From caf5d45e0f0e3e7548577b1425e4ad7723bd2680 Mon Sep 17 00:00:00 2001 From: "Todd C. Miller" Date: Thu, 7 May 2015 10:33:23 -0600 Subject: [PATCH] Previously, debug_return_bool was the same as debug_return_int except that it logged true/false for 1/0. However, this appears to trigger a bug in some compilers. To avoid this, debug_return_bool now uses bool, not int. Callers that were passing it an int have been converted to use debug_return_int instead. --- include/sudo_debug.h | 9 +++++++-- lib/util/sudo_debug.c | 19 ++++--------------- plugins/sudoers/auth/dce.c | 4 ++-- plugins/sudoers/check.c | 4 ++-- plugins/sudoers/env.c | 2 +- plugins/sudoers/group_plugin.c | 10 +++++----- plugins/sudoers/iolog.c | 8 ++++---- plugins/sudoers/ldap.c | 26 +++++++++++++------------- plugins/sudoers/match.c | 8 ++++---- plugins/sudoers/policy.c | 16 ++++++++-------- plugins/sudoers/sudoers.c | 10 +++++----- src/sudo.c | 28 ++++++++++++++-------------- 12 files changed, 69 insertions(+), 75 deletions(-) diff --git a/include/sudo_debug.h b/include/sudo_debug.h index c48888d79..5d392699d 100644 --- a/include/sudo_debug.h +++ b/include/sudo_debug.h @@ -18,6 +18,11 @@ #define _SUDO_DEBUG_H #include +#ifdef HAVE_STDBOOL_H +# include +#else +# include "compat/stdbool.h" +#endif #include "sudo_queue.h" /* Number of bits in a byte. */ @@ -154,7 +159,7 @@ struct sudo_conf_debug_file_list; #define debug_return_bool(rval) \ do { \ - int sudo_debug_rval = (rval); \ + bool sudo_debug_rval = (rval); \ sudo_debug_exit_bool(__func__, __FILE__, __LINE__, sudo_debug_subsys, \ sudo_debug_rval); \ return sudo_debug_rval; \ @@ -226,7 +231,7 @@ __dso_public int sudo_debug_deregister_v1(int instance_id); __dso_public void sudo_debug_enter_v1(const char *func, const char *file, int line, int subsys); __dso_public void sudo_debug_execve2_v1(int level, const char *path, char *const argv[], char *const envp[]); __dso_public void sudo_debug_exit_v1(const char *func, const char *file, int line, int subsys); -__dso_public void sudo_debug_exit_bool_v1(const char *func, const char *file, int line, int subsys, int rval); +__dso_public void sudo_debug_exit_bool_v1(const char *func, const char *file, int line, int subsys, bool rval); __dso_public void sudo_debug_exit_int_v1(const char *func, const char *file, int line, int subsys, int rval); __dso_public void sudo_debug_exit_long_v1(const char *func, const char *file, int line, int subsys, long rval); __dso_public void sudo_debug_exit_ptr_v1(const char *func, const char *file, int line, int subsys, const void *rval); diff --git a/lib/util/sudo_debug.c b/lib/util/sudo_debug.c index 386f74ff0..460dd457b 100644 --- a/lib/util/sudo_debug.c +++ b/lib/util/sudo_debug.c @@ -28,11 +28,6 @@ # include # endif #endif /* STDC_HEADERS */ -#ifdef HAVE_STDBOOL_H -# include -#else -# include "compat/stdbool.h" -#endif #ifdef HAVE_STRING_H # include #endif /* HAVE_STRING_H */ @@ -54,8 +49,8 @@ #include "sudo_alloc.h" #include "sudo_fatal.h" #include "sudo_plugin.h" -#include "sudo_conf.h" #include "sudo_debug.h" +#include "sudo_conf.h" #include "sudo_util.h" /* @@ -445,18 +440,12 @@ sudo_debug_exit_size_t_v1(const char *func, const char *file, int line, "<- %s @ %s:%d := %zu", func, file, line, rval); } -/* We use int, not bool, here for functions that return -1 on error. */ void sudo_debug_exit_bool_v1(const char *func, const char *file, int line, - int subsys, int rval) + int subsys, bool rval) { - if (rval == true || rval == false) { - sudo_debug_printf2(NULL, NULL, 0, subsys | SUDO_DEBUG_TRACE, - "<- %s @ %s:%d := %s", func, file, line, rval ? "true" : "false"); - } else { - sudo_debug_printf2(NULL, NULL, 0, subsys | SUDO_DEBUG_TRACE, - "<- %s @ %s:%d := %d", func, file, line, rval); - } + sudo_debug_printf2(NULL, NULL, 0, subsys | SUDO_DEBUG_TRACE, + "<- %s @ %s:%d := %s", func, file, line, rval ? "true" : "false"); } void diff --git a/plugins/sudoers/auth/dce.c b/plugins/sudoers/auth/dce.c index 664239ffb..97bdd1c05 100644 --- a/plugins/sudoers/auth/dce.c +++ b/plugins/sudoers/auth/dce.c @@ -191,8 +191,8 @@ check_dce_status(error_status_t input_status, char *comment) debug_decl(check_dce_status, SUDOERS_DEBUG_AUTH) if (input_status == rpc_s_ok) - debug_return_bool(0); + debug_return_int(0); dce_error_inq_text(input_status, error_string, &error_stat); (void) fprintf(stderr, "%s %s\n", comment, error_string); - debug_return_bool(1); + debug_return_int(1); } diff --git a/plugins/sudoers/check.c b/plugins/sudoers/check.c index fab16971e..d27218cde 100644 --- a/plugins/sudoers/check.c +++ b/plugins/sudoers/check.c @@ -109,7 +109,7 @@ check_user_interactive(int validated, int mode, struct passwd *auth_pw) !ISSET(mode, MODE_IGNORE_TICKET) && status != TS_ERROR) update_timestamp(auth_pw); done: - debug_return_bool(rval); + debug_return_int(rval); } /* @@ -160,7 +160,7 @@ done: sudo_auth_cleanup(auth_pw); sudo_pw_delref(auth_pw); - debug_return_bool(rval); + debug_return_int(rval); } /* diff --git a/plugins/sudoers/env.c b/plugins/sudoers/env.c index 3b3664240..7079b00c0 100644 --- a/plugins/sudoers/env.c +++ b/plugins/sudoers/env.c @@ -677,7 +677,7 @@ matches_env_check(const char *var, bool *full_match) keepit = !strpbrk(++val, "/%"); } } - debug_return_bool(keepit); + debug_return_int(keepit); } /* diff --git a/plugins/sudoers/group_plugin.c b/plugins/sudoers/group_plugin.c index 98a41e96d..8ac5c7bf7 100644 --- a/plugins/sudoers/group_plugin.c +++ b/plugins/sudoers/group_plugin.c @@ -155,7 +155,7 @@ done: } } - debug_return_bool(rc); + debug_return_int(rc); } void @@ -181,8 +181,8 @@ group_plugin_query(const char *user, const char *group, debug_decl(group_plugin_query, SUDOERS_DEBUG_UTIL) if (group_plugin == NULL) - debug_return_bool(false); - debug_return_bool((group_plugin->query)(user, group, pwd)); + debug_return_int(false); + debug_return_int((group_plugin->query)(user, group, pwd)); } #else /* !HAVE_DLOPEN && !HAVE_SHL_LOAD */ @@ -195,7 +195,7 @@ int group_plugin_load(char *plugin_info) { debug_decl(group_plugin_load, SUDOERS_DEBUG_UTIL) - debug_return_bool(false); + debug_return_int(false); } void @@ -210,7 +210,7 @@ group_plugin_query(const char *user, const char *group, const struct passwd *pwd) { debug_decl(group_plugin_query, SUDOERS_DEBUG_UTIL) - debug_return_bool(false); + debug_return_int(false); } #endif /* HAVE_DLOPEN || HAVE_SHL_LOAD */ diff --git a/plugins/sudoers/iolog.c b/plugins/sudoers/iolog.c index 48a5c2d49..6aac46da1 100644 --- a/plugins/sudoers/iolog.c +++ b/plugins/sudoers/iolog.c @@ -581,7 +581,7 @@ sudoers_io_open(unsigned int version, sudo_conv_t conversation, /* If we have no command (because -V was specified) just return. */ if (argc == 0) - debug_return_bool(true); + debug_return_int(true); memset(&details, 0, sizeof(details)); @@ -671,7 +671,7 @@ done: sudo_gr_delref(details.runas_gr); sudo_endgrent(); - debug_return_bool(rval); + debug_return_int(rval); } static void @@ -704,7 +704,7 @@ sudoers_io_version(int verbose) sudo_printf(SUDO_CONV_INFO_MSG, "Sudoers I/O plugin version %s\n", PACKAGE_VERSION); - debug_return_bool(true); + debug_return_int(true); } /* @@ -745,7 +745,7 @@ sudoers_io_log(const char *buf, unsigned int len, int idx) last_time.tv_sec = now.tv_sec; last_time.tv_usec = now.tv_usec; - debug_return_bool(rval); + debug_return_int(rval); } static int diff --git a/plugins/sudoers/ldap.c b/plugins/sudoers/ldap.c index 6ed5b5fcd..d12c5668d 100644 --- a/plugins/sudoers/ldap.c +++ b/plugins/sudoers/ldap.c @@ -750,7 +750,7 @@ sudo_ldap_check_runas_user(LDAP *ld, LDAPMessage *entry) debug_decl(sudo_ldap_check_runas_user, SUDOERS_DEBUG_LDAP) if (!runas_pw) - debug_return_bool(UNSPEC); + debug_return_int(UNSPEC); /* get the runas user from the entry */ bv = ldap_get_values_len(ld, entry, "sudoRunAsUser"); @@ -779,7 +779,7 @@ sudo_ldap_check_runas_user(LDAP *ld, LDAPMessage *entry) * what the user specified on the command line. */ if (bv == NULL) - debug_return_bool(!strcasecmp(runas_pw->pw_name, def_runas_default)); + debug_return_int(!strcasecmp(runas_pw->pw_name, def_runas_default)); /* walk through values returned, looking for a match */ for (p = bv; *p != NULL && !ret; p++) { @@ -809,7 +809,7 @@ sudo_ldap_check_runas_user(LDAP *ld, LDAPMessage *entry) ldap_value_free_len(bv); /* cleanup */ - debug_return_bool(ret); + debug_return_int(ret); } static int @@ -822,12 +822,12 @@ sudo_ldap_check_runas_group(LDAP *ld, LDAPMessage *entry) /* runas_gr is only set if the user specified the -g flag */ if (!runas_gr) - debug_return_bool(UNSPEC); + debug_return_int(UNSPEC); /* get the values from the entry */ bv = ldap_get_values_len(ld, entry, "sudoRunAsGroup"); if (bv == NULL) - debug_return_bool(ret); + debug_return_int(ret); /* walk through values returned, looking for a match */ for (p = bv; *p != NULL && !ret; p++) { @@ -840,7 +840,7 @@ sudo_ldap_check_runas_group(LDAP *ld, LDAPMessage *entry) ldap_value_free_len(bv); /* cleanup */ - debug_return_bool(ret); + debug_return_int(ret); } /* @@ -936,11 +936,11 @@ sudo_ldap_check_command(LDAP *ld, LDAPMessage *entry, int *setenv_implied) debug_decl(sudo_ldap_check_command, SUDOERS_DEBUG_LDAP) if (!entry) - debug_return_bool(ret); + debug_return_int(ret); bv = ldap_get_values_len(ld, entry, "sudoCommand"); if (bv == NULL) - debug_return_bool(ret); + debug_return_int(ret); for (p = bv; *p != NULL && ret != false; p++) { val = (*p)->bv_val; @@ -988,7 +988,7 @@ sudo_ldap_check_command(LDAP *ld, LDAPMessage *entry, int *setenv_implied) ldap_value_free_len(bv); /* more cleanup */ - debug_return_bool(ret); + debug_return_int(ret); } /* @@ -1004,11 +1004,11 @@ sudo_ldap_check_bool(LDAP *ld, LDAPMessage *entry, char *option) debug_decl(sudo_ldap_check_bool, SUDOERS_DEBUG_LDAP) if (entry == NULL) - debug_return_bool(ret); + debug_return_int(ret); bv = ldap_get_values_len(ld, entry, "sudoOption"); if (bv == NULL) - debug_return_bool(ret); + debug_return_int(ret); /* walk through options */ for (p = bv; *p != NULL; p++) { @@ -1023,7 +1023,7 @@ sudo_ldap_check_bool(LDAP *ld, LDAPMessage *entry, char *option) ldap_value_free_len(bv); - debug_return_bool(ret); + debug_return_int(ret); } /* @@ -2398,7 +2398,7 @@ done: if (found) printf("%s%s%s\n", safe_cmnd ? safe_cmnd : user_cmnd, user_args ? " " : "", user_args ? user_args : ""); - debug_return_bool(!found); + debug_return_int(!found); } #ifdef HAVE_LDAP_SASL_INTERACTIVE_BIND_S diff --git a/plugins/sudoers/match.c b/plugins/sudoers/match.c index ef666bbff..c0abdf055 100644 --- a/plugins/sudoers/match.c +++ b/plugins/sudoers/match.c @@ -154,7 +154,7 @@ userlist_matches(const struct passwd *pw, const struct member_list *list) if (matched != UNSPEC) break; } - debug_return_bool(matched); + debug_return_int(matched); } /* @@ -310,7 +310,7 @@ hostlist_matches(const struct member_list *list) if (matched != UNSPEC) break; } - debug_return_bool(matched); + debug_return_int(matched); } /* @@ -329,7 +329,7 @@ cmndlist_matches(const struct member_list *list) if (matched != UNSPEC) break; } - debug_return_bool(matched); + debug_return_int(matched); } /* @@ -362,7 +362,7 @@ cmnd_matches(const struct member *m) matched = !m->negated; break; } - debug_return_bool(matched); + debug_return_int(matched); } static bool diff --git a/plugins/sudoers/policy.c b/plugins/sudoers/policy.c index 66bee6dff..dc7a71c82 100644 --- a/plugins/sudoers/policy.c +++ b/plugins/sudoers/policy.c @@ -511,7 +511,7 @@ sudoers_policy_exec_setup(char *argv[], char *envp[], mode_t cmnd_umask, rval = true; done: - debug_return_bool(rval); + debug_return_int(rval); } static int @@ -551,7 +551,7 @@ sudoers_policy_open(unsigned int version, sudo_conv_t conversation, info.settings = settings; info.user_info = user_info; info.plugin_args = args; - debug_return_bool(sudoers_policy_init(&info, envp)); + debug_return_int(sudoers_policy_init(&info, envp)); } static void @@ -608,7 +608,7 @@ sudoers_policy_init_session(struct passwd *pwd, char **user_env[]) if (sudo_version < SUDO_API_MKVERSION(1, 2)) user_env = NULL; - debug_return_bool(sudo_auth_begin_session(pwd, user_env)); + debug_return_int(sudo_auth_begin_session(pwd, user_env)); } static int @@ -633,7 +633,7 @@ sudoers_policy_check(int argc, char * const argv[], char *env_add[], !sudo_auth_needs_end_session()) sudoers_policy.close = NULL; } - debug_return_bool(rval); + debug_return_int(rval); } static int @@ -644,7 +644,7 @@ sudoers_policy_validate(void) user_cmnd = "validate"; SET(sudo_mode, MODE_VALIDATE); - debug_return_bool(sudoers_policy_main(0, NULL, I_VERIFYPW, NULL, NULL)); + debug_return_int(sudoers_policy_main(0, NULL, I_VERIFYPW, NULL, NULL)); } static void @@ -677,7 +677,7 @@ sudoers_policy_list(int argc, char * const argv[], int verbose, list_pw = sudo_getpwnam(list_user); if (list_pw == NULL) { sudo_warnx(U_("unknown user: %s"), list_user); - debug_return_bool(-1); + debug_return_int(-1); } } rval = sudoers_policy_main(argc, argv, I_LISTPW, NULL, NULL); @@ -686,7 +686,7 @@ sudoers_policy_list(int argc, char * const argv[], int verbose, list_pw = NULL; } - debug_return_bool(rval); + debug_return_int(rval); } static int @@ -716,7 +716,7 @@ sudoers_policy_version(int verbose) sudo_printf(SUDO_CONV_INFO_MSG, "\n"); } } - debug_return_bool(true); + debug_return_int(true); } /* diff --git a/plugins/sudoers/sudoers.c b/plugins/sudoers/sudoers.c index 232b08fc4..eddeb1e7e 100644 --- a/plugins/sudoers/sudoers.c +++ b/plugins/sudoers/sudoers.c @@ -139,17 +139,17 @@ sudoers_policy_init(void *info, char * const envp[]) /* Parse info from front-end. */ sudo_mode = sudoers_policy_deserialize_info(info, &runas_user, &runas_group); if (ISSET(sudo_mode, MODE_ERROR)) - debug_return_bool(-1); + debug_return_int(-1); if (!init_vars(envp)) - debug_return_bool(-1); + debug_return_int(-1); /* Parse nsswitch.conf for sudoers order. */ snl = sudo_read_nss(); /* LDAP or NSS may modify the euid so we need to be root for the open. */ if (!set_perms(PERM_ROOT)) - debug_return_bool(-1); + debug_return_int(-1); /* Open and parse sudoers, set global defaults */ TAILQ_FOREACH_SAFE(nss, snl, entries, nss_next) { @@ -213,7 +213,7 @@ cleanup: if (!restore_perms()) rval = -1; - debug_return_bool(rval); + debug_return_int(rval); } int @@ -553,7 +553,7 @@ done: sudo_endpwent(); sudo_endgrent(); - debug_return_bool(rval); + debug_return_int(rval); } /* diff --git a/src/sudo.c b/src/sudo.c index 1b4dc3744..0ef86493d 100644 --- a/src/sudo.c +++ b/src/sudo.c @@ -1143,7 +1143,7 @@ policy_open(struct plugin_container *plugin, struct sudo_settings *settings, /* Convert struct sudo_settings to plugin_settings[] */ plugin_settings = format_plugin_settings(plugin, settings); if (plugin_settings == NULL) - debug_return_bool(-1); + debug_return_int(-1); /* * Backwards compatibility for older API versions @@ -1166,7 +1166,7 @@ policy_open(struct plugin_container *plugin, struct sudo_settings *settings, plugin->debug_instance = sudo_debug_get_active_instance(); sudo_debug_set_active_instance(sudo_debug_instance); - debug_return_bool(rval); + debug_return_int(rval); } static void @@ -1191,11 +1191,11 @@ policy_show_version(struct plugin_container *plugin, int verbose) debug_decl(policy_show_version, SUDO_DEBUG_PCOMM) if (plugin->u.policy->show_version == NULL) - debug_return_bool(true); + debug_return_int(true); sudo_debug_set_active_instance(plugin->debug_instance); rval = plugin->u.policy->show_version(verbose); sudo_debug_set_active_instance(sudo_debug_instance); - debug_return_bool(rval); + debug_return_int(rval); } static int @@ -1214,7 +1214,7 @@ policy_check(struct plugin_container *plugin, int argc, char * const argv[], rval = plugin->u.policy->check_policy(argc, argv, env_add, command_info, argv_out, user_env_out); sudo_debug_set_active_instance(sudo_debug_instance); - debug_return_bool(rval); + debug_return_int(rval); } static int @@ -1227,12 +1227,12 @@ policy_list(struct plugin_container *plugin, int argc, char * const argv[], if (plugin->u.policy->list == NULL) { sudo_warnx(U_("policy plugin %s does not support listing privileges"), plugin->name); - debug_return_bool(false); + debug_return_int(false); } sudo_debug_set_active_instance(plugin->debug_instance); rval = plugin->u.policy->list(argc, argv, verbose, list_user); sudo_debug_set_active_instance(sudo_debug_instance); - debug_return_bool(rval); + debug_return_int(rval); } static int @@ -1244,12 +1244,12 @@ policy_validate(struct plugin_container *plugin) if (plugin->u.policy->validate == NULL) { sudo_warnx(U_("policy plugin %s does not support the -v option"), plugin->name); - debug_return_bool(false); + debug_return_int(false); } sudo_debug_set_active_instance(plugin->debug_instance); rval = plugin->u.policy->validate(); sudo_debug_set_active_instance(sudo_debug_instance); - debug_return_bool(rval); + debug_return_int(rval); } static void @@ -1288,7 +1288,7 @@ policy_init_session(struct command_details *details) } sudo_debug_set_active_instance(sudo_debug_instance); } - debug_return_bool(rval); + debug_return_int(rval); } static int @@ -1303,7 +1303,7 @@ iolog_open(struct plugin_container *plugin, struct sudo_settings *settings, /* Convert struct sudo_settings to plugin_settings[] */ plugin_settings = format_plugin_settings(plugin, settings); if (plugin_settings == NULL) - debug_return_bool(-1); + debug_return_int(-1); /* * Backwards compatibility for older API versions @@ -1326,7 +1326,7 @@ iolog_open(struct plugin_container *plugin, struct sudo_settings *settings, argc, argv, user_env, plugin->options); } sudo_debug_set_active_instance(sudo_debug_instance); - debug_return_bool(rval); + debug_return_int(rval); } static void @@ -1349,12 +1349,12 @@ iolog_show_version(struct plugin_container *plugin, int verbose) debug_decl(iolog_show_version, SUDO_DEBUG_PCOMM) if (plugin->u.io->show_version == NULL) - debug_return_bool(true); + debug_return_int(true); sudo_debug_set_active_instance(plugin->debug_instance); rval = plugin->u.io->show_version(verbose); sudo_debug_set_active_instance(sudo_debug_instance); - debug_return_bool(rval); + debug_return_int(rval); } /* -- 2.40.0