diff --git a/ChangeLog b/ChangeLog index 3f8be8fa..442b578c 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,14 @@ +2009-04-22 Nicolas François + + * libmisc/xgetXXbyYY.c, libmisc/myname.c, libmisc/getgr_nam_gid.c, + libmisc/salt.c, libmisc/list.c, libmisc/cleanup.c, src/login.c, + lib/getdef.h, lib/groupio.c, lib/getlong.c, lib/gshadow_.h, + lib/sgroupio.c, lib/shadowio.c, lib/pwio.c, lib/commonio.h, + lib/fputsx.c, lib/prototypes.h: Added splint annotations. + * lib/groupio.c: Avoid implicit conversion of pointers to + booleans. + * lib/groupio.c: Free allocated buffers in case of failure. + 2009-04-22 Nicolas François * lib/defines.h: Added splint definitions to replace diff --git a/lib/getdef.h b/lib/getdef.h index 39e02a23..15e35ff7 100644 --- a/lib/getdef.h +++ b/lib/getdef.h @@ -38,7 +38,7 @@ extern long getdef_long (const char *, long); extern int getdef_num (const char *, int); extern unsigned long getdef_ulong (const char *, unsigned long); extern unsigned int getdef_unum (const char *, unsigned int); -extern char *getdef_str (const char *); +extern /*@observer@*/ /*@null@*/const char *getdef_str (const char *); extern int putdef_str (const char *, const char *); /* default UMASK value if not specified in /etc/login.defs */ diff --git a/lib/getlong.c b/lib/getlong.c index d1820847..367ae9f8 100644 --- a/lib/getlong.c +++ b/lib/getlong.c @@ -42,7 +42,7 @@ * * Returns 0 on failure, 1 on success. */ -int getlong (const char *numstr, long int *result) +int getlong (const char *numstr, /*@out@*/long int *result) { long val; char *endptr; diff --git a/lib/groupio.c b/lib/groupio.c index 965a430c..72b5c949 100644 --- a/lib/groupio.c +++ b/lib/groupio.c @@ -43,12 +43,13 @@ #include "getdef.h" #include "groupio.h" -static struct commonio_entry *merge_group_entries (struct commonio_entry *gr1, - struct commonio_entry *gr2); +static /*@null@*/struct commonio_entry *merge_group_entries ( + /*@null@*/struct commonio_entry *gr1, + /*@null@*/struct commonio_entry *gr2); static int split_groups (unsigned int max_members); static int group_open_hook (void); -static void *group_dup (const void *ent) +static /*@null@*/ /*@only@*/void *group_dup (const void *ent) { const struct group *gr = ent; @@ -245,8 +246,8 @@ static int group_open_hook (void) return 1; } - for (gr1 = group_db.head; gr1; gr1 = gr1->next) { - for (gr2 = gr1->next; gr2; gr2 = gr2->next) { + for (gr1 = group_db.head; NULL != gr1; gr1 = gr1->next) { + for (gr2 = gr1->next; NULL != gr2; gr2 = gr2->next) { struct group *g1 = (struct group *)gr1->eptr; struct group *g2 = (struct group *)gr2->eptr; if (NULL != g1 && @@ -284,8 +285,9 @@ static int group_open_hook (void) * the modified first entry on success, or NULL on failure (with errno * set). */ -static struct commonio_entry *merge_group_entries (struct commonio_entry *gr1, - struct commonio_entry *gr2) +static /*@null@*/struct commonio_entry *merge_group_entries ( + /*@null@*/struct commonio_entry *gr1, + /*@null@*/struct commonio_entry *gr2) { struct group *gptr1; struct group *gptr2; @@ -332,6 +334,7 @@ static struct commonio_entry *merge_group_entries (struct commonio_entry *gr1, } new_members = (char **)malloc ( (members+1) * sizeof(char*) ); if (NULL == new_members) { + free (new_line); errno = ENOMEM; return NULL; } @@ -370,7 +373,7 @@ static int split_groups (unsigned int max_members) { struct commonio_entry *gr; - for (gr = group_db.head; gr; gr = gr->next) { + for (gr = group_db.head; NULL != gr; gr = gr->next) { struct group *gptr = (struct group *)gr->eptr; struct commonio_entry *new; struct group *new_gptr; @@ -392,6 +395,7 @@ static int split_groups (unsigned int max_members) } new->eptr = group_dup(gr->eptr); if (NULL == new->eptr) { + free (new); errno = ENOMEM; return 0; } diff --git a/lib/gshadow_.h b/lib/gshadow_.h index fabfd237..851463bd 100644 --- a/lib/gshadow_.h +++ b/lib/gshadow_.h @@ -54,18 +54,18 @@ struct sgrp { #include /* for FILE */ #if __STDC__ -struct sgrp *getsgent (void); -struct sgrp *getsgnam (const char *); -struct sgrp *sgetsgent (const char *); -struct sgrp *fgetsgent (FILE *); +/*@observer@*//*@null@*/struct sgrp *getsgent (void); +/*@observer@*//*@null@*/struct sgrp *getsgnam (const char *); +/*@observer@*//*@null@*/struct sgrp *sgetsgent (const char *); +/*@observer@*//*@null@*/struct sgrp *fgetsgent (/*@null@*/FILE *); void setsgent (void); void endsgent (void); int putsgent (const struct sgrp *, FILE *); #else -struct sgrp *getsgent (); -struct sgrp *getsgnam (); -struct sgrp *sgetsgent (); -struct sgrp *fgetsgent (); +/*@observer@*//*@null@*/struct sgrp *getsgent (); +/*@observer@*//*@null@*/struct sgrp *getsgnam (); +/*@observer@*//*@null@*/struct sgrp *sgetsgent (); +/*@observer@*//*@null@*/struct sgrp *fgetsgent (); void setsgent (); void endsgent (); int putsgent (); diff --git a/lib/prototypes.h b/lib/prototypes.h index ef7a74a5..cd0044bd 100644 --- a/lib/prototypes.h +++ b/lib/prototypes.h @@ -80,8 +80,8 @@ extern int chown_tree (const char *, uid_t, uid_t, gid_t, gid_t); extern void chown_tty (const struct passwd *); /* cleanup.c */ -typedef void (*cleanup_function) (void *arg); -void add_cleanup (cleanup_function pcf, void *arg); +typedef void (*cleanup_function) (/*@null@*/void *arg); +void add_cleanup (cleanup_function pcf, /*@null@*/void *arg); void del_cleanup (cleanup_function pcf); void do_cleanups (void); @@ -104,11 +104,11 @@ void cleanup_report_del_group_gshadow (void *group_name); void cleanup_report_mod_passwd (void *cleanup_info); void cleanup_report_mod_group (void *cleanup_info); void cleanup_report_mod_gshadow (void *cleanup_info); -void cleanup_unlock_group (void *unused); +void cleanup_unlock_group (/*@null@*/void *unused); #ifdef SHADOWGRP -void cleanup_unlock_gshadow (void *unused); +void cleanup_unlock_gshadow (/*@null@*/void *unused); #endif -void cleanup_unlock_passwd (void *unused); +void cleanup_unlock_passwd (/*@null@*/void *unused); /* console.c */ extern bool console (const char *); @@ -148,10 +148,10 @@ extern int find_new_uid (bool sys_user, uid_t *uid, uid_t const *preferred_uid); extern int get_gid (const char *gidstr, gid_t *gid); /* getgr_nam_gid.c */ -extern struct group *getgr_nam_gid (const char *grname); +extern /*@null@*/struct group *getgr_nam_gid (const char *grname); /* getlong.c */ -extern int getlong (const char *numstr, long int *result); +extern int getlong (const char *numstr, /*@out@*/long int *result); /* getrange */ extern int getrange (char *range, @@ -162,7 +162,7 @@ extern int getrange (char *range, extern int get_uid (const char *uidstr, uid_t *uid); /* fputsx.c */ -extern char *fgetsx (char *, int, FILE *); +extern /*@null@*/char *fgetsx (/*@returned@*/ /*@out@*/char *, int, FILE *); extern int fputsx (const char *, FILE *); /* groupio.c */ @@ -199,11 +199,11 @@ extern void setup_limits (const struct passwd *); #endif /* list.c */ -extern char **add_list (char **, const char *); -extern char **del_list (char **, const char *); -extern char **dup_list (char *const *); +extern /*@only@*/ /*@out@*/char **add_list (/*@returned@*/ /*@only@*/char **, const char *); +extern /*@only@*/ /*@out@*/char **del_list (/*@returned@*/ /*@only@*/char **, const char *); +extern /*@only@*/ /*@out@*/char **dup_list (char *const *); extern bool is_on_list (char *const *list, const char *member); -extern char **comma_to_list (const char *); +extern /*@only@*/char **comma_to_list (const char *); /* log.c */ extern void dolastlog (struct lastlog *ll, @@ -224,7 +224,7 @@ extern void mailcheck (void); extern void motd (void); /* myname.c */ -extern struct passwd *get_my_pwent (void); +extern /*@null@*/struct passwd *get_my_pwent (void); /* obscure.c */ #ifndef USE_PAM @@ -266,7 +266,7 @@ extern int do_rlogin (const char *remote_host, char *name, size_t namelen, char *term, size_t termlen); /* salt.c */ -extern char *crypt_make_salt (const char *meth, void *arg); +extern /*@observer@*/const char *crypt_make_salt (/*@null@*/const char *meth, /*@null@*/void *arg); /* setugid.c */ extern int setup_groups (const struct passwd *info); @@ -367,15 +367,15 @@ extern /*@maynotreturn@*/ /*@only@*/char *xmalloc (size_t); extern /*@maynotreturn@*/ /*@only@*/char *xstrdup (const char *); /* xgetpwnam.c */ -extern struct passwd *xgetpwnam (const char *); +extern /*@null@*/ /*@only@*/struct passwd *xgetpwnam (const char *); /* xgetpwuid.c */ -extern struct passwd *xgetpwuid (uid_t); +extern /*@null@*/ /*@only@*/struct passwd *xgetpwuid (uid_t); /* xgetgrnam.c */ -extern struct group *xgetgrnam (const char *); +extern /*@null@*/ /*@only@*/struct group *xgetgrnam (const char *); /* xgetgrgid.c */ -extern struct group *xgetgrgid (gid_t); +extern /*@null@*/ /*@only@*/struct group *xgetgrgid (gid_t); /* xgetspnam.c */ -extern struct spwd *xgetspnam(const char *); +extern /*@null@*/ /*@only@*/struct spwd *xgetspnam(const char *); /* yesno.c */ extern bool yes_or_no (bool read_only); diff --git a/lib/pwio.c b/lib/pwio.c index 3b1d090b..0489548a 100644 --- a/lib/pwio.c +++ b/lib/pwio.c @@ -42,7 +42,7 @@ #include "commonio.h" #include "pwio.h" -static void *passwd_dup (const void *ent) +static /*@null@*/ /*@only@*/void *passwd_dup (const void *ent) { const struct passwd *pw = ent; diff --git a/lib/sgroupio.c b/lib/sgroupio.c index d2482989..8437970c 100644 --- a/lib/sgroupio.c +++ b/lib/sgroupio.c @@ -42,7 +42,7 @@ #include "commonio.h" #include "sgroupio.h" -struct sgrp *__sgr_dup (const struct sgrp *sgent) +/*@null@*/ /*@only@*/struct sgrp *__sgr_dup (const struct sgrp *sgent) { struct sgrp *sg; int i; @@ -90,7 +90,7 @@ struct sgrp *__sgr_dup (const struct sgrp *sgent) return sg; } -static void *gshadow_dup (const void *ent) +static /*@null@*/ /*@only@*/void *gshadow_dup (const void *ent) { const struct sgrp *sg = ent; diff --git a/lib/shadowio.c b/lib/shadowio.c index 1ad1a2dd..7921c996 100644 --- a/lib/shadowio.c +++ b/lib/shadowio.c @@ -42,7 +42,7 @@ #include "commonio.h" #include "shadowio.h" -static void *shadow_dup (const void *ent) +static /*@null@*/ /*@only@*/void *shadow_dup (const void *ent) { const struct spwd *sp = ent; diff --git a/libmisc/cleanup.c b/libmisc/cleanup.c index 963c652d..732934c4 100644 --- a/libmisc/cleanup.c +++ b/libmisc/cleanup.c @@ -75,7 +75,7 @@ void do_cleanups (void) /* * add_cleanup - Add a cleanup_function to the cleanup_functions stack. */ -void add_cleanup (cleanup_function pcf, void *arg) +void add_cleanup (cleanup_function pcf, /*@null@*/void *arg) { unsigned int i; assert (NULL != pcf); diff --git a/libmisc/getgr_nam_gid.c b/libmisc/getgr_nam_gid.c index 5398a2d9..b0ca8c6c 100644 --- a/libmisc/getgr_nam_gid.c +++ b/libmisc/getgr_nam_gid.c @@ -44,7 +44,7 @@ * The string may be a valid GID or a valid groupname. * If the group does not exist on the system, NULL is returned. */ -extern struct group *getgr_nam_gid (const char *grname) +extern /*@null@*/struct group *getgr_nam_gid (const char *grname) { long long int gid; char *endptr; diff --git a/libmisc/list.c b/libmisc/list.c index 1b243912..f9aa0b85 100644 --- a/libmisc/list.c +++ b/libmisc/list.c @@ -43,7 +43,7 @@ * name, and if not present it is added to a freshly allocated * list of users. */ -char **add_list (char **list, const char *member) +/*@only@*/ /*@out@*/char **add_list (/*@returned@*/ /*@only@*/char **list, const char *member) { int i; char **tmp; @@ -93,7 +93,7 @@ char **add_list (char **list, const char *member) * list of users. */ -char **del_list (char **list, const char *member) +/*@only@*/ /*@out@*/char **del_list (/*@returned@*/ /*@only@*/char **list, const char *member) { int i, j; char **tmp; @@ -141,7 +141,7 @@ char **del_list (char **list, const char *member) return tmp; } -char **dup_list (char *const *list) +/*@only@*/ /*@out@*/char **dup_list (char *const *list) { int i; char **tmp; @@ -182,12 +182,13 @@ bool is_on_list (char *const *list, const char *member) * comma_to_list - convert comma-separated list to (char *) array */ -char **comma_to_list (const char *comma) +/*@only@*/char **comma_to_list (const char *comma) { char *members; char **array; int i; - char *cp, *cp2; + const char *cp; + char *cp2; assert (NULL != comma); diff --git a/libmisc/myname.c b/libmisc/myname.c index f22f5ab3..309cfdba 100644 --- a/libmisc/myname.c +++ b/libmisc/myname.c @@ -1,7 +1,7 @@ /* * Copyright (c) 1996 - 1997, Marek Michałkiewicz * Copyright (c) 2003 - 2005, Tomasz Kłoczko - * Copyright (c) 2007 - 2008, Nicolas François + * Copyright (c) 2007 - 2009, Nicolas François * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -41,7 +41,7 @@ #include "defines.h" #include #include "prototypes.h" -struct passwd *get_my_pwent (void) +/*@null@*/struct passwd *get_my_pwent (void) { struct passwd *pw; const char *cp = getlogin (); diff --git a/libmisc/salt.c b/libmisc/salt.c index d73646f6..68126293 100644 --- a/libmisc/salt.c +++ b/libmisc/salt.c @@ -21,14 +21,14 @@ /* local function prototypes */ static void seedRNG (void); -static char *gensalt (size_t salt_size); +static /*@observer@*/const char *gensalt (size_t salt_size); #ifdef USE_SHA_CRYPT static size_t SHA_salt_size (void); -static const char *SHA_salt_rounds (int *prefered_rounds); +static /*@observer@*/const char *SHA_salt_rounds (/*@null@*/int *prefered_rounds); #endif /* USE_SHA_CRYPT */ #ifndef HAVE_L64A -static char *l64a(long value) +static /*@observer@*/char *l64a(long value) { static char buf[8]; char *s = buf; @@ -104,7 +104,7 @@ static size_t SHA_salt_size (void) /* * Return a salt prefix specifying the rounds number for the SHA crypt methods. */ -static const char *SHA_salt_rounds (int *prefered_rounds) +static /*@observer@*/const char *SHA_salt_rounds (/*@null@*/int *prefered_rounds) { static char rounds_prefix[18]; long rounds; @@ -168,7 +168,7 @@ static const char *SHA_salt_rounds (int *prefered_rounds) #define MAX_SALT_SIZE 16 #define MIN_SALT_SIZE 8 -static char *gensalt (size_t salt_size) +static /*@observer@*/const char *gensalt (size_t salt_size) { static char salt[32]; @@ -202,7 +202,7 @@ static char *gensalt (size_t salt_size) * * For the SHA256 and SHA512 method, this specifies the number of rounds * (if not NULL). */ -char *crypt_make_salt (const char *meth, void *arg) +/*@observer@*/const char *crypt_make_salt (/*@null@*/const char *meth, /*@null@*/void *arg) { /* Max result size for the SHA methods: * +3 $5$ diff --git a/libmisc/xgetXXbyYY.c b/libmisc/xgetXXbyYY.c index db41a18e..6419aa90 100644 --- a/libmisc/xgetXXbyYY.c +++ b/libmisc/xgetXXbyYY.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2007 - 2008, Nicolas François + * Copyright (c) 2007 - 2009, Nicolas François * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -64,7 +64,7 @@ #define STRINGIZE(name) STRINGIZE1 (name) #define STRINGIZE1(name) #name -LOOKUP_TYPE *XFUNCTION_NAME (ARG_TYPE ARG_NAME) +/*@null@*/ /*@only@*/LOOKUP_TYPE *XFUNCTION_NAME (ARG_TYPE ARG_NAME) { #if HAVE_FUNCTION_R LOOKUP_TYPE *result=NULL; diff --git a/src/login.c b/src/login.c index 88009b7d..928a9d44 100644 --- a/src/login.c +++ b/src/login.c @@ -123,11 +123,11 @@ extern char **environ; static void usage (void); static void setup_tty (void); static void process_flags (int argc, char *const *argv); -static const char *get_failent_user (/*@returned@*/const char *user); +static /*@observer@*/const char *get_failent_user (/*@returned@*/const char *user); static void update_utmp (const char *username, const char *tty, const char *hostname, - const struct utmp *utent); + /*@null@*/const struct utmp *utent); #ifndef USE_PAM static struct faillog faillog; @@ -194,13 +194,13 @@ static void setup_tty (void) /* Make sure the values were valid. * getdef_num cannot validate this. */ - if (erasechar != termio.c_cc[VERASE]) { + if (erasechar != (int) termio.c_cc[VERASE]) { fprintf (stderr, _("configuration error - cannot parse %s value: '%d'"), "ERASECHAR", erasechar); exit (1); } - if (killchar != termio.c_cc[VKILL]) { + if (killchar != (int) termio.c_cc[VKILL]) { fprintf (stderr, _("configuration error - cannot parse %s value: '%d'"), "KILLCHAR", killchar); @@ -454,7 +454,7 @@ static void get_pam_user (char **ptr_pam_user) * It is quite common to mistyped the password for username, and passwords * should not be logged. */ -static const char *get_failent_user (/*@returned@*/const char *user) +static /*@observer@*/const char *get_failent_user (/*@returned@*/const char *user) { const char *failent_user = "UNKNOWN"; bool log_unkfail_enab = getdef_bool("LOG_UNKFAIL_ENAB"); @@ -1000,7 +1000,7 @@ int main (int argc, char **argv) failed = true; } if ( !failed - && !login_access (username, *hostname ? hostname : tty)) { + && !login_access (username, ('\0' != *hostname) ? hostname : tty)) { SYSLOG ((LOG_WARN, "LOGIN '%s' REFUSED %s", username, fromhost)); failed = true;