Commit Graph

136 Commits

Author SHA1 Message Date
Alejandro Colomar 745281f295 lib/atoi/, *: Split files 2024-07-11 22:42:58 -05:00
Alejandro Colomar 59e5eef38f contrib, lib/, src/, tests/: Use stpcpy(3) instead of its pattern
Signed-off-by: Alejandro Colomar <alx@kernel.org>
2024-07-03 10:03:12 -05:00
Alejandro Colomar e341291f99 src/passwd.c: Simplify, by calling a2sl() instead of str2sl()
Reviewed-by: "Serge E. Hallyn" <serge@hallyn.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
2024-07-02 22:52:31 +02:00
Alejandro Colomar 29f4f03def lib/string/strdup/xstrdup.[ch], lib/, src/: Move xstrdup() to its own file
Signed-off-by: Alejandro Colomar <alx@kernel.org>
2024-07-01 21:40:11 -05:00
Alejandro Colomar d9923431eb src/: Use xasprintf() instead of its pattern
Signed-off-by: Alejandro Colomar <alx@kernel.org>
2024-07-01 21:40:11 -05:00
Alejandro Colomar 23663a1607 lib/, src/: Add missing include
Signed-off-by: Alejandro Colomar <alx@kernel.org>
2024-07-01 21:40:11 -05:00
Alejandro Colomar 40ab806066 lib/string/strcpy/, lib/, src/, tests/: Move all copying APIs to a subdirectory
Signed-off-by: Alejandro Colomar <alx@kernel.org>
2024-07-01 21:40:11 -05:00
Alejandro Colomar f39ac101ff lib/, src/: str2*(): Rename functions and reorder parameters
This makes them compatible with liba2i's functions.

Signed-off-by: Alejandro Colomar <alx@kernel.org>
2024-03-29 14:29:13 -05:00
Alejandro Colomar 27e236ca79 lib/, src/, po/: get[u]long(): Move functions to lib/atoi/str2i.h
And make them inline.

Signed-off-by: Alejandro Colomar <alx@kernel.org>
2024-03-29 14:29:13 -05:00
Alejandro Colomar 8fee869e9a src/passwd.c: print_status(): Fix typo (bogus use of the comma operator)
Amazing that this triggered no warnings at all.

Fixes: 355ad6a9e0 ("Have a single definition of date_to_str()")
Signed-off-by: Alejandro Colomar <alx@kernel.org>
2024-03-14 16:30:46 -05:00
Alejandro Colomar 82e28ad534 src/: Use DAY_TO_STR() instead of its pattern
Cc: Tobias Stoeckmann <tobias@stoeckmann.org>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
2024-03-14 16:30:46 -05:00
Alejandro Colomar be05c62bd7 lib/, src/, po/: date_to_str(): Move function to header, and make inline
BTW, there's no translatable string in there.

Signed-off-by: Alejandro Colomar <alx@kernel.org>
2024-03-14 16:30:46 -05:00
Alejandro Colomar ae3d71fb94 src/passwd.c: Don't print the program name twice in a log entry
OPENLOG() already sets the program name as the prefix.

This resulted in entries like:

$ journalctl 2>/dev/null | grep passwd
Mar 03 01:09:47 debian passwd[140744]: passwd: can't view or modify password information for root

Fixes: 8e167d28af ("[svn-upgrade] Integrating new upstream version, shadow (4.0.8)")
Signed-off-by: Alejandro Colomar <alx@kernel.org>
2024-03-14 16:01:32 -05:00
Skyler Ferrante d2f2c1877a Adding checks for fd omission
Adding function check_fds to new file fd.c. The function check_fds
should be called in every setuid/setgid program.

Co-developed-by: Alejandro Colomar <alx@kernel.org>
2024-03-10 19:56:40 -05:00
Skyler Ferrante e6c2e43937 Hardcoding Prog to known value
See #959. We now set Prog (program name) based on hardcoded value instead
of argv[0]. This is to help prevent escape sequence injection.
2024-03-07 22:23:04 +01:00
Tomas Halman e15aa5a8a6 src/passwd.c: check password length upper limit
The passwd silently truncated the password length to PASS_MAX.
This patch introduces check that prints an error message
and exits the call.

Signed-off-by: Tomas Halman <tomas@halman.net>
2024-02-16 15:46:08 -06:00
Tomas Halman dfb4d8fdf9 src/passwd.c: inconsistent password length limit
The passwd utility had hardcoded limit for password lenght set
to 200 characters. In the agetpass.c is used PASS_MAX for
this purpose.

This patch moves the PASS_MAX definition to common place
and uses it in both places.

Signed-off-by: Tomas Halman <tomas@halman.net>
2024-02-16 15:46:08 -06:00
Tomas Halman 49001ca846 src/passwd.c: implement reading password from pipe
New option --stdin/-t is available for root user. It is useful
for automation/setup and it makes shadow utils passwd more versatile.

Signed-off-by: Tomas Halman <tomas@halman.net>
2024-01-31 22:16:02 -06:00
Alejandro Colomar 6fb7fe11f2 src/passwd.c: Remove comments about flags that don't exist
Those flags have never existed, AFAICS.

Closes: <https://github.com/shadow-maint/shadow/issues/929>
Cc: Tomas Halman <tomas@halman.net>
Cc: "Serge E. Hallyn" <serge@hallyn.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
2024-01-29 08:10:44 -06:00
Alejandro Colomar 2d581cb337 lib/, src/: getlong(): Use the usual -1 as an error code
Signed-off-by: Alejandro Colomar <alx@kernel.org>
2024-01-05 16:54:55 -06:00
Tobias Stoeckmann 2d188a9987 src/passwd.c: Add overflow check
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
Link: <https://github.com/shadow-maint/shadow/pull/876>
Co-developed-by: Alejandro Colomar <alx@kernel.org>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
2024-01-05 15:41:12 -06:00
Tobias Stoeckmann 3b5ba41d3e src/passwd.c: Switch to day precision
The size of time_t varies across systems, but since data type long is
more than enough to calculate with days (precision of shadow file),
use it instead.

Just in case a shadow file contains huge values, check for a possible
signed integer overflow.

Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
Link: <https://github.com/shadow-maint/shadow/pull/876>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
2024-01-05 15:41:12 -06:00
Tobias Stoeckmann ecc3508877 lib/, src/: Remove SCALE definition
SCALE is always DAY (and has to be always DAY), so replace it with DAY
in source code and remove unneeded calculations.

Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
Link: <https://github.com/shadow-maint/shadow/pull/876>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
2024-01-05 15:41:12 -06:00
Alejandro Colomar dbb37b1b31 lib/string/: Move string-related files to string/ subdir
Signed-off-by: Alejandro Colomar <alx@kernel.org>
2023-12-03 12:22:11 -06:00
Alejandro Colomar 43b4e5a6c4 Remove FascistHistory() and FascistHistoryPw() calls
These functions don't seem to exist anymore.  I can't find them in
Debian, nor in a web search.  They probably were functions from an
ancient implementation of cracklib that doesn't exist anymore.

$ git remote -v
origin	git@github.com:cracklib/cracklib.git (fetch)
origin	git@github.com:cracklib/cracklib.git (push)
$ grep -rni fascisthistory
$ git log --grep FascistHistory
$ git log -S FascistHistory

Closes: <https://codesearch.debian.net/search?q=FascistHistory&literal=1>
Cc: Mike Frysinger <vapier@gentoo.org>
Acked-by: Michael Vetter <jubalh@iodoru.org>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
2023-11-25 21:24:38 -06:00
Alejandro Colomar f9fb855889 src/, lib/, tests/: Rename files defining strtcpy()
Signed-off-by: Alejandro Colomar <alx@kernel.org>
2023-11-22 12:55:26 +01:00
Alejandro Colomar 090c019ada src/, lib/, tests/: Rename STRLCPY() to STRTCPY()
It is a wrapper around STRTCPY(), so use a proper name.

Signed-off-by: Alejandro Colomar <alx@kernel.org>
2023-11-22 12:55:26 +01:00
Alejandro Colomar 7c45a6e8ba lib/agetpass.h: Move prototypes to dedicated header
Signed-off-by: Alejandro Colomar <alx@kernel.org>
2023-09-04 08:57:18 -05:00
Alejandro Colomar 3029883888 passwd: Replace STRFCPY() by STRLCPY()
The variables are only being read as strings (char *), so data after the
'\0' can't be leaked.

Cc: Christian Göttsche <cgzones@googlemail.com>
Cc: Serge Hallyn <serge@hallyn.com>
Cc: Iker Pedrosa <ipedrosa@redhat.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
2023-09-01 09:39:23 +02:00
Alejandro Colomar f3ee47fe3f Use MEMZERO() instead of its pattern
This patch implicitly adds the safety of SIZEOF_ARRAY(), since the calls
were using sizeof() instead.

Cc: Christian Göttsche <cgzones@googlemail.com>
Cc: Serge Hallyn <serge@hallyn.com>
Cc: Iker Pedrosa <ipedrosa@redhat.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
2023-09-01 09:39:23 +02:00
Alejandro Colomar 6b11077f09 memzero.h: Move memzero() and strzero() to their own header
Cc: Christian Göttsche <cgzones@googlemail.com>
Cc: Serge Hallyn <serge@hallyn.com>
Cc: Iker Pedrosa <ipedrosa@redhat.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
2023-09-01 09:39:23 +02:00
Jaroslav Jindrak 68bf73f319 passwd: fall back to non-PAM code when prefix is used
Prefix does not make sense when we use PAM, so when the option
is used behave as if --with-libpam=no was used to configure the
project.
2023-06-09 16:22:24 +02:00
Jaroslav Jindrak 43e60eb681 passwd: Respect --prefix/-P options
Add prefix_getpwnam_r() and xprefix_getpwnam() and make passwd
use prefix-aware functions when handling the database.
2023-06-09 16:22:24 +02:00
Michael Vetter ded9cab35d prefix: add prefix support 2023-06-09 16:22:24 +02:00
Alejandro Colomar 09775d3718 Simplify allocation APIs
If we consider simple objects as arrays of size 1, we can considerably
simplify these APIs, merging the *ARRAY and the non-array variants.

That will produce more readable code, since lines will be shorter (by
not having ARRAY in the macro names, as all macros will consistently
handle arrays), and the allocated size will be also more explicit.

The syntax will now be of the form:

    p = MALLOC(42, foo_t);  // allocate 42 elements of type foo_t.
    p = MALLOC(1, bar_t);   // allocate 1 element of type foo_t.

The _array() allocation functions should _never_ be called directly, and
instead these macros should be used.

The non-array functions (e.g., malloc(3)) still have their place, but
are limited to allocating structures with flexible array members.  For
any other uses, the macros should be used.

Thus, we don't use any array or ARRAY variants in any code any more, and
they are only used as implementation details of these macros.

Link: <https://software.codidact.com/posts/285898/288023#answer-288023>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
2023-06-08 09:05:39 -05:00
Alejandro Colomar efbbcade43 Use safer allocation macros
Use of these macros, apart from the benefits mentioned in the commit
that adds the macros, has some other good side effects:

-  Consistency in getting the size of the object from sizeof(type),
   instead of a mix of sizeof(type) sometimes and sizeof(*p) other
   times.

-  More readable code: no casts, and no sizeof(), so also shorter lines
   that we don't need to cut.

-  Consistency in using array allocation calls for allocations of arrays
   of objects, even when the object size is 1.

Cc: Valentin V. Bartenev <vbartenev@gmail.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
2023-02-23 20:28:43 -06:00
Alejandro Colomar bddcd9b095 Remove superfluous casts
-  Every non-const pointer converts automatically to void *.
-  Every pointer converts automatically to void *.
-  void * converts to any other pointer.
-  const void * converts to any other const pointer.
-  Integer variables convert to each other.

I changed the declaration of a few variables in order to allow removing
a cast.

However, I didn't attempt to edit casts inside comparisons, since they
are very delicate.  I also kept casts in variadic functions, since they
are necessary, and in allocation functions, because I have other plans
for them.

I also changed a few casts to int that are better as ptrdiff_t.

This change has triggered some warnings about const correctness issues,
which have also been fixed in this patch (see for example src/login.c).

Signed-off-by: Alejandro Colomar <alx@kernel.org>
2023-02-09 10:03:03 -06:00
Alejandro Colomar 416707b087 Use the noreturn attribute, rather than comments
This will allow the compiler to understand these functions better.

Signed-off-by: Alejandro Colomar <alx@kernel.org>
2023-02-08 22:01:01 -06:00
Alejandro Colomar 554f86bafa Replace the deprecated getpass(3) by our agetpass()
getpass(3) is broken in all implementations; in some, more than
others, but somewhat broken in all of them.  Check the immediate
previous commit, which added the functions, for more details.
Check also the Linux man-pages commit that marked it as
deprecated, for more details:
7ca189099d73bde954eed2d7fc21732bcc8ddc6b.

Link: <https://git.kernel.org/pub/scm/docs/man-pages/man-pages.git/commit?id=7ca189099d73bde954eed2d7fc21732bcc8ddc6b>
Reported-by: Christian Göttsche <cgzones@googlemail.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
2022-12-05 10:47:19 +01:00
Christian Göttsche 58b6e97a9e passwd: erase password copy on all error branches 2022-04-30 13:19:14 -05:00
Serge Hallyn e8a2cfa7dc Merge pull request #451 from hallyn/2021-12-05/license 2022-01-02 18:38:42 -06:00
Serge Hallyn e1b1d187f4 Merge pull request #467 from alejandro-colomar/date_to_str
Have a single definition of date_to_str()
2021-12-27 09:53:00 -06:00
Alejandro Colomar 355ad6a9e0 Have a single definition of date_to_str()
PARAMETERS:

According to the C2x charter, I reordered the parameters 'size'
and 'buf' from previously existing date_to_str() definitions.

C2x charter:
> 15. Application Programming Interfaces (APIs) should be
> self-documenting when possible.  In particular, the order of
> parameters in function declarations should be arranged such that
> the size of an array appears before the array.  The purpose is to
> allow Variable-Length Array (VLA) notation to be used.  This not
> only makes the code's purpose clearer to human readers, but also
> makes static analysis easier.  Any new APIs added to the Standard
> should take this into consideration.

I used 'long' for the date parameter, as some uses of the function
need to pass a negative value meaning "never".

FUNCTION BODY:

I didn't check '#ifdef HAVE_STRFTIME', which old definitions did,
since strftime(3) is guaranteed by the C89 standard, and all of
the conversion specifiers that we use are also specified by that
standard, so we don't need any extensions at all.

Signed-off-by: Alejandro Colomar <alx.manpages@gmail.com>
2021-12-26 18:55:39 +01:00
Serge Hallyn f93cf255d4 Update licensing info
Closes #238

Update all files to list SPDX license shortname.  Most files are
BSD 3 clause license.

The exceptions are:

serge@sl ~/src/shadow$ git grep SPDX-License | grep -v BSD-3-Clause
contrib/atudel:# SPDX-License-Identifier: BSD-4-Clause
lib/tcbfuncs.c: * SPDX-License-Identifier: 0BSD
libmisc/salt.c: * SPDX-License-Identifier: Unlicense
src/login_nopam.c: * SPDX-License-Identifier: Unlicense
src/nologin.c: * SPDX-License-Identifier: BSD-2-Clause
src/vipw.c: * SPDX-License-Identifier: GPL-2.0-or-later

Signed-off-by: Serge Hallyn <serge@hallyn.com>
2021-12-23 19:36:50 -06:00
Serge Hallyn 79157cbad8 Make shadow_logfd and Prog not extern
Closes #444
Closes #465

Signed-off-by: Serge Hallyn <serge@hallyn.com>
2021-12-23 15:18:07 -06:00
ed neville 92cb9d7785 passwd -l should not say that it changes expiry
Closes #441
2021-12-17 23:02:02 +00:00
Luís Ferreira 7903557988 treewide: remove trailing whitespaces
Signed-off-by: Luís Ferreira <contact@lsferreira.net>
2021-09-13 17:23:17 +01:00
Jaroslav Jindrak 05388f748d passwd: handle NULL pw_passwd when printing password status
When the -S and -a options are used for passwd to list the status
of all passwords, there is a chance the pw_passwd field of struct
passwd will be NULL. This can be due to 'files compat' being set
for passwd in /etc/nsswitch.conf and the usage of some features
not available in the 'files' mode (e.g. a plus sign at the start
of a line).

Example:

germ161:~ # grep passwd /etc/nsswitch.conf
passwd: files compat
germ161:~ # rpm -qa shadow
shadow-4.2.1-34.20.x86_64
germ161:~ # grep passwd /etc/nsswitch.conf
passwd: files compat
germ161:~ # grep + /etc/passwd
+@nisgroup
germ161:~ # passwd -S -a > /dev/null
Segmentation fault (core dumped)

With this commit:

germ161:~ # passwd -S -a > /dev/null
passwd: malformed password data obtained for user +@nisgroup
2021-08-03 20:03:46 +02:00
Iker Pedrosa e65cc6aebc Fix covscan RESOURCE_LEAK
Error: RESOURCE_LEAK (CWE-772): [#def1]
shadow-4.8.1/lib/commonio.c:320: alloc_fn: Storage is returned from allocation function "fopen_set_perms".
shadow-4.8.1/lib/commonio.c:320: var_assign: Assigning: "bkfp" = storage returned from "fopen_set_perms(backup, "w", &sb)".
shadow-4.8.1/lib/commonio.c:329: noescape: Resource "bkfp" is not freed or pointed-to in "putc".
shadow-4.8.1/lib/commonio.c:334: noescape: Resource "bkfp" is not freed or pointed-to in "fflush".
shadow-4.8.1/lib/commonio.c:339: noescape: Resource "bkfp" is not freed or pointed-to in "fileno".
shadow-4.8.1/lib/commonio.c:342: leaked_storage: Variable "bkfp" going out of scope leaks the storage it points to.
  340|   	    || (fclose (bkfp) != 0)) {
  341|   		/* FIXME: unlink the backup file? */
  342|-> 		return -1;
  343|   	}
  344|

Error: RESOURCE_LEAK (CWE-772): [#def2]
shadow-4.8.1/libmisc/addgrps.c:69: alloc_fn: Storage is returned from allocation function "malloc".
shadow-4.8.1/libmisc/addgrps.c:69: var_assign: Assigning: "grouplist" = storage returned from "malloc(i * 4UL)".
shadow-4.8.1/libmisc/addgrps.c:73: noescape: Resource "grouplist" is not freed or pointed-to in "getgroups". [Note: The source code implementation of the function has been overridden by a builtin model.]
shadow-4.8.1/libmisc/addgrps.c:126: leaked_storage: Variable "grouplist" going out of scope leaks the storage it points to.
  124|   	}
  125|
  126|-> 	return 0;
  127|   }
  128|   #else				/* HAVE_SETGROUPS && !USE_PAM */

Error: RESOURCE_LEAK (CWE-772): [#def3]
shadow-4.8.1/libmisc/chowntty.c:62: alloc_fn: Storage is returned from allocation function "getgr_nam_gid".
shadow-4.8.1/libmisc/chowntty.c:62: var_assign: Assigning: "grent" = storage returned from "getgr_nam_gid(getdef_str("TTYGROUP"))".
shadow-4.8.1/libmisc/chowntty.c:98: leaked_storage: Variable "grent" going out of scope leaks the storage it points to.
   96|   	 */
   97|   #endif
   98|-> }
   99|

Error: RESOURCE_LEAK (CWE-772): [#def4]
shadow-4.8.1/libmisc/copydir.c:742: open_fn: Returning handle opened by "open". [Note: The source code implementation of the function has been overridden by a user model.]
shadow-4.8.1/libmisc/copydir.c:742: var_assign: Assigning: "ifd" = handle returned from "open(src, 0)".
shadow-4.8.1/libmisc/copydir.c:748: leaked_handle: Handle variable "ifd" going out of scope leaks the handle.
  746|   #ifdef WITH_SELINUX
  747|   	if (set_selinux_file_context (dst, NULL) != 0) {
  748|-> 		return -1;
  749|   	}
  750|   #endif				/* WITH_SELINUX */

Error: RESOURCE_LEAK (CWE-772): [#def5]
shadow-4.8.1/libmisc/copydir.c:751: open_fn: Returning handle opened by "open". [Note: The source code implementation of the function has been overridden by a user model.]
shadow-4.8.1/libmisc/copydir.c:751: var_assign: Assigning: "ofd" = handle returned from "open(dst, 577, statp->st_mode & 0xfffU)".
shadow-4.8.1/libmisc/copydir.c:752: noescape: Resource "ofd" is not freed or pointed-to in "fchown_if_needed".
shadow-4.8.1/libmisc/copydir.c:775: leaked_handle: Handle variable "ofd" going out of scope leaks the handle.
  773|   	   ) {
  774|   		(void) close (ifd);
  775|-> 		return -1;
  776|   	}
  777|

Error: RESOURCE_LEAK (CWE-772): [#def7]
shadow-4.8.1/libmisc/idmapping.c:188: alloc_fn: Storage is returned from allocation function "xmalloc".
shadow-4.8.1/libmisc/idmapping.c:188: var_assign: Assigning: "buf" = storage returned from "xmalloc(bufsize)".
shadow-4.8.1/libmisc/idmapping.c:188: var_assign: Assigning: "pos" = "buf".
shadow-4.8.1/libmisc/idmapping.c:213: noescape: Resource "buf" is not freed or pointed-to in "write".
shadow-4.8.1/libmisc/idmapping.c:219: leaked_storage: Variable "pos" going out of scope leaks the storage it points to.
shadow-4.8.1/libmisc/idmapping.c:219: leaked_storage: Variable "buf" going out of scope leaks the storage it points to.
  217|   	}
  218|   	close(fd);
  219|-> }

Error: RESOURCE_LEAK (CWE-772): [#def8]
shadow-4.8.1/libmisc/list.c:211: alloc_fn: Storage is returned from allocation function "xstrdup".
shadow-4.8.1/libmisc/list.c:211: var_assign: Assigning: "members" = storage returned from "xstrdup(comma)".
shadow-4.8.1/libmisc/list.c:217: var_assign: Assigning: "cp" = "members".
shadow-4.8.1/libmisc/list.c:218: noescape: Resource "cp" is not freed or pointed-to in "strchr".
shadow-4.8.1/libmisc/list.c:244: leaked_storage: Variable "cp" going out of scope leaks the storage it points to.
shadow-4.8.1/libmisc/list.c:244: leaked_storage: Variable "members" going out of scope leaks the storage it points to.
  242|   	if ('\0' == *members) {
  243|   		*array = (char *) 0;
  244|-> 		return array;
  245|   	}
  246|

Error: RESOURCE_LEAK (CWE-772): [#def11]
shadow-4.8.1/libmisc/myname.c:61: alloc_fn: Storage is returned from allocation function "xgetpwnam".
shadow-4.8.1/libmisc/myname.c:61: var_assign: Assigning: "pw" = storage returned from "xgetpwnam(cp)".
shadow-4.8.1/libmisc/myname.c:67: leaked_storage: Variable "pw" going out of scope leaks the storage it points to.
   65|   	}
   66|
   67|-> 	return xgetpwuid (ruid);
   68|   }
   69|

Error: RESOURCE_LEAK (CWE-772): [#def12]
shadow-4.8.1/libmisc/user_busy.c:260: alloc_fn: Storage is returned from allocation function "opendir".
shadow-4.8.1/libmisc/user_busy.c:260: var_assign: Assigning: "task_dir" = storage returned from "opendir(task_path)".
shadow-4.8.1/libmisc/user_busy.c:262: noescape: Resource "task_dir" is not freed or pointed-to in "readdir".
shadow-4.8.1/libmisc/user_busy.c:278: leaked_storage: Variable "task_dir" going out of scope leaks the storage it points to.
  276|   					         _("%s: user %s is currently used by process %d\n"),
  277|   					         Prog, name, pid);
  278|-> 					return 1;
  279|   				}
  280|   			}

Error: RESOURCE_LEAK (CWE-772): [#def20]
shadow-4.8.1/src/newgrp.c:162: alloc_fn: Storage is returned from allocation function "xgetspnam".
shadow-4.8.1/src/newgrp.c:162: var_assign: Assigning: "spwd" = storage returned from "xgetspnam(pwd->pw_name)".
shadow-4.8.1/src/newgrp.c:234: leaked_storage: Variable "spwd" going out of scope leaks the storage it points to.
  232|   	}
  233|
  234|-> 	return;
  235|
  236|   failure:

Error: RESOURCE_LEAK (CWE-772): [#def21]
shadow-4.8.1/src/passwd.c:530: alloc_fn: Storage is returned from allocation function "xstrdup".
shadow-4.8.1/src/passwd.c:530: var_assign: Assigning: "cp" = storage returned from "xstrdup(crypt_passwd)".
shadow-4.8.1/src/passwd.c:551: noescape: Resource "cp" is not freed or pointed-to in "strlen".
shadow-4.8.1/src/passwd.c:554: noescape: Resource "cp" is not freed or pointed-to in "strcat". [Note: The source code implementation of the function has been overridden by a builtin model.]
shadow-4.8.1/src/passwd.c:555: overwrite_var: Overwriting "cp" in "cp = newpw" leaks the storage that "cp" points to.
  553|   		strcpy (newpw, "!");
  554|   		strcat (newpw, cp);
  555|-> 		cp = newpw;
  556|   	}
  557|   	return cp;
2021-06-24 09:18:35 +02:00
Serge Hallyn 2b22a6909d libsubid: don't print error messages on stderr by default
Closes #325

Add a new subid_init() function which can be used to specify the
stream on which error messages should be printed.  (If you want to
get fancy you can redirect that to memory :)  If subid_init() is
not called, use stderr.  If NULL is passed, then /dev/null will
be used.

This patch also fixes up the 'Prog', which previously had to be
defined by any program linking against libsubid.  Now, by default
in libsubid it will show (subid).  Once subid_init() is called,
it will use the first variable passed to subid_init().

Signed-off-by: Serge Hallyn <serge@hallyn.com>
2021-05-15 12:38:55 -05:00