VesperOS/shadow
6
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
3,597 Commits 10 Branches 149 Tags
882db57f24534d8eecc305f4e641c71c4395e05e
Commit Graph

828 Commits

Author SHA1 Message Date
Alejandro Colomar
882db57f24 lib/port.c: getportent(): Align variables 
Signed-off-by: Alejandro Colomar <alx@kernel.org>
 2024-07-06 07:44:02 -05:00
Alejandro Colomar
b4b4ff633a lib/port.c: getttyuser(): Use pointer arithmetic to simplify 
Signed-off-by: Alejandro Colomar <alx@kernel.org>
 2024-07-06 07:44:02 -05:00
Alejandro Colomar
d9d0117e80 lib/port.c: getportent(): Use equivalent code to parse equally-formatted fields 
The tty names field and the user names field have the same formatting:
a CSV terminated by a ':'.  Thus, we can --and should-- use the same
exact code for parsing both.

Signed-off-by: Alejandro Colomar <alx@kernel.org>
 2024-07-06 07:44:02 -05:00
Alejandro Colomar
a198054456 lib/port.c: getportent(): Make sure the aren't too many fields in the CSV 
Otherwise, the line is invalidly formatted, and we ignore it.

Detailed explanation:

There are two conditions on which we break out of the loops that precede
these added checks:

-  j is too big (we've exhausted the space in the static arrays)

	$ grep -r -e PORT_TTY -e PORT_IDS lib/port.*
	lib/port.c:	static char *ttys[PORT_TTY + 1];	/* some pointers to tty names     */
	lib/port.c:	static char *users[PORT_IDS + 1];	/* some pointers to user ids     */
	lib/port.c:	for (cp = buf, j = 0; j < PORT_TTY; j++) {
	lib/port.c:			if ((',' == *cp) && (j < PORT_IDS)) {
	lib/port.h: * PORT_IDS - Allowable number of IDs per entry.
	lib/port.h: * PORT_TTY - Allowable number of TTYs per entry.
	lib/port.h:#define	PORT_IDS	64
	lib/port.h:#define	PORT_TTY	64

-  strpbrk(3) found a ':', which signals the end of the comma-sepatated
   list, and the start of the next colon-separated field.

If the first character in the remainder of the string is not a ':', it
means we've exhausted the array size, but the CSV list was longer, so
we'd be truncating it.  Consider the entire line invalid, and skip it.

Signed-off-by: Alejandro Colomar <alx@kernel.org>
 2024-07-06 07:44:02 -05:00
Alejandro Colomar
c3f97e251e lib/port.c: getportent(): Make sure there are at least 2 ':' in the line 
Otherwise, the line is invalidly formatted, and we ignore it.

Closes: <https://github.com/shadow-maint/shadow/issues/1036>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
 2024-07-06 07:44:02 -05:00
Alejandro Colomar
f1f82c2105 lib/port.c: getportent(): Remove obvious comments 
And do some style changes on the corresponding code.

Signed-off-by: Alejandro Colomar <alx@kernel.org>
 2024-07-06 07:44:02 -05:00
Alejandro Colomar
e790993c5d lib/port.c: getportent(): Rename goto label 
This label means we detected a bogus line, and want to skip it and jump
to the next one; rename it accordingly.  'again' seemed to say that it
was somehow looping on the same line.

Signed-off-by: Alejandro Colomar <alx@kernel.org>
 2024-07-06 07:44:02 -05:00
Alejandro Colomar
bf84b3a855 lib/port.c: getttyuser(): Use goto to break out of nested loops 
Signed-off-by: Alejandro Colomar <alx@kernel.org>
 2024-07-06 07:44:02 -05:00
Alejandro Colomar
a4b91048e9 lib/port.c: getttyuser(): Remove dead code 
port.pt_names cannot be NULL; it always points to the static array ttys.

$ grep -rn pt_names
lib/port.c:157:	port.pt_names = ttys;
lib/port.c:159:		port.pt_names[j] = cp;
lib/port.c:172:	port.pt_names[j] = NULL;
lib/port.c:344:		for (i = 0; NULL != port->pt_names[i]; i++) {
lib/port.c:345:			if (portcmp (port->pt_names[i], tty) == 0) {
lib/port.c:350:		if (port->pt_names[i] == 0) {
lib/port.h:39: *	pt_names - pointer to array of device names in /dev/
lib/port.h:45:	char **pt_names;

Signed-off-by: Alejandro Colomar <alx@kernel.org>
 2024-07-06 07:44:02 -05:00
Alejandro Colomar
59e5eef38f contrib, lib/, src/, tests/: Use stpcpy(3) instead of its pattern 
Signed-off-by: Alejandro Colomar <alx@kernel.org>
 2024-07-03 10:03:12 -05:00
Alejandro Colomar
c6018240f8 lib/, src/: Use strrspn() instead of its pattern 
This requires changing isspace(3) calls to an explicit accept string,
and I chose " \t\n" for it (as is done in other parts of this project),
which isn't exactly the same, but we probably don't want other
isspace(3) characters in those files, so it should work.

Signed-off-by: Alejandro Colomar <alx@kernel.org>
 2024-07-03 10:03:12 -05:00
Alejandro Colomar
7c9da42db0 lib/sssd.c: Style fixes 
Signed-off-by: Alejandro Colomar <alx@kernel.org>
 2024-07-03 10:03:12 -05:00
Alejandro Colomar
9174697469 lib/getdef.c: def_load(): Use stp[c]spn() instead of their patterns 
Signed-off-by: Alejandro Colomar <alx@kernel.org>
 2024-07-03 10:03:12 -05:00
Alejandro Colomar
2fcf520184 lib/string/strchr/: stp[c]spn(), strrspn(), strnul(): Add macros and functions 
Often, a pointer is more useful than a length when calling these.

Link: <https://docs.oracle.com/cd/E86824_01/html/E54769/strrspn-3gen.html>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
 2024-07-03 10:03:12 -05:00
Alejandro Colomar
a11ae5cf29 lib/shadow.c: my_sgetspent(): Simplify error handling 
Handle negative values as errors from a2sl(), and reuse its
error-handling code.

Cc: Iker Pedrosa <ipedrosa@redhat.com>
Reviewed-by: "Serge E. Hallyn" <serge@hallyn.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
 2024-07-02 22:52:31 +02:00
Alejandro Colomar
7e754cc447 lib/shadow.c: my_sgetspent(): Remove dead code 
spwd.sp_flag is an unsigned long, which can never be negative.

Reviewed-by: "Serge E. Hallyn" <serge@hallyn.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
 2024-07-02 22:52:31 +02:00
Alejandro Colomar
e9cc053df7 lib/shadow.c: my_sgetspent(): Merge 'else {if}' into 'else if' 
This reduces indentation.

Reviewed-by: "Serge E. Hallyn" <serge@hallyn.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
 2024-07-02 22:52:31 +02:00
Alejandro Colomar
326bdfe70b lib/sgetspent.c: sgetspent(): Simplify, by calling a2sl() instead of str2sl() 
Reviewed-by: "Serge E. Hallyn" <serge@hallyn.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
 2024-07-02 22:52:31 +02:00
Alejandro Colomar
03521bccce lib/limits.c: setup_limits(): Simplify, by calling str2i(mode_t, ) instead of str2ul() 
Reviewed-by: "Serge E. Hallyn" <serge@hallyn.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
 2024-07-02 22:52:31 +02:00
Alejandro Colomar
3fd1d62e29 lib/limits.c: setup_limits(): Simplify, by calling str2si() instead of str2sl() 
Reviewed-by: "Serge E. Hallyn" <serge@hallyn.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
 2024-07-02 22:52:31 +02:00
Alejandro Colomar
312c3b1389 lib/limits.c: setup_limits(): Simplify, by calling a2si() instead of str2sl() 
Reviewed-by: "Serge E. Hallyn" <serge@hallyn.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
 2024-07-02 22:52:31 +02:00
Alejandro Colomar
169cbe1f56 lib/limits.c: set_umask(): Simplify, by calling str2i(mode_t, ) instead of str2ul() 
Reviewed-by: "Serge E. Hallyn" <serge@hallyn.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
 2024-07-02 22:52:31 +02:00
Alejandro Colomar
dba5600cef lib/limits.c: set_prio(): Simplify, by calling str2si() instead of str2sl() 
Reviewed-by: "Serge E. Hallyn" <serge@hallyn.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
 2024-07-02 22:52:31 +02:00
Alejandro Colomar
5f2055c395 lib/getdef.c: getdef_long(): Simplify, by calling a2sl() instead of str2sl() 
Reviewed-by: "Serge E. Hallyn" <serge@hallyn.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
 2024-07-02 22:52:31 +02:00
Alejandro Colomar
45d4472c92 lib/getdef.c: getdef_unum(): Fix wrong limit check 
The limit, since it's an unsigned int, should have been UINT_MAX, not
INT_MAX.  By calling a2ui() we can fix that and simplify too.

Reviewed-by: "Serge E. Hallyn" <serge@hallyn.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
 2024-07-02 22:52:31 +02:00
Alejandro Colomar
9415ce4a14 lib/getdef.c: getdef_num(): Simplify, by calling a2si() instead of str2sl() 
Reviewed-by: "Serge E. Hallyn" <serge@hallyn.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
 2024-07-02 22:52:31 +02:00
Alejandro Colomar
379e9c32f7 lib/idmapping.c: Use long constants in prctl(2), and remove 0s 
The prctl(2) system-call wrapper is implemented as a variadic function.
This makes it important to pass arguments to it of the right type (and
more importantly of the right width), to avoid undefined behavior.

While at it, check errors with ==-1, not <0, which is more explicit.

Also, PR_SET_KEEPCAPS(2const) doesn't need all arguments, so it can be
called with just two of them; remove unnecessary 0s.

See-also: prctl(2), PR_SET_KEEPCAPS(2const)
Link: <https://lore.kernel.org/linux-man/ddbdyaiptesjalgfmztxideej67e3yaob7ucsmbf6qvriwxiif@dohhxrqgwhrf/T/#med306b5b003f9cc7cc2de69fcdd7ee2d056d0954>
Cc: Xi Ruoyao <xry111@xry111.site>
Cc: Lukas Slebodnik <lslebodn@fedoraproject.org>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
 2024-07-02 13:12:22 -05:00
Alejandro Colomar
060b0849a6 lib/attr.h: Use C23-style attributes 
They're stricter.  The GNU attributes are too lazy, and can be misused
more easily.  Also, mixing both has its own problems.

Link: <https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108796>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
 2024-07-01 21:40:11 -05:00
Alejandro Colomar
4eed3e84a1 lib/gshadow.c: Use XREALLOC() instead of silently continuing on ENOMEM 
We should do better, and correctly handle errors, since this is library
code.  However, I'm lazy right now, so let's die hard, and let us
improve this later.

Link: <https://github.com/shadow-maint/shadow/pull/991#discussion_r1660308154>
Reported-by: Serge Hallyn <serge@hallyn.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
 2024-07-01 21:40:11 -05:00
Alejandro Colomar
ba3a51e90f lib/: Use [[gnu::alloc_size(...)]] on allocation functions 
Suggested-by: Martin Uecker <uecker@tugraz.at>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
 2024-07-01 21:40:11 -05:00
Alejandro Colomar
5111e5ed1b lib/: Use multi-line macro definitions 
This reduces the complexity of those nested parentheses.

Signed-off-by: Alejandro Colomar <alx@kernel.org>
 2024-07-01 21:40:11 -05:00
Alejandro Colomar
3049bef9c3 lib/alloc/, lib/, src/, tests/: Organize the allocation APIs in a new subdirectory 
Signed-off-by: Alejandro Colomar <alx@kernel.org>
 2024-07-01 21:40:11 -05:00
Alejandro Colomar
883bf71fc8 lib/alloc.[ch]: xmalloc(): Remove unused function 
Signed-off-by: Alejandro Colomar <alx@kernel.org>
 2024-07-01 21:40:11 -05:00
Alejandro Colomar
29f4f03def lib/string/strdup/xstrdup.[ch], lib/, src/: Move xstrdup() to its own file 
Signed-off-by: Alejandro Colomar <alx@kernel.org>
 2024-07-01 21:40:11 -05:00
Alejandro Colomar
2cf73c99a6 lib/string/strcpy/zustr2stp.[ch], tests/: Remove ZUSTR2STP() 
Signed-off-by: Alejandro Colomar <alx@kernel.org>
 2024-07-01 21:40:11 -05:00
Alejandro Colomar
103ffc5b1d lib/utmp.c: prepare_utmp(): Use xstrdup() instead of its pattern 
Signed-off-by: Alejandro Colomar <alx@kernel.org>
 2024-07-01 21:40:11 -05:00
Alejandro Colomar
3c09e40a1f lib/utmp.c: Use XSTRNDUP() instead of its pattern 
Signed-off-by: Alejandro Colomar <alx@kernel.org>
 2024-07-01 21:40:11 -05:00
Alejandro Colomar
2a0c0dd24b lib/string/strdup/: XSTRNDUP(), STRNDUPA(): Add macros 
Signed-off-by: Alejandro Colomar <alx@kernel.org>
 2024-07-01 21:40:11 -05:00
Alejandro Colomar
9a9faf86f0 lib/string/strcpy/strncat.[ch]: STRNCAT(): Add macro 
Signed-off-by: Alejandro Colomar <alx@kernel.org>
 2024-07-01 21:40:11 -05:00
Alejandro Colomar
d9923431eb src/: Use xasprintf() instead of its pattern 
Signed-off-by: Alejandro Colomar <alx@kernel.org>
 2024-07-01 21:40:11 -05:00
Alejandro Colomar
c287317075 lib/gshadow.c: build_list(): Fix REALLOC() nmemb calculation 
Fixes: efbbcade43 ("Use safer allocation macros")
Signed-off-by: Alejandro Colomar <alx@kernel.org>
 2024-07-01 21:40:11 -05:00
Alejandro Colomar
056f1d03ee lib/gshadow.c: build_list(): Fix forever loop on ENOMEM 
Before this patch, the function looped while (s != NULL && *s != '\0').
However, nothing was modifying that string if REALLOC() failed, so the
loop was forever.

Fixes: 8e167d28af ("[svn-upgrade] Integrating new upstream version, shadow (4.0.8)")
Signed-off-by: Alejandro Colomar <alx@kernel.org>
 2024-07-01 21:40:11 -05:00
Alejandro Colomar
16cb664865 lib/, src/: Use strsep(3) instead of its pattern 
Signed-off-by: Alejandro Colomar <alx@kernel.org>
 2024-07-01 21:40:11 -05:00
Alejandro Colomar
964df6ed6e lib/, src/: Use strchrnul(3) instead of its pattern 
In the files where #include <string.h> is missing, add it, and sort the
includes.

Signed-off-by: Alejandro Colomar <alx@kernel.org>
 2024-07-01 21:40:11 -05:00
Alejandro Colomar
077f7b6ade lib/commonio.c: commonio_open(): MALLOC() and REALLOCF() already set ENOMEM 
We don't need to set ENOMEM on failure of those functions.

Signed-off-by: Alejandro Colomar <alx@kernel.org>
 2024-07-01 21:40:11 -05:00
Alejandro Colomar
d611d1a947 lib/: Use REALLOCF() instead of its pattern 
Signed-off-by: Alejandro Colomar <alx@kernel.org>
 2024-07-01 21:40:11 -05:00
Alejandro Colomar
bdf00dca44 lib/failure.c: failprint(): Remove dead code 
This should have gone into the #else'd branch in 8451bed8b0, and
should have been removed in 3e602b58a2.

Fixes: 8451bed8b0 ("[svn-upgrade] Integrating new upstream version, shadow (4.0.13)")
Fixes: 3e602b58a2 ("Remove HAVE_STRFTIME ifdefs")
Signed-off-by: Alejandro Colomar <alx@kernel.org>
 2024-07-01 21:40:11 -05:00
Alejandro Colomar
bfb6aad7cb lib/, src/: Always pass NULL to time(2) 
See time(2):

BUGS
     Error returns from this system  call  are  indistinguishable  from
     successful  reports  that  the  time  is  a few seconds before the
     Epoch, so the C library wrapper function never sets errno as a re‐
     sult of this call.

     The tloc argument is obsolescent and should always be NULL in  new
     code.  When tloc is NULL, the call cannot fail.

Fixes: 45c6603cc8 ("[svn-upgrade] Integrating new upstream version, shadow (19990709)")
Signed-off-by: Alejandro Colomar <alx@kernel.org>
 2024-07-01 21:40:11 -05:00
Alejandro Colomar
761eb07016 lib/getdate.y: NULL doesn't need a cast 
Signed-off-by: Alejandro Colomar <alx@kernel.org>
 2024-07-01 21:40:11 -05:00
Alejandro Colomar
2cb3deec72 lib/shadow.c: my_sgetspent(): Clarify that we're assigning an empty string 
Signed-off-by: Alejandro Colomar <alx@kernel.org>
 2024-07-01 21:40:11 -05:00