Extremely unlikely to happen but better safe than sorry.

Found locally using libfuzzer/oss-fuzz.

If we allow the fuzzer to choose include paths it will include
random files in the file system. ...

This should avoid some issues with the fuzzer.

Fixes a potential buffer overflow introduced in the last commit.

We need to be able to display it using alias_error().
Only free what we actually allocated in ali...

oss-fuzz issue #30252

Fixes spurious errors from fuzz_sudoers, which calls the parser multiple times.

This lets us track things correctly when buffers are realloc()d.
Rewrote fill() and append() to b...

Since we run the parser multiple times we need to restart it each time.

Fixes oss-fuzz issue #30238

Should fix oss-fuzz issue #30236

GitHub issue #87

The caller should be the one to handle this.

We now need to remove the name and members from the leak list
*before* calling alias_add() since ...

Also simplify the progname code so we only need a single implementation.

Also warn if we find an unexpected JSON type.

Since parsed_policy is for the sudoers parser we should declare our own.

These are not yet hooked up to the sudo build.

This makes it possible to avoid memory leaks when there is a parse error.

Found locally using libfuzzer/oss-fuzz.

Fixes an out of bounds read found locally using libfuzzer/oss-fuzz.

The last option wins but we also now warn about the duplicate.
Found locally using libfuzzer/oss-...

A sudoRole with multiple sudoCommands is converted to a privilege
with multiple cmndspecs. Howev...

Fixes issue 30080 by ClusterFuzz-External

This enables the extra freeing of memory before exit also enabled
by --enable-asan. To be used b...

Fixes potential out of bounds read found by libfuzzer/oss-fuzz.

Return NULL instead of treating as a fatal error.
This should make life a little easier for oss-f...

init_eventlog_config() is called immediately after initializing the
Defaults settings, which is b...

AIX xlc compiler doesn't like cpp directives in between strings.
Also fixes a complaint from cppc...

Emulates an overflow like: sudoedit -s '\' `perl -e 'print "A" x 65536'`

This is used when building up the user_args string.

Includes unit test.

Found by OSS-Fuzz.

Tuple size cannot be negative and we already handle the case where
it is zero.

We no longer need to check for any string that ends in "edit".

We want to zero the struct starting at flags, not type (which was just set).
Found by Qualys.

While this is how the kernel behaves it is not a portable assumption.
The assumption may also be ...

Also, do not try to unescaping backslashes unless in run mode *and*
we are running the command vi...

This is consistent with how the -e option is handled.
Also reject -H and -P flags for sudoedit as...

Don't assume the sudo front-end is sending reasonable mode flags.
These checks need to be kept co...

If a PAM module wants to authenticate user using GSSAPI, the authentication
is broken if non-def...

Since version 1.9.4 and
https://github.com/sudo-project/sudo/commit/bd1ca79cca827a92e904f022e49d...

In client_msg_cb() we only remove a buffer from the queue when it is
finished. Inserting the buf...

happen when the socket cannot be written to immediately.
We need to set the read_instead_of_write...

For fully-qualified paths, store the string starting after the last slash,
not at the slash itself.

Fixes a bug introduced in sudo 1.9.5 where the editor was run setuid
root unless SELinux RBAC was...

Defaults to true if sudo is built with SELinux support and SELinux
is not disabled on the system.

We can use this when we need to pass around credential info instead
of the user_details and comma...

The new sesh_edit_create_tfiles() and sesh_edit_copy_tfiles() functions
are analogous to sudo_edi...

For sudo_edit_open() et al what we need is a copy of the current
cred to restore after dir_is_wri...

These were never added to the SELinux RBAC path.

The program name is also used when matching Debug lines in sudo.conf.
We don't want the user to b...

Otherwise, it may be possible for the user running sudoedit to
replace the newly-created temporar...

When creating a new file, sudoedit checks to make sure the parent
directory exists so it can prov...

This should never fail unless the fd is invalid.
Problem reported by Matthias Gerstner of SUSE.

Found by PVS Studio.

This makes it possible to remove some ugly #ifdefs and only affects
very old systems.

Coverity CID 215884.

Also add compareBoolExpressionWithInt to suppression list.

The SLIST_FOREACH_PREVPTR macro doesn't work the way I thought it did.
Just store our own prev po...