From e2328479dd45ab9e3766ceeb3cea59a468d4abef Mon Sep 17 00:00:00 2001 From: "Todd C. Miller" Date: Fri, 19 Jun 2015 12:35:51 -0600 Subject: [PATCH] Use strtok_r() instead of strtok() --- lib/util/getgrouplist.c | 4 +++- lib/util/regress/glob/globtest.c | 2 +- lib/util/sudo_debug.c | 4 ++-- plugins/group_file/getgrent.c | 6 ++++-- plugins/group_file/plugin_test.c | 4 +++- plugins/sample/sample_plugin.c | 6 +++--- plugins/sudoers/group_plugin.c | 6 +++--- plugins/sudoers/interfaces.c | 4 ++-- plugins/sudoers/ldap.c | 11 ++++++----- plugins/sudoers/logging.c | 6 +++--- plugins/sudoers/regress/logging/check_wrap.c | 8 ++++++-- plugins/sudoers/sudo_nss.c | 10 ++++++---- plugins/sudoers/sudoreplay.c | 2 +- plugins/sudoers/tsgetgrpw.c | 6 ++++-- 14 files changed, 47 insertions(+), 32 deletions(-) diff --git a/lib/util/getgrouplist.c b/lib/util/getgrouplist.c index 0bcd7bef1..d05135919 100644 --- a/lib/util/getgrouplist.c +++ b/lib/util/getgrouplist.c @@ -72,8 +72,10 @@ sudo_getgrouplist(const char *name, gid_t basegid, gid_t *groups, int *ngroupsp) aix_setauthdb((char *) name); #endif if ((grset = getgrset(name)) != NULL) { + char *last; const char *errstr; - for (cp = strtok(grset, ","); cp != NULL; cp = strtok(NULL, ",")) { + + for (cp = strtok_r(grset, ",", &last); cp != NULL; cp = strtok_r(NULL, ",", &last)) { gid = sudo_strtoid(cp, NULL, NULL, &errstr); if (errstr == NULL && gid != basegid) { if (ngroups == grpsize) diff --git a/lib/util/regress/glob/globtest.c b/lib/util/regress/glob/globtest.c index d8930916d..27fe00fe3 100644 --- a/lib/util/regress/glob/globtest.c +++ b/lib/util/regress/glob/globtest.c @@ -118,7 +118,7 @@ main(int argc, char **argv) } *ep = '\0'; entry.flags = 0; - for ((cp = strtok(cp, "|")); cp != NULL; (cp = strtok(NULL, "|"))) { + for ((cp = strtok_r(cp, "|", &ep)); cp != NULL; (cp = strtok_r(NULL, "|", &ep))) { if (strcmp(cp, "GLOB_APPEND") == 0) entry.flags |= GLOB_APPEND; else if (strcmp(cp, "GLOB_DOOFFS") == 0) diff --git a/lib/util/sudo_debug.c b/lib/util/sudo_debug.c index e9f1d51af..fa9fd7b98 100644 --- a/lib/util/sudo_debug.c +++ b/lib/util/sudo_debug.c @@ -148,7 +148,7 @@ static struct sudo_debug_output * sudo_debug_new_output(struct sudo_debug_instance *instance, struct sudo_debug_file *debug_file) { - char *buf, *cp, *subsys, *pri; + char *buf, *cp, *last, *subsys, *pri; struct sudo_debug_output *output; unsigned int i, j; @@ -205,7 +205,7 @@ sudo_debug_new_output(struct sudo_debug_instance *instance, buf = strdup(debug_file->debug_flags); if (buf == NULL) goto bad; - for ((cp = strtok(buf, ",")); cp != NULL; (cp = strtok(NULL, ","))) { + for ((cp = strtok_r(buf, ",", &last)); cp != NULL; (cp = strtok_r(NULL, ",", &last))) { /* Should be in the form subsys@pri. */ subsys = cp; if ((pri = strchr(cp, '@')) == NULL) diff --git a/plugins/group_file/getgrent.c b/plugins/group_file/getgrent.c index e8af81770..d159d6563 100644 --- a/plugins/group_file/getgrent.c +++ b/plugins/group_file/getgrent.c @@ -124,11 +124,13 @@ next_entry: if (len > 0 && colon[len - 1] == '\n') colon[len - 1] = '\0'; if (*colon != '\0') { + char *last; + gr.gr_mem = gr_mem; - cp = strtok(colon, ","); + cp = strtok_r(colon, ",", &last); for (n = 0; cp != NULL && n < GRMEM_MAX; n++) { gr.gr_mem[n] = cp; - cp = strtok(NULL, ","); + cp = strtok_r(NULL, ",", &last); } gr.gr_mem[n++] = NULL; } else diff --git a/plugins/group_file/plugin_test.c b/plugins/group_file/plugin_test.c index cc8a0865f..1be808ab5 100644 --- a/plugins/group_file/plugin_test.c +++ b/plugins/group_file/plugin_test.c @@ -125,13 +125,15 @@ group_plugin_load(char *plugin_info) } } if (ac != 0) { + char *last; + argv = malloc(ac * sizeof(char *)); if (argv == NULL) { perror(NULL); return -1; } ac = 0; - for ((cp = strtok(args, " \t")); cp; (cp = strtok(NULL, " \t"))) + for ((cp = strtok_r(args, " \t", &last)); cp != NULL; (cp = strtok_r(NULL, " \t", &last))) argv[ac++] = cp; } } diff --git a/plugins/sample/sample_plugin.c b/plugins/sample/sample_plugin.c index 75c795b43..5f7ca5f23 100644 --- a/plugins/sample/sample_plugin.c +++ b/plugins/sample/sample_plugin.c @@ -243,7 +243,7 @@ build_command_info(const char *command) static char * find_editor(int nfiles, char * const files[], char **argv_out[]) { - char *cp, **ep, **nargv, *editor, *editor_path; + char *cp, *last, **ep, **nargv, *editor, *editor_path; int ac, i, nargc, wasblank; /* Lookup EDITOR in user's environment. */ @@ -275,7 +275,7 @@ find_editor(int nfiles, char * const files[], char **argv_out[]) } } /* If we can't find the editor in the user's PATH, give up. */ - cp = strtok(editor, " \t"); + cp = strtok_r(editor, " \t", &last); if (cp == NULL || (editor_path = find_in_path(editor, plugin_state.envp)) == NULL) { free(editor); @@ -291,7 +291,7 @@ find_editor(int nfiles, char * const files[], char **argv_out[]) } for (ac = 0; cp != NULL && ac < nargc; ac++) { nargv[ac] = cp; - cp = strtok(NULL, " \t"); + cp = strtok_r(NULL, " \t", &last); } nargv[ac++] = "--"; for (i = 0; i < nfiles; ) diff --git a/plugins/sudoers/group_plugin.c b/plugins/sudoers/group_plugin.c index 20e094d2f..7afc357d1 100644 --- a/plugins/sudoers/group_plugin.c +++ b/plugins/sudoers/group_plugin.c @@ -124,7 +124,7 @@ group_plugin_load(char *plugin_info) if (args != NULL) { int ac = 0; bool wasblank = true; - char *cp; + char *cp, *last; for (cp = args; *cp != '\0'; cp++) { if (isblank((unsigned char)*cp)) { @@ -134,14 +134,14 @@ group_plugin_load(char *plugin_info) ac++; } } - if (ac != 0) { + if (ac != 0) { argv = reallocarray(NULL, ac, sizeof(char *)); if (argv == NULL) { sudo_warnx(U_("unable to allocate memory")); goto done; } ac = 0; - for ((cp = strtok(args, " \t")); cp; (cp = strtok(NULL, " \t"))) + for ((cp = strtok_r(args, " \t", &last)); cp != NULL; (cp = strtok_r(NULL, " \t", &last))) argv[ac++] = cp; } } diff --git a/plugins/sudoers/interfaces.c b/plugins/sudoers/interfaces.c index d205b00fb..f077bea26 100644 --- a/plugins/sudoers/interfaces.c +++ b/plugins/sudoers/interfaces.c @@ -57,14 +57,14 @@ static struct interface_list interfaces; bool set_interfaces(const char *ai) { - char *addrinfo, *addr, *mask; + char *addrinfo, *addr, *mask, *last; struct interface *ifp; bool rval = false; debug_decl(set_interfaces, SUDOERS_DEBUG_NETIF) if ((addrinfo = strdup(ai)) == NULL) debug_return_bool(false); - for (addr = strtok(addrinfo, " \t"); addr != NULL; addr = strtok(NULL, " \t")) { + for (addr = strtok_r(addrinfo, " \t", &last); addr != NULL; addr = strtok_r(NULL, " \t", &last)) { /* Separate addr and mask. */ if ((mask = strchr(addr, '/')) == NULL) continue; diff --git a/plugins/sudoers/ldap.c b/plugins/sudoers/ldap.c index ff84c6d7c..15f9efdb2 100644 --- a/plugins/sudoers/ldap.c +++ b/plugins/sudoers/ldap.c @@ -425,7 +425,7 @@ struct sudo_nss sudo_nss_ldap = { static bool sudo_ldap_conf_add_ports(void) { - char *host, *port, defport[13]; + char *host, *last, *port, defport[13]; char hostbuf[LINE_MAX * 2]; int len; debug_decl(sudo_ldap_conf_add_ports, SUDOERS_DEBUG_LDAP) @@ -437,7 +437,7 @@ sudo_ldap_conf_add_ports(void) debug_return_bool(false); } - for ((host = strtok(ldap_conf.host, " \t")); host; (host = strtok(NULL, " \t"))) { + for ((host = strtok_r(ldap_conf.host, " \t", &last)); host; (host = strtok_r(NULL, " \t", &last))) { if (hostbuf[0] != '\0') CHECK_STRLCAT(hostbuf, " ", sizeof(hostbuf)); CHECK_STRLCAT(hostbuf, host, sizeof(hostbuf)); @@ -471,20 +471,21 @@ static int sudo_ldap_parse_uri(const struct ldap_config_str_list *uri_list) { const struct ldap_config_str *entry; - char *buf, *uri, *host, *cp, *port; - char hostbuf[LINE_MAX]; + char *buf, hostbuf[LINE_MAX]; int nldap = 0, nldaps = 0; int rc = -1; debug_decl(sudo_ldap_parse_uri, SUDOERS_DEBUG_LDAP) hostbuf[0] = '\0'; STAILQ_FOREACH(entry, uri_list, entries) { + char *cp, *host, *last, *port, *uri; + buf = strdup(entry->val); if (buf == NULL) { sudo_warnx(U_("unable to allocate memory")); goto done; } - for ((uri = strtok(buf, " \t")); uri != NULL; (uri = strtok(NULL, " \t"))) { + for ((uri = strtok_r(buf, " \t", &last)); uri != NULL; (uri = strtok_r(NULL, " \t", &last))) { if (strncasecmp(uri, "ldap://", 7) == 0) { nldap++; host = uri + 7; diff --git a/plugins/sudoers/logging.c b/plugins/sudoers/logging.c index 57bc5b9a6..7fd0db99b 100644 --- a/plugins/sudoers/logging.c +++ b/plugins/sudoers/logging.c @@ -646,7 +646,7 @@ send_mail(const char *fmt, ...) break; case 0: { - char *argv[MAX_MAILFLAGS + 1]; + char *last, *argv[MAX_MAILFLAGS + 1]; char *mflags, *mpath = def_mailerpath; int i; @@ -673,10 +673,10 @@ send_mail(const char *fmt, ...) argv[0] = mpath; i = 1; - if ((p = strtok(mflags, " \t"))) { + if ((p = strtok_r(mflags, " \t", &last))) { do { argv[i] = p; - } while (++i < MAX_MAILFLAGS && (p = strtok(NULL, " \t"))); + } while (++i < MAX_MAILFLAGS && (p = strtok_r(NULL, " \t", &last))); } argv[i] = NULL; diff --git a/plugins/sudoers/regress/logging/check_wrap.c b/plugins/sudoers/regress/logging/check_wrap.c index 3cab4354a..90b14e6fa 100644 --- a/plugins/sudoers/regress/logging/check_wrap.c +++ b/plugins/sudoers/regress/logging/check_wrap.c @@ -57,7 +57,7 @@ main(int argc, char *argv[]) { size_t len; FILE *fp; - char *cp, *dash, *line, lines[2][2048]; + char *line, lines[2][2048]; int lineno = 0; int which = 0; @@ -78,14 +78,18 @@ main(int argc, char *argv[]) * 60-80,40 */ while ((line = fgets(lines[which], sizeof(lines[which]), fp)) != NULL) { + char *cp, *last; + len = strcspn(line, "\n"); line[len] = '\0'; /* If we read the 2nd line, parse list of line lengths and check. */ if (which) { lineno++; - for (cp = strtok(lines[1], ","); cp != NULL; cp = strtok(NULL, ",")) { + for (cp = strtok_r(lines[1], ",", &last); cp != NULL; cp = strtok_r(NULL, ",", &last)) { + char *dash; size_t maxlen; + /* May be either a number or a range. */ dash = strchr(cp, '-'); if (dash != NULL) { diff --git a/plugins/sudoers/sudo_nss.c b/plugins/sudoers/sudo_nss.c index 1b709df88..2065d7baa 100644 --- a/plugins/sudoers/sudo_nss.c +++ b/plugins/sudoers/sudo_nss.c @@ -69,7 +69,7 @@ struct sudo_nss_list * sudo_read_nss(void) { FILE *fp; - char *cp, *line = NULL; + char *line = NULL; size_t linesize = 0; #ifdef HAVE_SSSD bool saw_sss = false; @@ -86,6 +86,8 @@ sudo_read_nss(void) goto nomatch; while (sudo_parseln(&line, &linesize, NULL, fp) != -1) { + char *cp, *last; + /* Skip blank or comment lines */ if (*line == '\0') continue; @@ -95,7 +97,7 @@ sudo_read_nss(void) continue; /* Parse line */ - for ((cp = strtok(line + 8, " \t")); cp != NULL; (cp = strtok(NULL, " \t"))) { + for ((cp = strtok_r(line + 8, " \t", &last)); cp != NULL; (cp = strtok_r(NULL, " \t", &last))) { if (strcasecmp(cp, "files") == 0 && !saw_files) { SUDO_NSS_CHECK_UNUSED(sudo_nss_file, "files"); TAILQ_INSERT_TAIL(&snl, &sudo_nss_file, entries); @@ -149,7 +151,7 @@ struct sudo_nss_list * sudo_read_nss(void) { FILE *fp; - char *cp, *ep, *line = NULL; + char *cp, *ep, *last, *line = NULL; size_t linesize = 0; #ifdef HAVE_SSSD bool saw_sss = false; @@ -178,7 +180,7 @@ sudo_read_nss(void) continue; /* Parse line */ - for ((cp = strtok(cp, ",")); cp != NULL; (cp = strtok(NULL, ","))) { + for ((cp = strtok_r(cp, ",", &last)); cp != NULL; (cp = strtok_r(NULL, ",", &last))) { /* Trim leading whitespace. */ while (isspace((unsigned char)*cp)) cp++; diff --git a/plugins/sudoers/sudoreplay.c b/plugins/sudoers/sudoreplay.c index 054f3cd50..2b9d31e39 100644 --- a/plugins/sudoers/sudoreplay.c +++ b/plugins/sudoers/sudoreplay.c @@ -247,7 +247,7 @@ main(int argc, char *argv[]) case 'f': /* Set the replay filter. */ def_filter = false; - for (cp = strtok(optarg, ","); cp; cp = strtok(NULL, ",")) { + for (cp = strtok_r(optarg, ",", &ep); cp; cp = strtok_r(NULL, ",", &ep)) { if (strcmp(cp, "stdout") == 0) io_log_files[IOFD_STDOUT].enabled = true; else if (strcmp(cp, "stderr") == 0) diff --git a/plugins/sudoers/tsgetgrpw.c b/plugins/sudoers/tsgetgrpw.c index e341a16eb..f752bfcd4 100644 --- a/plugins/sudoers/tsgetgrpw.c +++ b/plugins/sudoers/tsgetgrpw.c @@ -274,11 +274,13 @@ next_entry: if (len > 0 && colon[len - 1] == '\n') colon[len - 1] = '\0'; if (*colon != '\0') { + char *last; + gr.gr_mem = gr_mem; - cp = strtok(colon, ","); + cp = strtok_r(colon, ",", &last); for (n = 0; cp != NULL && n < GRMEM_MAX; n++) { gr.gr_mem[n] = cp; - cp = strtok(NULL, ","); + cp = strtok_r(NULL, ",", &last); } gr.gr_mem[n++] = NULL; } else -- 2.40.0