From: Todd C. Miller Date: Wed, 27 Jan 2016 23:19:22 +0000 (-0700) Subject: Try to deconfuse static analyzers a bit. X-Git-Tag: SUDO_1_8_16^2~34 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=873d5cc5ff7c219fe2d41dc156c9792fde5e5134;p=sudo Try to deconfuse static analyzers a bit. --- diff --git a/plugins/sudoers/auth/sudo_auth.c b/plugins/sudoers/auth/sudo_auth.c index ff5059717..bb3010ef0 100644 --- a/plugins/sudoers/auth/sudo_auth.c +++ b/plugins/sudoers/auth/sudo_auth.c @@ -84,7 +84,7 @@ static sudo_auth auth_switch[] = { AUTH_ENTRY(NULL, 0, NULL, NULL, NULL, NULL, NULL, NULL) }; -static int standalone; +static bool standalone; /* * Initialize sudoers authentication method(s). @@ -214,7 +214,6 @@ verify_user(struct passwd *pw, char *prompt, int validated, { unsigned int ntries; int rval, status, success = AUTH_FAILURE; - char *p; sudo_auth *auth; sigset_t mask, omask; sigaction_t sa, saved_sigtstp; @@ -249,6 +248,7 @@ verify_user(struct passwd *pw, char *prompt, int validated, for (ntries = 0; ntries < def_passwd_tries; ntries++) { int num_methods = 0; + char *pass = NULL; /* If user attempted to interrupt password verify, quit now. */ if (user_interrupted()) @@ -278,12 +278,10 @@ verify_user(struct passwd *pw, char *prompt, int validated, } /* Get the password unless the auth function will do it for us */ - if (standalone) { - p = prompt; - } else { - p = auth_getpass(prompt, def_passwd_timeout * 60, + if (!standalone) { + pass = auth_getpass(prompt, def_passwd_timeout * 60, SUDO_CONV_PROMPT_ECHO_OFF, callback); - if (p == NULL) + if (pass == NULL) break; } @@ -292,13 +290,15 @@ verify_user(struct passwd *pw, char *prompt, int validated, if (IS_DISABLED(auth)) continue; - success = auth->status = (auth->verify)(pw, p, auth, callback); + success = auth->status = + (auth->verify)(pw, standalone ? prompt : pass, auth, callback); if (success != AUTH_FAILURE) break; } if (!standalone) { - memset_s(p, SUDO_CONV_REPL_MAX, 0, strlen(p)); - free(p); + memset_s(pass, SUDO_CONV_REPL_MAX, 0, strlen(pass)); + free(pass); + pass = NULL; } if (success != AUTH_FAILURE)