diff --git a/MANIFEST b/MANIFEST index 1b6685c88..6b9ecc525 100644 --- a/MANIFEST +++ b/MANIFEST @@ -724,6 +724,7 @@ plugins/sudoers/regress/env_match/data plugins/sudoers/regress/exptilde/check_exptilde.c plugins/sudoers/regress/fuzz/fuzz_policy.c plugins/sudoers/regress/fuzz/fuzz_policy.dict +plugins/sudoers/regress/fuzz/fuzz_stubs.c plugins/sudoers/regress/fuzz/fuzz_sudoers.c plugins/sudoers/regress/fuzz/fuzz_sudoers.dict plugins/sudoers/regress/fuzz/fuzz_sudoers.out.ok diff --git a/plugins/sudoers/Makefile.in b/plugins/sudoers/Makefile.in index e8e6fe853..dbcffda71 100644 --- a/plugins/sudoers/Makefile.in +++ b/plugins/sudoers/Makefile.in @@ -241,14 +241,14 @@ CHECK_STARTTIME_OBJS = check_starttime.o starttime.lo sudoers_debug.lo CHECK_UNESC_OBJS = check_unesc.o strlcpy_unesc.lo strvec_join.lo sudoers_debug.lo -FUZZ_POLICY_OBJS = fuzz_policy.o editor.lo env.lo env_pattern.lo gc.lo \ - iolog_path_escapes.lo locale.lo policy.lo strlcpy_unesc.lo \ - strvec_join.lo sudoers.lo +FUZZ_POLICY_OBJS = editor.lo env.lo env_pattern.lo fuzz_policy.o fuzz_stubs.o \ + gc.lo iolog_path_escapes.lo locale.lo policy.lo \ + strlcpy_unesc.lo strvec_join.lo sudoers.lo FUZZ_POLICY_CORPUS = $(srcdir)/regress/corpus/policy/policy.* -FUZZ_SUDOERS_OBJS = check_aliases.o fuzz_sudoers.o fmtsudoers.lo parse.lo \ - locale.lo stubs.o sudo_printf.o +FUZZ_SUDOERS_OBJS = check_aliases.o fuzz_stubs.o fuzz_sudoers.o fmtsudoers.lo \ + parse.lo locale.lo sudo_printf.o FUZZ_SUDOERS_CORPUS = $(top_srcdir)/examples/sudoers \ $(srcdir)/regress/sudoers/test1.in \ @@ -277,8 +277,8 @@ FUZZ_SUDOERS_CORPUS = $(top_srcdir)/examples/sudoers \ $(srcdir)/regress/sudoers/test24.in \ $(srcdir)/regress/sudoers/test25.in -FUZZ_SUDOERS_LDIF_OBJS = fuzz_sudoers_ldif.o parse_ldif.o ldap_util.lo \ - fmtsudoers.lo locale.lo stubs.o sudo_printf.o +FUZZ_SUDOERS_LDIF_OBJS = fuzz_stubs.o fuzz_sudoers_ldif.o parse_ldif.o \ + ldap_util.lo fmtsudoers.lo locale.lo sudo_printf.o FUZZ_SUDOERS_LDIF_CORPUS = $(srcdir)/regress/sudoers/*.ldif.ok @@ -1599,6 +1599,30 @@ fuzz_policy.i: $(srcdir)/regress/fuzz/fuzz_policy.c $(devdir)/def_data.h \ $(CC) -E -o $@ $(CPPFLAGS) $< fuzz_policy.plog: fuzz_policy.i rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/regress/fuzz/fuzz_policy.c --i-file $< --output-file $@ +fuzz_stubs.o: $(srcdir)/regress/fuzz/fuzz_stubs.c $(devdir)/def_data.h \ + $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ + $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \ + $(incdir)/sudo_eventlog.h $(incdir)/sudo_fatal.h \ + $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ + $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ + $(srcdir)/defaults.h $(srcdir)/interfaces.h $(srcdir)/logging.h \ + $(srcdir)/parse.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ + $(top_builddir)/pathnames.h + $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/regress/fuzz/fuzz_stubs.c +fuzz_stubs.i: $(srcdir)/regress/fuzz/fuzz_stubs.c $(devdir)/def_data.h \ + $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ + $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \ + $(incdir)/sudo_eventlog.h $(incdir)/sudo_fatal.h \ + $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ + $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ + $(srcdir)/defaults.h $(srcdir)/interfaces.h $(srcdir)/logging.h \ + $(srcdir)/parse.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ + $(top_builddir)/pathnames.h + $(CC) -E -o $@ $(CPPFLAGS) $< +fuzz_stubs.plog: fuzz_stubs.i + rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/regress/fuzz/fuzz_stubs.c --i-file $< --output-file $@ fuzz_sudoers.o: $(srcdir)/regress/fuzz/fuzz_sudoers.c $(devdir)/def_data.h \ $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \ diff --git a/plugins/sudoers/regress/fuzz/fuzz_policy.c b/plugins/sudoers/regress/fuzz/fuzz_policy.c index 88e072fd5..5e369ee37 100644 --- a/plugins/sudoers/regress/fuzz/fuzz_policy.c +++ b/plugins/sudoers/regress/fuzz/fuzz_policy.c @@ -335,28 +335,6 @@ user_is_exempt(void) return false; } -/* STUB */ -int -group_plugin_query(const char *user, const char *group, const struct passwd *pw) -{ - return false; -} - -/* STUB */ -struct interface_list * -get_interfaces(void) -{ - static struct interface_list empty = SLIST_HEAD_INITIALIZER(interfaces); - return ∅ -} - -/* STUB */ -void -init_eventlog_config(void) -{ - return; -} - /* STUB */ bool set_interfaces(const char *ai) @@ -399,27 +377,6 @@ sudo_auth_needs_end_session(void) return false; } -/* STUB */ -bool -set_perms(int perm) -{ - return true; -} - -/* STUB */ -bool -restore_perms(void) -{ - return true; -} - -/* STUB */ -bool -rewind_perms(void) -{ - return true; -} - /* STUB */ int timestamp_remove(bool unlink_it) diff --git a/plugins/sudoers/regress/fuzz/fuzz_stubs.c b/plugins/sudoers/regress/fuzz/fuzz_stubs.c new file mode 100644 index 000000000..f2147c578 --- /dev/null +++ b/plugins/sudoers/regress/fuzz/fuzz_stubs.c @@ -0,0 +1,85 @@ +/* + * Copyright (c) 2021 Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include + +#include + +#include +#include +#include +#include +#include +#include +#include +#if defined(HAVE_STDINT_H) +# include +#elif defined(HAVE_INTTYPES_H) +# include +#endif +#include +#include +#ifdef NEED_RESOLV_H +# include +# include +#endif /* NEED_RESOLV_H */ +#include + +#include "sudoers.h" +#include "interfaces.h" + +struct interface_list * +get_interfaces(void) +{ + static struct interface_list empty = SLIST_HEAD_INITIALIZER(interfaces); + return ∅ +} + +void +init_eventlog_config(void) +{ + return; +} + +int +group_plugin_query(const char *user, const char *group, const struct passwd *pw) +{ + return false; +} + +bool +set_perms(int perm) +{ + return true; +} + +bool +restore_perms(void) +{ + return true; +} + +bool +rewind_perms(void) +{ + return true; +} + +bool +sudo_nss_can_continue(struct sudo_nss *nss, int match) +{ + return true; +} diff --git a/plugins/sudoers/regress/fuzz/fuzz_sudoers.c b/plugins/sudoers/regress/fuzz/fuzz_sudoers.c index 4c3a51ab8..4d20907b8 100644 --- a/plugins/sudoers/regress/fuzz/fuzz_sudoers.c +++ b/plugins/sudoers/regress/fuzz/fuzz_sudoers.c @@ -98,21 +98,16 @@ fuzz_conversation(int num_msgs, const struct sudo_conv_message msgs[], } bool -set_perms(int perm) +init_envtables(void) { return true; } -bool -restore_perms(void) +int +set_cmnd_path(const char *runchroot) { - return true; -} - -bool -sudo_nss_can_continue(struct sudo_nss *nss, int match) -{ - return true; + /* Cannot return FOUND without also setting user_cmnd to a new value. */ + return NOT_FOUND; } bool diff --git a/plugins/sudoers/regress/fuzz/fuzz_sudoers_ldif.c b/plugins/sudoers/regress/fuzz/fuzz_sudoers_ldif.c index c48c1df94..27a7ca3c5 100644 --- a/plugins/sudoers/regress/fuzz/fuzz_sudoers_ldif.c +++ b/plugins/sudoers/regress/fuzz/fuzz_sudoers_ldif.c @@ -43,6 +43,19 @@ open_sudoers(const char *file, bool doedit, bool *keepopen) return NULL; } +bool +init_envtables(void) +{ + return true; +} + +int +set_cmnd_path(const char *runchroot) +{ + /* Cannot return FOUND without also setting user_cmnd to a new value. */ + return NOT_FOUND; +} + static FILE * open_data(const uint8_t *data, size_t size) {