buf); - return ret; + debug_return_int(ret); } static nss_status_t @@ -358,6 +368,7 @@ { struct nss_groupsbymem gbm; static DEFINE_NSS_DB_ROOT(db_root); + debug_decl(sudo_getgrouplist2, SUDO_DEBUG_UTIL); memset(&gbm, 0, sizeof(gbm)); gbm.username = name; @@ -374,13 +385,13 @@ gbm.maxgids = NGROUPS_MAX; gbm.gid_array = reallocarray(NULL, gbm.maxgids, 4 * sizeof(GETGROUPS_T)); if (gbm.gid_array == NULL) - return -1; + debug_return_int(-1); gbm.maxgids <<= 2; gbm.process_cstr = process_cstr_dynamic; } else { /* Static group vector. */ if (gbm.maxgids <= 0) - return -1; + debug_return_int(-1); gbm.process_cstr = process_cstr_static; } @@ -414,7 +425,7 @@ tmp = reallocarray(gbm.gid_array, gbm.maxgids, 2 * sizeof(GETGROUPS_T)); if (tmp == NULL) { free(gbm.gid_array); - return -1; + debug_return_int(-1); } gbm.gid_array = tmp; gbm.maxgids <<= 1; @@ -424,10 +435,10 @@ *groupsp = gbm.gid_array; if (gbm.numgids <= gbm.maxgids) { *ngroupsp = gbm.numgids; - return 0; + debug_return_int(0); } *ngroupsp = gbm.maxgids; - return -1; + debug_return_int(-1); } #else /* !HAVE_GETGROUPLIST && !HAVE_GETGRSET && !HAVE__GETGROUPSBYMEMBER */ @@ -444,6 +455,7 @@ int i, ngroups = 1; int ret = -1; struct group *grp; + debug_decl(sudo_getgrouplist2, SUDO_DEBUG_UTIL); if (groups == NULL) { /* Dynamically-sized group vector. */ @@ -452,12 +464,12 @@ grpsize = NGROUPS_MAX; groups = reallocarray(NULL, grpsize, 4 * sizeof(*groups)); if (groups == NULL) - return -1; + debug_return_int(-1); grpsize <<= 2; } else { /* Static group vector. */ if (grpsize < 1) - return -1; + debug_return_int(-1); } /* We support BSD semantics where the first element is the base gid */ @@ -508,6 +520,6 @@ *groupsp = groups; *ngroupsp = ngroups; - return ret; + debug_return_int(ret); } #endif /* !HAVE_GETGROUPLIST && !HAVE_GETGRSET && !HAVE__GETGROUPSBYMEMBER */ diff -urNa sudo-1.9.7/lib/util/regress/getgrouplist/getgids.c sudo-1.9.7p1/lib/util/regress/getgrouplist/getgids.c --- sudo-1.9.7/lib/util/regress/getgrouplist/getgids.c Wed Dec 31 17:00:00 1969 +++ sudo-1.9.7p1/lib/util/regress/getgrouplist/getgids.c Fri Jun 11 13:04:29 2021 @@ -0,0 +1,81 @@ +/* + * SPDX-License-Identifier: ISC + * + * Copyright (c) 2021 Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include + +#include +#include +#include +#ifdef HAVE_STDBOOL_H +# include +#else +# include "compat/stdbool.h" +#endif +#include +#include +#include + +#define SUDO_ERROR_WRAP 0 + +#include "sudo_compat.h" +#include "sudo_fatal.h" +#include "sudo_util.h" + +sudo_dso_public int main(int argc, char *argv[]); + +/* + * Implement "id -G" using sudo_getgrouplist2(). + */ + +int +main(int argc, char *argv[]) +{ + char *username = NULL; + GETGROUPS_T *groups = NULL; + struct passwd *pw; + int i, ngroups; + gid_t basegid; + initprogname(argc > 0 ? argv[0] : "getgids"); + + if (getopt(argc, argv, "") != -1) { + fprintf(stderr, "usage: %s [user]\n", getprogname()); + return EXIT_FAILURE; + } + if (argc > 1) + username = argv[1]; + + if (username != NULL) { + if ((pw = getpwnam(username)) == NULL) + sudo_fatalx("unknown user name %s", username); + } else { + if ((pw = getpwuid(getuid())) == NULL) + sudo_fatalx("unknown user ID %u", (unsigned int)getuid()); + } + basegid = pw->pw_gid; + if ((username = strdup(pw->pw_name)) == NULL) + sudo_fatal(NULL); + + if (sudo_getgrouplist2(username, basegid, &groups, &ngroups) == -1) + sudo_fatal("sudo_getgroulist2"); + + for (i = 0; i < ngroups; i++) { + printf("%s%u", i ? " " : "", (unsigned int)groups[i]); + } + putchar('\n'); + return EXIT_SUCCESS; +} diff -urNa sudo-1.9.7/logsrvd/Makefile.in sudo-1.9.7p1/logsrvd/Makefile.in --- sudo-1.9.7/logsrvd/Makefile.in Tue May 11 14:54:52 2021 +++ sudo-1.9.7p1/logsrvd/Makefile.in Fri Jun 11 13:04:29 2021 @@ -104,7 +104,7 @@ LIB_FUZZING_ENGINE = @FUZZ_ENGINE@ FUZZ_PROGS = fuzz_logsrvd_conf FUZZ_SEED_CORPUS = ${FUZZ_PROGS:=_seed_corpus.zip} -FUZZ_LIBS = $(LIBS) $(LIB_FUZZING_ENGINE) +FUZZ_LIBS = $(LIB_FUZZING_ENGINE) $(LIBS) FUZZ_LDFLAGS = $(LDFLAGS) FUZZ_MAX_LEN = 4096 FUZZ_RUNS = 8192 diff -urNa sudo-1.9.7/logsrvd/logsrvd.c sudo-1.9.7p1/logsrvd/logsrvd.c --- sudo-1.9.7/logsrvd/logsrvd.c Tue May 11 14:54:52 2021 +++ sudo-1.9.7p1/logsrvd/logsrvd.c Fri Jun 11 13:04:29 2021 @@ -244,7 +244,10 @@ /* Final state should be FINISHED except on error. */ sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO, - "closure %p, final state %d", closure, closure->state); + "%s: closure %p, final state %d, relay_closure %p, " + "journal file %p, journal path %s", __func__, closure, + closure->state, closure->relay_closure, closure->journal, + closure->journal_path ? closure->journal_path : ""); /* * If we finished a client connection in store-and-forward mode, @@ -404,7 +407,7 @@ /* Prevent further reads from the client, just write the error. */ sudo_ev_del(closure->evbase, closure->read_ev); - if (errstr == NULL || closure->state == ERROR || closure->write_ev == NULL) + if (errstr == NULL || closure->error || closure->write_ev == NULL) goto done; /* Format error message and add to the write queue. */ @@ -419,7 +422,7 @@ ret = true; done: - closure->state = ERROR; + closure->error = true; debug_return_bool(ret); } @@ -963,8 +966,8 @@ if (TAILQ_EMPTY(&closure->write_bufs)) { /* Write queue empty, check state. */ sudo_ev_del(closure->evbase, closure->write_ev); - if (closure->state == FINISHED || closure->state == SHUTDOWN || - closure->state == ERROR) + if (closure->error || closure->state == FINISHED || + closure->state == SHUTDOWN) goto finished; } } diff -urNa sudo-1.9.7/logsrvd/logsrvd.h sudo-1.9.7p1/logsrvd/logsrvd.h --- sudo-1.9.7/logsrvd/logsrvd.h Tue May 11 14:54:52 2021 +++ sudo-1.9.7p1/logsrvd/logsrvd.h Fri Jun 11 13:04:29 2021 @@ -54,8 +54,7 @@ RUNNING, EXITED, SHUTDOWN, - FINISHED, - ERROR + FINISHED }; /* @@ -106,6 +105,7 @@ int iolog_dir_fd; int sock; enum connection_status state; + bool error; bool tls; bool log_io; bool store_first; diff -urNa sudo-1.9.7/plugins/audit_json/audit_json.c sudo-1.9.7p1/plugins/audit_json/audit_json.c --- sudo-1.9.7/plugins/audit_json/audit_json.c Sat Mar 13 08:46:13 2021 +++ sudo-1.9.7p1/plugins/audit_json/audit_json.c Fri Jun 11 13:04:29 2021 @@ -1,7 +1,7 @@ /* * SPDX-License-Identifier: ISC * - * Copyright (c) 2020 Todd C. Miller + * Copyright (c) 2020-2021 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -553,10 +553,20 @@ goto oom; /* Write key=value objects. */ - if (!add_key_value_object(&json, "options", state.settings, settings_filter)) - goto oom; - if (!add_key_value_object(&json, "user_info", state.user_info, NULL)) - goto oom; + if (state.settings != NULL) { + if (!add_key_value_object(&json, "options", state.settings, settings_filter)) + goto oom; + } else { + sudo_debug_printf(SUDO_DEBUG_WARN|SUDO_DEBUG_LINENO, + "missing settings list"); + } + if (state.user_info != NULL) { + if (!add_key_value_object(&json, "user_info", state.user_info, NULL)) + goto oom; + } else { + sudo_debug_printf(SUDO_DEBUG_WARN|SUDO_DEBUG_LINENO, + "missing user_info list"); + } if (command_info != NULL) { if (!add_key_value_object(&json, "command_info", command_info, NULL)) goto oom; @@ -568,10 +578,20 @@ if (!sudo_json_add_value(&json, "submit_optind", &json_value)) goto oom; - if (!add_array(&json, "submit_argv", state.submit_argv)) - goto oom; - if (!add_array(&json, "submit_envp", state.submit_envp)) - goto oom; + if (state.submit_argv != NULL) { + if (!add_array(&json, "submit_argv", state.submit_argv)) + goto oom; + } else { + sudo_debug_printf(SUDO_DEBUG_WARN|SUDO_DEBUG_LINENO, + "missing submit_argv array"); + } + if (state.submit_envp != NULL) { + if (!add_array(&json, "submit_envp", state.submit_envp)) + goto oom; + } else { + sudo_debug_printf(SUDO_DEBUG_WARN|SUDO_DEBUG_LINENO, + "missing submit_envp array"); + } if (run_argv != NULL) { if (!add_array(&json, "run_argv", run_argv)) goto oom; diff -urNa sudo-1.9.7/plugins/sudoers/defaults.h sudo-1.9.7p1/plugins/sudoers/defaults.h --- sudo-1.9.7/plugins/sudoers/defaults.h Sat Mar 13 08:46:13 2021 +++ sudo-1.9.7p1/plugins/sudoers/defaults.h Fri Jun 11 13:04:29 2021 @@ -104,7 +104,7 @@ #undef T_TIMESPEC #define T_TIMESPEC 0x010 #undef T_TIMEOUT -#define T_TIMEOUT 0x020 +#define T_TIMEOUT 0x011 #undef T_MASK #define T_MASK 0x0FF #undef T_BOOL diff -urNa sudo-1.9.7/plugins/sudoers/log_client.c sudo-1.9.7p1/plugins/sudoers/log_client.c --- sudo-1.9.7/plugins/sudoers/log_client.c Tue May 11 14:54:52 2021 +++ sudo-1.9.7p1/plugins/sudoers/log_client.c Fri Jun 11 13:04:29 2021 @@ -1980,7 +1980,7 @@ /* Connect to log first available log server. */ if (!log_server_connect(closure)) { /* TODO: support offline logs if server unreachable */ - sudo_warn("%s", U_("unable to connect to log server")); + sudo_warnx("%s", U_("unable to connect to log server")); goto bad; } diff -urNa sudo-1.9.7/plugins/sudoers/policy.c sudo-1.9.7p1/plugins/sudoers/policy.c --- sudo-1.9.7/plugins/sudoers/policy.c Mon Mar 15 10:50:00 2021 +++ sudo-1.9.7p1/plugins/sudoers/policy.c Fri Jun 11 13:04:29 2021 @@ -588,7 +588,7 @@ * Store the execution environment and other front-end settings. * Builds up the command_info list and sets argv and envp. * Consumes iolog_path if not NULL. - * Returns 1 on success and -1 on error. + * Returns true on success, else false. */ bool sudoers_policy_store_result(bool accepted, char *argv[], char *envp[], @@ -638,7 +638,7 @@ goto oom; } if (def_maxseq != NULL) { - if (asprintf(&command_info[info_len++], "maxseq=%s", def_maxseq) == -1) + if ((command_info[info_len++] = sudo_new_key_val("maxseq", def_maxseq)) == NULL) goto oom; } } @@ -715,8 +715,10 @@ glsize = sizeof("runas_groups=") - 1 + ((gidlist->ngids + 1) * (MAX_UID_T_LEN + 1)); gid_list = malloc(glsize); - if (gid_list == NULL) + if (gid_list == NULL) { + sudo_gidlist_delref(gidlist); goto oom; + } memcpy(gid_list, "runas_groups=", sizeof("runas_groups=") - 1); cp = gid_list + sizeof("runas_groups=") - 1; @@ -727,6 +729,7 @@ if (len < 0 || (size_t)len >= glsize - (cp - gid_list)) { sudo_warnx(U_("internal error, %s overflow"), __func__); free(gid_list); + sudo_gidlist_delref(gidlist); goto bad; } cp += len; @@ -737,6 +740,7 @@ if (len < 0 || (size_t)len >= glsize - (cp - gid_list)) { sudo_warnx(U_("internal error, %s overflow"), __func__); free(gid_list); + sudo_gidlist_delref(gidlist); goto bad; } cp += len; diff -urNa sudo-1.9.7/scripts/ltmain.sh sudo-1.9.7p1/scripts/ltmain.sh --- sudo-1.9.7/scripts/ltmain.sh Tue May 11 14:54:52 2021 +++ sudo-1.9.7p1/scripts/ltmain.sh Fri Jun 11 13:04:29 2021 @@ -8742,9 +8742,6 @@ eval libname=\"$libname_spec\" ;; *) - test no = "$module" \ - && func_fatal_help "libtool library '$output' must begin with 'lib'" - if test no != "$need_lib_prefix"; then # Add the "lib" prefix for modules if required func_stripname '' '.la' "$outputname" diff -urNa sudo-1.9.7/scripts/mkpkg sudo-1.9.7p1/scripts/mkpkg --- sudo-1.9.7/scripts/mkpkg Tue May 11 14:54:52 2021 +++ sudo-1.9.7p1/scripts/mkpkg Fri Jun 11 13:04:29 2021 @@ -132,10 +132,10 @@ # Choose compiler options by osversion if not cross-compiling. if [ "$crossbuild" = "false" ]; then case "$osversion" in - macos*) - # Use clang on macOS if present - if [ -z "$CC" -a -x /usr/bin/clang ]; then - CC=/usr/bin/clang; export CC + FreeBSD*|macos*) + # Use the system compiler on FreeBSD and macOS + if [ -z "$CC" -a -x /usr/bin/cc ]; then + CC=/usr/bin/cc; export CC fi ;; esac diff -urNa sudo-1.9.7/src/Makefile.in sudo-1.9.7p1/src/Makefile.in --- sudo-1.9.7/src/Makefile.in Tue May 11 14:54:52 2021 +++ sudo-1.9.7p1/src/Makefile.in Fri Jun 11 13:04:29 2021 @@ -64,6 +64,9 @@ # Flags to pass to libtool LTFLAGS = --tag=disable-static +# Build sudo_noexec as a module instead of a shared lib (except on macOS) +NOEXEC_MODULE = @NOEXEC_MODULE@ + # Address sanitizer flags ASAN_CFLAGS = @ASAN_CFLAGS@ ASAN_LDFLAGS = @ASAN_LDFLAGS@ @@ -175,15 +178,8 @@ sudo: $(OBJS) $(LT_LIBS) @STATIC_SUDOERS@ $(LIBTOOL) $(LTFLAGS) --mode=link $(CC) -o $@ $(OBJS) $(SUDO_LDFLAGS) $(ASAN_LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(LIBS) @STATIC_SUDOERS@ -# We can't use -module here since you cannot preload a module on Darwin -libsudo_noexec.la: sudo_noexec.lo - $(LIBTOOL) $(LTFLAGS) --mode=link $(CC) $(LDFLAGS) $(LT_LDFLAGS) $(SSP_LDFLAGS) @LIBDL@ -o $@ sudo_noexec.lo -avoid-version -rpath $(noexecdir) -shrext .so - -# Some hackery is required to install this as sudo_noexec, not libsudo_noexec -sudo_noexec.la: libsudo_noexec.la - sed 's/libsudo_noexec/sudo_noexec/g' libsudo_noexec.la > sudo_noexec.la - if test -f .libs/libsudo_noexec.lai; then sed 's/libsudo_noexec/sudo_noexec/g' .libs/libsudo_noexec.lai > .libs/sudo_noexec.lai; fi - cp -p .libs/libsudo_noexec.so .libs/sudo_noexec.so +sudo_noexec.la: sudo_noexec.lo + $(LIBTOOL) $(LTFLAGS) --mode=link $(CC) $(LDFLAGS) $(LT_LDFLAGS) $(SSP_LDFLAGS) @LIBDL@ -o $@ sudo_noexec.lo $(NOEXEC_MODULE) -avoid-version -rpath $(noexecdir) -shrext .so sesh: $(SESH_OBJS) $(LT_LIBS) $(LIBTOOL) $(LTFLAGS) --mode=link $(CC) -o $@ $(SESH_OBJS) $(LDFLAGS) $(ASAN_LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(LIBS) diff -urNa sudo-1.9.7/src/load_plugins.c sudo-1.9.7p1/src/load_plugins.c --- sudo-1.9.7/src/load_plugins.c Sat Mar 13 08:46:14 2021 +++ sudo-1.9.7p1/src/load_plugins.c Fri Jun 11 13:04:29 2021 @@ -47,9 +47,7 @@ if (info->path[0] == '/') { if (strlcpy(fullpath, info->path, pathsize) >= pathsize) { - sudo_warnx(U_("error in %s, line %d while loading plugin \"%s\""), - _PATH_SUDO_CONF, info->lineno, info->symbol_name); - sudo_warnx(U_("%s: %s"), info->path, strerror(ENAMETOOLONG)); + errno = ENAMETOOLONG; goto done; } status = stat(fullpath, sb); @@ -60,9 +58,7 @@ /* Check static symbols. */ if (strcmp(info->path, SUDOERS_PLUGIN) == 0) { if (strlcpy(fullpath, info->path, pathsize) >= pathsize) { - sudo_warnx(U_("error in %s, line %d while loading plugin \"%s\""), - _PATH_SUDO_CONF, info->lineno, info->symbol_name); - sudo_warnx(U_("%s: %s"), info->path, strerror(ENAMETOOLONG)); + errno = ENAMETOOLONG; goto done; } /* Plugin is static, fake up struct stat. */ @@ -82,10 +78,7 @@ len = snprintf(fullpath, pathsize, "%s%s", sudo_conf_plugin_dir_path(), info->path); if (len < 0 || (size_t)len >= pathsize) { - sudo_warnx(U_("error in %s, line %d while loading plugin \"%s\""), - _PATH_SUDO_CONF, info->lineno, info->symbol_name); - sudo_warnx(U_("%s%s: %s"), sudo_conf_plugin_dir_path(), info->path, - strerror(ENAMETOOLONG)); + errno = ENAMETOOLONG; goto done; } /* Try parent dir for compatibility with old plugindir default. */ @@ -201,7 +194,7 @@ plugin_exists(struct plugin_container_list *plugins, const char *symbol_name) { struct plugin_container *container; - debug_decl(find_plugin, SUDO_DEBUG_PLUGIN); + debug_decl(plugin_exists, SUDO_DEBUG_PLUGIN); TAILQ_FOREACH(container, plugins, entries) { if (strcmp(container->name, symbol_name) == 0) @@ -215,8 +208,9 @@ struct generic_plugin * sudo_plugin_try_to_clone(void *so_handle, const char *symbol_name) { - debug_decl(sudo_plugin_clone, SUDO_DEBUG_PLUGIN); + debug_decl(sudo_plugin_try_to_clone, SUDO_DEBUG_PLUGIN); struct generic_plugin * plugin = NULL; + plugin_clone_func *clone_func; char *clone_func_name = NULL; if (asprintf(&clone_func_name, "%s_clone", symbol_name) < 0) { @@ -224,7 +218,7 @@ goto cleanup; } - plugin_clone_func *clone_func = (plugin_clone_func *)sudo_dso_findsym(so_handle, clone_func_name); + clone_func = sudo_dso_findsym(so_handle, clone_func_name); if (clone_func) { plugin = (*clone_func)(); } diff -urNa sudo-1.9.7/src/sudo_edit.c sudo-1.9.7p1/src/sudo_edit.c --- sudo-1.9.7/src/sudo_edit.c Sat Mar 13 08:47:23 2021 +++ sudo-1.9.7p1/src/sudo_edit.c Fri Jun 11 13:04:29 2021 @@ -529,6 +529,8 @@ if (nfiles < 1) debug_return_int(0); + const int check_dir = ISSET(command_details->flags, CD_SUDOEDIT_CHECKDIR); + /* Construct common args for sesh */ sesh_nargs = 5 + (nfiles * 2) + 1; sesh_args = sesh_ap = reallocarray(NULL, sesh_nargs, sizeof(char *)); @@ -538,7 +540,7 @@ } *sesh_ap++ = "sesh"; *sesh_ap++ = "-e"; - if (ISSET(command_details->flags, CD_SUDOEDIT_CHECKDIR)) { + if (check_dir) { if ((user_str = selinux_fmt_sudo_user()) == NULL) { sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); goto done; @@ -581,7 +583,11 @@ if (tfd != -1) close(tfd); - if (sesh_ap - sesh_args > 3) { + /* + * check dir adds two more args to the array + */ + if ((!check_dir && sesh_ap - sesh_args > 3) + || (check_dir && sesh_ap - sesh_args > 5)) { /* Run sesh -e 1 ... */ error = selinux_run_helper(command_details->cred.uid, command_details->cred.gid, command_details->cred.ngroups, command_details->cred.groups, sesh_args, diff -urNa sudo-1.9.7/src/ttyname.c sudo-1.9.7p1/src/ttyname.c --- sudo-1.9.7/src/ttyname.c Sat Mar 13 08:46:14 2021 +++ sudo-1.9.7p1/src/ttyname.c Fri Jun 11 13:04:29 2021 @@ -131,8 +131,8 @@ ret = sudo_ttyname_dev(ki_proc->sudo_kp_tdev, name, namelen); if (ret == NULL) { sudo_debug_printf(SUDO_DEBUG_WARN|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO, - "unable to map device number %u to name", - ki_proc->sudo_kp_tdev); + "unable to map device number %lu to name", + (unsigned long)ki_proc->sudo_kp_tdev); } } } else {