From: Todd C. Miller Date: Tue, 7 Aug 2012 15:01:28 +0000 (-0400) Subject: Fix some warnings from clang checker-267 X-Git-Tag: SUDO_1_8_6^2~56 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=7d255e42cbb9d7c229570acab28945c83f9bff12;p=sudo Fix some warnings from clang checker-267 --- diff --git a/compat/getline.c b/compat/getline.c index 606fd0e76..018fe9307 100644 --- a/compat/getline.c +++ b/compat/getline.c @@ -52,7 +52,7 @@ getline(char **bufp, size_t *bufsizep, FILE *fp) buf = fgetln(fp, &len); if (buf) { bufsize = *bufp ? *bufsizep : 0; - if (bufsize < len + 1) { + if (bufsize == 0 || bufsize - 1 < len) { bufsize = len + 1; cp = *bufp ? realloc(*bufp, bufsize) : malloc(bufsize); if (cp == NULL) diff --git a/plugins/sudoers/check.c b/plugins/sudoers/check.c index adcd56ebd..0d98e4dc8 100644 --- a/plugins/sudoers/check.c +++ b/plugins/sudoers/check.c @@ -424,6 +424,7 @@ build_timestamp(char **timestampdir, char **timestampfile) debug_decl(build_timestamp, SUDO_DEBUG_AUTH) dirparent = def_timestampdir; + *timestampfile = NULL; len = easprintf(timestampdir, "%s/%s", dirparent, user_name); if (len >= PATH_MAX) goto bad; @@ -456,7 +457,9 @@ build_timestamp(char **timestampdir, char **timestampfile) debug_return_int(len); bad: - log_fatal(0, _("timestamp path too long: %s"), *timestampfile); + log_fatal(0, _("timestamp path too long: %s"), + *timestampfile ? *timestampfile : *timestampdir); + /* NOTREACHED */ debug_return_int(-1); } diff --git a/plugins/sudoers/env.c b/plugins/sudoers/env.c index a5ceb8c45..a9b4f45f1 100644 --- a/plugins/sudoers/env.c +++ b/plugins/sudoers/env.c @@ -42,6 +42,9 @@ #ifdef HAVE_UNISTD_H # include #endif /* HAVE_UNISTD_H */ +#ifdef HAVE_INTTYPES_H +# include +#endif #ifdef HAVE_LOGIN_CAP_H # include # ifndef LOGIN_SETENV @@ -50,10 +53,25 @@ #endif /* HAVE_LOGIN_CAP_H */ #include #include +#include #include #include "sudoers.h" +/* + * If there is no SIZE_MAX or SIZE_T_MAX we have to assume that size_t + * could be signed (as it is on SunOS 4.x). This just means that + * emalloc2() and erealloc3() cannot allocate huge amounts on such a + * platform but that is OK since sudo doesn't need to do so anyway. + */ +#ifndef SIZE_MAX +# ifdef SIZE_T_MAX +# define SIZE_MAX SIZE_T_MAX +# else +# define SIZE_MAX INT_MAX +# endif /* SIZE_T_MAX */ +#endif /* SIZE_MAX */ + /* * Flags used in rebuild_env() */ @@ -229,7 +247,7 @@ env_init(char * const envp[]) memset(env.envp, 0, env.env_size * sizeof(char *)); #endif memcpy(env.envp, envp, len * sizeof(char *)); - env.envp[len] = '\0'; + env.envp[len] = NULL; /* Free the old envp we allocated, if any. */ if (env.old_envp != NULL) @@ -263,11 +281,16 @@ sudo_putenv_nodebug(char *str, bool dupcheck, bool overwrite) bool found = false; /* Make sure there is room for the new entry plus a NULL. */ - if (env.env_len + 2 > env.env_size) { + if (env.env_size > 2 && env.env_len > env.env_size - 2) { char **nenvp; - size_t nsize = env.env_size + 128; - nenvp = env.envp ? realloc(env.envp, nsize * sizeof(char *)) : - malloc(nsize * sizeof(char *)); + size_t nsize; + + if (env.env_size > SIZE_MAX - 128) + errorx2(1, _("internal error, sudo_putenv_nodebug() overflow")); + nsize = env.env_size + 128; + if (nsize > SIZE_MAX / sizeof(char *)) + errorx2(1, _("internal error, sudo_putenv_nodebug() overflow")); + nenvp = realloc(env.envp, nsize * sizeof(char *)); if (nenvp == NULL) { errno = ENOMEM; return -1; @@ -289,11 +312,12 @@ sudo_putenv_nodebug(char *str, bool dupcheck, bool overwrite) if (dupcheck) { len = (strchr(str, '=') - str) + 1; - for (ep = env.envp; !found && *ep != NULL; ep++) { + for (ep = env.envp; *ep != NULL; ep++) { if (strncmp(str, *ep, len) == 0) { if (overwrite) *ep = str; found = true; + break; } } /* Prune out duplicate variables. */ @@ -353,6 +377,7 @@ sudo_setenv2(const char *var, const char *val, bool dupcheck, bool overwrite) { char *estring; size_t esize; + int rval; debug_decl(sudo_setenv2, SUDO_DEBUG_ENV) esize = strlen(var) + 1 + strlen(val) + 1; @@ -365,7 +390,10 @@ sudo_setenv2(const char *var, const char *val, bool dupcheck, bool overwrite) errorx(1, _("internal error, sudo_setenv2() overflow")); } - debug_return_int(sudo_putenv(estring, dupcheck, overwrite)); + rval = sudo_putenv(estring, dupcheck, overwrite); + if (rval == -1) + efree(estring); + debug_return_int(rval); } /* @@ -377,11 +405,12 @@ sudo_setenv_nodebug(const char *var, const char *val, int overwrite) { char *estring; size_t esize; + int rval = -1; esize = strlen(var) + 1 + strlen(val) + 1; if ((estring = malloc(esize)) == NULL) { errno = ENOMEM; - return -1; + goto done; } /* Build environment string and insert it. */ @@ -390,9 +419,13 @@ sudo_setenv_nodebug(const char *var, const char *val, int overwrite) strlcat(estring, val, esize) >= esize) { errno = EINVAL; - return -1; + goto done; } - return sudo_putenv_nodebug(estring, true, overwrite); + rval = sudo_putenv_nodebug(estring, true, overwrite); +done: + if (rval == -1) + efree(estring); + return rval; } /* diff --git a/plugins/sudoers/gram.c b/plugins/sudoers/gram.c index 2ce2a9c6d..80326ae10 100644 --- a/plugins/sudoers/gram.c +++ b/plugins/sudoers/gram.c @@ -56,6 +56,9 @@ #ifdef HAVE_UNISTD_H # include #endif /* HAVE_UNISTD_H */ +#ifdef HAVE_INTTYPES_H +# include +#endif #if defined(YYBISON) && defined(HAVE_ALLOCA_H) && !defined(__GNUC__) # include #endif /* YYBISON && HAVE_ALLOCA_H && !__GNUC__ */ @@ -123,7 +126,7 @@ yyerror(const char *s) parse_error = true; debug_return; } -#line 116 "gram.y" +#line 119 "gram.y" #ifndef YYSTYPE_DEFINED #define YYSTYPE_DEFINED typedef union { @@ -140,7 +143,7 @@ typedef union { int tok; } YYSTYPE; #endif /* YYSTYPE_DEFINED */ -#line 143 "gram.c" +#line 146 "gram.c" #define COMMAND 257 #define ALIAS 258 #define DEFVAR 259 @@ -667,7 +670,7 @@ short *yyss; short *yysslim; YYSTYPE *yyvs; int yystacksize; -#line 668 "gram.y" +#line 671 "gram.y" static struct defaults * new_default(char *var, char *val, int op) { @@ -870,7 +873,7 @@ init_parser(const char *path, bool quiet) debug_return; } -#line 821 "gram.c" +#line 824 "gram.c" /* allocate initial stack or double stack size, up to YYMAXDEPTH */ #if defined(__cplusplus) || defined(__STDC__) static int yygrowstack(void) @@ -1074,127 +1077,127 @@ yyreduce: switch (yyn) { case 1: -#line 198 "gram.y" +#line 201 "gram.y" { ; } break; case 5: -#line 206 "gram.y" +#line 209 "gram.y" { ; } break; case 6: -#line 209 "gram.y" +#line 212 "gram.y" { yyerrok; } break; case 7: -#line 212 "gram.y" +#line 215 "gram.y" { add_userspec(yyvsp[-1].member, yyvsp[0].privilege); } break; case 8: -#line 215 "gram.y" +#line 218 "gram.y" { ; } break; case 9: -#line 218 "gram.y" +#line 221 "gram.y" { ; } break; case 10: -#line 221 "gram.y" +#line 224 "gram.y" { ; } break; case 11: -#line 224 "gram.y" +#line 227 "gram.y" { ; } break; case 12: -#line 227 "gram.y" +#line 230 "gram.y" { add_defaults(DEFAULTS, NULL, yyvsp[0].defaults); } break; case 13: -#line 230 "gram.y" +#line 233 "gram.y" { add_defaults(DEFAULTS_USER, yyvsp[-1].member, yyvsp[0].defaults); } break; case 14: -#line 233 "gram.y" +#line 236 "gram.y" { add_defaults(DEFAULTS_RUNAS, yyvsp[-1].member, yyvsp[0].defaults); } break; case 15: -#line 236 "gram.y" +#line 239 "gram.y" { add_defaults(DEFAULTS_HOST, yyvsp[-1].member, yyvsp[0].defaults); } break; case 16: -#line 239 "gram.y" +#line 242 "gram.y" { add_defaults(DEFAULTS_CMND, yyvsp[-1].member, yyvsp[0].defaults); } break; case 18: -#line 245 "gram.y" +#line 248 "gram.y" { list_append(yyvsp[-2].defaults, yyvsp[0].defaults); yyval.defaults = yyvsp[-2].defaults; } break; case 19: -#line 251 "gram.y" +#line 254 "gram.y" { yyval.defaults = new_default(yyvsp[0].string, NULL, true); } break; case 20: -#line 254 "gram.y" +#line 257 "gram.y" { yyval.defaults = new_default(yyvsp[0].string, NULL, false); } break; case 21: -#line 257 "gram.y" +#line 260 "gram.y" { yyval.defaults = new_default(yyvsp[-2].string, yyvsp[0].string, true); } break; case 22: -#line 260 "gram.y" +#line 263 "gram.y" { yyval.defaults = new_default(yyvsp[-2].string, yyvsp[0].string, '+'); } break; case 23: -#line 263 "gram.y" +#line 266 "gram.y" { yyval.defaults = new_default(yyvsp[-2].string, yyvsp[0].string, '-'); } break; case 25: -#line 269 "gram.y" +#line 272 "gram.y" { list_append(yyvsp[-2].privilege, yyvsp[0].privilege); yyval.privilege = yyvsp[-2].privilege; } break; case 26: -#line 275 "gram.y" +#line 278 "gram.y" { struct privilege *p = ecalloc(1, sizeof(*p)); list2tq(&p->hostlist, yyvsp[-2].member); @@ -1205,51 +1208,51 @@ case 26: } break; case 27: -#line 285 "gram.y" +#line 288 "gram.y" { yyval.member = yyvsp[0].member; yyval.member->negated = false; } break; case 28: -#line 289 "gram.y" +#line 292 "gram.y" { yyval.member = yyvsp[0].member; yyval.member->negated = true; } break; case 29: -#line 295 "gram.y" +#line 298 "gram.y" { yyval.member = new_member(yyvsp[0].string, ALIAS); } break; case 30: -#line 298 "gram.y" +#line 301 "gram.y" { yyval.member = new_member(NULL, ALL); } break; case 31: -#line 301 "gram.y" +#line 304 "gram.y" { yyval.member = new_member(yyvsp[0].string, NETGROUP); } break; case 32: -#line 304 "gram.y" +#line 307 "gram.y" { yyval.member = new_member(yyvsp[0].string, NTWKADDR); } break; case 33: -#line 307 "gram.y" +#line 310 "gram.y" { yyval.member = new_member(yyvsp[0].string, WORD); } break; case 35: -#line 313 "gram.y" +#line 316 "gram.y" { list_append(yyvsp[-2].cmndspec, yyvsp[0].cmndspec); #ifdef HAVE_SELINUX @@ -1289,7 +1292,7 @@ case 35: } break; case 36: -#line 352 "gram.y" +#line 355 "gram.y" { struct cmndspec *cs = ecalloc(1, sizeof(*cs)); if (yyvsp[-4].runas != NULL) { @@ -1320,127 +1323,127 @@ case 36: } break; case 37: -#line 382 "gram.y" +#line 385 "gram.y" { yyval.member = yyvsp[0].member; yyval.member->negated = false; } break; case 38: -#line 386 "gram.y" +#line 389 "gram.y" { yyval.member = yyvsp[0].member; yyval.member->negated = true; } break; case 39: -#line 392 "gram.y" +#line 395 "gram.y" { yyval.string = yyvsp[0].string; } break; case 40: -#line 397 "gram.y" +#line 400 "gram.y" { yyval.string = yyvsp[0].string; } break; case 41: -#line 402 "gram.y" +#line 405 "gram.y" { yyval.seinfo.role = NULL; yyval.seinfo.type = NULL; } break; case 42: -#line 406 "gram.y" +#line 409 "gram.y" { yyval.seinfo.role = yyvsp[0].string; yyval.seinfo.type = NULL; } break; case 43: -#line 410 "gram.y" +#line 413 "gram.y" { yyval.seinfo.type = yyvsp[0].string; yyval.seinfo.role = NULL; } break; case 44: -#line 414 "gram.y" +#line 417 "gram.y" { yyval.seinfo.role = yyvsp[-1].string; yyval.seinfo.type = yyvsp[0].string; } break; case 45: -#line 418 "gram.y" +#line 421 "gram.y" { yyval.seinfo.type = yyvsp[-1].string; yyval.seinfo.role = yyvsp[0].string; } break; case 46: -#line 424 "gram.y" +#line 427 "gram.y" { yyval.string = yyvsp[0].string; } break; case 47: -#line 428 "gram.y" +#line 431 "gram.y" { yyval.string = yyvsp[0].string; } break; case 48: -#line 433 "gram.y" +#line 436 "gram.y" { yyval.privinfo.privs = NULL; yyval.privinfo.limitprivs = NULL; } break; case 49: -#line 437 "gram.y" +#line 440 "gram.y" { yyval.privinfo.privs = yyvsp[0].string; yyval.privinfo.limitprivs = NULL; } break; case 50: -#line 441 "gram.y" +#line 444 "gram.y" { yyval.privinfo.privs = NULL; yyval.privinfo.limitprivs = yyvsp[0].string; } break; case 51: -#line 445 "gram.y" +#line 448 "gram.y" { yyval.privinfo.privs = yyvsp[-1].string; yyval.privinfo.limitprivs = yyvsp[0].string; } break; case 52: -#line 449 "gram.y" +#line 452 "gram.y" { yyval.privinfo.limitprivs = yyvsp[-1].string; yyval.privinfo.privs = yyvsp[0].string; } break; case 53: -#line 454 "gram.y" +#line 457 "gram.y" { yyval.runas = NULL; } break; case 54: -#line 457 "gram.y" +#line 460 "gram.y" { yyval.runas = yyvsp[-1].runas; } break; case 55: -#line 462 "gram.y" +#line 465 "gram.y" { yyval.runas = ecalloc(1, sizeof(struct runascontainer)); yyval.runas->runasusers = new_member(NULL, MYSELF); @@ -1448,7 +1451,7 @@ case 55: } break; case 56: -#line 467 "gram.y" +#line 470 "gram.y" { yyval.runas = ecalloc(1, sizeof(struct runascontainer)); yyval.runas->runasusers = yyvsp[0].member; @@ -1456,7 +1459,7 @@ case 56: } break; case 57: -#line 472 "gram.y" +#line 475 "gram.y" { yyval.runas = ecalloc(1, sizeof(struct runascontainer)); yyval.runas->runasusers = yyvsp[-2].member; @@ -1464,7 +1467,7 @@ case 57: } break; case 58: -#line 477 "gram.y" +#line 480 "gram.y" { yyval.runas = ecalloc(1, sizeof(struct runascontainer)); /* $$->runasusers = NULL; */ @@ -1472,7 +1475,7 @@ case 58: } break; case 59: -#line 482 "gram.y" +#line 485 "gram.y" { yyval.runas = ecalloc(1, sizeof(struct runascontainer)); yyval.runas->runasusers = new_member(NULL, MYSELF); @@ -1480,86 +1483,86 @@ case 59: } break; case 60: -#line 489 "gram.y" +#line 492 "gram.y" { yyval.tag.nopasswd = yyval.tag.noexec = yyval.tag.setenv = yyval.tag.log_input = yyval.tag.log_output = UNSPEC; } break; case 61: -#line 493 "gram.y" +#line 496 "gram.y" { yyval.tag.nopasswd = true; } break; case 62: -#line 496 "gram.y" +#line 499 "gram.y" { yyval.tag.nopasswd = false; } break; case 63: -#line 499 "gram.y" +#line 502 "gram.y" { yyval.tag.noexec = true; } break; case 64: -#line 502 "gram.y" +#line 505 "gram.y" { yyval.tag.noexec = false; } break; case 65: -#line 505 "gram.y" +#line 508 "gram.y" { yyval.tag.setenv = true; } break; case 66: -#line 508 "gram.y" +#line 511 "gram.y" { yyval.tag.setenv = false; } break; case 67: -#line 511 "gram.y" +#line 514 "gram.y" { yyval.tag.log_input = true; } break; case 68: -#line 514 "gram.y" +#line 517 "gram.y" { yyval.tag.log_input = false; } break; case 69: -#line 517 "gram.y" +#line 520 "gram.y" { yyval.tag.log_output = true; } break; case 70: -#line 520 "gram.y" +#line 523 "gram.y" { yyval.tag.log_output = false; } break; case 71: -#line 525 "gram.y" +#line 528 "gram.y" { yyval.member = new_member(NULL, ALL); } break; case 72: -#line 528 "gram.y" +#line 531 "gram.y" { yyval.member = new_member(yyvsp[0].string, ALIAS); } break; case 73: -#line 531 "gram.y" +#line 534 "gram.y" { struct sudo_command *c = ecalloc(1, sizeof(*c)); c->cmnd = yyvsp[0].command.cmnd; @@ -1568,7 +1571,7 @@ case 73: } break; case 76: -#line 543 "gram.y" +#line 546 "gram.y" { char *s; if ((s = alias_add(yyvsp[-2].string, HOSTALIAS, yyvsp[0].member)) != NULL) { @@ -1578,14 +1581,14 @@ case 76: } break; case 78: -#line 553 "gram.y" +#line 556 "gram.y" { list_append(yyvsp[-2].member, yyvsp[0].member); yyval.member = yyvsp[-2].member; } break; case 81: -#line 563 "gram.y" +#line 566 "gram.y" { char *s; if ((s = alias_add(yyvsp[-2].string, CMNDALIAS, yyvsp[0].member)) != NULL) { @@ -1595,14 +1598,14 @@ case 81: } break; case 83: -#line 573 "gram.y" +#line 576 "gram.y" { list_append(yyvsp[-2].member, yyvsp[0].member); yyval.member = yyvsp[-2].member; } break; case 86: -#line 583 "gram.y" +#line 586 "gram.y" { char *s; if ((s = alias_add(yyvsp[-2].string, RUNASALIAS, yyvsp[0].member)) != NULL) { @@ -1612,7 +1615,7 @@ case 86: } break; case 89: -#line 596 "gram.y" +#line 599 "gram.y" { char *s; if ((s = alias_add(yyvsp[-2].string, USERALIAS, yyvsp[0].member)) != NULL) { @@ -1622,96 +1625,96 @@ case 89: } break; case 91: -#line 606 "gram.y" +#line 609 "gram.y" { list_append(yyvsp[-2].member, yyvsp[0].member); yyval.member = yyvsp[-2].member; } break; case 92: -#line 612 "gram.y" +#line 615 "gram.y" { yyval.member = yyvsp[0].member; yyval.member->negated = false; } break; case 93: -#line 616 "gram.y" +#line 619 "gram.y" { yyval.member = yyvsp[0].member; yyval.member->negated = true; } break; case 94: -#line 622 "gram.y" +#line 625 "gram.y" { yyval.member = new_member(yyvsp[0].string, ALIAS); } break; case 95: -#line 625 "gram.y" +#line 628 "gram.y" { yyval.member = new_member(NULL, ALL); } break; case 96: -#line 628 "gram.y" +#line 631 "gram.y" { yyval.member = new_member(yyvsp[0].string, NETGROUP); } break; case 97: -#line 631 "gram.y" +#line 634 "gram.y" { yyval.member = new_member(yyvsp[0].string, USERGROUP); } break; case 98: -#line 634 "gram.y" +#line 637 "gram.y" { yyval.member = new_member(yyvsp[0].string, WORD); } break; case 100: -#line 640 "gram.y" +#line 643 "gram.y" { list_append(yyvsp[-2].member, yyvsp[0].member); yyval.member = yyvsp[-2].member; } break; case 101: -#line 646 "gram.y" +#line 649 "gram.y" { yyval.member = yyvsp[0].member; yyval.member->negated = false; } break; case 102: -#line 650 "gram.y" +#line 653 "gram.y" { yyval.member = yyvsp[0].member; yyval.member->negated = true; } break; case 103: -#line 656 "gram.y" +#line 659 "gram.y" { yyval.member = new_member(yyvsp[0].string, ALIAS); } break; case 104: -#line 659 "gram.y" +#line 662 "gram.y" { yyval.member = new_member(NULL, ALL); } break; case 105: -#line 662 "gram.y" +#line 665 "gram.y" { yyval.member = new_member(yyvsp[0].string, WORD); } break; -#line 1662 "gram.c" +#line 1665 "gram.c" } yyssp -= yym; yystate = *yyssp; diff --git a/plugins/sudoers/gram.y b/plugins/sudoers/gram.y index 71f5b172b..37380f583 100644 --- a/plugins/sudoers/gram.y +++ b/plugins/sudoers/gram.y @@ -44,6 +44,9 @@ #ifdef HAVE_UNISTD_H # include #endif /* HAVE_UNISTD_H */ +#ifdef HAVE_INTTYPES_H +# include +#endif #if defined(YYBISON) && defined(HAVE_ALLOCA_H) && !defined(__GNUC__) # include #endif /* YYBISON && HAVE_ALLOCA_H && !__GNUC__ */ diff --git a/plugins/sudoers/visudo.c b/plugins/sudoers/visudo.c index 284c454be..b6632f63b 100644 --- a/plugins/sudoers/visudo.c +++ b/plugins/sudoers/visudo.c @@ -472,6 +472,9 @@ reparse_sudoers(char *editor, char *args, bool strict, bool quiet) int ch; debug_decl(reparse_sudoers, SUDO_DEBUG_UTIL) + if (tq_empty(&sudoerslist)) + debug_return; + /* * Parse the edited sudoers files and do sanity checking */