boolean.
* libmisc/basename.c: Avoid implicit conversion of pointer to
boolean.
* libmisc/basename.c, lib/prototypes.h (Basename): Return a
constant string.
* libmisc/basename.c, libmisc/obscure.c, lib/prototypes.h,
libmisc/xmalloc.c, libmisc/getdate.h, libmisc/system.c,
libmisc/getgr_nam_gid.c, libmisc/failure.c, libmisc/valid.c: Add
splint annotations.
* libmisc/chowndir.c: Avoid memory leak.
* libmisc/chowndir.c: Do not check *printf/*puts return value.
* libmisc/chowntty.c: Avoid implicit conversion between integer
types.
* libmisc/obscure.c: Return a bool when possible instead of int.
* libmisc/shell.c: Do not check *printf/*puts return value.
* libmisc/shell.c: Do not check execle return value.
* libmisc/setupenv.c: Avoid implicit conversion between integer
types.
* libmisc/xmalloc.c: size should not be zero to avoid returning
NULL pointers.
* libmisc/hushed.c: Do not check *printf/*puts return value.
* libmisc/system.c: Avoid implicit conversion of integer to
boolean. safe_system last argument is a boolean.
* libmisc/system.c: Check return value of dup2.
* libmisc/system.c: Do not check *printf/*puts return value.
* libmisc/system.c: Do not check execve return value.
* libmisc/salt.c: Do not check *printf/*puts return value.
* libmisc/loginprompt.c: Do not check gethostname return value.
* libmisc/find_new_gid.c, libmisc/find_new_uid.c: Do not check
gr_rewind/pw_rewind return value.
* libmisc/ttytype.c: Limit the number of parsed characters in the
sscanf format.
* libmisc/ttytype.c: Test if a type was really read.
* libmisc/sub.c: Do not check *printf/*puts return value.
* libmisc/sub.c: Avoid implicit conversion of integer to boolean.
* src/userdel.c: Fix typo in comment.
* src/userdel.c: Avoid implicit conversion of boolean to integer.
* src/userdel.c: safe_system last argument is a boolean.
* src/newusers.c: Avoid implicit conversion of boolean to integer.
* src/newusers.c: Avoid implicit conversion of integer to boolean.
* src/usermod.c: Add brackets.
* src/usermod.c: Avoid implicit conversion of characters or
integers to booleans.
* src/vipw.c: Avoid implicit conversion of integer to boolean.
* src/su.c: Avoid implicit conversion of integer to boolean.
* src/su.c: Add brackets.
* src/useradd.c: Avoid implicit conversion of characters or
integers to booleans.
+2010-08-22 Nicolas François <nicolas.francois@centraliens.net>
+
+ * libmisc/limits.c: Avoid implicit conversion of integer to
+ boolean.
+ * libmisc/basename.c: Avoid implicit conversion of pointer to
+ boolean.
+ * libmisc/basename.c, lib/prototypes.h (Basename): Return a
+ constant string.
+ * libmisc/basename.c, libmisc/obscure.c, lib/prototypes.h,
+ libmisc/xmalloc.c, libmisc/getdate.h, libmisc/system.c,
+ libmisc/getgr_nam_gid.c, libmisc/failure.c, libmisc/valid.c: Add
+ splint annotations.
+ * libmisc/chowndir.c: Avoid memory leak.
+ * libmisc/chowndir.c: Do not check *printf/*puts return value.
+ * libmisc/chowntty.c: Avoid implicit conversion between integer
+ types.
+ * libmisc/obscure.c: Return a bool when possible instead of int.
+ * libmisc/shell.c: Do not check *printf/*puts return value.
+ * libmisc/shell.c: Do not check execle return value.
+ * libmisc/setupenv.c: Avoid implicit conversion between integer
+ types.
+ * libmisc/xmalloc.c: size should not be zero to avoid returning
+ NULL pointers.
+ * libmisc/hushed.c: Do not check *printf/*puts return value.
+ * libmisc/system.c: Avoid implicit conversion of integer to
+ boolean. safe_system last argument is a boolean.
+ * libmisc/system.c: Check return value of dup2.
+ * libmisc/system.c: Do not check *printf/*puts return value.
+ * libmisc/system.c: Do not check execve return value.
+ * libmisc/salt.c: Do not check *printf/*puts return value.
+ * libmisc/loginprompt.c: Do not check gethostname return value.
+ * libmisc/find_new_gid.c, libmisc/find_new_uid.c: Do not check
+ gr_rewind/pw_rewind return value.
+ * libmisc/ttytype.c: Limit the number of parsed characters in the
+ sscanf format.
+ * libmisc/ttytype.c: Test if a type was really read.
+ * libmisc/sub.c: Do not check *printf/*puts return value.
+ * libmisc/sub.c: Avoid implicit conversion of integer to boolean.
+ * src/userdel.c: Fix typo in comment.
+ * src/userdel.c: Avoid implicit conversion of boolean to integer.
+ * src/userdel.c: safe_system last argument is a boolean.
+ * src/newusers.c: Avoid implicit conversion of boolean to integer.
+ * src/newusers.c: Avoid implicit conversion of integer to boolean.
+ * src/usermod.c: Add brackets.
+ * src/usermod.c: Avoid implicit conversion of characters or
+ integers to booleans.
+ * src/vipw.c: Avoid implicit conversion of integer to boolean.
+ * src/su.c: Avoid implicit conversion of integer to boolean.
+ * src/su.c: Add brackets.
+ * src/useradd.c: Avoid implicit conversion of characters or
+ integers to booleans.
+
2010-08-22 Nicolas François <nicolas.francois@centraliens.net>
* libmisc/obscure.c, lib/prototypes.h (obscure): Return a bool
#include "defines.h"
#include "commonio.h"
-extern char *Prog;
+extern /*@observer@*/ const char *Prog;
/* addgrps.c */
#if defined (HAVE_SETGROUPS) && ! defined (USE_PAM)
/* basename() renamed to Basename() to avoid libc name space confusion */
/* basename.c */
-extern char *Basename (char *str);
+extern /*@observer@*/const char *Basename (char *str);
/* chowndir.c */
extern int chown_tree (const char *root,
extern int get_gid (const char *gidstr, gid_t *gid);
/* getgr_nam_gid.c */
-extern /*@null@*/struct group *getgr_nam_gid (const char *grname);
+extern /*@null@*/struct group *getgr_nam_gid (/*@null@*/const char *grname);
/* getlong.c */
extern int getlong (const char *numstr, /*@out@*/long int *result);
/* system.c */
extern int safe_system (const char *command,
const char *argv[],
- const char *env[],
- int ignore_stderr);
+ /*@null@*/const char *env[],
+ bool ignore_stderr);
/* strtoday.c */
extern long strtoday (const char *);
extern bool valid (const char *, const struct passwd *);
/* xmalloc.c */
-extern /*@maynotreturn@*/ /*@out@*//*@only@*/char *xmalloc (size_t size)
+extern /*@maynotreturn@*/ /*@only@*//*@out@*//*@notnull@*/char *xmalloc (size_t size)
/*@ensures MaxSet(result) == (size - 1); @*/;
-extern /*@maynotreturn@*/ /*@only@*/char *xstrdup (const char *);
+extern /*@maynotreturn@*/ /*@only@*//*@notnull@*/char *xstrdup (const char *);
/* xgetpwnam.c */
extern /*@null@*/ /*@only@*/struct passwd *xgetpwnam (const char *);
#include "defines.h"
#include "prototypes.h"
-char *Basename (char *str)
+/*@observer@*/const char *Basename (char *str)
{
char *cp = strrchr (str, '/');
- return cp ? cp + 1 : str;
+ return (NULL != cp) ? cp + 1 : str;
}
*/
if (access (root, F_OK) != 0) {
+ free (new_name);
return -1;
}
dir = opendir (root);
if (NULL == dir) {
+ free (new_name);
return -1;
}
new_name_len += 1024;
}
- snprintf (new_name, new_name_len, "%s/%s", root, ent->d_name);
+ (void) snprintf (new_name, new_name_len, "%s/%s", root, ent->d_name);
/* Don't follow symbolic links! */
if (LSTAT (new_name, &sb) == -1) {
*/
if ( (fchown (STDIN_FILENO, info->pw_uid, gid) != 0)
- || (fchmod (STDIN_FILENO, getdef_num ("TTYPERM", 0600)) != 0)) {
+ || (fchmod (STDIN_FILENO, (mode_t)getdef_num ("TTYPERM", 0600)) != 0)) {
int err = errno;
fprintf (stderr,
lasttime++;
}
#endif
+ /*@-formatconst@*/
(void) printf (ngettext ("%d failure since last login.\n"
"Last was %s on %s.\n",
"%d failures since last login.\n"
"Last was %s on %s.\n",
(unsigned long) fail->fail_cnt),
fail->fail_cnt, lasttime, fail->fail_line);
+ /*@=formatconst@*/
}
/*
}
}
- gr_rewind ();
+ (void) gr_rewind ();
while ((grp = gr_next ()) != NULL) {
if ((grp->gr_gid <= group_id) && (grp->gr_gid >= gid_min)) {
group_id = grp->gr_gid - 1;
}
endgrent ();
- gr_rewind ();
+ (void) gr_rewind ();
while ((grp = gr_next ()) != NULL) {
if ((grp->gr_gid >= group_id) && (grp->gr_gid <= gid_max)) {
group_id = grp->gr_gid + 1;
}
}
- pw_rewind ();
+ (void) pw_rewind ();
while ((pwd = pw_next ()) != NULL) {
if ((pwd->pw_uid <= user_id) && (pwd->pw_uid >= uid_min)) {
user_id = pwd->pw_uid - 1;
}
endpwent ();
- pw_rewind ();
+ (void) pw_rewind ();
while ((pwd = pw_next ()) != NULL) {
if ((pwd->pw_uid >= user_id) && (pwd->pw_uid <= uid_max)) {
user_id = pwd->pw_uid + 1;
#include <config.h>
#include "defines.h"
-time_t get_date (const char *, const time_t *);
+time_t get_date (const char *p, /*@null@*/const time_t *now);
#endif
* The string may be a valid GID or a valid groupname.
* If the group does not exist on the system, NULL is returned.
*/
-extern /*@null@*/struct group *getgr_nam_gid (const char *grname)
+extern /*@null@*/struct group *getgr_nam_gid (/*@null@*/const char *grname)
{
long long int gid;
char *endptr;
*/
if (hushfile[0] != '/') {
- snprintf (buf, sizeof (buf), "%s/%s", pw->pw_dir, hushfile);
+ (void) snprintf (buf, sizeof (buf), "%s/%s", pw->pw_dir, hushfile);
return (access (buf, F_OK) == 0);
}
if (getdef_bool ("QUOTAS_ENAB")) {
#ifdef LIMITS
if (info->pw_uid != 0) {
- if (setup_user_limits (info->pw_name) &
- LOGIN_ERROR_LOGIN) {
+ if ((setup_user_limits (info->pw_name) & LOGIN_ERROR_LOGIN) != 0) {
(void) fputs (_("Too many logins.\n"), stderr);
(void) sleep (2); /* XXX: Should be FAIL_DELAY */
exit (EXIT_FAILURE);
(void) fclose (fp);
}
}
- gethostname (buf, sizeof buf);
+ (void) gethostname (buf, sizeof buf);
printf (prompt, buf);
(void) fflush (stdout);
}
* more than half of the characters are different ones.
*/
-static bool similar (const char *old, const char *new)
+static bool similar (/*@notnull@*/const char *old, /*@notnull@*/const char *new)
{
int i, j;
* a nice mix of characters.
*/
-static int simple (unused const char *old, const char *new)
+static bool simple (unused const char *old, const char *new)
{
bool digits = false;
bool uppers = false;
return true;
}
-static char *str_lower (char *string)
+static char *str_lower (/*@returned@*/char *string)
{
char *cp;
return string;
}
-static const char *password_check (const char *old, const char *new,
- const struct passwd *pwdp)
+static /*@observer@*//*@null@*/const char *password_check (
+ /*@notnull@*/const char *old,
+ /*@notnull@*/const char *new,
+ /*@notnull@*/const struct passwd *pwdp)
{
const char *msg = NULL;
char *oldmono, *newmono, *wrapped;
return msg;
}
-/*ARGSUSED*/
-static const char *obscure_msg (const char *old, const char *new,
- const struct passwd *pwdp)
+static /*@observer@*//*@null@*/const char *obscure_msg (
+ /*@notnull@*/const char *old,
+ /*@notnull@*/const char *new,
+ /*@notnull@*/const struct passwd *pwdp)
{
size_t maxlen, oldlen, newlen;
char *new1, *old1;
rounds = ROUNDS_MAX;
}
- snprintf (rounds_prefix, 18, "rounds=%ld$", rounds);
+ (void) snprintf (rounds_prefix, 18, "rounds=%ld$", rounds);
/* Sanity checks. That should not be necessary. */
rounds_prefix[17] = '\0';
if (NULL == fp) {
return;
}
- while (fgets (buf, sizeof buf, fp) == buf) {
+ while (fgets (buf, (int)(sizeof buf), fp) == buf) {
cp = strrchr (buf, '\n');
if (NULL == cp) {
break;
* don't want to tell us what it is themselves.
*/
if (arg == (char *) 0) {
- snprintf (arg0, sizeof arg0, "-%s", Basename ((char *) file));
+ (void) snprintf (arg0, sizeof arg0, "-%s", Basename ((char *) file));
+ arg0[sizeof arg0 - 1] = '\0';
arg = arg0;
}
* able to figure out what we are up to without too much
* grief.
*/
- execle (file, arg, (char *) 0, envp);
+ (void) execle (file, arg, (char *) 0, envp);
err = errno;
if (access (file, R_OK|X_OK) == 0) {
* Assume this is a shell script (with no shebang).
* Interpret it with /bin/sh
*/
- execle (SHELL, "sh", "-", file, (char *)0, envp);
+ (void) execle (SHELL, "sh", "-", file, (char *)0, envp);
err = errno;
}
* how to execute this stupid shell, so I might as well give
* up in disgust ...
*/
- snprintf (arg0, sizeof arg0, _("Cannot execute %s"), file);
+ (void) snprintf (arg0, sizeof arg0, _("Cannot execute %s"), file);
errno = err;
perror (arg0);
return err;
* must be able to change into it.
*/
- if (chdir (pw->pw_dir) || chroot (pw->pw_dir)) {
- printf (_("Can't change root directory to '%s'\n"),
- pw->pw_dir);
+ if ( (chdir (pw->pw_dir) != 0)
+ || (chroot (pw->pw_dir) != 0)) {
+ (void) printf (_("Can't change root directory to '%s'\n"),
+ pw->pw_dir);
SYSLOG ((LOG_WARN, NO_SUBROOT2, pw->pw_dir, pw->pw_name));
closelog ();
exit (EXIT_FAILURE);
}
}
+
/*
* Copyright (c) 2009 , Dan Walsh <dwalsh@redhat.com>
+ * Copyright (c) 2010 , Nicolas François
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
int safe_system (const char *command,
const char *argv[],
- const char *env[],
- int ignore_stderr)
+ /*@null@*/const char *env[],
+ bool ignore_stderr)
{
int status = -1;
int fd;
return -1;
}
- if (pid) { /* Parent */
+ if (pid != 0) { /* Parent */
if (waitpid (pid, &status, 0) > 0) {
return status;
} else {
fd = open ("/dev/null", O_RDWR);
/* Child */
- dup2 (fd, 0); /* Close Stdin */
+ /* Close Stdin */
+ if (dup2 (fd, 0) == -1) {
+ exit (EXIT_FAILURE);
+ }
if (ignore_stderr) {
- dup2 (fd, 2); /* Close Stderr */
+ /* Close Stderr */
+ if (dup2 (fd, 2) == -1) {
+ exit (EXIT_FAILURE);
+ }
}
- execve (command, (char *const *) argv, (char *const *) env);
- fprintf (stderr, _("Failed to exec '%s'\n"), argv[0]);
+ (void) execve (command, (char *const *) argv, (char *const *) env);
+ (void) fprintf (stderr, _("Failed to exec '%s'\n"), argv[0]);
exit (EXIT_FAILURE);
}
char buf[BUFSIZ];
const char *typefile;
char *cp;
- char type[BUFSIZ];
- char port[BUFSIZ];
+ char type[1024] = "";
+ char port[1024];
if (getenv ("TERM") != NULL) {
return;
*cp = '\0';
}
- if ((sscanf (buf, "%s %s", type, port) == 2) &&
- (strcmp (line, port) == 0)) {
+ if ( (sscanf (buf, "%1023s %1023s", type, port) == 2)
+ && (strcmp (line, port) == 0)) {
break;
}
}
- if ((feof (fp) == 0) && (ferror (fp) == 0)) {
+ if ((feof (fp) == 0) && (ferror (fp) == 0) && (type[0] != '\0')) {
addenv ("TERM", type);
}
bool valid (const char *password, const struct passwd *ent)
{
const char *encrypted;
- const char *salt;
+ /*@observer@*/const char *salt;
/*
* Start with blank or empty password entries. Always encrypt
#include "defines.h"
#include "prototypes.h"
-char *xmalloc (size_t size)
+/*@maynotreturn@*/ /*@only@*//*@out@*//*@notnull@*/char *xmalloc (size_t size)
{
char *ptr;
ptr = (char *) malloc (size);
- if ((NULL == ptr) && (0 != size)) {
- fprintf (stderr, _("malloc(%d) failed\n"), (int) size);
+ if (NULL == ptr) {
+ (void) fprintf (stderr, _("malloc(%d) failed\n"), (int) size);
exit (13);
}
return ptr;
}
-char *xstrdup (const char *str)
+/*@maynotreturn@*/ /*@only@*//*@notnull@*/char *xstrdup (const char *str)
{
return strcpy (xmalloc (strlen (str) + 1), str);
}
pwent.pw_dir = ""; /* XXX warning: const */
pwent.pw_shell = ""; /* XXX warning: const */
- return (pw_update (&pwent) == 0);
+ return (pw_update (&pwent) == 0) ? -1 : 0;
}
#ifndef USE_PAM
usernames[nusers-1] = strdup (fields[0]);
passwords[nusers-1] = strdup (fields[1]);
#endif /* USE_PAM */
- if (add_passwd (&newpw, fields[1])) {
+ if (add_passwd (&newpw, fields[1]) != 0) {
fprintf (stderr,
_("%s: line %d: can't update password\n"),
Prog, line);
{
static TERMIO sgtty;
- if (killed)
+ if (killed != 0) {
STTY (0, &sgtty);
- else
+ } else {
GTTY (0, &sgtty);
+ }
- if (killed) {
+ if (killed != 0) {
closelog ();
exit (128+killed);
}
* The first character of an administrator defined method is an '@'
* character.
*/
- if (!amroot && pw_auth (pwent.pw_passwd, name, PW_SU, (char *) 0)) {
- SYSLOG ((pwent.pw_uid ? LOG_NOTICE : LOG_WARN,
+ if ( !amroot
+ && (pw_auth (pwent.pw_passwd, name, PW_SU, (char *) 0) != 0)) {
+ SYSLOG (((pwent.pw_uid != 0)? LOG_NOTICE : LOG_WARN,
"Authentication failed for %s", name));
fprintf(stderr, _("%s: Authentication failure\n"), Prog);
su_failure (tty);
spwd = pwd_to_spwd (&pwent);
}
- if (expire (&pwent, spwd)) {
+ if (expire (&pwent, spwd) != 0) {
/* !USE_PAM, no need for xgetpwnam */
struct passwd *pwd = getpwnam (name);
static void selinux_update_mapping (void) {
if (is_selinux_enabled () <= 0) return;
- if (*user_selinux) { /* must be done after passwd write() */
+ if ('\0' != *user_selinux) { /* must be done after passwd write() */
const char *argv[7];
argv[0] = "/usr/sbin/semanage";
argv[1] = "login";
argv[4] = user_selinux;
argv[5] = user_name;
argv[6] = NULL;
- if (safe_system (argv[0], argv, NULL, 0)) {
+ if (safe_system (argv[0], argv, NULL, false) != 0) {
fprintf (stderr,
_("%s: warning: the user name %s to %s SELinux user mapping failed.\n"),
Prog, user_name, user_selinux);
*
* Return
* 1: path exists and is owned by uid
- * 0: path is not owned by uid, or a failure occured
+ * 0: path is not owned by uid, or a failure occurred
* -1: path does not exist
*/
static int is_owner (uid_t uid, const char *path)
return 0;
}
}
- return (st.st_uid == uid);
+ return (st.st_uid == uid) ? 1 : 0;
}
static int remove_mailbox (void)
args[2] = "-d";
args[3] = user_name;
args[4] = NULL;
- safe_system (args[0], args, NULL, 1);
+ safe_system (args[0], args, NULL, true);
}
#endif /* WITH_SELINUX */
static void selinux_update_mapping (void) {
const char *argv[7];
- if (is_selinux_enabled () <= 0) return;
+ if (is_selinux_enabled () <= 0) {
+ return;
+ }
- if (*user_selinux) {
+ if ('\0' != *user_selinux) {
argv[0] = "/usr/sbin/semanage";
argv[1] = "login";
argv[2] = "-m";
argv[4] = user_selinux;
argv[5] = user_name;
argv[6] = NULL;
- if (safe_system (argv[0], argv, NULL, 1)) {
+ if (safe_system (argv[0], argv, NULL, true) != 0) {
argv[2] = "-a";
- if (safe_system (argv[0], argv, NULL, 0)) {
+ if (safe_system (argv[0], argv, NULL, false) != 0) {
fprintf (stderr,
_("%s: warning: the user name %s to %s SELinux user mapping failed.\n"),
Prog, user_name, user_selinux);
#ifdef WITH_SELINUX
/* if SE Linux is enabled then set the context of all new files
to be the context of the file we are editing */
- if (is_selinux_enabled ()) {
+ if (is_selinux_enabled () != 0) {
security_context_t passwd_context=NULL;
int ret = 0;
if (getfilecon (file, &passwd_context) < 0) {
}
#ifdef WITH_SELINUX
/* unset the fscreatecon */
- if (is_selinux_enabled ()) {
+ if (is_selinux_enabled () != 0) {
if (setfscreatecon (NULL) != 0) {
vipwexit (_("setfscreatecon () failed"), errno, 1);
}
projects / shadow / commitdiff