From 9d8f374397db2ee32840d0f0e2bb2d7539758a0d Mon Sep 17 00:00:00 2001 From: "Todd C. Miller" Date: Tue, 25 Jun 2019 09:45:10 -0600 Subject: [PATCH] Add ssizeof macro that returns ssize_t. We can use this instead of casting the result of size_t to int. Also change checks for snprintf() returning <=0 to <0. --- include/sudo_util.h | 3 +++ lib/util/fatal.c | 2 +- lib/util/inet_ntop.c | 2 +- lib/util/regress/vsyslog/vsyslog_test.c | 6 +++--- lib/util/sudo_debug.c | 4 ++-- plugins/sudoers/find_path.c | 4 ++-- plugins/sudoers/group_plugin.c | 2 +- plugins/sudoers/iolog.c | 4 ++-- plugins/sudoers/ldap.c | 2 +- plugins/sudoers/ldap_conf.c | 2 +- plugins/sudoers/logging.c | 2 +- plugins/sudoers/sudoers.c | 2 +- plugins/sudoers/sudoreplay.c | 8 ++++---- plugins/sudoers/timestamp.c | 4 ++-- src/load_plugins.c | 2 +- src/net_ifs.c | 6 +++--- src/sudo.c | 4 ++-- 17 files changed, 31 insertions(+), 28 deletions(-) diff --git a/include/sudo_util.h b/include/sudo_util.h index 395dab616..a3904c178 100644 --- a/include/sudo_util.h +++ b/include/sudo_util.h @@ -144,6 +144,9 @@ # define mtim_get(_x, _y) do { (_y).tv_sec = (_x)->st_mtime; (_y).tv_nsec = 0; } while (0) #endif /* HAVE_ST_MTIM */ +/* sizeof() that returns a signed value */ +#define ssizeof(_x) ((ssize_t)sizeof(_x)) + /* Bit map macros. */ #define sudo_setbit(_a, _i) ((_a)[(_i) / NBBY] |= 1 << ((_i) % NBBY)) #define sudo_clrbit(_a, _i) ((_a)[(_i) / NBBY] &= ~(1<<((_i) % NBBY))) diff --git a/lib/util/fatal.c b/lib/util/fatal.c index 8dd690f2f..a377c3508 100644 --- a/lib/util/fatal.c +++ b/lib/util/fatal.c @@ -208,7 +208,7 @@ warning(const char *errstr, const char *fmt, va_list ap) va_copy(ap2, ap); buflen = vsnprintf(static_buf, sizeof(static_buf), fmt, ap2); va_end(ap2); - if (buflen >= (int)sizeof(static_buf)) { + if (buflen >= ssizeof(static_buf)) { buf = malloc(++buflen); if (buf != NULL) (void)vsnprintf(buf, buflen, fmt, ap); diff --git a/lib/util/inet_ntop.c b/lib/util/inet_ntop.c index 2f719e70f..108b887b0 100644 --- a/lib/util/inet_ntop.c +++ b/lib/util/inet_ntop.c @@ -79,7 +79,7 @@ inet_ntop4(const unsigned char *src, char *dst, socklen_t size) int len; len = snprintf(dst, size, fmt, src[0], src[1], src[2], src[3]); - if (len <= 0 || len >= size) { + if (len < 0 || len >= size) { errno = ENOSPC; return (NULL); } diff --git a/lib/util/regress/vsyslog/vsyslog_test.c b/lib/util/regress/vsyslog/vsyslog_test.c index 0ad07378b..6c304181a 100644 --- a/lib/util/regress/vsyslog/vsyslog_test.c +++ b/lib/util/regress/vsyslog/vsyslog_test.c @@ -99,7 +99,7 @@ main(int argc, char *argv[]) /* Test small buffer w/ errno. */ len = snprintf(buf1, sizeof(buf1), "unable to open %s: %s", "/var/log/sudo-io/seq", strerror(ENOENT)); - if (len < 0 || len >= (int)sizeof(buf1)) + if (len < 0 || len >= ssizeof(buf1)) sudo_warnx_nodebug("buf1 trucated at %s:%d", __FILE__, __LINE__); expected_result = buf1; errno = ENOENT; @@ -115,7 +115,7 @@ main(int argc, char *argv[]) memset(buf1, 'b', 8184); buf1[8184] = '\0'; len = snprintf(buf2, sizeof(buf2), "%s: %s", buf1, strerror(EINVAL)); - if (len < 0 || len >= (int)sizeof(buf2)) + if (len < 0 || len >= ssizeof(buf2)) sudo_warnx_nodebug("buf2 trucated at %s:%d", __FILE__, __LINE__); expected_result = buf2; errno = EINVAL; @@ -125,7 +125,7 @@ main(int argc, char *argv[]) memset(buf1, 'b', 8184); buf1[8184] = '\0'; len = snprintf(buf2, sizeof(buf2), "%.*s", 2047, buf1); - if (len < 0 || len >= (int)sizeof(buf2)) + if (len < 0 || len >= ssizeof(buf2)) sudo_warnx_nodebug("buf2 trucated at %s:%d", __FILE__, __LINE__); expected_result = buf2; test_vsyslog(0, buf1); diff --git a/lib/util/sudo_debug.c b/lib/util/sudo_debug.c index 4c8414821..d09c2b8c6 100644 --- a/lib/util/sudo_debug.c +++ b/lib/util/sudo_debug.c @@ -653,7 +653,7 @@ sudo_debug_vprintf2_v1(const char *func, const char *file, int lineno, int level va_copy(ap2, ap); buflen = fmt ? vsnprintf(static_buf, sizeof(static_buf), fmt, ap2) : 0; va_end(ap2); - if (buflen >= (int)sizeof(static_buf)) { + if (buflen >= ssizeof(static_buf)) { va_list ap3; /* Not enough room in static buf, allocate dynamically. */ @@ -763,7 +763,7 @@ sudo_debug_execve2_v1(int level, const char *path, char *const argv[], char *con buflen += strlen(*av) + 1; buflen--; } - if (buflen >= (int)sizeof(static_buf)) { + if (buflen >= ssizeof(static_buf)) { buf = malloc(buflen + 1); if (buf == NULL) goto out; diff --git a/plugins/sudoers/find_path.c b/plugins/sudoers/find_path.c index 8e2f1fb88..0656339f8 100644 --- a/plugins/sudoers/find_path.c +++ b/plugins/sudoers/find_path.c @@ -142,7 +142,7 @@ find_path(const char *infile, char **outfile, struct stat *sbp, */ len = snprintf(command, sizeof(command), "%.*s/%s", (int)(ep - cp), cp, infile); - if (len <= 0 || len >= (int)sizeof(command)) { + if (len < 0 || len >= ssizeof(command)) { errno = ENAMETOOLONG; debug_return_int(NOT_FOUND_ERROR); } @@ -156,7 +156,7 @@ find_path(const char *infile, char **outfile, struct stat *sbp, */ if (!found && checkdot) { len = snprintf(command, sizeof(command), "./%s", infile); - if (len <= 0 || len >= (int)sizeof(command)) { + if (len < 0 || len >= ssizeof(command)) { errno = ENAMETOOLONG; debug_return_int(NOT_FOUND_ERROR); } diff --git a/plugins/sudoers/group_plugin.c b/plugins/sudoers/group_plugin.c index 1a7e00ba4..7364881ba 100644 --- a/plugins/sudoers/group_plugin.c +++ b/plugins/sudoers/group_plugin.c @@ -74,7 +74,7 @@ group_plugin_load(char *plugin_info) len = snprintf(path, sizeof(path), "%s%s", (*plugin_info != '/') ? path_plugin_dir : "", plugin_info); } - if (len <= 0 || len >= (int)sizeof(path)) { + if (len < 0 || len >= ssizeof(path)) { errno = ENAMETOOLONG; sudo_warn("%s%s", (*plugin_info != '/') ? path_plugin_dir : "", plugin_info); diff --git a/plugins/sudoers/iolog.c b/plugins/sudoers/iolog.c index 1fa4239f3..2fd52dee8 100644 --- a/plugins/sudoers/iolog.c +++ b/plugins/sudoers/iolog.c @@ -403,7 +403,7 @@ io_nextid(char *iolog_dir, char *iolog_dir_fallback, char sessid[7]) * Open sequence file */ len = snprintf(pathbuf, sizeof(pathbuf), "%s/seq", iolog_dir); - if (len <= 0 || len >= (int)sizeof(pathbuf)) { + if (len < 0 || len >= ssizeof(pathbuf)) { errno = ENAMETOOLONG; log_warning(SLOG_SEND_MAIL, "%s/seq", pathbuf); goto done; @@ -431,7 +431,7 @@ io_nextid(char *iolog_dir, char *iolog_dir_fallback, char sessid[7]) len = snprintf(fallback, sizeof(fallback), "%s/seq", iolog_dir_fallback); - if (len > 0 && len < (int)sizeof(fallback)) { + if (len > 0 && len < ssizeof(fallback)) { int fd2 = io_open(fallback, O_RDWR|O_CREAT, iolog_filemode); if (fd2 != -1) { if (fchown(fd2, iolog_uid, iolog_gid) != 0) { diff --git a/plugins/sudoers/ldap.c b/plugins/sudoers/ldap.c index 417b87058..3bbd25237 100644 --- a/plugins/sudoers/ldap.c +++ b/plugins/sudoers/ldap.c @@ -492,7 +492,7 @@ sudo_ldap_timefilter(char *buffer, size_t buffersize) /* Build filter. */ len = snprintf(buffer, buffersize, "(&(|(!(sudoNotAfter=*))(sudoNotAfter>=%s))(|(!(sudoNotBefore=*))(sudoNotBefore<=%s)))", timebuffer, timebuffer); - if (len <= 0 || (size_t)len >= buffersize) { + if (len < 0 || (size_t)len >= buffersize) { sudo_warnx(U_("internal error, %s overflow"), __func__); errno = EOVERFLOW; len = -1; diff --git a/plugins/sudoers/ldap_conf.c b/plugins/sudoers/ldap_conf.c index 157aafc4d..b6da4af88 100644 --- a/plugins/sudoers/ldap_conf.c +++ b/plugins/sudoers/ldap_conf.c @@ -201,7 +201,7 @@ sudo_ldap_conf_add_ports(void) hostbuf[0] = '\0'; len = snprintf(defport, sizeof(defport), ":%d", ldap_conf.port); - if (len <= 0 || len >= (int)sizeof(defport)) { + if (len < 0 || len >= ssizeof(defport)) { sudo_warnx(U_("sudo_ldap_conf_add_ports: port too large")); debug_return_bool(false); } diff --git a/plugins/sudoers/logging.c b/plugins/sudoers/logging.c index 6064105b2..dcb198e89 100644 --- a/plugins/sudoers/logging.c +++ b/plugins/sudoers/logging.c @@ -466,7 +466,7 @@ fmt_authfail_message(char **str, va_list ap) break; case 'd': len = snprintf(dst, dst_end - dst, "%u", tries); - if (len <= 0 || len >= (int)(dst_end - dst)) + if (len < 0 || len >= (int)(dst_end - dst)) goto done; dst += len; src += 2; diff --git a/plugins/sudoers/sudoers.c b/plugins/sudoers/sudoers.c index 5ec1bc3d3..519c38eda 100644 --- a/plugins/sudoers/sudoers.c +++ b/plugins/sudoers/sudoers.c @@ -1246,7 +1246,7 @@ create_admin_success_flag(void) /* Build path to flag file. */ len = snprintf(flagfile, sizeof(flagfile), "%s/.sudo_as_admin_successful", user_dir); - if (len <= 0 || len >= (int)sizeof(flagfile)) + if (len < 0 || len >= ssizeof(flagfile)) debug_return_int(false); /* Create admin flag file if it doesn't already exist. */ diff --git a/plugins/sudoers/sudoreplay.c b/plugins/sudoers/sudoreplay.c index 255531417..1dba39cff 100644 --- a/plugins/sudoers/sudoreplay.c +++ b/plugins/sudoers/sudoreplay.c @@ -317,13 +317,13 @@ main(int argc, char *argv[]) if (VALID_ID(id)) { plen = snprintf(path, sizeof(path), "%s/%.2s/%.2s/%.2s/timing", session_dir, id, &id[2], &id[4]); - if (plen <= 0 || plen >= (int)sizeof(path)) + if (plen < 0 || plen >= ssizeof(path)) sudo_fatalx(U_("%s/%.2s/%.2s/%.2s/timing: %s"), session_dir, id, &id[2], &id[4], strerror(ENAMETOOLONG)); } else { plen = snprintf(path, sizeof(path), "%s/%s/timing", session_dir, id); - if (plen <= 0 || plen >= (int)sizeof(path)) + if (plen < 0 || plen >= ssizeof(path)) sudo_fatalx(U_("%s/%s/timing: %s"), session_dir, id, strerror(ENAMETOOLONG)); } @@ -619,7 +619,7 @@ xterm_set_size(int rows, int cols) /* XXX - save cursor and position restore after resizing */ len = snprintf(buf, sizeof(buf), setsize_fmt, rows, cols); - if (len <= 0 || len >= (int)sizeof(buf)) { + if (len < 0 || len >= ssizeof(buf)) { /* not possible due to size of buf */ sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, "%s: internal error, buffer too small?", __func__); @@ -1473,7 +1473,7 @@ find_sessions(const char *dir, regex_t *re, const char *user, const char *tty) for (i = 0; i < sessions_len; i++) { len = snprintf(&pathbuf[sdlen], sizeof(pathbuf) - sdlen, "%s/log", sessions[i]); - if (len <= 0 || (size_t)len >= sizeof(pathbuf) - sdlen) { + if (len < 0 || (size_t)len >= sizeof(pathbuf) - sdlen) { errno = ENAMETOOLONG; sudo_fatal("%s/%s/log", dir, sessions[i]); } diff --git a/plugins/sudoers/timestamp.c b/plugins/sudoers/timestamp.c index 5fe1abf40..d315723af 100644 --- a/plugins/sudoers/timestamp.c +++ b/plugins/sudoers/timestamp.c @@ -1023,7 +1023,7 @@ already_lectured(int unused) if (ts_secure_dir(def_lecture_status_dir, false, true)) { len = snprintf(status_file, sizeof(status_file), "%s/%s", def_lecture_status_dir, user_name); - if (len > 0 && len < (int)sizeof(status_file)) { + if (len > 0 && len < ssizeof(status_file)) { debug_return_bool(stat(status_file, &sb) == 0); } log_warningx(SLOG_SEND_MAIL, N_("lecture status path too long: %s/%s"), @@ -1045,7 +1045,7 @@ set_lectured(void) len = snprintf(lecture_status, sizeof(lecture_status), "%s/%s", def_lecture_status_dir, user_name); - if (len <= 0 || len >= (int)sizeof(lecture_status)) { + if (len < 0 || len >= ssizeof(lecture_status)) { log_warningx(SLOG_SEND_MAIL, N_("lecture status path too long: %s/%s"), def_lecture_status_dir, user_name); goto done; diff --git a/src/load_plugins.c b/src/load_plugins.c index 699f58a09..5851b8257 100644 --- a/src/load_plugins.c +++ b/src/load_plugins.c @@ -88,7 +88,7 @@ sudo_stat_plugin(struct plugin_info *info, char *fullpath, len = snprintf(fullpath, pathsize, "%s%s", sudo_conf_plugin_dir_path(), info->path); - if (len <= 0 || (size_t)len >= pathsize) { + if (len < 0 || (size_t)len >= pathsize) { sudo_warnx(U_("error in %s, line %d while loading plugin \"%s\""), _PATH_SUDO_CONF, info->lineno, info->symbol_name); sudo_warnx(U_("%s%s: %s"), sudo_conf_plugin_dir_path(), info->path, diff --git a/src/net_ifs.c b/src/net_ifs.c index d218a0524..e0de1e5ed 100644 --- a/src/net_ifs.c +++ b/src/net_ifs.c @@ -179,7 +179,7 @@ get_net_ifs(char **addrinfo) len = snprintf(cp, ailen - (*addrinfo - cp), "%s%s/%s", cp == *addrinfo ? "" : " ", addrstr, maskstr); - if (len <= 0 || len >= ailen - (*addrinfo - cp)) { + if (len < 0 || len >= ailen - (*addrinfo - cp)) { sudo_warnx(U_("internal error, %s overflow"), __func__); goto done; } @@ -196,7 +196,7 @@ get_net_ifs(char **addrinfo) len = snprintf(cp, ailen - (*addrinfo - cp), "%s%s/%s", cp == *addrinfo ? "" : " ", addrstr, maskstr); - if (len <= 0 || len >= ailen - (*addrinfo - cp)) { + if (len < 0 || len >= ailen - (*addrinfo - cp)) { sudo_warnx(U_("internal error, %s overflow"), __func__); goto done; } @@ -341,7 +341,7 @@ get_net_ifs(char **addrinfo) len = snprintf(cp, ailen - (*addrinfo - cp), "%s%s/%s", cp == *addrinfo ? "" : " ", addrstr, maskstr); - if (len <= 0 || len >= ailen - (*addrinfo - cp)) { + if (len < 0 || len >= ailen - (*addrinfo - cp)) { sudo_warnx(U_("internal error, %s overflow"), __func__); goto done; } diff --git a/src/sudo.c b/src/sudo.c index 211d2ebb2..011bfdfba 100644 --- a/src/sudo.c +++ b/src/sudo.c @@ -468,7 +468,7 @@ get_user_groups(struct user_details *ud) for (i = 0; i < ud->ngroups; i++) { len = snprintf(cp, glsize - (cp - gid_list), "%s%u", i ? "," : "", (unsigned int)ud->groups[i]); - if (len <= 0 || (size_t)len >= glsize - (cp - gid_list)) + if (len < 0 || (size_t)len >= glsize - (cp - gid_list)) sudo_fatalx(U_("internal error, %s overflow"), __func__); cp += len; } @@ -864,7 +864,7 @@ sudo_check_suid(const char *sudo) int len = snprintf(pathbuf, sizeof(pathbuf), "%.*s/%s", (int)(ep - cp), cp, sudo); - if (len <= 0 || len >= (int)sizeof(pathbuf)) + if (len < 0 || len >= ssizeof(pathbuf)) continue; if (access(pathbuf, X_OK) == 0) { sudo = pathbuf; -- 2.40.0