cvtsudoers generates invalid JSON when aliases do not resolve
qkaiser opened this issue · 1 comments
qkaiser commented
Bug Description
When parsing a sudoers containing an alias that does not resolve, cvtsudoers will generate invalid JSON output.
With the reduced test case below:
User_Alias CLI_USER = cli
Defaults:CLI_USR !lecture
The following JSON output is generated:
cvtsudoers -f json --expand-aliases /tmp/crash.sudoers
{
"Defaults": [
{
"Binding": [
] <----- missing comma here
"Options": [
{ "lecture": false }
]
}
]
}
I took some traces and this is the behavior with an alias that resolves:
120 ms | sudo_json_open_array_v1()
120 ms | | json_new_line()
120 ms | | json_append_string()
120 ms | | | json_append_buf()
120 ms | | | json_append_buf()
120 ms | | | json_append_buf()
120 ms | | | json_append_buf()
120 ms | | | json_append_buf()
120 ms | | | json_append_buf()
120 ms | | | json_append_buf()
120 ms | | | json_append_buf()
120 ms | | | json_append_buf()
120 ms | | json_append_buf()
120 ms | print_member_json_int()
120 ms | sudo_json_close_array_v1()
120 ms | | json_new_line()
120 ms | | json_append_buf()
120 ms | sudo_json_open_array_v1()
and the behavior with an alias that does not resolve:
97 ms | sudo_json_open_array_v1()
97 ms | | json_new_line()
97 ms | | json_append_string()
97 ms | | | json_append_buf()
97 ms | | | json_append_buf()
98 ms | | | json_append_buf()
98 ms | | | json_append_buf()
98 ms | | | json_append_buf()
98 ms | | | json_append_buf()
98 ms | | | json_append_buf()
98 ms | | | json_append_buf()
98 ms | | | json_append_buf()
98 ms | | json_append_buf()
98 ms | print_member_json_int()
98 ms | | print_member_json_int()
98 ms | | | sudo_json_add_value_as_object_v1()
98 ms | | | | sudo_json_add_value_int()
98 ms | | | | | json_new_line()
98 ms | | | | | json_append_buf()
98 ms | | | | | json_append_string()
98 ms | | | | | | json_append_buf()
98 ms | | | | | | json_append_buf()
98 ms | | | | | | json_append_buf()
98 ms | | | | | | json_append_buf()
98 ms | | | | | | json_append_buf()
98 ms | | | | | | json_append_buf()
98 ms | | | | | | json_append_buf()
98 ms | | | | | | json_append_buf()
98 ms | | | | | | json_append_buf()
98 ms | | | | | | json_append_buf()
98 ms | | | | | json_append_buf()
98 ms | | | | | json_append_string()
98 ms | | | | | | json_append_buf()
98 ms | | | | | | json_append_buf()
98 ms | | | | | | json_append_buf()
98 ms | | | | | | json_append_buf()
98 ms | | | | | | json_append_buf()
98 ms | | | | | json_append_buf()
98 ms | sudo_json_close_array_v1()
98 ms | | json_new_line()
98 ms | | json_append_buf()
98 ms | sudo_json_open_array_v1()
Affected Software Version
cvtsudoers version 1.9.9
cvtsudoers grammar version 48
And also tested with the latest commit as of now (648ce41).
Background Information
We're scanning large amounts of sudoers files from a firmware corpus. We noticed that behavior when looking into --expand-alias.