Merge sudo 1.9.6 from tip

--HG-- branch : 1.9
sudo-project · Mar 13, 2021 · b0842bc · b0842bc
2 parents 91a99c2 + f57ab1a
commit b0842bc
Show file tree

Hide file tree

Showing 293 changed files with 40,582 additions and 24,790 deletions.
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
@@ -0,0 +1,40 @@
+# See: https://google.github.io/oss-fuzz/getting-started/continuous-integration/
+
+name: CIFuzz
+on:
+  # Trigger the workflow on push or pull requests, but only for the
+  # main branch and only for C source files.
+  push:
+    branches:
+      - main
+    paths:
+      - '**.c'
+      - '**.h'
+  pull_request:
+    branches:
+      - main
+    paths:
+      - '**.c'
+      - '**.h'
+jobs:
+  Fuzzing:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Build Fuzzers
+      id: build
+      uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@master
+      with:
+        oss-fuzz-project-name: 'sudoers'
+        dry-run: false
+    - name: Run Fuzzers
+      uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@master
+      with:
+        oss-fuzz-project-name: 'sudoers'
+        fuzz-seconds: 600
+        dry-run: false
+    - name: Upload Crash
+      uses: actions/upload-artifact@v1
+      if: failure() && steps.build.outcome == 'success'
+      with:
+        name: artifacts
+        path: ./out/artifacts
diff --git a/.gitignore b/.gitignore
@@ -32,6 +32,8 @@ doc/fixman.sed
 
 examples/sudo.conf
 
+etc/init.d/sudo.conf
+
 init.d/*.sh
 init.d/sudo.conf
 
@@ -41,20 +43,26 @@ src/check_noexec
 src/check_ttyname
 src/sudo_usage.h
 
-lib/iolog/check_iolog_path
-lib/iolog/check_iolog_util
+lib/eventlog/check_wrap
+lib/eventlog/regress/logwrap/check_wrap.out
+
+lib/iolog/check_iolog_[a-z]*
+lib/iolog/fuzz_iolog_[a-z]*
+lib/iolog/host_port_test
 
 lib/util/mksiglist
 lib/util/mksigname
 lib/util/siglist.c
 lib/util/signame.c
 lib/util/util.exp
-lib/util/[a-z0-9_]*_test
+lib/util/[a-z]*_test
+lib/util/fuzz_[a-z]*
 lib/util/regress/**/*.out
 lib/util/regress/**/*.err
 
 logsrvd/sudo_logsrvd
 logsrvd/sudo_sendlog
+logsrvd/fuzz_[a-z]*
 
 plugins/sudoers/cvtsudoers
 plugins/sudoers/sudoers
@@ -63,7 +71,8 @@ plugins/sudoers/testsudoers
 plugins/sudoers/tsdump
 plugins/sudoers/visudo
 plugins/sudoers/prologue
-plugins/sudoers/check_[a-z0-9_]*
+plugins/sudoers/check_[a-z]*
+plugins/sudoers/fuzz_[a-z]*
 plugins/sudoers/regress/**/*.out
 plugins/sudoers/regress/**/*.toke
 plugins/sudoers/regress/**/*.err
@@ -76,3 +85,4 @@ plugins/sudoers/regress/testsudoers/test3.d/root
 
 plugins/python/__pycache__
 plugins/python/regress/__pycache__
+plugins/python/check_python_examples
diff --git a/.hgignore b/.hgignore
@@ -26,6 +26,8 @@ Makefile$
 ^doc/.*\.mdoc$
 ^doc/fixman\.sed$
 
+^etc/init\.d/sudo\.conf$
+
 ^examples/sudo\.conf$
 
 ^init\.d/.*\.sh$
@@ -37,22 +39,31 @@ Makefile$
 ^src/check_(noexec|ttyname)$
 ^src/sudo_usage\.h$
 
-^lib/iolog/check_iolog_(path|util)$
+^lib/eventlog/check_wrap$
+^lib/eventlog/regress/logwrap/check_wrap.out$
+
+^lib/iolog/check_iolog_(json|mkpath|path|util)$
+^lib/iolog/fuzz_iolog_(json|legacy|timing)$
+^lib/iolog/host_port_test$
 
 ^lib/util/mksiglist$
 ^lib/util/mksigname$
 ^lib/util/siglist\.c$
 ^lib/util/signame\.c$
 ^lib/util/util\.exp$
 ^lib/util/[a-z0-9_]+_test$
+^lib/util/fuzz_sudo_conf$
 ^lib/util/regress/.*\.(out|err)$
 
 ^logsrvd/sudo_(logsrvd|sendlog)$
+^logsrvd/fuzz_logsrvd_conf$
 
 ^plugins/sudoers/(cvtsudoers|sudoers|sudoreplay|testsudoers|tsdump|visudo|prologue|check_[a-z0-9_]+)$
+^plugins/sudoers/fuzz_(policy|sudoers(_ldif)?)$
 ^plugins/sudoers/.*\.(out|toke|err|json|ldif|sudo|ldif2sudo)$
 ^plugins/sudoers/regress/iolog_plugin/iolog$
 ^plugins/sudoers/regress/testsudoers/test3\.d/root$
 
 ^plugins/python/__pycache__
 ^plugins/python/regress/__pycache__
+^plugins/python/check_python_examples$
diff --git a/INSTALL b/INSTALL
@@ -160,24 +160,61 @@ Directory and file names:
 	contain a fully-qualified path.
 
 Compilation options:
+  --enable-sanitizer=[flags]
+        Enable the use of sanitizers such as AddressSanitizer and
+        UndefinedBehaviorSanitizer if supported by the compiler.
+        This can help detect common problems such as buffer overflows
+        and use after free bugs as well as behavior not defined by
+        the C standard.  For more information see:
+	    https://github.com/google/sanitizers/wiki
+
+	If no flags are specified by the user, a default value of
+	"-fsanitize=address,undefined" will be used.
+
+        This option should only be used for testing and not in a
+        production environment.  Due to some sanitizers' unchecked
+        use of environment variables, it is trivial to exploit a
+        setuid root executable such as sudo.
+
+  --enable-fuzzer
+	Enable building sudo with the LLVM libFuzzer, see
+	https://www.llvm.org/docs/LibFuzzer.html for details.
+	The resulting binaries, beginning with "fuzz_" can be used
+	to test sudo.  This option is generally used in conjunction
+	with --enable-sanitizer.  This option requires the clang
+	C compiler--it is not supported by gcc.
+
+	This option should only be used for testing and not in a
+	production environment.
+
+  --enable-fuzzer-engine=library
+        The library to use when linking fuzz targets instead of
+        LLVM's libFuzzer.  It is intended to be set to the path to
+        an alternate fuzzing library, such as AFL++ or Honggfuzz.
+
+  --enable-fuzzer-linker=command
+        An alternate linker command to use when building fuzz
+        targets, instead of clang.  It may be necessary to set this
+        when using the --enable-fuzzer-engine option to link with
+        a fuzzer engine that requires C++ libraries.  For oss-fuzz,
+        this option is used to cause fuzz targets to be linked with
+        clang++.
+
   --disable-hardening
 	Disable the use of compiler/linker exploit mitigation options
 	which are enabled by default.  This includes compiling with
 	_FORTIFY_SOURCE defined to 2, building with -fstack-protector
 	and linking with -zrelro, where supported.
 
-  --enable-asan
-        Enable the use of AddressSanitizer if supported by the
-        compiler.  This can help detect common problems such as
-        buffer overflows and user after free bugs as well as behavior
-	undefined by the C standard.  For more information see
-        https://github.com/google/sanitizers/wiki/AddressSanitizer
-	The following compiler flag is used: -fsanitize=address,undefined
+  --disable-ssp
+	Disable use of the -fstack-protector compiler option.
+	This does not affect the other hardening options.
 
-        This option should only be used for testing and not in a
-        production environment.  Due to AddressSanitizer's unchecked
-        use of environment variables, it is trivial to exploit a
-        setuid root executable such as sudo.
+  --disable-leaks
+	Avoid leaking memory even when we are headed for exit,
+	which helps reduce the noise from static and active analyzers.
+	This option should only be used for testing and not in a
+	production environment.
 
   --enable-pie
         Build sudo and related programs as as a position independent
@@ -391,9 +428,11 @@ Operating system-specific options:
 	Disable use of the setresuid() function for operating systems
 	where it is broken (none currently known).
 
-  --enable-admin-flag
-	Enable the creation of an Ubuntu-style admin flag file
-	the first time sudo is run.
+  --enable-admin-flag[=PATH]
+        Enable the creation of an Ubuntu-style admin flag file the
+        first time sudo is run.  If PATH is not specified, the
+        default value is:
+	    ~/.sudo_as_admin_successful
 
   --enable-devsearch=PATH
         Set a system-specific search path of directories to look in