diff options
author | Balint Reczey <balint@balintreczey.hu> | 2022-11-10 16:24:06 +0100 |
---|---|---|
committer | Balint Reczey <balint@balintreczey.hu> | 2022-11-10 16:24:06 +0100 |
commit | 3987cc788047570ecf10707dfc8958780d85c73c (patch) | |
tree | 109724175f07436696f51b14b5abbd3f4d704d6d /lib | |
parent | 8ead740677d19e48690d4f144ab090b83d47059f (diff) | |
download | shadow-3987cc788047570ecf10707dfc8958780d85c73c.tar.gz |
New upstream version 4.13+dfsg1upstream/4.13+dfsg1upstream
Diffstat (limited to 'lib')
-rw-r--r-- | lib/commonio.c | 46 | ||||
-rw-r--r-- | lib/defines.h | 11 | ||||
-rw-r--r-- | lib/getdef.c | 5 | ||||
-rw-r--r-- | lib/groupio.c | 4 | ||||
-rw-r--r-- | lib/groupmem.c | 2 | ||||
-rw-r--r-- | lib/nss.c | 1 | ||||
-rw-r--r-- | lib/prototypes.h | 1 | ||||
-rw-r--r-- | lib/pwio.c | 5 | ||||
-rw-r--r-- | lib/pwmem.c | 2 | ||||
-rw-r--r-- | lib/semanage.c | 29 | ||||
-rw-r--r-- | lib/sgetgrent.c | 6 | ||||
-rw-r--r-- | lib/sgetpwent.c | 9 | ||||
-rw-r--r-- | lib/sgetspent.c | 6 | ||||
-rw-r--r-- | lib/sgroupio.c | 2 | ||||
-rw-r--r-- | lib/shadowio.c | 4 | ||||
-rw-r--r-- | lib/shadowmem.c | 2 | ||||
-rw-r--r-- | lib/tcbfuncs.c | 4 |
17 files changed, 66 insertions, 73 deletions
diff --git a/lib/commonio.c b/lib/commonio.c index 80288d64..9a02ce1a 100644 --- a/lib/commonio.c +++ b/lib/commonio.c @@ -32,7 +32,7 @@ /* local function prototypes */ static int lrename (const char *, const char *); -static int check_link_count (const char *file); +static int check_link_count (const char *file, bool log); static int do_lock_file (const char *file, const char *lock, bool log); static /*@null@*/ /*@dependent@*/FILE *fopen_set_perms ( const char *name, @@ -85,23 +85,31 @@ int lrename (const char *old, const char *new) res = rename (old, new); #ifdef __GLIBC__ - if (NULL != r) { - free (r); - } + free (r); #endif /* __GLIBC__ */ return res; } -static int check_link_count (const char *file) +static int check_link_count (const char *file, bool log) { struct stat sb; if (stat (file, &sb) != 0) { + if (log) { + (void) fprintf (shadow_logfd, + "%s: %s file stat error: %s\n", + shadow_progname, file, strerror (errno)); + } return 0; } if (sb.st_nlink != 2) { + if (log) { + (void) fprintf (shadow_logfd, + "%s: %s: lock file already used (nlink: %u)\n", + shadow_progname, file, sb.st_nlink); + } return 0; } @@ -153,12 +161,7 @@ static int do_lock_file (const char *file, const char *lock, bool log) close (fd); if (link (file, lock) == 0) { - retval = check_link_count (file); - if ((0==retval) && log) { - (void) fprintf (shadow_logfd, - "%s: %s: lock file already used\n", - shadow_progname, file); - } + retval = check_link_count (file, log); unlink (file); return retval; } @@ -219,12 +222,7 @@ static int do_lock_file (const char *file, const char *lock, bool log) retval = 0; if (link (file, lock) == 0) { - retval = check_link_count (file); - if ((0==retval) && log) { - (void) fprintf (shadow_logfd, - "%s: %s: lock file already used\n", - shadow_progname, file); - } + retval = check_link_count (file, log); } else { if (log) { (void) fprintf (shadow_logfd, @@ -337,9 +335,7 @@ static void free_linked_list (struct commonio_db *db) p = db->head; db->head = p->next; - if (NULL != p->line) { - free (p->line); - } + free (p->line); if (NULL != p->eptr) { db->ops->free (p->eptr); @@ -395,10 +391,8 @@ int commonio_lock_nowait (struct commonio_db *db, bool log) err = 1; } cleanup_ENOMEM: - if (file) - free(file); - if (lock) - free(lock); + free(file); + free(lock); return err; } @@ -1200,9 +1194,7 @@ int commonio_remove (struct commonio_db *db, const char *name) commonio_del_entry (db, p); - if (NULL != p->line) { - free (p->line); - } + free (p->line); if (NULL != p->eptr) { db->ops->free (p->eptr); diff --git a/lib/defines.h b/lib/defines.h index ee33aa0d..d01f691e 100644 --- a/lib/defines.h +++ b/lib/defines.h @@ -310,14 +310,6 @@ extern char *strerror (); # define format_attr(type, index, check) #endif -/* ! Arguments evaluated twice ! */ -#ifndef MIN -#define MIN(a,b) (((a) < (b)) ? (a) : (b)) -#endif -#ifndef MAX -#define MAX(x,y) (((x) > (y)) ? (x) : (y)) -#endif - /* Maximum length of usernames */ #ifdef HAVE_UTMPX_H # include <utmpx.h> @@ -335,6 +327,9 @@ extern char *strerror (); # endif #endif +/* Maximum length of passwd entry */ +#define PASSWD_ENTRY_MAX_LENGTH 32768 + #ifdef HAVE_SECURE_GETENV # define shadow_getenv(name) secure_getenv(name) # else diff --git a/lib/getdef.c b/lib/getdef.c index 2e6022fa..dcd1fe72 100644 --- a/lib/getdef.c +++ b/lib/getdef.c @@ -388,10 +388,7 @@ int putdef_str (const char *name, const char *value) return -1; } - if (NULL != d->value) { - free (d->value); - } - + free (d->value); d->value = cp; return 0; } diff --git a/lib/groupio.c b/lib/groupio.c index 54af36e3..357a30eb 100644 --- a/lib/groupio.c +++ b/lib/groupio.c @@ -418,9 +418,7 @@ static int split_groups (unsigned int max_members) /* Shift all the members */ /* The number of members in new_gptr will be check later */ for (i = 0; NULL != new_gptr->gr_mem[i + max_members]; i++) { - if (NULL != new_gptr->gr_mem[i]) { - free (new_gptr->gr_mem[i]); - } + free (new_gptr->gr_mem[i]); new_gptr->gr_mem[i] = new_gptr->gr_mem[i + max_members]; new_gptr->gr_mem[i + max_members] = NULL; } diff --git a/lib/groupmem.c b/lib/groupmem.c index c18b5c64..c858b721 100644 --- a/lib/groupmem.c +++ b/lib/groupmem.c @@ -80,7 +80,7 @@ void gr_free (/*@out@*/ /*@only@*/struct group *grent) { free (grent->gr_name); if (NULL != grent->gr_passwd) { - memzero (grent->gr_passwd, strlen (grent->gr_passwd)); + strzero (grent->gr_passwd); free (grent->gr_passwd); } gr_free_members(grent); @@ -59,7 +59,6 @@ void nss_init(const char *nsswitch_path) { // subid: files nssfp = fopen(nsswitch_path, "r"); if (!nssfp) { - fprintf(shadow_logfd, "Failed opening %s: %m\n", nsswitch_path); atomic_store(&nss_init_completed, true); return; } diff --git a/lib/prototypes.h b/lib/prototypes.h index bd832f49..1172b5d7 100644 --- a/lib/prototypes.h +++ b/lib/prototypes.h @@ -483,7 +483,6 @@ extern bool valid (const char *, const struct passwd *); extern /*@maynotreturn@*/ /*@only@*//*@out@*//*@notnull@*/void *xmalloc (size_t size) /*@ensures MaxSet(result) == (size - 1); @*/; extern /*@maynotreturn@*/ /*@only@*//*@notnull@*/char *xstrdup (const char *); -extern void xfree(void *ap); /* xgetpwnam.c */ extern /*@null@*/ /*@only@*/struct passwd *xgetpwnam (const char *); @@ -56,7 +56,10 @@ static int passwd_put (const void *ent, FILE * file) || (pw->pw_gid == (gid_t)-1) || (valid_field (pw->pw_gecos, ":\n") == -1) || (valid_field (pw->pw_dir, ":\n") == -1) - || (valid_field (pw->pw_shell, ":\n") == -1)) { + || (valid_field (pw->pw_shell, ":\n") == -1) + || (strlen (pw->pw_name) + strlen (pw->pw_passwd) + + strlen (pw->pw_gecos) + strlen (pw->pw_dir) + + strlen (pw->pw_shell) + 100 > PASSWD_ENTRY_MAX_LENGTH)) { return -1; } diff --git a/lib/pwmem.c b/lib/pwmem.c index f6aadb85..867e3f74 100644 --- a/lib/pwmem.c +++ b/lib/pwmem.c @@ -73,7 +73,7 @@ void pw_free (/*@out@*/ /*@only@*/struct passwd *pwent) if (pwent != NULL) { free (pwent->pw_name); if (pwent->pw_passwd) { - memzero (pwent->pw_passwd, strlen (pwent->pw_passwd)); + strzero (pwent->pw_passwd); free (pwent->pw_passwd); } free (pwent->pw_gecos); diff --git a/lib/semanage.c b/lib/semanage.c index 54f99623..082a6e8e 100644 --- a/lib/semanage.c +++ b/lib/semanage.c @@ -122,12 +122,14 @@ static int semanage_user_mod (semanage_handle_t *handle, goto done; } - ret = semanage_seuser_set_mlsrange (handle, seuser, DEFAULT_SERANGE); - if (ret != 0) { - fprintf (shadow_logfd, - _("Could not set serange for %s\n"), login_name); - ret = 1; - goto done; + if (semanage_mls_enabled(handle)) { + ret = semanage_seuser_set_mlsrange (handle, seuser, DEFAULT_SERANGE); + if (ret != 0) { + fprintf (shadow_logfd, + _("Could not set serange for %s\n"), login_name); + ret = 1; + goto done; + } } ret = semanage_seuser_set_sename (handle, seuser, seuser_name); @@ -179,13 +181,14 @@ static int semanage_user_add (semanage_handle_t *handle, goto done; } - ret = semanage_seuser_set_mlsrange (handle, seuser, DEFAULT_SERANGE); - if (ret != 0) { - fprintf (shadow_logfd, - _("Could not set serange for %s\n"), - login_name); - ret = 1; - goto done; + if (semanage_mls_enabled(handle)) { + ret = semanage_seuser_set_mlsrange (handle, seuser, DEFAULT_SERANGE); + if (ret != 0) { + fprintf (shadow_logfd, + _("Could not set serange for %s\n"), login_name); + ret = 1; + goto done; + } } ret = semanage_seuser_set_sename (handle, seuser, seuser_name); diff --git a/lib/sgetgrent.c b/lib/sgetgrent.c index 1ed3aa11..ad4fcc86 100644 --- a/lib/sgetgrent.c +++ b/lib/sgetgrent.c @@ -54,8 +54,7 @@ static char **list (char *s) rbuf = malloc (size * sizeof (char *)); } if (!rbuf) { - if (members) - free (members); + free (members); members = 0; size = 0; return (char **) 0; @@ -89,8 +88,7 @@ struct group *sgetgrent (const char *buf) if (strlen (buf) + 1 > size) { /* no need to use realloc() here - just free it and allocate a larger block */ - if (grpbuf) - free (grpbuf); + free (grpbuf); size = strlen (buf) + 1000; /* at least: strlen(buf) + 1 */ grpbuf = malloc (size); if (!grpbuf) { diff --git a/lib/sgetpwent.c b/lib/sgetpwent.c index c6e5944c..1c8c63e0 100644 --- a/lib/sgetpwent.c +++ b/lib/sgetpwent.c @@ -16,6 +16,7 @@ #include <stdio.h> #include <pwd.h> #include "prototypes.h" +#include "shadowlog_internal.h" #define NFIELDS 7 @@ -34,7 +35,7 @@ struct passwd *sgetpwent (const char *buf) { static struct passwd pwent; - static char pwdbuf[1024]; + static char pwdbuf[PASSWD_ENTRY_MAX_LENGTH]; int i; char *cp; char *fields[NFIELDS]; @@ -44,8 +45,12 @@ struct passwd *sgetpwent (const char *buf) * the password structure remain valid. */ - if (strlen (buf) >= sizeof pwdbuf) + if (strlen (buf) >= sizeof pwdbuf) { + fprintf (shadow_logfd, + "%s: Too long passwd entry encountered, file corruption?\n", + shadow_progname); return 0; /* fail if too long */ + } strcpy (pwdbuf, buf); /* diff --git a/lib/sgetspent.c b/lib/sgetspent.c index cbadb7e6..f1d4b201 100644 --- a/lib/sgetspent.c +++ b/lib/sgetspent.c @@ -16,6 +16,7 @@ #include <sys/types.h> #include "prototypes.h" +#include "shadowlog_internal.h" #include "defines.h" #include <stdio.h> #define FIELDS 9 @@ -25,7 +26,7 @@ */ struct spwd *sgetspent (const char *string) { - static char spwbuf[1024]; + static char spwbuf[PASSWD_ENTRY_MAX_LENGTH]; static struct spwd spwd; char *fields[FIELDS]; char *cp; @@ -37,6 +38,9 @@ struct spwd *sgetspent (const char *string) */ if (strlen (string) >= sizeof spwbuf) { + fprintf (shadow_logfd, + "%s: Too long passwd entry encountered, file corruption?\n", + shadow_progname); return 0; /* fail if too long */ } strcpy (spwbuf, string); diff --git a/lib/sgroupio.c b/lib/sgroupio.c index cf01de7b..871749bd 100644 --- a/lib/sgroupio.c +++ b/lib/sgroupio.c @@ -128,7 +128,7 @@ void sgr_free (/*@out@*/ /*@only@*/struct sgrp *sgent) size_t i; free (sgent->sg_name); if (NULL != sgent->sg_passwd) { - memzero (sgent->sg_passwd, strlen (sgent->sg_passwd)); + strzero (sgent->sg_passwd); free (sgent->sg_passwd); } for (i = 0; NULL != sgent->sg_adm[i]; i++) { diff --git a/lib/shadowio.c b/lib/shadowio.c index 34076040..683b6c81 100644 --- a/lib/shadowio.c +++ b/lib/shadowio.c @@ -56,7 +56,9 @@ static int shadow_put (const void *ent, FILE * file) if ( (NULL == sp) || (valid_field (sp->sp_namp, ":\n") == -1) - || (valid_field (sp->sp_pwdp, ":\n") == -1)) { + || (valid_field (sp->sp_pwdp, ":\n") == -1) + || (strlen (sp->sp_namp) + strlen (sp->sp_pwdp) + + 1000 > PASSWD_ENTRY_MAX_LENGTH)) { return -1; } diff --git a/lib/shadowmem.c b/lib/shadowmem.c index 757d6026..82f99e72 100644 --- a/lib/shadowmem.c +++ b/lib/shadowmem.c @@ -59,7 +59,7 @@ void spw_free (/*@out@*/ /*@only@*/struct spwd *spent) if (spent != NULL) { free (spent->sp_namp); if (NULL != spent->sp_pwdp) { - memzero (spent->sp_pwdp, strlen (spent->sp_pwdp)); + strzero (spent->sp_pwdp); free (spent->sp_pwdp); } free (spent); diff --git a/lib/tcbfuncs.c b/lib/tcbfuncs.c index 80838c51..1ed5d030 100644 --- a/lib/tcbfuncs.c +++ b/lib/tcbfuncs.c @@ -380,9 +380,7 @@ shadowtcb_status shadowtcb_set_user (const char* name) return SHADOWTCB_SUCCESS; } - if (NULL != stored_tcb_user) { - free (stored_tcb_user); - } + free (stored_tcb_user); stored_tcb_user = strdup (name); if (NULL == stored_tcb_user) { |