Move contains_dot_dot() to libsudo_util.

Author: millert

MANIFEST

@@ -245,6 +245,7 @@ lib/util/closefrom.c
 lib/util/digest.c
 lib/util/digest_gcrypt.c
 lib/util/digest_openssl.c
+lib/util/dotdot.c
 lib/util/dup3.c
 lib/util/event.c
 lib/util/event_poll.c
@@ -305,6 +306,7 @@ lib/util/regress/corpus/seed/sudo_conf/sudo.conf.1
 lib/util/regress/corpus/seed/sudo_conf/sudo.conf.2
 lib/util/regress/corpus/seed/sudo_conf/sudo.conf.3
 lib/util/regress/digest/digest_test.c
+lib/util/regress/dotdot/dotdot_test.c
 lib/util/regress/fnmatch/fnm_test.c
 lib/util/regress/fnmatch/fnm_test.in
 lib/util/regress/fuzz/fuzz_sudo_conf.c
@@ -422,7 +424,6 @@ lib/zlib/zlib.h
 lib/zlib/zutil.c
 lib/zlib/zutil.h
 logsrvd/Makefile.in
-logsrvd/dotdot.c
 logsrvd/iolog_writer.c
 logsrvd/logsrv_util.c
 logsrvd/logsrv_util.h
@@ -440,7 +441,6 @@ logsrvd/regress/corpus/seed/logsrvd_conf/logsrvd.conf.4
 logsrvd/regress/corpus/seed/logsrvd_conf/logsrvd.conf.5
 logsrvd/regress/corpus/seed/logsrvd_conf/logsrvd.conf.6
 logsrvd/regress/corpus/seed/logsrvd_conf/logsrvd.conf.7
-logsrvd/regress/dotdot/dotdot_test.c
 logsrvd/regress/fuzz/fuzz_logsrvd_conf.c
 logsrvd/regress/fuzz/fuzz_logsrvd_conf.dict
 logsrvd/regress/logsrvd_conf/cacert.pem

include/sudo_util.h

@@ -188,6 +188,10 @@ sudo_dso_public size_t sudo_base64_encode_v1(const unsigned char * restrict in,
 sudo_dso_public char *sudo_basename_v1(const char *filename);
 #define sudo_basename(_a) sudo_basename_v1(_a)
 
+/* dotdot.c */
+sudo_dso_public bool sudo_contains_dot_dot_v1(const char *str);
+#define sudo_contains_dot_dot(_a) sudo_contains_dot_dot_v1(_a)
+
 /* gethostname.c */
 sudo_dso_public char *sudo_gethostname_v1(void);
 #define sudo_gethostname() sudo_gethostname_v1()

lib/util/Makefile.in

@@ -112,8 +112,8 @@ PVS_IGNORE = 'V707,V011,V002,V536,V795'
 PVS_LOG_OPTS = -a 'GA:1,2' -e -t errorfile -d $(PVS_IGNORE)
 
 # Regression tests
-TEST_PROGS = base64_test conf_test digest_test getgids getgrouplist_test \
-	     hexchar_test hltq_test json_test multiarch_test \
+TEST_PROGS = base64_test conf_test digest_test dotdot_test getgids \
+	     getgrouplist_test hexchar_test hltq_test json_test multiarch_test \
 	     open_parent_dir_test parse_gids_test parseln_test progname_test \
 	     regex_test strsplit_test strtobool_test strtoid_test \
 	     strtomode_test strtonum_test uuid_test @COMPAT_TEST_PROGS@
@@ -145,14 +145,15 @@ DEVEL = @DEVEL@
 
 SHELL = @SHELL@
 
-LTOBJS = b64_decode.lo b64_encode.lo basename.lo @DIGEST@ event.lo fatal.lo \
-	 key_val.lo gethostname.lo gettime.lo getgrouplist.lo gidlist.lo \
-	 hexchar.lo json.lo lbuf.lo locking.lo logfac.lo login_max.lo \
-	 logpri.lo mkdir_parents.lo mmap_alloc.lo multiarch.lo parseln.lo \
-	 progname.lo rcstr.lo regex.lo roundup.lo secure_path.lo setgroups.lo \
-	 strsplit.lo strtobool.lo strtoid.lo strtomode.lo strtonum.lo \
-	 sudo_conf.lo sudo_debug.lo sudo_dso.lo term.lo ttyname_dev.lo \
-	 ttysize.lo uuid.lo @COMMON_OBJS@ @LTLIBOBJS@
+LTOBJS = b64_decode.lo b64_encode.lo basename.lo @DIGEST@ dotdot.lo \
+         event.lo fatal.lo key_val.lo gethostname.lo gettime.lo \
+         getgrouplist.lo gidlist.lo hexchar.lo json.lo lbuf.lo \
+         locking.lo logfac.lo login_max.lo logpri.lo mkdir_parents.lo \
+         mmap_alloc.lo multiarch.lo parseln.lo progname.lo rcstr.lo \
+         regex.lo roundup.lo secure_path.lo setgroups.lo strsplit.lo \
+         strtobool.lo strtoid.lo strtomode.lo strtonum.lo sudo_conf.lo \
+         sudo_debug.lo sudo_dso.lo term.lo ttyname_dev.lo ttysize.lo \
+         uuid.lo @COMMON_OBJS@ @LTLIBOBJS@
 
 IOBJS = $(LTOBJS:.lo=.i)
 
@@ -172,6 +173,8 @@ CONF_TEST_OBJS = conf_test.lo sudo_conf.lo
 
 DIGEST_TEST_OBJS = digest_test.lo @DIGEST@
 
+DOTDOT_TEST_OBJS = dotdot_test.lo dotdot.lo
+
 FNM_TEST_OBJS = fnm_test.lo fnmatch.lo
 
 GLOBTEST_OBJS = globtest.lo glob.lo
@@ -298,6 +301,9 @@ conf_test: $(CONF_TEST_OBJS) libsudo_util.la
 digest_test: $(DIGEST_TEST_OBJS) libsudo_util.la
 	$(LIBTOOL) $(LTFLAGS) --mode=link $(CC) -o $@ $(DIGEST_TEST_OBJS) libsudo_util.la $(ASAN_LDFLAGS) $(PIE_LDFLAGS) $(HARDENING_LDFLAGS) $(TEST_LDFLAGS) $(TEST_LIBS) @LIBCRYPTO@
 
+dotdot_test: $(DOTDOT_TEST_OBJS) libsudo_util.la
+	$(LIBTOOL) $(LTFLAGS) --mode=link $(CC) -o $@ $(DOTDOT_TEST_OBJS) libsudo_util.la $(ASAN_LDFLAGS) $(PIE_LDFLAGS) $(HARDENING_LDFLAGS) $(TEST_LDFLAGS) $(TEST_LIBS) @LIBCRYPTO@
+
 fnm_test: $(FNM_TEST_OBJS) libsudo_util.la
 	$(LIBTOOL) $(LTFLAGS) --mode=link $(CC) -o $@ $(FNM_TEST_OBJS) libsudo_util.la $(ASAN_LDFLAGS) $(PIE_LDFLAGS) $(HARDENING_LDFLAGS) $(TEST_LDFLAGS) $(TEST_LIBS)
 
@@ -468,6 +474,7 @@ check: $(TEST_PROGS) check-fuzzer
 		./closefrom_test $(TEST_VERBOSE) || rval=`expr $$rval + $$?`; \
 	    fi; \
 	    ./digest_test $(TEST_VERBOSE) || rval=`expr $$rval + $$?`; \
+	    ./dotdot_test $(TEST_VERBOSE) || rval=`expr $$rval + $$?`; \
 	    if test -f fnm_test; then \
 		./fnm_test $(TEST_VERBOSE) $(srcdir)/regress/fnmatch/fnm_test.in || rval=`expr $$rval + $$?`; \
 	    fi; \
@@ -718,6 +725,30 @@ digest_test.i: $(srcdir)/regress/digest/digest_test.c \
 	$(CPP) $(CPPFLAGS) $(srcdir)/regress/digest/digest_test.c > $@
 digest_test.plog: digest_test.i
 	rm -f $@; pvs-studio --cfg $(PVS_CFG) --source-file $(srcdir)/regress/digest/digest_test.c --i-file digest_test.i --output-file $@
+dotdot.lo: $(srcdir)/dotdot.c $(incdir)/compat/stdbool.h \
+           $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \
+           $(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(top_builddir)/config.h
+	$(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(HARDENING_CFLAGS) $(srcdir)/dotdot.c
+dotdot.i: $(srcdir)/dotdot.c $(incdir)/compat/stdbool.h \
+           $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \
+           $(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(top_builddir)/config.h
+	$(CPP) $(CPPFLAGS) $(srcdir)/dotdot.c > $@
+dotdot.plog: dotdot.i
+	rm -f $@; pvs-studio --cfg $(PVS_CFG) --source-file $(srcdir)/dotdot.c --i-file dotdot.i --output-file $@
+dotdot_test.lo: $(srcdir)/regress/dotdot/dotdot_test.c \
+                $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \
+                $(incdir)/sudo_fatal.h $(incdir)/sudo_plugin.h \
+                $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \
+                $(top_builddir)/config.h
+	$(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(HARDENING_CFLAGS) $(srcdir)/regress/dotdot/dotdot_test.c
+dotdot_test.i: $(srcdir)/regress/dotdot/dotdot_test.c \
+                $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \
+                $(incdir)/sudo_fatal.h $(incdir)/sudo_plugin.h \
+                $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \
+                $(top_builddir)/config.h
+	$(CPP) $(CPPFLAGS) $(srcdir)/regress/dotdot/dotdot_test.c > $@
+dotdot_test.plog: dotdot_test.i
+	rm -f $@; pvs-studio --cfg $(PVS_CFG) --source-file $(srcdir)/regress/dotdot/dotdot_test.c --i-file dotdot_test.i --output-file $@
 dup3.lo: $(srcdir)/dup3.c $(incdir)/sudo_compat.h $(top_builddir)/config.h
 	$(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(HARDENING_CFLAGS) $(srcdir)/dup3.c
 dup3.i: $(srcdir)/dup3.c $(incdir)/sudo_compat.h $(top_builddir)/config.h

logsrvd/dotdot.c lib/util/dotdot.clogsrvd/dotdot.c renamed to lib/util/dotdot.c

@@ -29,13 +29,13 @@
 
 #include <sudo_compat.h>
 #include <sudo_debug.h>
-#include <logsrv_util.h>
+#include <sudo_util.h>
 
 bool
-contains_dot_dot(const char *str)
+sudo_contains_dot_dot_v1(const char *str)
 {
     const char *cp;
-    debug_decl(contains_dot_dot, SUDO_DEBUG_UTIL);
+    debug_decl(sudo_contains_dot_dot, SUDO_DEBUG_UTIL);
 
     for (cp = str; *cp != '\0'; cp++) {
 	/* Match ".." */

logsrvd/regress/dotdot/dotdot_test.c lib/util/regress/dotdot/dotdot_test.clogsrvd/regress/dotdot/dotdot_test.c renamed to lib/util/regress/dotdot/dotdot_test.c

@@ -34,7 +34,7 @@
 #include <sudo_fatal.h>
 #include <sudo_queue.h>
 
-#include <logsrv_util.h>
+#include <sudo_util.h>
 
 sudo_dso_public int main(int argc, char *argv[]);
 
@@ -96,7 +96,7 @@ static struct test_data test_data[] = {
 };
 
 /*
- * Verify contains_dot_dot() behavior
+ * Verify sudo_contains_dot_dot() behavior
  */
 int
 main(int argc, char *argv[])
@@ -119,7 +119,7 @@ main(int argc, char *argv[])
     }
 
     for (i = 0; test_data[i].str != NULL; i++) {
-	bool result = contains_dot_dot(test_data[i].str);
+	bool result = sudo_contains_dot_dot(test_data[i].str);
 	if (result != test_data[i].expected) {
 	    sudo_warnx("test %zu:%s: expected %s, got %s", i,
 		test_data[i].str, test_data[i].expected ? "true" : "false",

lib/util/util.exp.in

@@ -19,6 +19,7 @@ sudo_conf_plugins_v1
 sudo_conf_probe_interfaces_v1
 sudo_conf_read_v1
 sudo_conf_sesh_path_v1
+sudo_contains_dot_dot_v1
 sudo_debug_deregister_v1
 sudo_debug_enter_v1
 sudo_debug_execve2_v1

logsrvd/Makefile.in

@@ -116,7 +116,7 @@ FUZZ_MAX_LEN = 4096
 FUZZ_RUNS = 8192
 FUZZ_VERBOSE =
 
-TEST_PROGS = logsrvd_conf_test dotdot_test
+TEST_PROGS = logsrvd_conf_test
 TEST_LIBS = $(LIBS)
 TEST_LDFLAGS = $(LDFLAGS)
 TEST_VERBOSE =
@@ -131,7 +131,7 @@ SHELL = @SHELL@
 
 PROGS = sudo_logsrvd sudo_sendlog
 
-LOGSRVD_OBJS = dotdot.o logsrv_util.o iolog_writer.o logsrvd.o logsrvd_conf.o \
+LOGSRVD_OBJS = logsrv_util.o iolog_writer.o logsrvd.o logsrvd_conf.o \
 	       logsrvd_journal.o logsrvd_local.o logsrvd_relay.o \
 	       logsrvd_queue.o tls_client.o tls_init.o
 
@@ -151,8 +151,6 @@ FUZZ_LOGSRVD_CONF_CORPUS = $(srcdir)/regress/corpus/seed/logsrvd_conf/logsrvd.co
 
 CONF_TEST_OBJS = logsrvd_conf_test.o logsrvd_conf.o tls_init.o
 
-DOTDOT_TEST_OBJS = dotdot_test.o dotdot.o
-
 all: $(PROGS)
 
 depend:
@@ -189,9 +187,6 @@ fuzz_logsrvd_conf: $(FUZZ_LOGSRVD_CONF_OBJS) $(LIBFUZZSTUB) $(LT_LIBS)
 logsrvd_conf_test: $(CONF_TEST_OBJS) $(LT_LIBS)
 	$(LIBTOOL) $(LTFLAGS) --mode=link $(CC) -o $@ $(CONF_TEST_OBJS) $(ASAN_LDFLAGS) $(PIE_LDFLAGS) $(HARDENING_LDFLAGS) $(TEST_LDFLAGS) $(TEST_LIBS)
 
-dotdot_test: $(DOTDOT_TEST_OBJS) $(LT_LIBS)
-	$(LIBTOOL) $(LTFLAGS) --mode=link $(CC) -o $@ $(DOTDOT_TEST_OBJS) $(ASAN_LDFLAGS) $(PIE_LDFLAGS) $(HARDENING_LDFLAGS) $(TEST_LDFLAGS) $(TEST_LIBS)
-
 fuzz_logsrvd_conf_seed_corpus.zip:
 	tdir=fuzz_logsrvd_conf.$$$$; \
 	mkdir $$tdir; \
@@ -283,7 +278,6 @@ check: $(TEST_PROGS) check-fuzzer
 	    unset LANGUAGE || LANGUAGE=; \
 	    MALLOC_OPTIONS=S; export MALLOC_OPTIONS; \
 	    MALLOC_CONF="abort:true,junk:true"; export MALLOC_CONF; \
-	    ./dotdot_test; \
 	    builddir=$(abs_top_builddir)/logsrvd; \
 	    cd $(srcdir) || exit 1; \
 	    if test -n "@LIBTLS@"; then \
@@ -319,32 +313,6 @@ cleandir: realclean
 	$(FUZZ_SEED_CORPUS) run-fuzz_logsrvd_conf
 
 # Autogenerated dependencies, do not modify
-dotdot.o: $(srcdir)/dotdot.c $(incdir)/compat/stdbool.h \
-          $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \
-          $(incdir)/sudo_queue.h $(srcdir)/logsrv_util.h \
-          $(top_builddir)/config.h
-	$(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(HARDENING_CFLAGS) $(srcdir)/dotdot.c
-dotdot.i: $(srcdir)/dotdot.c $(incdir)/compat/stdbool.h \
-          $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \
-          $(incdir)/sudo_queue.h $(srcdir)/logsrv_util.h \
-          $(top_builddir)/config.h
-	$(CPP) $(CPPFLAGS) $(srcdir)/dotdot.c > $@
-dotdot.plog: dotdot.i
-	rm -f $@; pvs-studio --cfg $(PVS_CFG) --source-file $(srcdir)/dotdot.c --i-file dotdot.i --output-file $@
-dotdot_test.o: $(srcdir)/regress/dotdot/dotdot_test.c \
-               $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \
-               $(incdir)/sudo_fatal.h $(incdir)/sudo_plugin.h \
-               $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \
-               $(srcdir)/logsrv_util.h $(top_builddir)/config.h
-	$(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(HARDENING_CFLAGS) $(srcdir)/regress/dotdot/dotdot_test.c
-dotdot_test.i: $(srcdir)/regress/dotdot/dotdot_test.c \
-               $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \
-               $(incdir)/sudo_fatal.h $(incdir)/sudo_plugin.h \
-               $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \
-               $(srcdir)/logsrv_util.h $(top_builddir)/config.h
-	$(CPP) $(CPPFLAGS) $(srcdir)/regress/dotdot/dotdot_test.c > $@
-dotdot_test.plog: dotdot_test.i
-	rm -f $@; pvs-studio --cfg $(PVS_CFG) --source-file $(srcdir)/regress/dotdot/dotdot_test.c --i-file dotdot_test.i --output-file $@
 fuzz_logsrvd_conf.o: $(srcdir)/regress/fuzz/fuzz_logsrvd_conf.c \
                      $(incdir)/compat/stdbool.h $(incdir)/log_server.pb-c.h \
                      $(incdir)/protobuf-c/protobuf-c.h $(incdir)/sudo_compat.h \

logsrvd/iolog_writer.c

@@ -596,7 +596,7 @@ create_iolog_path(struct connection_closure *closure)
 	    logsrvd_conf_iolog_dir());
 	goto bad;
     }
-    if (contains_dot_dot(expanded_dir)) {
+    if (sudo_contains_dot_dot(expanded_dir)) {
 	sudo_warnx(U_("unable to expand iolog path %s: path traversal attack"),
 	    logsrvd_conf_iolog_dir());
 	goto bad;
@@ -608,7 +608,7 @@ create_iolog_path(struct connection_closure *closure)
 	    logsrvd_conf_iolog_file());
 	goto bad;
     }
-    if (contains_dot_dot(expanded_file)) {
+    if (sudo_contains_dot_dot(expanded_file)) {
 	sudo_warnx(U_("unable to expand iolog path %s: path traversal attack"),
 	    logsrvd_conf_iolog_file());
 	goto bad;

logsrvd/logsrv_util.h

@@ -53,9 +53,6 @@ struct connection_buffer {
 };
 TAILQ_HEAD(connection_buffer_list, connection_buffer);
 
-/* dotdot.c */
-bool contains_dot_dot(const char *str);
-
 /* logsrv_util.c */
 struct iolog_file;
 bool expand_buf(struct connection_buffer *buf, size_t needed);

logsrvd/logsrvd_local.c

@@ -462,7 +462,7 @@ decode_log_id(const char *b64_log_id, unsigned char uuid[restrict static 16])
 	debug_return_str(NULL);
     }
     path = (char *)&log_id_buf[16];
-    if (contains_dot_dot(path)) {
+    if (sudo_contains_dot_dot(path)) {
 	sudo_warnx("%s", U_("RestartMessage log_id path traversal attack"));
 	debug_return_str(NULL);
     }