ssize_t
sudo_parseln(char **bufp, size_t *bufsizep, unsigned int *lineno, FILE *fp)
{
- size_t len, linesize = 0, total = 0;
+ size_t linesize = 0, total = 0;
+ ssize_t len;
char *cp, *line = NULL;
bool continued;
debug_decl(sudo_parseln, SUDO_DEBUG_UTIL)
}
static void
-lbuf_expand(struct lbuf *lbuf, size_t extra)
+lbuf_expand(struct lbuf *lbuf, int extra)
{
if (lbuf->len + extra + 1 >= lbuf->size) {
do {
* Verify that path is the right type and not writable by other users.
*/
int
-sudo_secure_path(const char *path, int type, uid_t uid, gid_t gid, struct stat *sbp)
+sudo_secure_path(const char *path, unsigned int type, uid_t uid, gid_t gid, struct stat *sbp)
{
struct stat sb;
int rval = SUDO_PATH_MISSING;
static int sudo_debug_mode;
static char sudo_debug_pidstr[(((sizeof(int) * 8) + 2) / 3) + 3];
static size_t sudo_debug_pidlen;
+static const int num_subsystems = NUM_SUBSYSTEMS;
/*
* Parse settings string from sudo.conf and open debugfile.
return 1;
/* Init per-subsystems settings to -1 since 0 is a valid priority. */
- for (i = 0; i < NUM_SUBSYSTEMS; i++)
+ for (i = 0; i < num_subsystems; i++)
sudo_debug_settings[i] = -1;
/* Open debug file if specified. */
subsys = SUDO_DEBUG_SUBSYS(level);
/* Make sure we want debug info at this level. */
- if (subsys < NUM_SUBSYSTEMS && sudo_debug_settings[subsys] >= pri) {
+ if (subsys < num_subsystems && sudo_debug_settings[subsys] >= pri) {
buflen = fmt ? vasprintf(&buf, fmt, ap) : 0;
if (buflen != -1) {
int errcode = ISSET(level, SUDO_DEBUG_ERRNO) ? saved_errno : 0;
subsys = SUDO_DEBUG_SUBSYS(level);
/* Make sure we want debug info at this level. */
- if (subsys >= NUM_SUBSYSTEMS || sudo_debug_settings[subsys] < pri)
+ if (subsys >= num_subsystems || sudo_debug_settings[subsys] < pri)
return;
/* Log envp for debug level "debug". */
int sudo_secure_dir(const char *path, uid_t uid, gid_t gid, struct stat *sbp);
int sudo_secure_file(const char *path, uid_t uid, gid_t gid, struct stat *sbp);
-int sudo_secure_path(const char *path, int type, uid_t uid, gid_t gid, struct stat *sbp);
+int sudo_secure_path(const char *path, unsigned int type, uid_t uid, gid_t gid, struct stat *sbp);
#endif /* _SUDO_SECURE_PATH_H */
* Resolve the path and exit the loop if found.
*/
len = snprintf(command, sizeof(command), "%s/%s", path, infile);
- if (len <= 0 || len >= sizeof(command)) {
+ if (len <= 0 || (size_t)len >= sizeof(command)) {
errno = ENAMETOOLONG;
fatal("%s", infile);
}
*/
if (!found && checkdot) {
len = snprintf(command, sizeof(command), "./%s", infile);
- if (len <= 0 || len >= sizeof(command)) {
+ if (len <= 0 || (size_t)len >= sizeof(command)) {
errno = ENAMETOOLONG;
fatal("%s", infile);
}
#else
#define YY_SIZE_MAX 0x7fffffff
#endif
- if (YY_SIZE_MAX / newsize < sizeof *newss)
+ if (YY_SIZE_MAX / (unsigned int)newsize < sizeof *newss)
goto bail;
i = yyssp - yyss;
newss = yyss ? (short *)realloc(yyss, newsize * sizeof *newss) :
len = snprintf(path, sizeof(path), "%s%s",
(*plugin_info != '/') ? _PATH_SUDO_PLUGIN_DIR : "", plugin_info);
}
- if (len <= 0 || len >= sizeof(path)) {
+ if (len <= 0 || (size_t)len >= sizeof(path)) {
errno = ENAMETOOLONG;
warning("%s%s",
(*plugin_info != '/') ? _PATH_SUDO_PLUGIN_DIR : "", plugin_info);
*/
struct interface {
SLIST_ENTRY(interface) entries;
- int family; /* AF_INET or AF_INET6 */
+ unsigned int family; /* AF_INET or AF_INET6 */
union sudo_in_addr_un addr;
union sudo_in_addr_un netmask;
};
* Open sequence file
*/
len = snprintf(pathbuf, sizeof(pathbuf), "%s/seq", iolog_dir);
- if (len <= 0 || len >= sizeof(pathbuf)) {
+ if (len <= 0 || (size_t)len >= sizeof(pathbuf)) {
errno = ENAMETOOLONG;
log_fatal(USE_ERRNO, "%s/seq", pathbuf);
}
len = snprintf(fallback, sizeof(fallback), "%s/seq",
iolog_dir_fallback);
- if (len > 0 && len < sizeof(fallback)) {
+ if (len > 0 && (size_t)len < sizeof(fallback)) {
int fd2 = open(fallback, O_RDWR|O_CREAT, S_IRUSR|S_IWUSR);
if (fd2 != -1) {
nread = read(fd2, buf, sizeof(buf));
break;
case 1:
/* Trim trailing slashes from dir component. */
- while (dst - path - 1 > prelen && dst[-1] == '/')
+ while (dst > path + prelen + 1 && dst[-1] == '/')
dst--;
/* The NUL will be replaced with a '/' at the end. */
if (dst + 1 >= pathend)
char *host, *port, defport[13];
char hostbuf[LINE_MAX * 2];
+ int len;
debug_decl(sudo_ldap_conf_add_ports, SUDO_DEBUG_LDAP)
hostbuf[0] = '\0';
- if (snprintf(defport, sizeof(defport), ":%d", ldap_conf.port) >= sizeof(defport))
+ len = snprintf(defport, sizeof(defport), ":%d", ldap_conf.port);
+ if (len <= 0 || (size_t)len >= sizeof(defport))
fatalx(_("sudo_ldap_conf_add_ports: port too large"));
for ((host = strtok(ldap_conf.host, " \t")); host; (host = strtok(NULL, " \t"))) {
/* Build filter. */
bytes = snprintf(buffer, buffersize, "(&(|(!(sudoNotAfter=*))(sudoNotAfter>=%s))(|(!(sudoNotBefore=*))(sudoNotBefore<=%s)))",
timebuffer, timebuffer);
- if (bytes < 0 || bytes >= buffersize) {
+ if (bytes <= 0 || (size_t)bytes >= buffersize) {
warning(_("unable to build time filter"));
bytes = 0;
}
def_logfile, strerror(errno));
} else {
time(&now);
- if (def_loglinelen < sizeof(LOG_INDENT)) {
+ if ((size_t)def_loglinelen < sizeof(LOG_INDENT)) {
/* Don't pretty-print long log file lines (hard to grep) */
if (def_log_host) {
(void) fprintf(fp, "%s : %s : HOST=%s : %s\n",
union sudo_in_addr_un addr;
struct interface *ifp;
#ifdef HAVE_STRUCT_IN6_ADDR
- int j;
+ unsigned int j;
#endif
- int family;
+ unsigned int family;
debug_decl(addr_matches_if, SUDO_DEBUG_MATCH)
#ifdef HAVE_STRUCT_IN6_ADDR
static bool
addr_matches_if_netmask(char *n, char *m)
{
- int i;
+ unsigned int i;
union sudo_in_addr_un addr, mask;
struct interface *ifp;
#ifdef HAVE_STRUCT_IN6_ADDR
- int j;
+ unsigned int j;
#endif
- int family;
+ unsigned int family;
debug_decl(addr_matches_if, SUDO_DEBUG_MATCH)
#ifdef HAVE_STRUCT_IN6_ADDR
#define SUDO_DIGEST_INVALID 4
struct sudo_digest {
- int digest_type;
+ unsigned int digest_type;
char *digest_str;
};
egid = runas_gr ? (unsigned int)runas_gr->gr_gid :
(unsigned int)runas_pw->pw_gid;
len = snprintf(cp, glsize - (cp - gid_list), "%u", egid);
- if (len < 0 || len >= glsize - (cp - gid_list))
+ if (len < 0 || (size_t)len >= glsize - (cp - gid_list))
fatalx(_("internal error, %s overflow"), "runas_groups");
cp += len;
for (i = 0; i < grlist->ngids; i++) {
if (grlist->gids[i] != egid) {
len = snprintf(cp, glsize - (cp - gid_list), ",%u",
(unsigned int) grlist->gids[i]);
- if (len < 0 || len >= glsize - (cp - gid_list))
+ if (len < 0 || (size_t)len >= glsize - (cp - gid_list))
fatalx(_("internal error, %s overflow"), "runas_groups");
cp += len;
}
case 'h':
p++;
n = strlcpy(np, user_shost, np - endp);
- if (n >= np - endp)
+ if (n >= (size_t)(np - endp))
goto oflow;
np += n;
continue;
case 'H':
p++;
n = strlcpy(np, user_host, np - endp);
- if (n >= np - endp)
+ if (n >= (size_t)(np - endp))
goto oflow;
np += n;
continue;
n = strlcpy(np, runas_pw->pw_name, np - endp);
else
n = strlcpy(np, user_name, np - endp);
- if (n >= np - endp)
+ if (n >= (size_t)(np - endp))
goto oflow;
np += n;
continue;
case 'u':
p++;
n = strlcpy(np, user_name, np - endp);
- if (n >= np - endp)
+ if (n >= (size_t)(np - endp))
goto oflow;
np += n;
continue;
case 'U':
p++;
n = strlcpy(np, runas_pw->pw_name, np - endp);
- if (n >= np - endp)
+ if (n >= (size_t)(np - endp))
goto oflow;
np += n;
continue;
char * const *unused2)
{
char *cp;
- size_t i, nsize, ngroups, total, len;
+ size_t nsize, ngroups, total, len;
struct cache_item_grlist *grlitem;
struct group_list *grlist;
GETGROUPS_T *gids;
struct group *grp;
- int ngids, groupname_len;
+ int i, ngids, groupname_len;
debug_decl(sudo_make_grlist_item, SUDO_DEBUG_NSS)
if (pw == sudo_user.pw && sudo_user.gids != NULL) {
static int perm_stack_depth = 0;
#undef ID
-#define ID(x) (state->x == ostate->x ? -1 : state->x)
+#define ID(x) (state->x == ostate->x ? (id_t)-1 : state->x)
#undef OID
-#define OID(x) (ostate->x == state->x ? -1 : ostate->x)
+#define OID(x) (ostate->x == state->x ? (id_t)-1 : ostate->x)
void
rewind_perms(void)
static int parse_timing(const char *buf, const char *decimal, int *idx, double *seconds, size_t *nbytes);
static struct log_info *parse_logfile(char *logfile);
static void free_log_info(struct log_info *li);
-static size_t atomic_writev(int fd, struct iovec *iov, int iovcnt);
+static ssize_t atomic_writev(int fd, struct iovec *iov, int iovcnt);
static void sudoreplay_handler(int);
static void sudoreplay_cleanup(void);
if (VALID_ID(id)) {
plen = snprintf(path, sizeof(path), "%s/%.2s/%.2s/%.2s/timing",
session_dir, id, &id[2], &id[4]);
- if (plen <= 0 || plen >= sizeof(path))
+ if (plen <= 0 || (size_t)plen >= sizeof(path))
fatalx(_("%s/%.2s/%.2s/%.2s/timing: %s"), session_dir,
id, &id[2], &id[4], strerror(ENAMETOOLONG));
} else {
plen = snprintf(path, sizeof(path), "%s/%s/timing",
session_dir, id);
- if (plen <= 0 || plen >= sizeof(path))
+ if (plen <= 0 || (size_t)plen >= sizeof(path))
fatalx(_("%s/%s/timing: %s"), session_dir,
id, strerror(ENAMETOOLONG));
}
cp = ep + 1;
remainder -= linelen;
}
- if (cp - buf != nread) {
+ if ((size_t)(cp - buf) != nread) {
/*
* Partial line without a linefeed or multiple lines
* with \r\n pairs.
* Call writev(), restarting as needed and handling EAGAIN since
* fd may be in non-blocking mode.
*/
-static size_t
+static ssize_t
atomic_writev(int fd, struct iovec *iov, int iovcnt)
{
ssize_t n, nwritten = 0;
struct dirent *dp;
struct stat sb;
size_t sdlen, sessions_len = 0, sessions_size = 36*36;
- int i, len;
+ unsigned int i;
+ int len;
char pathbuf[PATH_MAX], **sessions = NULL;
#ifdef HAVE_STRUCT_DIRENT_D_TYPE
bool checked_type = true;
for (i = 0; i < sessions_len; i++) {
len = snprintf(&pathbuf[sdlen], sizeof(pathbuf) - sdlen,
"%s/log", sessions[i]);
- if (len <= 0 || len >= sizeof(pathbuf) - sdlen) {
+ if (len <= 0 || (size_t)len >= sizeof(pathbuf) - sdlen) {
errno = ENAMETOOLONG;
fatal("%s/%s/log", dir, sessions[i]);
}
timestampfile[0] = '\0';
len = snprintf(timestampdir, sizeof(timestampdir), "%s/%s", dirparent,
user_name);
- if (len <= 0 || len >= sizeof(timestampdir))
+ if (len <= 0 || (size_t)len >= sizeof(timestampdir))
goto bad;
/*
/* No tty, use parent pid. */
len = snprintf(pidbuf, sizeof(pidbuf), "pid%u",
(unsigned int)getppid());
- if (len <= 0 || len >= sizeof(pidbuf))
+ if (len <= 0 || (size_t)len >= sizeof(pidbuf))
goto bad;
p = pidbuf;
} else if ((p = strrchr(user_tty, '/'))) {
len = snprintf(timestampfile, sizeof(timestampfile), "%s/%s/%s",
dirparent, user_name, p);
}
- if (len <= 0 || len >= sizeof(timestampfile))
+ if (len <= 0 || (size_t)len >= sizeof(timestampfile))
goto bad;
} else if (def_targetpw) {
len = snprintf(timestampfile, sizeof(timestampfile), "%s/%s/%s",
dirparent, user_name, runas_pw->pw_name);
- if (len <= 0 || len >= sizeof(timestampfile))
+ if (len <= 0 || (size_t)len >= sizeof(timestampfile))
goto bad;
}
sudo_debug_printf(SUDO_DEBUG_INFO, "using timestamp file %s", timestampfile);
#line 289 "toke.l"
{
/* Only return DIGEST if the length is correct. */
- size_t len;
+ int len;
if (sudoerstext[sudoersleng - 1] == '=') {
/* use padding */
len = 4 * ((digest_len + 2) / 3);
<WANTDIGEST>[A-Za-z0-9\+/=]+ {
/* Only return DIGEST if the length is correct. */
- size_t len;
+ int len;
if (sudoerstext[sudoersleng - 1] == '=') {
/* use padding */
len = 4 * ((digest_len + 2) / 3);
p = sudoerslval.command.args + arg_len;
if (addspace)
*p++ = ' ';
- if (strlcpy(p, s, arg_size - (p - sudoerslval.command.args)) != len) {
+ if (strlcpy(p, s, arg_size - (p - sudoerslval.command.args)) != (size_t)len) {
warningx(_("fill_args: buffer overflow")); /* paranoia */
sudoerserror(NULL);
debug_return_bool(false);
}
status = stat(fullpath, sb);
} else {
- if (snprintf(fullpath, pathsize, "%s%s", _PATH_SUDO_PLUGIN_DIR,
- info->path) >= pathsize) {
+ int len = snprintf(fullpath, pathsize, "%s%s", _PATH_SUDO_PLUGIN_DIR,
+ info->path);
+ if (len <= 0 || (size_t)len >= pathsize) {
warningx(_("error in %s, line %d while loading plugin `%s'"),
_PATH_SUDO_CONF, info->lineno, info->symbol_name);
warningx(_("%s%s: %s"), _PATH_SUDO_PLUGIN_DIR, info->path,
if ((colon = strchr(cp, ':')))
*colon = '\0';
len = snprintf(pathbuf, sizeof(pathbuf), "%s/%s", cp, sudo);
- if (len <= 0 || len >= sizeof(pathbuf))
+ if (len <= 0 || (size_t)len >= sizeof(pathbuf))
continue;
if (access(pathbuf, X_OK) == 0) {
sudo = pathbuf;
rc = sysctl(mib, sudo_kp_namelen, ki_proc, &size, NULL, 0);
} while (rc == -1 && errno == ENOMEM);
if (rc != -1) {
- if (ki_proc->sudo_kp_tdev != (dev_t)-1) {
+ if ((dev_t)ki_proc->sudo_kp_tdev != (dev_t)-1) {
tty = sudo_ttyname_dev(ki_proc->sudo_kp_tdev);
if (tty == NULL) {
sudo_debug_printf(SUDO_DEBUG_WARN,
projects / sudo / commitdiff