From 07e462f01f1c9b472c79ada83cdef83b6f908a6e Mon Sep 17 00:00:00 2001 From: nekral-guest Date: Sun, 22 Aug 2010 19:13:53 +0000 Subject: [PATCH] * libmisc/limits.c: Avoid implicit conversion of integer to boolean. * libmisc/basename.c: Avoid implicit conversion of pointer to boolean. * libmisc/basename.c, lib/prototypes.h (Basename): Return a constant string. * libmisc/basename.c, libmisc/obscure.c, lib/prototypes.h, libmisc/xmalloc.c, libmisc/getdate.h, libmisc/system.c, libmisc/getgr_nam_gid.c, libmisc/failure.c, libmisc/valid.c: Add splint annotations. * libmisc/chowndir.c: Avoid memory leak. * libmisc/chowndir.c: Do not check *printf/*puts return value. * libmisc/chowntty.c: Avoid implicit conversion between integer types. * libmisc/obscure.c: Return a bool when possible instead of int. * libmisc/shell.c: Do not check *printf/*puts return value. * libmisc/shell.c: Do not check execle return value. * libmisc/setupenv.c: Avoid implicit conversion between integer types. * libmisc/xmalloc.c: size should not be zero to avoid returning NULL pointers. * libmisc/hushed.c: Do not check *printf/*puts return value. * libmisc/system.c: Avoid implicit conversion of integer to boolean. safe_system last argument is a boolean. * libmisc/system.c: Check return value of dup2. * libmisc/system.c: Do not check *printf/*puts return value. * libmisc/system.c: Do not check execve return value. * libmisc/salt.c: Do not check *printf/*puts return value. * libmisc/loginprompt.c: Do not check gethostname return value. * libmisc/find_new_gid.c, libmisc/find_new_uid.c: Do not check gr_rewind/pw_rewind return value. * libmisc/ttytype.c: Limit the number of parsed characters in the sscanf format. * libmisc/ttytype.c: Test if a type was really read. * libmisc/sub.c: Do not check *printf/*puts return value. * libmisc/sub.c: Avoid implicit conversion of integer to boolean. * src/userdel.c: Fix typo in comment. * src/userdel.c: Avoid implicit conversion of boolean to integer. * src/userdel.c: safe_system last argument is a boolean. * src/newusers.c: Avoid implicit conversion of boolean to integer. * src/newusers.c: Avoid implicit conversion of integer to boolean. * src/usermod.c: Add brackets. * src/usermod.c: Avoid implicit conversion of characters or integers to booleans. * src/vipw.c: Avoid implicit conversion of integer to boolean. * src/su.c: Avoid implicit conversion of integer to boolean. * src/su.c: Add brackets. * src/useradd.c: Avoid implicit conversion of characters or integers to booleans. --- ChangeLog | 52 +++++++++++++++++++++++++++++++++++++++++ lib/prototypes.h | 14 +++++------ libmisc/basename.c | 4 ++-- libmisc/chowndir.c | 4 +++- libmisc/chowntty.c | 2 +- libmisc/failure.c | 2 ++ libmisc/find_new_gid.c | 4 ++-- libmisc/find_new_uid.c | 4 ++-- libmisc/getdate.h | 2 +- libmisc/getgr_nam_gid.c | 2 +- libmisc/hushed.c | 2 +- libmisc/limits.c | 3 +-- libmisc/loginprompt.c | 2 +- libmisc/obscure.c | 19 ++++++++------- libmisc/salt.c | 2 +- libmisc/setupenv.c | 2 +- libmisc/shell.c | 9 +++---- libmisc/sub.c | 8 ++++--- libmisc/system.c | 21 +++++++++++------ libmisc/ttytype.c | 10 ++++---- libmisc/valid.c | 2 +- libmisc/xmalloc.c | 8 +++---- src/newusers.c | 4 ++-- src/su.c | 14 ++++++----- src/useradd.c | 4 ++-- src/userdel.c | 6 ++--- src/usermod.c | 10 ++++---- src/vipw.c | 4 ++-- 28 files changed, 146 insertions(+), 74 deletions(-) diff --git a/ChangeLog b/ChangeLog index 74ccce4c..86658fbe 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,55 @@ +2010-08-22 Nicolas François + + * libmisc/limits.c: Avoid implicit conversion of integer to + boolean. + * libmisc/basename.c: Avoid implicit conversion of pointer to + boolean. + * libmisc/basename.c, lib/prototypes.h (Basename): Return a + constant string. + * libmisc/basename.c, libmisc/obscure.c, lib/prototypes.h, + libmisc/xmalloc.c, libmisc/getdate.h, libmisc/system.c, + libmisc/getgr_nam_gid.c, libmisc/failure.c, libmisc/valid.c: Add + splint annotations. + * libmisc/chowndir.c: Avoid memory leak. + * libmisc/chowndir.c: Do not check *printf/*puts return value. + * libmisc/chowntty.c: Avoid implicit conversion between integer + types. + * libmisc/obscure.c: Return a bool when possible instead of int. + * libmisc/shell.c: Do not check *printf/*puts return value. + * libmisc/shell.c: Do not check execle return value. + * libmisc/setupenv.c: Avoid implicit conversion between integer + types. + * libmisc/xmalloc.c: size should not be zero to avoid returning + NULL pointers. + * libmisc/hushed.c: Do not check *printf/*puts return value. + * libmisc/system.c: Avoid implicit conversion of integer to + boolean. safe_system last argument is a boolean. + * libmisc/system.c: Check return value of dup2. + * libmisc/system.c: Do not check *printf/*puts return value. + * libmisc/system.c: Do not check execve return value. + * libmisc/salt.c: Do not check *printf/*puts return value. + * libmisc/loginprompt.c: Do not check gethostname return value. + * libmisc/find_new_gid.c, libmisc/find_new_uid.c: Do not check + gr_rewind/pw_rewind return value. + * libmisc/ttytype.c: Limit the number of parsed characters in the + sscanf format. + * libmisc/ttytype.c: Test if a type was really read. + * libmisc/sub.c: Do not check *printf/*puts return value. + * libmisc/sub.c: Avoid implicit conversion of integer to boolean. + * src/userdel.c: Fix typo in comment. + * src/userdel.c: Avoid implicit conversion of boolean to integer. + * src/userdel.c: safe_system last argument is a boolean. + * src/newusers.c: Avoid implicit conversion of boolean to integer. + * src/newusers.c: Avoid implicit conversion of integer to boolean. + * src/usermod.c: Add brackets. + * src/usermod.c: Avoid implicit conversion of characters or + integers to booleans. + * src/vipw.c: Avoid implicit conversion of integer to boolean. + * src/su.c: Avoid implicit conversion of integer to boolean. + * src/su.c: Add brackets. + * src/useradd.c: Avoid implicit conversion of characters or + integers to booleans. + 2010-08-22 Nicolas François * libmisc/obscure.c, lib/prototypes.h (obscure): Return a bool diff --git a/lib/prototypes.h b/lib/prototypes.h index a0f3ffa5..8f9db9c6 100644 --- a/lib/prototypes.h +++ b/lib/prototypes.h @@ -57,7 +57,7 @@ #include "defines.h" #include "commonio.h" -extern char *Prog; +extern /*@observer@*/ const char *Prog; /* addgrps.c */ #if defined (HAVE_SETGROUPS) && ! defined (USE_PAM) @@ -72,7 +72,7 @@ extern int isexpired (const struct passwd *, /*@null@*/const struct spwd *); /* basename() renamed to Basename() to avoid libc name space confusion */ /* basename.c */ -extern char *Basename (char *str); +extern /*@observer@*/const char *Basename (char *str); /* chowndir.c */ extern int chown_tree (const char *root, @@ -156,7 +156,7 @@ extern int find_new_uid (bool sys_user, extern int get_gid (const char *gidstr, gid_t *gid); /* getgr_nam_gid.c */ -extern /*@null@*/struct group *getgr_nam_gid (const char *grname); +extern /*@null@*/struct group *getgr_nam_gid (/*@null@*/const char *grname); /* getlong.c */ extern int getlong (const char *numstr, /*@out@*/long int *result); @@ -340,8 +340,8 @@ extern int shell (const char *file, /*@null@*/const char *arg, char *const envp[ /* system.c */ extern int safe_system (const char *command, const char *argv[], - const char *env[], - int ignore_stderr); + /*@null@*/const char *env[], + bool ignore_stderr); /* strtoday.c */ extern long strtoday (const char *); @@ -391,9 +391,9 @@ extern int setutmpx (struct utmpx *utx); extern bool valid (const char *, const struct passwd *); /* xmalloc.c */ -extern /*@maynotreturn@*/ /*@out@*//*@only@*/char *xmalloc (size_t size) +extern /*@maynotreturn@*/ /*@only@*//*@out@*//*@notnull@*/char *xmalloc (size_t size) /*@ensures MaxSet(result) == (size - 1); @*/; -extern /*@maynotreturn@*/ /*@only@*/char *xstrdup (const char *); +extern /*@maynotreturn@*/ /*@only@*//*@notnull@*/char *xstrdup (const char *); /* xgetpwnam.c */ extern /*@null@*/ /*@only@*/struct passwd *xgetpwnam (const char *); diff --git a/libmisc/basename.c b/libmisc/basename.c index b1962b84..0022aae9 100644 --- a/libmisc/basename.c +++ b/libmisc/basename.c @@ -42,9 +42,9 @@ #include "defines.h" #include "prototypes.h" -char *Basename (char *str) +/*@observer@*/const char *Basename (char *str) { char *cp = strrchr (str, '/'); - return cp ? cp + 1 : str; + return (NULL != cp) ? cp + 1 : str; } diff --git a/libmisc/chowndir.c b/libmisc/chowndir.c index 5179c6bf..b2973509 100644 --- a/libmisc/chowndir.c +++ b/libmisc/chowndir.c @@ -78,6 +78,7 @@ int chown_tree (const char *root, */ if (access (root, F_OK) != 0) { + free (new_name); return -1; } @@ -90,6 +91,7 @@ int chown_tree (const char *root, dir = opendir (root); if (NULL == dir) { + free (new_name); return -1; } @@ -120,7 +122,7 @@ int chown_tree (const char *root, new_name_len += 1024; } - snprintf (new_name, new_name_len, "%s/%s", root, ent->d_name); + (void) snprintf (new_name, new_name_len, "%s/%s", root, ent->d_name); /* Don't follow symbolic links! */ if (LSTAT (new_name, &sb) == -1) { diff --git a/libmisc/chowntty.c b/libmisc/chowntty.c index 0b2d9fb4..f6f5dbc5 100644 --- a/libmisc/chowntty.c +++ b/libmisc/chowntty.c @@ -72,7 +72,7 @@ void chown_tty (const struct passwd *info) */ if ( (fchown (STDIN_FILENO, info->pw_uid, gid) != 0) - || (fchmod (STDIN_FILENO, getdef_num ("TTYPERM", 0600)) != 0)) { + || (fchmod (STDIN_FILENO, (mode_t)getdef_num ("TTYPERM", 0600)) != 0)) { int err = errno; fprintf (stderr, diff --git a/libmisc/failure.c b/libmisc/failure.c index 8277836a..f6390a79 100644 --- a/libmisc/failure.c +++ b/libmisc/failure.c @@ -273,12 +273,14 @@ void failprint (const struct faillog *fail) lasttime++; } #endif + /*@-formatconst@*/ (void) printf (ngettext ("%d failure since last login.\n" "Last was %s on %s.\n", "%d failures since last login.\n" "Last was %s on %s.\n", (unsigned long) fail->fail_cnt), fail->fail_cnt, lasttime, fail->fail_line); + /*@=formatconst@*/ } /* diff --git a/libmisc/find_new_gid.c b/libmisc/find_new_gid.c index 8c54639c..ce534b62 100644 --- a/libmisc/find_new_gid.c +++ b/libmisc/find_new_gid.c @@ -115,7 +115,7 @@ int find_new_gid (bool sys_group, } } - gr_rewind (); + (void) gr_rewind (); while ((grp = gr_next ()) != NULL) { if ((grp->gr_gid <= group_id) && (grp->gr_gid >= gid_min)) { group_id = grp->gr_gid - 1; @@ -139,7 +139,7 @@ int find_new_gid (bool sys_group, } endgrent (); - gr_rewind (); + (void) gr_rewind (); while ((grp = gr_next ()) != NULL) { if ((grp->gr_gid >= group_id) && (grp->gr_gid <= gid_max)) { group_id = grp->gr_gid + 1; diff --git a/libmisc/find_new_uid.c b/libmisc/find_new_uid.c index 7b330c28..6077eb1e 100644 --- a/libmisc/find_new_uid.c +++ b/libmisc/find_new_uid.c @@ -115,7 +115,7 @@ int find_new_uid (bool sys_user, } } - pw_rewind (); + (void) pw_rewind (); while ((pwd = pw_next ()) != NULL) { if ((pwd->pw_uid <= user_id) && (pwd->pw_uid >= uid_min)) { user_id = pwd->pw_uid - 1; @@ -139,7 +139,7 @@ int find_new_uid (bool sys_user, } endpwent (); - pw_rewind (); + (void) pw_rewind (); while ((pwd = pw_next ()) != NULL) { if ((pwd->pw_uid >= user_id) && (pwd->pw_uid <= uid_max)) { user_id = pwd->pw_uid + 1; diff --git a/libmisc/getdate.h b/libmisc/getdate.h index d59b70a9..d1bb176d 100644 --- a/libmisc/getdate.h +++ b/libmisc/getdate.h @@ -35,5 +35,5 @@ #include #include "defines.h" -time_t get_date (const char *, const time_t *); +time_t get_date (const char *p, /*@null@*/const time_t *now); #endif diff --git a/libmisc/getgr_nam_gid.c b/libmisc/getgr_nam_gid.c index 39e44193..b2556c41 100644 --- a/libmisc/getgr_nam_gid.c +++ b/libmisc/getgr_nam_gid.c @@ -44,7 +44,7 @@ * The string may be a valid GID or a valid groupname. * If the group does not exist on the system, NULL is returned. */ -extern /*@null@*/struct group *getgr_nam_gid (const char *grname) +extern /*@null@*/struct group *getgr_nam_gid (/*@null@*/const char *grname) { long long int gid; char *endptr; diff --git a/libmisc/hushed.c b/libmisc/hushed.c index 374d5f29..b71b99ce 100644 --- a/libmisc/hushed.c +++ b/libmisc/hushed.c @@ -76,7 +76,7 @@ bool hushed (const char *username) */ if (hushfile[0] != '/') { - snprintf (buf, sizeof (buf), "%s/%s", pw->pw_dir, hushfile); + (void) snprintf (buf, sizeof (buf), "%s/%s", pw->pw_dir, hushfile); return (access (buf, F_OK) == 0); } diff --git a/libmisc/limits.c b/libmisc/limits.c index 016427c1..1dc316ab 100644 --- a/libmisc/limits.c +++ b/libmisc/limits.c @@ -547,8 +547,7 @@ void setup_limits (const struct passwd *info) if (getdef_bool ("QUOTAS_ENAB")) { #ifdef LIMITS if (info->pw_uid != 0) { - if (setup_user_limits (info->pw_name) & - LOGIN_ERROR_LOGIN) { + if ((setup_user_limits (info->pw_name) & LOGIN_ERROR_LOGIN) != 0) { (void) fputs (_("Too many logins.\n"), stderr); (void) sleep (2); /* XXX: Should be FAIL_DELAY */ exit (EXIT_FAILURE); diff --git a/libmisc/loginprompt.c b/libmisc/loginprompt.c index af27c408..239bc175 100644 --- a/libmisc/loginprompt.c +++ b/libmisc/loginprompt.c @@ -98,7 +98,7 @@ void login_prompt (const char *prompt, char *name, int namesize) (void) fclose (fp); } } - gethostname (buf, sizeof buf); + (void) gethostname (buf, sizeof buf); printf (prompt, buf); (void) fflush (stdout); } diff --git a/libmisc/obscure.c b/libmisc/obscure.c index 8aaab3b2..a0751237 100644 --- a/libmisc/obscure.c +++ b/libmisc/obscure.c @@ -69,7 +69,7 @@ static bool palindrome (unused const char *old, const char *new) * more than half of the characters are different ones. */ -static bool similar (const char *old, const char *new) +static bool similar (/*@notnull@*/const char *old, /*@notnull@*/const char *new) { int i, j; @@ -100,7 +100,7 @@ static bool similar (const char *old, const char *new) * a nice mix of characters. */ -static int simple (unused const char *old, const char *new) +static bool simple (unused const char *old, const char *new) { bool digits = false; bool uppers = false; @@ -147,7 +147,7 @@ static int simple (unused const char *old, const char *new) return true; } -static char *str_lower (char *string) +static char *str_lower (/*@returned@*/char *string) { char *cp; @@ -157,8 +157,10 @@ static char *str_lower (char *string) return string; } -static const char *password_check (const char *old, const char *new, - const struct passwd *pwdp) +static /*@observer@*//*@null@*/const char *password_check ( + /*@notnull@*/const char *old, + /*@notnull@*/const char *new, + /*@notnull@*/const struct passwd *pwdp) { const char *msg = NULL; char *oldmono, *newmono, *wrapped; @@ -219,9 +221,10 @@ static const char *password_check (const char *old, const char *new, return msg; } -/*ARGSUSED*/ -static const char *obscure_msg (const char *old, const char *new, - const struct passwd *pwdp) +static /*@observer@*//*@null@*/const char *obscure_msg ( + /*@notnull@*/const char *old, + /*@notnull@*/const char *new, + /*@notnull@*/const struct passwd *pwdp) { size_t maxlen, oldlen, newlen; char *new1, *old1; diff --git a/libmisc/salt.c b/libmisc/salt.c index 99233c68..dcf39de0 100644 --- a/libmisc/salt.c +++ b/libmisc/salt.c @@ -150,7 +150,7 @@ static /*@observer@*/const char *SHA_salt_rounds (/*@null@*/int *prefered_rounds rounds = ROUNDS_MAX; } - snprintf (rounds_prefix, 18, "rounds=%ld$", rounds); + (void) snprintf (rounds_prefix, 18, "rounds=%ld$", rounds); /* Sanity checks. That should not be necessary. */ rounds_prefix[17] = '\0'; diff --git a/libmisc/setupenv.c b/libmisc/setupenv.c index cb67361b..74170e81 100644 --- a/libmisc/setupenv.c +++ b/libmisc/setupenv.c @@ -74,7 +74,7 @@ static void read_env_file (const char *filename) if (NULL == fp) { return; } - while (fgets (buf, sizeof buf, fp) == buf) { + while (fgets (buf, (int)(sizeof buf), fp) == buf) { cp = strrchr (buf, '\n'); if (NULL == cp) { break; diff --git a/libmisc/shell.c b/libmisc/shell.c index e253ae3f..92bfc2bc 100644 --- a/libmisc/shell.c +++ b/libmisc/shell.c @@ -68,7 +68,8 @@ int shell (const char *file, /*@null@*/const char *arg, char *const envp[]) * don't want to tell us what it is themselves. */ if (arg == (char *) 0) { - snprintf (arg0, sizeof arg0, "-%s", Basename ((char *) file)); + (void) snprintf (arg0, sizeof arg0, "-%s", Basename ((char *) file)); + arg0[sizeof arg0 - 1] = '\0'; arg = arg0; } @@ -77,7 +78,7 @@ int shell (const char *file, /*@null@*/const char *arg, char *const envp[]) * able to figure out what we are up to without too much * grief. */ - execle (file, arg, (char *) 0, envp); + (void) execle (file, arg, (char *) 0, envp); err = errno; if (access (file, R_OK|X_OK) == 0) { @@ -85,7 +86,7 @@ int shell (const char *file, /*@null@*/const char *arg, char *const envp[]) * Assume this is a shell script (with no shebang). * Interpret it with /bin/sh */ - execle (SHELL, "sh", "-", file, (char *)0, envp); + (void) execle (SHELL, "sh", "-", file, (char *)0, envp); err = errno; } @@ -94,7 +95,7 @@ int shell (const char *file, /*@null@*/const char *arg, char *const envp[]) * how to execute this stupid shell, so I might as well give * up in disgust ... */ - snprintf (arg0, sizeof arg0, _("Cannot execute %s"), file); + (void) snprintf (arg0, sizeof arg0, _("Cannot execute %s"), file); errno = err; perror (arg0); return err; diff --git a/libmisc/sub.c b/libmisc/sub.c index ed879c20..36ac396c 100644 --- a/libmisc/sub.c +++ b/libmisc/sub.c @@ -66,11 +66,13 @@ void subsystem (const struct passwd *pw) * must be able to change into it. */ - if (chdir (pw->pw_dir) || chroot (pw->pw_dir)) { - printf (_("Can't change root directory to '%s'\n"), - pw->pw_dir); + if ( (chdir (pw->pw_dir) != 0) + || (chroot (pw->pw_dir) != 0)) { + (void) printf (_("Can't change root directory to '%s'\n"), + pw->pw_dir); SYSLOG ((LOG_WARN, NO_SUBROOT2, pw->pw_dir, pw->pw_name)); closelog (); exit (EXIT_FAILURE); } } + diff --git a/libmisc/system.c b/libmisc/system.c index bcd7bb7e..95054165 100644 --- a/libmisc/system.c +++ b/libmisc/system.c @@ -1,5 +1,6 @@ /* * Copyright (c) 2009 , Dan Walsh + * Copyright (c) 2010 , Nicolas François * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -38,8 +39,8 @@ int safe_system (const char *command, const char *argv[], - const char *env[], - int ignore_stderr) + /*@null@*/const char *env[], + bool ignore_stderr) { int status = -1; int fd; @@ -50,7 +51,7 @@ int safe_system (const char *command, return -1; } - if (pid) { /* Parent */ + if (pid != 0) { /* Parent */ if (waitpid (pid, &status, 0) > 0) { return status; } else { @@ -60,13 +61,19 @@ int safe_system (const char *command, fd = open ("/dev/null", O_RDWR); /* Child */ - dup2 (fd, 0); /* Close Stdin */ + /* Close Stdin */ + if (dup2 (fd, 0) == -1) { + exit (EXIT_FAILURE); + } if (ignore_stderr) { - dup2 (fd, 2); /* Close Stderr */ + /* Close Stderr */ + if (dup2 (fd, 2) == -1) { + exit (EXIT_FAILURE); + } } - execve (command, (char *const *) argv, (char *const *) env); - fprintf (stderr, _("Failed to exec '%s'\n"), argv[0]); + (void) execve (command, (char *const *) argv, (char *const *) env); + (void) fprintf (stderr, _("Failed to exec '%s'\n"), argv[0]); exit (EXIT_FAILURE); } diff --git a/libmisc/ttytype.c b/libmisc/ttytype.c index aa31dfe5..06e79444 100644 --- a/libmisc/ttytype.c +++ b/libmisc/ttytype.c @@ -47,8 +47,8 @@ void ttytype (const char *line) char buf[BUFSIZ]; const char *typefile; char *cp; - char type[BUFSIZ]; - char port[BUFSIZ]; + char type[1024] = ""; + char port[1024]; if (getenv ("TERM") != NULL) { return; @@ -76,12 +76,12 @@ void ttytype (const char *line) *cp = '\0'; } - if ((sscanf (buf, "%s %s", type, port) == 2) && - (strcmp (line, port) == 0)) { + if ( (sscanf (buf, "%1023s %1023s", type, port) == 2) + && (strcmp (line, port) == 0)) { break; } } - if ((feof (fp) == 0) && (ferror (fp) == 0)) { + if ((feof (fp) == 0) && (ferror (fp) == 0) && (type[0] != '\0')) { addenv ("TERM", type); } diff --git a/libmisc/valid.c b/libmisc/valid.c index 42c0dbc3..aa0390a5 100644 --- a/libmisc/valid.c +++ b/libmisc/valid.c @@ -52,7 +52,7 @@ bool valid (const char *password, const struct passwd *ent) { const char *encrypted; - const char *salt; + /*@observer@*/const char *salt; /* * Start with blank or empty password entries. Always encrypt diff --git a/libmisc/xmalloc.c b/libmisc/xmalloc.c index 6c34d9b2..665de65c 100644 --- a/libmisc/xmalloc.c +++ b/libmisc/xmalloc.c @@ -47,19 +47,19 @@ #include "defines.h" #include "prototypes.h" -char *xmalloc (size_t size) +/*@maynotreturn@*/ /*@only@*//*@out@*//*@notnull@*/char *xmalloc (size_t size) { char *ptr; ptr = (char *) malloc (size); - if ((NULL == ptr) && (0 != size)) { - fprintf (stderr, _("malloc(%d) failed\n"), (int) size); + if (NULL == ptr) { + (void) fprintf (stderr, _("malloc(%d) failed\n"), (int) size); exit (13); } return ptr; } -char *xstrdup (const char *str) +/*@maynotreturn@*/ /*@only@*//*@notnull@*/char *xstrdup (const char *str) { return strcpy (xmalloc (strlen (str) + 1), str); } diff --git a/src/newusers.c b/src/newusers.c index 85b2a959..62cd3daa 100644 --- a/src/newusers.c +++ b/src/newusers.c @@ -378,7 +378,7 @@ static int add_user (const char *name, uid_t uid, gid_t gid) pwent.pw_dir = ""; /* XXX warning: const */ pwent.pw_shell = ""; /* XXX warning: const */ - return (pw_update (&pwent) == 0); + return (pw_update (&pwent) == 0) ? -1 : 0; } #ifndef USE_PAM @@ -976,7 +976,7 @@ int main (int argc, char **argv) usernames[nusers-1] = strdup (fields[0]); passwords[nusers-1] = strdup (fields[1]); #endif /* USE_PAM */ - if (add_passwd (&newpw, fields[1])) { + if (add_passwd (&newpw, fields[1]) != 0) { fprintf (stderr, _("%s: line %d: can't update password\n"), Prog, line); diff --git a/src/su.c b/src/su.c index 9ef0b210..304bb281 100644 --- a/src/su.c +++ b/src/su.c @@ -127,12 +127,13 @@ static RETSIGTYPE die (int killed) { static TERMIO sgtty; - if (killed) + if (killed != 0) { STTY (0, &sgtty); - else + } else { GTTY (0, &sgtty); + } - if (killed) { + if (killed != 0) { closelog (); exit (128+killed); } @@ -813,8 +814,9 @@ int main (int argc, char **argv) * The first character of an administrator defined method is an '@' * character. */ - if (!amroot && pw_auth (pwent.pw_passwd, name, PW_SU, (char *) 0)) { - SYSLOG ((pwent.pw_uid ? LOG_NOTICE : LOG_WARN, + if ( !amroot + && (pw_auth (pwent.pw_passwd, name, PW_SU, (char *) 0) != 0)) { + SYSLOG (((pwent.pw_uid != 0)? LOG_NOTICE : LOG_WARN, "Authentication failed for %s", name)); fprintf(stderr, _("%s: Authentication failure\n"), Prog); su_failure (tty); @@ -831,7 +833,7 @@ int main (int argc, char **argv) spwd = pwd_to_spwd (&pwent); } - if (expire (&pwent, spwd)) { + if (expire (&pwent, spwd) != 0) { /* !USE_PAM, no need for xgetpwnam */ struct passwd *pwd = getpwnam (name); diff --git a/src/useradd.c b/src/useradd.c index 661d6bcc..0b15a8f5 100644 --- a/src/useradd.c +++ b/src/useradd.c @@ -1731,7 +1731,7 @@ static void usr_update (void) static void selinux_update_mapping (void) { if (is_selinux_enabled () <= 0) return; - if (*user_selinux) { /* must be done after passwd write() */ + if ('\0' != *user_selinux) { /* must be done after passwd write() */ const char *argv[7]; argv[0] = "/usr/sbin/semanage"; argv[1] = "login"; @@ -1740,7 +1740,7 @@ static void selinux_update_mapping (void) { argv[4] = user_selinux; argv[5] = user_name; argv[6] = NULL; - if (safe_system (argv[0], argv, NULL, 0)) { + if (safe_system (argv[0], argv, NULL, false) != 0) { fprintf (stderr, _("%s: warning: the user name %s to %s SELinux user mapping failed.\n"), Prog, user_name, user_selinux); diff --git a/src/userdel.c b/src/userdel.c index 14233920..817464ed 100644 --- a/src/userdel.c +++ b/src/userdel.c @@ -632,7 +632,7 @@ static bool path_prefix (const char *s1, const char *s2) * * Return * 1: path exists and is owned by uid - * 0: path is not owned by uid, or a failure occured + * 0: path is not owned by uid, or a failure occurred * -1: path does not exist */ static int is_owner (uid_t uid, const char *path) @@ -648,7 +648,7 @@ static int is_owner (uid_t uid, const char *path) return 0; } } - return (st.st_uid == uid); + return (st.st_uid == uid) ? 1 : 0; } static int remove_mailbox (void) @@ -1043,7 +1043,7 @@ int main (int argc, char **argv) args[2] = "-d"; args[3] = user_name; args[4] = NULL; - safe_system (args[0], args, NULL, 1); + safe_system (args[0], args, NULL, true); } #endif /* WITH_SELINUX */ diff --git a/src/usermod.c b/src/usermod.c index 22240abd..5918cbd3 100644 --- a/src/usermod.c +++ b/src/usermod.c @@ -1851,9 +1851,11 @@ int main (int argc, char **argv) static void selinux_update_mapping (void) { const char *argv[7]; - if (is_selinux_enabled () <= 0) return; + if (is_selinux_enabled () <= 0) { + return; + } - if (*user_selinux) { + if ('\0' != *user_selinux) { argv[0] = "/usr/sbin/semanage"; argv[1] = "login"; argv[2] = "-m"; @@ -1861,9 +1863,9 @@ static void selinux_update_mapping (void) { argv[4] = user_selinux; argv[5] = user_name; argv[6] = NULL; - if (safe_system (argv[0], argv, NULL, 1)) { + if (safe_system (argv[0], argv, NULL, true) != 0) { argv[2] = "-a"; - if (safe_system (argv[0], argv, NULL, 0)) { + if (safe_system (argv[0], argv, NULL, false) != 0) { fprintf (stderr, _("%s: warning: the user name %s to %s SELinux user mapping failed.\n"), Prog, user_name, user_selinux); diff --git a/src/vipw.c b/src/vipw.c index b5caf65f..9f411831 100644 --- a/src/vipw.c +++ b/src/vipw.c @@ -231,7 +231,7 @@ vipwedit (const char *file, int (*file_lock) (void), int (*file_unlock) (void)) #ifdef WITH_SELINUX /* if SE Linux is enabled then set the context of all new files to be the context of the file we are editing */ - if (is_selinux_enabled ()) { + if (is_selinux_enabled () != 0) { security_context_t passwd_context=NULL; int ret = 0; if (getfilecon (file, &passwd_context) < 0) { @@ -332,7 +332,7 @@ vipwedit (const char *file, int (*file_lock) (void), int (*file_unlock) (void)) } #ifdef WITH_SELINUX /* unset the fscreatecon */ - if (is_selinux_enabled ()) { + if (is_selinux_enabled () != 0) { if (setfscreatecon (NULL) != 0) { vipwexit (_("setfscreatecon () failed"), errno, 1); }