New upstream version 4.13+dfsg1upstream/4.13+dfsg1upstream

17 files changed, 66 insertions, 73 deletions

diff --git a/lib/commonio.c b/lib/commonio.c
index 80288d64..9a02ce1a 100644
--- a/lib/commonio.c
+++ b/lib/commonio.c
@@ -32,7 +32,7 @@
 
 /* local function prototypes */
 static int lrename (const char *, const char *);
-static int check_link_count (const char *file);
+static int check_link_count (const char *file, bool log);
 static int do_lock_file (const char *file, const char *lock, bool log);
 static /*@null@*/ /*@dependent@*/FILE *fopen_set_perms (
 	const char *name,
@@ -85,23 +85,31 @@ int lrename (const char *old, const char *new)
 	res = rename (old, new);
 
 #ifdef __GLIBC__
-	if (NULL != r) {
-		free (r);
-	}
+	free (r);
 #endif				/* __GLIBC__ */
 
 	return res;
 }
 
-static int check_link_count (const char *file)
+static int check_link_count (const char *file, bool log)
 {
 	struct stat sb;
 
 	if (stat (file, &sb) != 0) {
+		if (log) {
+			(void) fprintf (shadow_logfd,
+			                "%s: %s file stat error: %s\n",
+			                shadow_progname, file, strerror (errno));
+		}
 		return 0;
 	}
 
 	if (sb.st_nlink != 2) {
+		if (log) {
+			(void) fprintf (shadow_logfd,
+			                "%s: %s: lock file already used (nlink: %u)\n",
+			                shadow_progname, file, sb.st_nlink);
+		}
 		return 0;
 	}
 
@@ -153,12 +161,7 @@ static int do_lock_file (const char *file, const char *lock, bool log)
 	close (fd);
 
 	if (link (file, lock) == 0) {
-		retval = check_link_count (file);
-		if ((0==retval) && log) {
-			(void) fprintf (shadow_logfd,
-			                "%s: %s: lock file already used\n",
-			                shadow_progname, file);
-		}
+		retval = check_link_count (file, log);
 		unlink (file);
 		return retval;
 	}
@@ -219,12 +222,7 @@ static int do_lock_file (const char *file, const char *lock, bool log)
 
 	retval = 0;
 	if (link (file, lock) == 0) {
-		retval = check_link_count (file);
-		if ((0==retval) && log) {
-			(void) fprintf (shadow_logfd,
-			                "%s: %s: lock file already used\n",
-			                shadow_progname, file);
-		}
+		retval = check_link_count (file, log);
 	} else {
 		if (log) {
 			(void) fprintf (shadow_logfd,
@@ -337,9 +335,7 @@ static void free_linked_list (struct commonio_db *db)
 		p = db->head;
 		db->head = p->next;
 
-		if (NULL != p->line) {
-			free (p->line);
-		}
+		free (p->line);
 
 		if (NULL != p->eptr) {
 			db->ops->free (p->eptr);
@@ -395,10 +391,8 @@ int commonio_lock_nowait (struct commonio_db *db, bool log)
 		err = 1;
 	}
 cleanup_ENOMEM:
-	if (file)
-		free(file);
-	if (lock)
-		free(lock);
+	free(file);
+	free(lock);
 	return err;
 }
 
@@ -1200,9 +1194,7 @@ int commonio_remove (struct commonio_db *db, const char *name)
 
 	commonio_del_entry (db, p);
 
-	if (NULL != p->line) {
-		free (p->line);
-	}
+	free (p->line);
 
 	if (NULL != p->eptr) {
 		db->ops->free (p->eptr);
diff --git a/lib/defines.h b/lib/defines.h
index ee33aa0d..d01f691e 100644
--- a/lib/defines.h
+++ b/lib/defines.h
@@ -310,14 +310,6 @@ extern char *strerror ();
 # define format_attr(type, index, check)
 #endif
 
-/* ! Arguments evaluated twice ! */
-#ifndef MIN
-#define MIN(a,b) (((a) < (b)) ? (a) : (b))
-#endif
-#ifndef MAX
-#define MAX(x,y) (((x) > (y)) ? (x) : (y))
-#endif
-
 /* Maximum length of usernames */
 #ifdef HAVE_UTMPX_H
 # include <utmpx.h>
@@ -335,6 +327,9 @@ extern char *strerror ();
 # endif
 #endif
 
+/* Maximum length of passwd entry */
+#define PASSWD_ENTRY_MAX_LENGTH 32768
+
 #ifdef HAVE_SECURE_GETENV
 #  define shadow_getenv(name) secure_getenv(name)
 # else
diff --git a/lib/getdef.c b/lib/getdef.c
index 2e6022fa..dcd1fe72 100644
--- a/lib/getdef.c
+++ b/lib/getdef.c
@@ -388,10 +388,7 @@ int putdef_str (const char *name, const char *value)
 		return -1;
 	}
 
-	if (NULL != d->value) {
-		free (d->value);
-	}
-
+	free (d->value);
 	d->value = cp;
 	return 0;
 }
diff --git a/lib/groupio.c b/lib/groupio.c
index 54af36e3..357a30eb 100644
--- a/lib/groupio.c
+++ b/lib/groupio.c
@@ -418,9 +418,7 @@ static int split_groups (unsigned int max_members)
 		/* Shift all the members */
 		/* The number of members in new_gptr will be check later */
 		for (i = 0; NULL != new_gptr->gr_mem[i + max_members]; i++) {
-			if (NULL != new_gptr->gr_mem[i]) {
-				free (new_gptr->gr_mem[i]);
-			}
+			free (new_gptr->gr_mem[i]);
 			new_gptr->gr_mem[i] = new_gptr->gr_mem[i + max_members];
 			new_gptr->gr_mem[i + max_members] = NULL;
 		}
diff --git a/lib/groupmem.c b/lib/groupmem.c
index c18b5c64..c858b721 100644
--- a/lib/groupmem.c
+++ b/lib/groupmem.c
@@ -80,7 +80,7 @@ void gr_free (/*@out@*/ /*@only@*/struct group *grent)
 {
 	free (grent->gr_name);
 	if (NULL != grent->gr_passwd) {
-		memzero (grent->gr_passwd, strlen (grent->gr_passwd));
+		strzero (grent->gr_passwd);
 		free (grent->gr_passwd);
 	}
 	gr_free_members(grent);
diff --git a/lib/nss.c b/lib/nss.c
index 06fa48e5..23d05182 100644
--- a/lib/nss.c
+++ b/lib/nss.c
@@ -59,7 +59,6 @@ void nss_init(const char *nsswitch_path) {
 	//   subid:	files
 	nssfp = fopen(nsswitch_path, "r");
 	if (!nssfp) {
-		fprintf(shadow_logfd, "Failed opening %s: %m\n", nsswitch_path);
 		atomic_store(&nss_init_completed, true);
 		return;
 	}
diff --git a/lib/prototypes.h b/lib/prototypes.h
index bd832f49..1172b5d7 100644
--- a/lib/prototypes.h
+++ b/lib/prototypes.h
@@ -483,7 +483,6 @@ extern bool valid (const char *, const struct passwd *);
 extern /*@maynotreturn@*/ /*@only@*//*@out@*//*@notnull@*/void *xmalloc (size_t size)
   /*@ensures MaxSet(result) == (size - 1); @*/;
 extern /*@maynotreturn@*/ /*@only@*//*@notnull@*/char *xstrdup (const char *);
-extern void xfree(void *ap);
 
 /* xgetpwnam.c */
 extern /*@null@*/ /*@only@*/struct passwd *xgetpwnam (const char *);
diff --git a/lib/pwio.c b/lib/pwio.c
index 2efecfbf..e59b473c 100644
--- a/lib/pwio.c
+++ b/lib/pwio.c
@@ -56,7 +56,10 @@ static int passwd_put (const void *ent, FILE * file)
 	    || (pw->pw_gid == (gid_t)-1)
 	    || (valid_field (pw->pw_gecos, ":\n") == -1)
 	    || (valid_field (pw->pw_dir, ":\n") == -1)
-	    || (valid_field (pw->pw_shell, ":\n") == -1)) {
+	    || (valid_field (pw->pw_shell, ":\n") == -1)
+	    || (strlen (pw->pw_name) + strlen (pw->pw_passwd) +
+	        strlen (pw->pw_gecos) + strlen (pw->pw_dir) +
+	        strlen (pw->pw_shell) + 100 > PASSWD_ENTRY_MAX_LENGTH)) {
 		return -1;
 	}
 
diff --git a/lib/pwmem.c b/lib/pwmem.c
index f6aadb85..867e3f74 100644
--- a/lib/pwmem.c
+++ b/lib/pwmem.c
@@ -73,7 +73,7 @@ void pw_free (/*@out@*/ /*@only@*/struct passwd *pwent)
 	if (pwent != NULL) {
 		free (pwent->pw_name);
 		if (pwent->pw_passwd) {
-			memzero (pwent->pw_passwd, strlen (pwent->pw_passwd));
+			strzero (pwent->pw_passwd);
 			free (pwent->pw_passwd);
 		}
 		free (pwent->pw_gecos);
diff --git a/lib/semanage.c b/lib/semanage.c
index 54f99623..082a6e8e 100644
--- a/lib/semanage.c
+++ b/lib/semanage.c
@@ -122,12 +122,14 @@ static int semanage_user_mod (semanage_handle_t *handle,
 		goto done;
 	}
 
-	ret = semanage_seuser_set_mlsrange (handle, seuser, DEFAULT_SERANGE);
-	if (ret != 0) {
-		fprintf (shadow_logfd,
-		         _("Could not set serange for %s\n"), login_name);
-		ret = 1;
-		goto done;
+	if (semanage_mls_enabled(handle)) {
+		ret = semanage_seuser_set_mlsrange (handle, seuser, DEFAULT_SERANGE);
+		if (ret != 0) {
+			fprintf (shadow_logfd,
+			         _("Could not set serange for %s\n"), login_name);
+			ret = 1;
+			goto done;
+		}
 	}
 
 	ret = semanage_seuser_set_sename (handle, seuser, seuser_name);
@@ -179,13 +181,14 @@ static int semanage_user_add (semanage_handle_t *handle,
 		goto done;
 	}
 
-	ret = semanage_seuser_set_mlsrange (handle, seuser, DEFAULT_SERANGE);
-	if (ret != 0) {
-		fprintf (shadow_logfd,
-		         _("Could not set serange for %s\n"),
-		         login_name);
-		ret = 1;
-		goto done;
+	if (semanage_mls_enabled(handle)) {
+		ret = semanage_seuser_set_mlsrange (handle, seuser, DEFAULT_SERANGE);
+		if (ret != 0) {
+			fprintf (shadow_logfd,
+			         _("Could not set serange for %s\n"), login_name);
+			ret = 1;
+			goto done;
+		}
 	}
 
 	ret = semanage_seuser_set_sename (handle, seuser, seuser_name);
diff --git a/lib/sgetgrent.c b/lib/sgetgrent.c
index 1ed3aa11..ad4fcc86 100644
--- a/lib/sgetgrent.c
+++ b/lib/sgetgrent.c
@@ -54,8 +54,7 @@ static char **list (char *s)
 				rbuf = malloc (size * sizeof (char *));
 			}
 			if (!rbuf) {
-				if (members)
-					free (members);
+				free (members);
 				members = 0;
 				size = 0;
 				return (char **) 0;
@@ -89,8 +88,7 @@ struct group *sgetgrent (const char *buf)
 	if (strlen (buf) + 1 > size) {
 		/* no need to use realloc() here - just free it and
 		   allocate a larger block */
-		if (grpbuf)
-			free (grpbuf);
+		free (grpbuf);
 		size = strlen (buf) + 1000;	/* at least: strlen(buf) + 1 */
 		grpbuf = malloc (size);
 		if (!grpbuf) {
diff --git a/lib/sgetpwent.c b/lib/sgetpwent.c
index c6e5944c..1c8c63e0 100644
--- a/lib/sgetpwent.c
+++ b/lib/sgetpwent.c
@@ -16,6 +16,7 @@
 #include <stdio.h>
 #include <pwd.h>
 #include "prototypes.h"
+#include "shadowlog_internal.h"
 
 #define	NFIELDS	7
 
@@ -34,7 +35,7 @@
 struct passwd *sgetpwent (const char *buf)
 {
 	static struct passwd pwent;
-	static char pwdbuf[1024];
+	static char pwdbuf[PASSWD_ENTRY_MAX_LENGTH];
 	int i;
 	char *cp;
 	char *fields[NFIELDS];
@@ -44,8 +45,12 @@ struct passwd *sgetpwent (const char *buf)
 	 * the password structure remain valid.
 	 */
 
-	if (strlen (buf) >= sizeof pwdbuf)
+	if (strlen (buf) >= sizeof pwdbuf) {
+		fprintf (shadow_logfd,
+		         "%s: Too long passwd entry encountered, file corruption?\n",
+		         shadow_progname);
 		return 0;	/* fail if too long */
+	}
 	strcpy (pwdbuf, buf);
 
 	/*
diff --git a/lib/sgetspent.c b/lib/sgetspent.c
index cbadb7e6..f1d4b201 100644
--- a/lib/sgetspent.c
+++ b/lib/sgetspent.c
@@ -16,6 +16,7 @@
 
 #include <sys/types.h>
 #include "prototypes.h"
+#include "shadowlog_internal.h"
 #include "defines.h"
 #include <stdio.h>
 #define	FIELDS	9
@@ -25,7 +26,7 @@
  */
 struct spwd *sgetspent (const char *string)
 {
-	static char spwbuf[1024];
+	static char spwbuf[PASSWD_ENTRY_MAX_LENGTH];
 	static struct spwd spwd;
 	char *fields[FIELDS];
 	char *cp;
@@ -37,6 +38,9 @@ struct spwd *sgetspent (const char *string)
 	 */
 
 	if (strlen (string) >= sizeof spwbuf) {
+		fprintf (shadow_logfd,
+		         "%s: Too long passwd entry encountered, file corruption?\n",
+		         shadow_progname);
 		return 0;	/* fail if too long */
 	}
 	strcpy (spwbuf, string);
diff --git a/lib/sgroupio.c b/lib/sgroupio.c
index cf01de7b..871749bd 100644
--- a/lib/sgroupio.c
+++ b/lib/sgroupio.c
@@ -128,7 +128,7 @@ void sgr_free (/*@out@*/ /*@only@*/struct sgrp *sgent)
 	size_t i;
 	free (sgent->sg_name);
 	if (NULL != sgent->sg_passwd) {
-		memzero (sgent->sg_passwd, strlen (sgent->sg_passwd));
+		strzero (sgent->sg_passwd);
 		free (sgent->sg_passwd);
 	}
 	for (i = 0; NULL != sgent->sg_adm[i]; i++) {
diff --git a/lib/shadowio.c b/lib/shadowio.c
index 34076040..683b6c81 100644
--- a/lib/shadowio.c
+++ b/lib/shadowio.c
@@ -56,7 +56,9 @@ static int shadow_put (const void *ent, FILE * file)
 
 	if (   (NULL == sp)
 	    || (valid_field (sp->sp_namp, ":\n") == -1)
-	    || (valid_field (sp->sp_pwdp, ":\n") == -1)) {
+	    || (valid_field (sp->sp_pwdp, ":\n") == -1)
+	    || (strlen (sp->sp_namp) + strlen (sp->sp_pwdp) +
+	        1000 > PASSWD_ENTRY_MAX_LENGTH)) {
 		return -1;
 	}
 
diff --git a/lib/shadowmem.c b/lib/shadowmem.c
index 757d6026..82f99e72 100644
--- a/lib/shadowmem.c
+++ b/lib/shadowmem.c
@@ -59,7 +59,7 @@ void spw_free (/*@out@*/ /*@only@*/struct spwd *spent)
 	if (spent != NULL) {
 		free (spent->sp_namp);
 		if (NULL != spent->sp_pwdp) {
-			memzero (spent->sp_pwdp, strlen (spent->sp_pwdp));
+			strzero (spent->sp_pwdp);
 			free (spent->sp_pwdp);
 		}
 		free (spent);
diff --git a/lib/tcbfuncs.c b/lib/tcbfuncs.c
index 80838c51..1ed5d030 100644
--- a/lib/tcbfuncs.c
+++ b/lib/tcbfuncs.c
@@ -380,9 +380,7 @@ shadowtcb_status shadowtcb_set_user (const char* name)
 		return SHADOWTCB_SUCCESS;
 	}
 
-	if (NULL != stored_tcb_user) {
-		free (stored_tcb_user);
-	}
+	free (stored_tcb_user);
 
 	stored_tcb_user = strdup (name);
 	if (NULL == stored_tcb_user) {