Implement sudoers_policy_deregister_hooks()

Register/deregister hooks in fuzz_policy and also call show_version().
2025-09-01 06:45:10 +00:00 · 2021-02-25 15:02:09 -07:00
parent e6dc13229f
commit b3b80fe6df
3 changed files with 31 additions and 2 deletions
--- a/plugins/sudoers/defaults.c
+++ b/plugins/sudoers/defaults.c
@@ -81,7 +81,6 @@ static bool valid_path(struct sudo_defs_types *def, const char *val, const char
 void
 dump_defaults(void)
 {
-#ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
    struct sudo_defs_types *cur;
    struct list_member *item;
    struct def_values *def;
@@ -165,7 +164,6 @@ dump_defaults(void)
 	}
    }
    debug_return;
-#endif /* FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION */
 }

 /*
--- a/plugins/sudoers/policy.c
+++ b/plugins/sudoers/policy.c
@@ -1193,6 +1193,24 @@ sudoers_policy_register_hooks(int version, int (*register_hook)(struct sudo_hook
    }
 }

+/*
+ * De-register environment function hooks.
+ */
+static void
+sudoers_policy_deregister_hooks(int version, int (*deregister_hook)(struct sudo_hook *hook))
+{
+    struct sudo_hook *hook;
+
+    for (hook = sudoers_hooks; hook->hook_fn != NULL; hook++) {
+	if (deregister_hook(hook) != 0) {
+	    sudo_warn_nodebug(
+		U_("unable to deregister hook of type %d (version %d.%d)"),
+		hook->hook_type, SUDO_API_VERSION_GET_MAJOR(hook->hook_version),
+		SUDO_API_VERSION_GET_MINOR(hook->hook_version));
+	}
+    }
+}
+
 sudo_dso_public struct policy_plugin sudoers_policy = {
    SUDO_POLICY_PLUGIN,
    SUDO_API_VERSION,
@@ -1205,5 +1223,6 @@ sudo_dso_public struct policy_plugin sudoers_policy = {
    sudoers_policy_invalidate,
    sudoers_policy_init_session,
    sudoers_policy_register_hooks,
+    sudoers_policy_deregister_hooks,
    NULL /* event_alloc() filled in by sudo */
 };
--- a/plugins/sudoers/regress/fuzz/fuzz_policy.c
+++ b/plugins/sudoers/regress/fuzz/fuzz_policy.c
@@ -134,6 +134,12 @@ fuzz_printf(int msg_type, const char *fmt, ...)
    return 0;
 }

+int
+fuzz_hook_stub(struct sudo_hook *hook)
+{
+    return 0;
+}
+
 int
 LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
 {
@@ -270,6 +276,8 @@ LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
    free(line);
    line = NULL;

+    sudoers_policy.register_hooks(SUDO_API_VERSION, fuzz_hook_stub);
+
    for (i = 0; i < num_checks; i++) {
 	/* Call policy open function */
 	res = sudoers_policy.open(SUDO_API_VERSION, fuzz_conversation, fuzz_printf,
@@ -279,6 +287,9 @@ LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
 	switch (res) {
 	case 1:
 	    /* success */
+	    if (i == 0)
+		sudoers_policy.show_version(true);
+
 	    if (argv.len == 0) {
 		/* Must have a command to check. */
 		push(&argv, "/usr/bin/id");
@@ -318,6 +329,7 @@ LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
 	env_init(NULL);
    }

+    sudoers_policy.deregister_hooks(SUDO_API_VERSION, fuzz_hook_stub);
    sudoers_gc_run();

    free_dynamic_array(&plugin_args);