mir/sudo
2
0
Fork 0
mirror of https://github.com/sudo-project/sudo.git synced 2025-08-22 09:57:41 +00:00
Code Issues Releases Wiki Activity

Work around a glibc regcomp() bug with repeated '+' operators.

Browse Source 
Glibc regcomp() has a bug where it uses excessive memory for repeated
'+' ops.  Collapse them to avoid running the fuzzer out of memory.
This commit is contained in:
Todd C. Miller 2022-02-01 13:12:19 -07:00
parent ac555d454f
commit 6564f1ae4c
3 changed files with 303 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
MANIFEST
View File

@ -379,6 +379,7 @@ logsrvd/regress/corpus/seed/logsrvd_conf/logsrvd.conf.3
logsrvd/regress/corpus/seed/logsrvd_conf/logsrvd.conf.4
logsrvd/regress/corpus/seed/logsrvd_conf/logsrvd.conf.5
logsrvd/regress/corpus/seed/logsrvd_conf/logsrvd.conf.6
logsrvd/regress/corpus/seed/logsrvd_conf/logsrvd.conf.7
logsrvd/regress/fuzz/fuzz_logsrvd_conf.c
logsrvd/regress/fuzz/fuzz_logsrvd_conf.dict
logsrvd/sendlog.c

49
lib/iolog/iolog_filter.c
View File

@ -108,6 +108,51 @@ iolog_pwfilt_free(void *vhandle)
debug_return;
}
/*
* Like strdup but collapses repeated '?', '*' and '+' ops in a regex.
* Glibc regcomp() has a bug where it uses excessive memory for repeated
* '+' ops. Collapse them to avoid running the fuzzer out of memory.
*/
static char *
dup_pattern(const char *src)
{
char *dst, *ret;
char ch, prev = '\0';
size_t len;
debug_decl(dup_pattern, SUDO_DEBUG_UTIL);
len = strlen(src);
ret = malloc(len + 1);
if (ret == NULL)
debug_return_ptr(NULL);
dst = ret;
while ((ch = *src++) != '\0') {
switch (ch) {
case '\\':
if (*src != '\0') {
*dst++ = '\\';
*dst++ = *src++;
prev = '\0';
continue;
}
break;
case '?':
case '*':
case '+':
if (ch == prev) {
continue;
}
break;
}
*dst++ = ch;
prev = ch;
}
*dst = '\0';
debug_return_ptr(ret);
}
/*
* Add a pattern to the password filter list.
*/
@ -123,11 +168,11 @@ iolog_pwfilt_add(void *vhandle, const char *pattern)
filt = malloc(sizeof(*filt));
if (filt == NULL)
goto oom;
filt->pattern = strdup(pattern);
filt->pattern = dup_pattern(pattern);
if (filt->pattern == NULL)
goto oom;
errcode = regcomp(&filt->regex, pattern, REG_EXTENDED|REG_NOSUB);
errcode = regcomp(&filt->regex, filt->pattern, REG_EXTENDED|REG_NOSUB);
if (errcode != 0) {
regerror(errcode, &filt->regex, errbuf, sizeof(errbuf));
sudo_warnx(U_("invalid regular expression \"%s\": %s"),

255
logsrvd/regress/corpus/seed/logsrvd_conf/logsrvd.conf.7 Normal file
View File

@ -0,0 +1,255 @@
#
# sudo logsrv daemon configuration
#
[server]
# The host name or IP address and port to listen on with an optional TLS
# flag. If no port is specified, port 30343 will be used for plaintext
# connections and port 30344 will be used to TLS connections.
# The following forms are accepted:
# listen_address = hostname(tls)
# listen_address = hostname:port(tls)
# listen_address = IPv4_address(tls)
# listen_address = IPv4_address:port(tls)
# listen_address = [IPv6_address](tls)
# listen_address = [IPv6_address]:port(tls)
#
# The (tls) suffix should be omitted for plaintext connections.
#
# Multiple listen_address settings may be specified.
# The default is to listen on all addresses.
#listen_address = *:30343
listen_address = *:30344(tls)
# The file containing the ID of the running sudo_logsrvd process.
pid_file = /var/run/sudo/sudo_logsrvd.pid
# Where to log server warnings: none, stderr, syslog, or a path name.
server_log = syslog
# If true, enable the SO_KEEPALIVE socket option on client connections.
# Defaults to true.
tcp_keepalive = true
# The amount of time, in seconds, the server will wait for the client to
# respond. A value of 0 will disable the timeout. The default value is 30.
timeout = 30
# If true, the server will validate its own certificate at startup.
# Defaults to true.
tls_verify = true
# If true, client certificates will be validated by the server;
# clients without a valid certificate will be unable to connect.
# By default, client certs are not checked.
tls_checkpeer = false
# Path to a certificate authority bundle file in PEM format to use
# instead of the system's default certificate authority database.
tls_cacert = /etc/ssl/sudo/cacert.pem
# Path to the server's certificate file in PEM format.
# Required for TLS connections.
tls_cert = /etc/ssl/sudo/certs/logsrvd_cert.pem
# Path to the server's private key file in PEM format.
# Required for TLS connections.
tls_key = /etc/ssl/sudo/private/logsrvd_key.pem
# TLS cipher list (see "CIPHER LIST FORMAT" in the openssl-ciphers manual).
# NOTE that this setting is only effective if the negotiated protocol
# is TLS version 1.2.
# The default cipher list is HIGH:!aNULL.
tls_ciphers_v12 = HIGH:!aNULL
# TLS cipher list if the negotiated protocol is TLS version 1.3.
# The default cipher list is TLS_AES_256_GCM_SHA384.
tls_ciphers_v13 = TLS_AES_256_GCM_SHA384
# Path to the Diffie-Hellman parameter file in PEM format.
# If not set, the server will use the OpenSSL defaults.
tls_dhparams = /etc/ssl/sudo/logsrvd_dhparams.pem
[relay]
# The host name or IP address and port to send logs to in relay mode.
# The syntax is identical to listen_address with the exception of
# the wild card ('*') syntax. When this setting is enabled, logs will
# be relayed to the specified host instead of being stored locally.
# This setting is not enabled by default.
#relay_host = relayhost.dom.ain
#relay_host = relayhost.dom.ain(tls)
relay_host = localhost(tls)
# The amount of time, in seconds, the server will wait for a connection
# to the relay server to complete. A value of 0 will disable the timeout.
# The default value is 30.
connect_timeout = 30
# The directory to store messages in before they are sent to the relay.
# Messages are stored in wire format.
# The default value is /var/log/sudo_logsrvd.
relay_dir = /var/log/sudo_logsrvd
# The number of seconds to wait after a connection error before
# making a new attempt to forward a message to a relay host.
# The default value is 30.
retry_interval = 30
# Whether to store the log before relaying it. If true, enable store
# and forward mode. If false, the client connection is immediately
# relayed. Defaults to false.
#store_first = true
# If true, enable the SO_KEEPALIVE socket option on relay connections.
# Defaults to true.
tcp_keepalive = true
# The amount of time, in seconds, the server will wait for the relay to
# respond. A value of 0 will disable the timeout. The default value is 30.
timeout = 30
# If true, the server's relay certificate will be verified at startup.
# The default is to use the value in the [server] section.
#tls_verify = true
# Whether to verify the relay's certificate for TLS connections.
# The default is to use the value in the [server] section.
#tls_checkpeer = false
# Path to a certificate authority bundle file in PEM format to use
# instead of the system's default certificate authority database.
# The default is to use the value in the [server] section.
#tls_cacert = /etc/ssl/sudo/cacert.pem
# Path to the server's certificate file in PEM format.
# The default is to use the certificate in the [server] section.
#tls_cert = /etc/ssl/sudo/certs/logsrvd_cert.pem
# Path to the server's private key file in PEM format.
# The default is to use the key in the [server] section.
#tls_key = /etc/ssl/sudo/private/logsrvd_key.pem
# TLS cipher list (see "CIPHER LIST FORMAT" in the openssl-ciphers manual).
# NOTE that this setting is only effective if the negotiated protocol
# is TLS version 1.2.
# The default is to use the value in the [server] section.
#tls_ciphers_v12 = HIGH:!aNULL
# TLS cipher list if the negotiated protocol is TLS version 1.3.
# The default is to use the value in the [server] section.
#tls_ciphers_v13 = TLS_AES_256_GCM_SHA384
# Path to the Diffie-Hellman parameter file in PEM format.
# The default is to use the value in the [server] section.
#tls_dhparams = /etc/ssl/sudo/logsrvd_dhparams.pem
[iolog]
# The top-level directory to use when constructing the path name for the
# I/O log directory. The session sequence number, if any, is stored here.
iolog_dir = /var/log/sudo-io
# The path name, relative to iolog_dir, in which to store I/O logs.
# Note that iolog_file may contain directory components.
iolog_file = %{seq}
# If set, I/O logs will be compressed using zlib. Enabling compression can
# make it harder to view the logs in real-time as the program is executing.
iolog_compress = false
# If set, I/O log data is flushed to disk after each write instead of
# buffering it. This makes it possible to view the logs in real-time
# as the program is executing but reduces the effectiveness of compression.
iolog_flush = true
# The group to use when creating new I/O log files and directories.
# If iolog_group is not set, the primary group-ID of the user specified
# by iolog_user is used. If neither iolog_group nor iolog_user
# are set, I/O log files and directories are created with group-ID 0.
iolog_group = wheel
# The user to use when setting the user-ID and group-ID of new I/O
# log files and directories. If iolog_group is set, it will be used
# instead of the user's primary group-ID. By default, I/O log files
# and directories are created with user and group-ID 0.
iolog_user = root
# The file mode to use when creating I/O log files. The file permissions
# will always include the owner read and write bits, even if they are
# not present in the specified mode. When creating I/O log directories,
# search (execute) bits are added to match the read and write bits
# specified by iolog_mode.
iolog_mode = 0600
# If disabled, sudo_logsrvd will attempt to avoid logging plaintext
# password in the terminal input using passprompt_regex.
log_passwords = false
# The maximum sequence number that will be substituted for the "%{seq}"
# escape in the I/O log file. While the value substituted for "%{seq}"
# is in base 36, maxseq itself should be expressed in decimal. Values
# larger than 2176782336 (which corresponds to the base 36 sequence
# number "ZZZZZZ") will be silently truncated to 2176782336.
maxseq = 2176782336
# One or more POSIX extended regular expressions used to match
# password prompts in the terminal output when log_passwords is
# disabled. Multiple passprompt_regex settings may be specified.
#passprompt_regex = [Pp]assword[: ]*
#passprompt_regex = [Pp]assword for [a-z0-9]+: *
passprompt_regex = [Pp]assword[: ]\+++++++++++
[eventlog]
# Where to log accept, reject, exit, and alert events.
# Accepted values are syslog, logfile, or none.
# Defaults to syslog
log_type = syslog
# Whether to log an event when a command exits or is terminated by a signal.
# Defaults to false
log_exit = true
# Event log format.
# Supported log formats are "sudo" and "json"
# Defaults to sudo
log_format = sudo
[syslog]
# The maximum length of a syslog payload.
# On many systems, syslog(3) has a relatively small log buffer.
# IETF RFC 5424 states that syslog servers must support messages
# of at least 480 bytes and should support messages up to 2048 bytes.
# Messages larger than this value will be split into multiple messages.
maxlen = 960
# The syslog facility to use for event log messages.
# The following syslog facilities are supported: authpriv (if your OS
# supports it), auth, daemon, user, local0, local1, local2, local3,
# local4, local5, local6, and local7.
facility = authpriv
# Syslog priority to use for event log accept messages, when the command
# is allowed by the security policy. The following syslog priorities are
# supported: alert, crit, debug, emerg, err, info, notice, warning, none.
accept_priority = notice
# Syslog priority to use for event log reject messages, when the command
# is not allowed by the security policy.
reject_priority = alert
# Syslog priority to use for event log alert messages reported by the
# client.
alert_priority = alert
# The syslog facility to use for server warning messages.
# Defaults to daemon.
server_facility = daemon
[logfile]
# The path to the file-based event log.
# This path must be fully-qualified and start with a '/' character.
path = /var/log/sudo
# The format string used when formatting the date and time for
# file-based event logs. Formatting is performed via strftime(3) so
# any format string supported by that function is allowed.
time_format = %h %e %T