Release 4.17.1

Signed-off-by: Serge Hallyn <serge@hallyn.com>

.github/actions/install-dependencies/action.yml

@@ -5,8 +5,21 @@ runs:
   steps:
   - shell: bash
     run: |
-      sudo apt-get update -y
-      sudo apt-get install -y ubuntu-dev-tools libbsd-dev
-      sudo sed -Ei 's/^# deb-src /deb-src /' /etc/apt/sources.list
-      sudo apt-get update -y
+      if [ -f /etc/apt/sources.list.d/ubuntu.sources ]; then
+        echo "Found new-style sources.list.d"
+        cat /etc/apt/sources.list.d/ubuntu.sources
+        sudo sed -i 's/^Types: deb/Types: deb deb-src/' /etc/apt/sources.list.d/ubuntu.sources
+      else
+        echo "Found legacy sources.list"
+        cat /etc/apt/sources.list
+        sudo sed -i '/deb-src/d' /etc/apt/sources.list
+        sudo sed -i '/^deb /p;s/ /-src /' /etc/apt/sources.list
+      fi
+      export DEBIAN_PRIORITY=critical
+      export DEBIAN_FRONTEND=noninteractive
+      # let's try to work around upgrade breakage in a pkg we don't care about
+      sudo apt-mark hold grub-efi-amd64-bin grub-efi-amd64-signed
+      sudo apt-get update
+      sudo apt-get -y dist-upgrade
+      sudo apt-get -y install ubuntu-dev-tools automake autopoint xsltproc gettext expect byacc libtool libbsd-dev libltdl-dev pkgconf
       sudo apt-get -y build-dep shadow

.github/workflows/runner.yml

@@ -25,18 +25,8 @@ jobs:
         cat /proc/self/status
         systemd-detect-virt
     - name: Install dependencies
-      run: |
-        sudo cat /etc/apt/sources.list
-        sudo sed -i '/deb-src/d' /etc/apt/sources.list
-        sudo sed -i '/^deb /p;s/ /-src /' /etc/apt/sources.list
-        export DEBIAN_PRIORITY=critical
-        export DEBIAN_FRONTEND=noninteractive
-        # let's try to work around upgrade breakage in a pkg we don't care about
-        sudo apt-mark hold grub-efi-amd64-bin grub-efi-amd64-signed
-        sudo apt-get update
-        sudo apt-get -y dist-upgrade
-        sudo apt-get -y install ubuntu-dev-tools automake autopoint xsltproc gettext expect byacc libtool libbsd-dev pkgconf libcmocka-dev
-        sudo apt-get -y build-dep shadow
+      id: dependencies
+      uses: ./.github/actions/install-dependencies
     - name: configure
       run: |
         autoreconf -v -f --install
@@ -61,18 +51,8 @@ jobs:
       uses: actions/checkout@v3
 
     - name: Install dependencies
-      run: |
-        sudo cat /etc/apt/sources.list
-        sudo sed -i '/deb-src/d' /etc/apt/sources.list
-        sudo sed -i '/^deb /p;s/ /-src /' /etc/apt/sources.list
-        export DEBIAN_PRIORITY=critical
-        export DEBIAN_FRONTEND=noninteractive
-        # let's try to work around upgrade breakage in a pkg we don't care about
-        sudo apt-mark hold grub-efi-amd64-bin grub-efi-amd64-signed
-        sudo apt-get update
-        sudo apt-get -y dist-upgrade
-        sudo apt-get -y install ubuntu-dev-tools automake autopoint xsltproc gettext expect byacc libtool libbsd-dev pkgconf
-        sudo apt-get -y build-dep shadow
+      id: dependencies
+      uses: ./.github/actions/install-dependencies
 
     - name: Test make dist
       run: |
@@ -89,6 +69,7 @@ jobs:
   container-build:
     runs-on: ubuntu-latest
     strategy:
+      fail-fast: false
       matrix:
         os: [alpine, debian, fedora]
 
@@ -96,15 +77,25 @@ jobs:
     - name: Checkout repository
       uses: actions/checkout@v3
 
+    - name: Install Ansible
+      run: |
+        sudo apt-get update
+        sudo apt-get -y install ansible
+
     - name: Build container
       run: |
-        docker buildx build -f ./share/containers/${{ matrix.os }}.dockerfile . --output build-out
+        pushd share/ansible/
+        ansible-playbook playbook.yml -i inventory.ini -e 'distribution=${{ matrix.os }}'
+        popd
 
     - name: Store artifacts
-      uses: actions/upload-artifact@v3
+      if: always()
+      uses: actions/upload-artifact@v4
       with:
         name: ${{ matrix.os }}-build
         path: |
-          ./build-out/config.log
-          ./build-out/config.h
+          ./share/ansible/build-out/config.log
+          ./share/ansible/build-out/config.h
+          ./share/ansible/build-out/build.log
+          ./share/ansible/build-out/test-suite.log
         if-no-files-found: ignore

Makefile.am

@@ -1,7 +1,5 @@
 ## Process this file with automake to produce Makefile.in
 
-EXTRA_DIST = NEWS README
-
 SUBDIRS = lib
 
 if ENABLE_SUBIDS
@@ -16,7 +14,7 @@ endif
 
 CLEANFILES = man/8.out man/po/remove-potcdate.* man/*/login.defs.d man/*/*.mo
 
-EXTRA_DIST = tests/
+EXTRA_DIST = NEWS README tests/
 
 dist-hook:
 	chmod -R u+w $(distdir)/tests

configure.ac

@@ -1,10 +1,10 @@
 dnl Process this file with autoconf to produce a configure script.
 AC_PREREQ([2.69])
-m4_define([libsubid_abi_major], 4)
+m4_define([libsubid_abi_major], 5)
 m4_define([libsubid_abi_minor], 0)
 m4_define([libsubid_abi_micro], 0)
 m4_define([libsubid_abi], [libsubid_abi_major.libsubid_abi_minor.libsubid_abi_micro])
-AC_INIT([shadow], [4.15.3], [pkg-shadow-devel@lists.alioth.debian.org], [],
+AC_INIT([shadow], [4.17.1], [pkg-shadow-devel@lists.alioth.debian.org], [],
 	[https://github.com/shadow-maint/shadow])
 AM_INIT_AUTOMAKE([1.11 foreign dist-xz subdir-objects tar-pax])
 AC_CONFIG_MACRO_DIRS([m4])
@@ -159,13 +159,6 @@ fi])
 AC_DEFINE_UNQUOTED(PASSWD_PROGRAM, "$shadow_cv_passwd_dir/passwd",
 	[Path to passwd program.])
 
-dnl XXX - quick hack, should disappear before anyone notices :).
-dnl XXX - I just read the above message :).
-if test "$ac_cv_func_ruserok" = "yes"; then
-	AC_DEFINE(RLOGIN, 1, [Define if login should support the -r flag for rlogind.])
-	AC_DEFINE(RUSEROK, 0, [Define to the ruserok() "success" return value (0 or 1).])
-fi
-
 AC_ARG_ENABLE(shadowgrp,
 	[AS_HELP_STRING([--enable-shadowgrp], [enable shadow group support @<:@default=yes@:>@])],
 	[case "${enableval}" in
@@ -696,7 +689,7 @@ AC_SUBST(LIBMD)
 if test "$with_skey" = "yes"; then
 	AC_CHECK_LIB(md, MD5Init, [LIBMD=-lmd])
 	AC_CHECK_LIB(skey, skeychallenge, [LIBSKEY=-lskey],
-		[AC_MSG_ERROR([liskey missing. You can download S/Key source code from http://rsync1.it.gentoo.org/gentoo/distfiles/skey-1.1.5.tar.bz2])])
+		[AC_MSG_ERROR([libskey missing. You can download S/Key source code from http://rsync1.it.gentoo.org/gentoo/distfiles/skey-1.1.5.tar.bz2])])
 	AC_DEFINE(SKEY, 1, [Define to support S/Key logins.])
 	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
 		#include <stdio.h>

contrib/adduser.c

@@ -118,6 +118,9 @@
 #include <sys/stat.h>
 #include <syslog.h>
 
+#include "string/strcmp/streq.h"
+
+
 #define IMMEDIATE_CHANGE	/* Expire newly created password, must be changed
 				 * immediately upon next login */
 #define HAVE_QUOTAS		/* Obvious */
@@ -291,12 +294,10 @@ main (void)
 	  printf ("Home Directory [%s/%s]: ", DEFAULT_HOME, usrname);
 	  fflush (stdout);
 	  safeget (dir, sizeof (dir));
-	  if (!strlen (dir))
-	    {			/* hit return */
-	      sprintf (dir, "%s/%s", DEFAULT_HOME, usrname);
-	    }
+	  if (!strlen(dir))  /* hit return */
+	    sprintf(dir, "%s/%s", DEFAULT_HOME, usrname);
 	  else if (dir[strlen (dir) - 1] == '/')
-	    sprintf (dir+strlen(dir), "%s", usrname);
+	    strcat(dir, usrname);
 	}
       else
 	{
@@ -308,7 +309,7 @@ main (void)
       fflush (stdout);
       safeget (shell, sizeof (shell));
       if (!strlen (shell))
-	sprintf (shell, "%s", DEFAULT_SHELL);
+	strcpy(shell, DEFAULT_SHELL);
       else
 	{
 	  char *sh;
@@ -316,7 +317,7 @@ main (void)
 #ifdef HAVE_GETUSERSHELL
 	  setusershell ();
 	  while ((sh = getusershell ()) != NULL)
-	    if (!strcmp (shell, sh))
+	    if (streq(shell, sh))
 	      ok = 1;
 	  endusershell ();
 #endif
@@ -327,7 +328,7 @@ main (void)
 	      else
 		{
 		  printf ("Shell NOT in /etc/shells, DEFAULT used\n");
-		  sprintf (shell, "%s", DEFAULT_SHELL);
+		  strcpy(shell, DEFAULT_SHELL);
 		}
 	    }
 	}
@@ -491,12 +492,12 @@ safeget (char *buf, int maxlen)
       bad = (!isalnum (c) && (c != '_') && (c != ' '));
       *(buf++) = c;
     }
-  *buf = '\0';
+  stpcpy(buf, "");
 
   if (bad)
     {
       printf ("\nString contained banned character. Please stick to alphanumerics.\n");
-      *bstart = '\0';
+      stpcpy(bstart, "");
     }
 }
 

doc/HOWTO

@@ -471,12 +471,12 @@
 
   The Shadow Suite contains replacement programs for:
 
-  su, login, passwd, newgrp, chfn, chsh, and id
+  su, login, passwd, newgrp, chfn, chsh
 
   The package also contains the new programs:
 
   chage, newusers, dpasswd, gpasswd, useradd, userdel, usermod,
-  groupadd, groupdel, groupmod, groups, pwck, grpck, lastlog, pwconv,
+  groupadd, groupdel, groupmod, pwck, grpck, lastlog, pwconv,
   and pwunconv
 
   Additionally, the library: libshadow.a is included for writing and/or
@@ -586,8 +586,6 @@
 
   ·  /usr/bin/chsh
 
-  ·  /usr/bin/id
-
   The BETA package has a save target in the Makefile, but it's commented
   out because different distributions place the programs in different
   places.
@@ -637,8 +635,6 @@
 
   ·  /usr/man/man1/chsh.1.gz
 
-  ·  /usr/man/man1/id.1.gz
-
   ·  /usr/man/man1/login.1.gz
 
   ·  /usr/man/man1/passwd.1.gz
@@ -1377,7 +1373,7 @@
   users or changing the group password, the /etc/gshadow file will be
   changed.
 
-  The programs groups, groupadd, groupmod, and groupdel are provided as
+  The programs groupadd, groupmod, and groupdel are provided as
   part of the Shadow Suite to modify groups.
 
   The format of the /etc/group file is as follows:

doc/contributions/build_install.md

@@ -62,9 +62,11 @@ You can either generate a single image by running the following command from
 the root folder of the project (i.e. Alpine):
 
 ```
-docker build -f share/containers/alpine.dockerfile . --output build-out/alpine
+ansible-playbook share/ansible/playbook.yml -i share/ansible/inventory.ini -e 'distribution=alpine'
 ```
 
+**Note**: you'll need to install ansible to run this automation.
+
 Or generate all of the images with the `container-build.sh` script, as if you
 were running some of the CI checks locally:
 

doc/contributions/introduction.md

@@ -72,6 +72,6 @@ understand the project's development model:
 * [Build & install](build_install.md)
 * [Coding style](coding_style.md)
 * [Tests](tests.md)
-* [Continuous Integration](CI.md)
+* [Continuous Integration](ci.md)
 * [Releases](releases.md)
 * [License](license.md)

lib/Makefile.am

@@ -29,16 +29,48 @@ libshadow_la_SOURCES = \
 	age.c \
 	agetpass.c \
 	agetpass.h \
-	alloc.c \
-	alloc.h \
-	atoi/a2i.c \
-	atoi/a2i.h \
-	atoi/str2i.c \
-	atoi/str2i.h \
-	atoi/strtoi.c \
-	atoi/strtoi.h \
-	atoi/strtou_noneg.c \
-	atoi/strtou_noneg.h \
+	alloc/calloc.c \
+	alloc/calloc.h \
+	alloc/malloc.c \
+	alloc/malloc.h \
+	alloc/realloc.c \
+	alloc/realloc.h \
+	alloc/reallocf.c \
+	alloc/reallocf.h \
+	alloc/x/xcalloc.c \
+	alloc/x/xcalloc.h \
+	alloc/x/xmalloc.c \
+	alloc/x/xmalloc.h \
+	alloc/x/xrealloc.c \
+	alloc/x/xrealloc.h \
+	atoi/a2i/a2i.c \
+	atoi/a2i/a2i.h \
+	atoi/a2i/a2s.c \
+	atoi/a2i/a2s.h \
+	atoi/a2i/a2s_c.c \
+	atoi/a2i/a2s_c.h \
+	atoi/a2i/a2s_nc.c \
+	atoi/a2i/a2s_nc.h \
+	atoi/a2i/a2u.c \
+	atoi/a2i/a2u.h \
+	atoi/a2i/a2u_c.c \
+	atoi/a2i/a2u_c.h \
+	atoi/a2i/a2u_nc.c \
+	atoi/a2i/a2u_nc.h \
+	atoi/getnum.c \
+	atoi/getnum.h \
+	atoi/str2i/str2i.c \
+	atoi/str2i/str2i.h \
+	atoi/str2i/str2s.c \
+	atoi/str2i/str2s.h \
+	atoi/str2i/str2u.c \
+	atoi/str2i/str2u.h \
+	atoi/strtoi/strtoi.c \
+	atoi/strtoi/strtoi.h \
+	atoi/strtoi/strtou.c \
+	atoi/strtoi/strtou.h \
+	atoi/strtoi/strtou_noneg.c \
+	atoi/strtoi/strtou_noneg.h \
 	attr.h \
 	audit_help.c \
 	basename.c \
@@ -71,9 +103,11 @@ libshadow_la_SOURCES = \
 	find_new_sub_gids.c \
 	find_new_sub_uids.c \
 	fputsx.c \
-	get_gid.c \
+	fs/readlink/areadlink.c \
+	fs/readlink/areadlink.h \
+	fs/readlink/readlinknul.c \
+	fs/readlink/readlinknul.h \
 	get_pid.c \
-	get_uid.c \
 	getdate.h \
 	getdate.y \
 	getdef.c \
@@ -94,8 +128,6 @@ libshadow_la_SOURCES = \
 	lockpw.c \
 	loginprompt.c \
 	mail.c \
-	memzero.c \
-	memzero.h \
 	motd.c \
 	must_be.h \
 	myname.c \
@@ -119,7 +151,6 @@ libshadow_la_SOURCES = \
 	pwdcheck.c \
 	pwmem.c \
 	remove_tree.c \
-	rlogin.c \
 	root_flag.c \
 	run_part.h \
 	run_part.c \
@@ -145,18 +176,42 @@ libshadow_la_SOURCES = \
 	spawn.c \
 	sssd.c \
 	sssd.h \
-	string/sprintf.c \
-	string/sprintf.h \
-	string/stpecpy.c \
-	string/stpecpy.h \
-	string/stpeprintf.c \
-	string/stpeprintf.h \
+	string/memset/memzero.c \
+	string/memset/memzero.h \
+	string/sprintf/snprintf.c \
+	string/sprintf/snprintf.h \
+	string/sprintf/stpeprintf.c \
+	string/sprintf/stpeprintf.h \
+	string/sprintf/xasprintf.c \
+	string/sprintf/xasprintf.h \
+	string/strchr/strchrcnt.c \
+	string/strchr/strchrcnt.h \
+	string/strchr/stpspn.c \
+	string/strchr/stpspn.h \
+	string/strchr/strnul.c \
+	string/strchr/strnul.h \
+	string/strchr/strrspn.c \
+	string/strchr/strrspn.h \
+	string/strcmp/streq.c \
+	string/strcmp/streq.h \
+	string/strcpy/stpecpy.c \
+	string/strcpy/stpecpy.h \
+	string/strcpy/strncat.c \
+	string/strcpy/strncat.h \
+	string/strcpy/strncpy.c \
+	string/strcpy/strncpy.h \
+	string/strcpy/strtcpy.c \
+	string/strcpy/strtcpy.h \
+	string/strdup/strndupa.c \
+	string/strdup/strndupa.h \
+	string/strdup/xstrdup.c \
+	string/strdup/xstrdup.h \
+	string/strdup/xstrndup.c \
+	string/strdup/xstrndup.h \
 	string/strftime.c \
 	string/strftime.h \
-	string/strncpy.h \
-	string/strtcpy.c \
-	string/strtcpy.h \
-	string/zustr2stp.h \
+	string/strtok/stpsep.c \
+	string/strtok/stpsep.h \
 	strtoday.c \
 	sub.c \
 	subordinateio.h \
@@ -165,6 +220,7 @@ libshadow_la_SOURCES = \
 	time/day_to_str.c \
 	time/day_to_str.h \
 	ttytype.c \
+	typetraits.h \
 	tz.c \
 	ulimit.c \
 	user_busy.c \

lib/addgrps.c

@@ -14,28 +14,30 @@
 #include "prototypes.h"
 #include "defines.h"
 
-#include <stdio.h>
-#include <grp.h>
 #include <errno.h>
+#include <grp.h>
+#include <stdio.h>
+#include <string.h>
 
-#include "alloc.h"
+#include "alloc/malloc.h"
+#include "alloc/reallocf.h"
 #include "shadowlog.h"
 
 #ident "$Id$"
 
-#define SEP ",:"
 /*
  * Add groups with names from LIST (separated by commas or colons)
  * to the supplementary group set.  Silently ignore groups which are
- * already there.  Warning: uses strtok().
+ * already there.
  */
-int add_groups (const char *list)
+int
+add_groups(const char *list)
 {
 	GETGROUPS_T *grouplist;
 	size_t i;
 	int ngroups;
 	bool added;
-	char *token;
+	char *g, *p;
 	char buf[1024];
 	int ret;
 	FILE *shadow_logfd = log_get_logfd();
@@ -70,13 +72,13 @@ int add_groups (const char *list)
 	}
 
 	added = false;
-	for (token = strtok (buf, SEP); NULL != token; token = strtok (NULL, SEP)) {
+	p = buf;
+	while (NULL != (g = strsep(&p, ",:"))) {
 		struct group *grp;
 
-		grp = getgrnam (token); /* local, no need for xgetgrnam */
+		grp = getgrnam(g); /* local, no need for xgetgrnam */
 		if (NULL == grp) {
-			fprintf (shadow_logfd, _("Warning: unknown group %s\n"),
-				 token);
+			fprintf(shadow_logfd, _("Warning: unknown group %s\n"), g);
 			continue;
 		}
 

lib/agetpass.c

@@ -16,7 +16,7 @@
 
 #ident "$Id$"
 
-#include "alloc.h"
+#include "alloc/malloc.h"
 
 #if WITH_LIBBSD == 0
 #include "freezero.h"

lib/alloc.c

@@ -1,73 +0,0 @@
-/*
- * SPDX-FileCopyrightText: 1990 - 1994, Julianne Frances Haugh
- * SPDX-FileCopyrightText: 1996 - 1998, Marek Michałkiewicz
- * SPDX-FileCopyrightText: 2003 - 2006, Tomasz Kłoczko
- * SPDX-FileCopyrightText: 2008       , Nicolas François
- * SPDX-FileCopyrightText: 2023       , Alejandro Colomar <alx@kernel.org>
- *
- * SPDX-License-Identifier: BSD-3-Clause
- */
-
-/* Replacements for malloc and strdup with error checking.  Too trivial
-   to be worth copyrighting :-).  I did that because a lot of code used
-   malloc and strdup without checking for NULL pointer, and I like some
-   message better than a core dump...  --marekm
-
-   Yeh, but.  Remember that bailing out might leave the system in some
-   bizarre state.  You really want to put in error checking, then add
-   some back-out failure recovery code. -- jfh */
-
-#include <config.h>
-
-#ident "$Id$"
-
-#include "alloc.h"
-
-#include <errno.h>
-#include <stddef.h>
-#include <stdio.h>
-
-#include "defines.h"
-#include "prototypes.h"
-#include "shadowlog.h"
-
-
-extern inline void *xmalloc(size_t size);
-extern inline void *xmallocarray(size_t nmemb, size_t size);
-extern inline void *mallocarray(size_t nmemb, size_t size);
-extern inline void *reallocarrayf(void *p, size_t nmemb, size_t size);
-extern inline char *xstrdup(const char *str);
-
-
-void *
-xcalloc(size_t nmemb, size_t size)
-{
-	void  *p;
-
-	p = calloc(nmemb, size);
-	if (p == NULL)
-		goto x;
-
-	return p;
-
-x:
-	fprintf(log_get_logfd(), _("%s: %s\n"),
-	        log_get_progname(), strerror(errno));
-	exit(13);
-}
-
-
-void *
-xreallocarray(void *p, size_t nmemb, size_t size)
-{
-	p = reallocarrayf(p, nmemb, size);
-	if (p == NULL)
-		goto x;
-
-	return p;
-
-x:
-	fprintf(log_get_logfd(), _("%s: %s\n"),
-	        log_get_progname(), strerror(errno));
-	exit(13);
-}

lib/alloc.h

@@ -1,101 +0,0 @@
-// SPDX-FileCopyrightText: 2023-2024, Alejandro Colomar <alx@kernel.org>
-// SPDX-License-Identifier: BSD-3-Clause
-
-
-#ifndef SHADOW_INCLUDE_LIB_MALLOC_H_
-#define SHADOW_INCLUDE_LIB_MALLOC_H_
-
-
-#include <config.h>
-
-#include <assert.h>
-#include <errno.h>
-#include <stddef.h>
-#include <stdint.h>
-#include <stdlib.h>
-
-#include "attr.h"
-#include "defines.h"
-
-
-#define CALLOC(n, type)   ((type *) calloc(n, sizeof(type)))
-#define XCALLOC(n, type)  ((type *) xcalloc(n, sizeof(type)))
-#define MALLOC(n, type)   ((type *) mallocarray(n, sizeof(type)))
-#define XMALLOC(n, type)  ((type *) xmallocarray(n, sizeof(type)))
-
-#define REALLOC(ptr, n, type)                                                 \
-(                                                                             \
-	_Generic(ptr, type *:  (type *) reallocarray(ptr, n, sizeof(type)))   \
-)
-
-#define REALLOCF(ptr, n, type)                                                \
-(                                                                             \
-	_Generic(ptr, type *:  (type *) reallocarrayf(ptr, n, sizeof(type)))  \
-)
-
-#define XREALLOC(ptr, n, type)                                                \
-(                                                                             \
-	_Generic(ptr, type *:  (type *) xreallocarray(ptr, n, sizeof(type)))  \
-)
-
-
-ATTR_MALLOC(free)
-inline void *xmalloc(size_t size);
-ATTR_MALLOC(free)
-inline void *xmallocarray(size_t nmemb, size_t size);
-ATTR_MALLOC(free)
-inline void *mallocarray(size_t nmemb, size_t size);
-ATTR_MALLOC(free)
-inline void *reallocarrayf(void *p, size_t nmemb, size_t size);
-ATTR_MALLOC(free)
-inline char *xstrdup(const char *str);
-
-ATTR_MALLOC(free)
-void *xcalloc(size_t nmemb, size_t size);
-ATTR_MALLOC(free)
-void *xreallocarray(void *p, size_t nmemb, size_t size);
-
-
-inline void *
-xmalloc(size_t size)
-{
-	return xmallocarray(1, size);
-}
-
-
-inline void *
-xmallocarray(size_t nmemb, size_t size)
-{
-	return xreallocarray(NULL, nmemb, size);
-}
-
-
-inline void *
-mallocarray(size_t nmemb, size_t size)
-{
-	return reallocarray(NULL, nmemb, size);
-}
-
-
-inline void *
-reallocarrayf(void *p, size_t nmemb, size_t size)
-{
-	void  *q;
-
-	q = reallocarray(p, nmemb, size);
-
-	/* realloc(p, 0) is equivalent to free(p);  avoid double free.  */
-	if (q == NULL && nmemb != 0 && size != 0)
-		free(p);
-	return q;
-}
-
-
-inline char *
-xstrdup(const char *str)
-{
-	return strcpy(XMALLOC(strlen(str) + 1, char), str);
-}
-
-
-#endif  // include guard

lib/alloc/calloc.c

@@ -0,0 +1,11 @@
+// SPDX-FileCopyrightText: 1990-1994, Julianne Frances Haugh
+// SPDX-FileCopyrightText: 1996-1998, Marek Michałkiewicz
+// SPDX-FileCopyrightText: 2003-2006, Tomasz Kłoczko
+// SPDX-FileCopyrightText: 2008     , Nicolas François
+// SPDX-FileCopyrightText: 2023-2024, Alejandro Colomar <alx@kernel.org>
+// SPDX-License-Identifier: BSD-3-Clause
+
+
+#include <config.h>
+
+#include "alloc/calloc.h"

lib/alloc/calloc.h

@@ -0,0 +1,20 @@
+// SPDX-FileCopyrightText: 2023-2024, Alejandro Colomar <alx@kernel.org>
+// SPDX-License-Identifier: BSD-3-Clause
+
+
+#ifndef SHADOW_INCLUDE_LIB_ALLOC_CALLOC_H_
+#define SHADOW_INCLUDE_LIB_ALLOC_CALLOC_H_
+
+
+#include <config.h>
+
+#include <stdlib.h>
+
+
+#define CALLOC(n, type)                                                       \
+(                                                                             \
+	(type *) calloc(n, sizeof(type))                                      \
+)
+
+
+#endif  // include guard

lib/alloc/malloc.c

@@ -0,0 +1,16 @@
+// SPDX-FileCopyrightText: 1990-1994, Julianne Frances Haugh
+// SPDX-FileCopyrightText: 1996-1998, Marek Michałkiewicz
+// SPDX-FileCopyrightText: 2003-2006, Tomasz Kłoczko
+// SPDX-FileCopyrightText: 2008     , Nicolas François
+// SPDX-FileCopyrightText: 2023-2024, Alejandro Colomar <alx@kernel.org>
+// SPDX-License-Identifier: BSD-3-Clause
+
+
+#include <config.h>
+
+#include "alloc/malloc.h"
+
+#include <stddef.h>
+
+
+extern inline void *mallocarray(size_t nmemb, size_t size);

lib/alloc/malloc.h

@@ -0,0 +1,34 @@
+// SPDX-FileCopyrightText: 2023-2024, Alejandro Colomar <alx@kernel.org>
+// SPDX-License-Identifier: BSD-3-Clause
+
+
+#ifndef SHADOW_INCLUDE_LIB_ALLOC_MALLOC_H_
+#define SHADOW_INCLUDE_LIB_ALLOC_MALLOC_H_
+
+
+#include <config.h>
+
+#include <stdlib.h>
+
+#include "attr.h"
+
+
+#define MALLOC(n, type)                                                       \
+(                                                                             \
+	(type *) mallocarray(n, sizeof(type))                                 \
+)
+
+
+ATTR_ALLOC_SIZE(1, 2)
+ATTR_MALLOC(free)
+inline void *mallocarray(size_t nmemb, size_t size);
+
+
+inline void *
+mallocarray(size_t nmemb, size_t size)
+{
+	return reallocarray(NULL, nmemb, size);
+}
+
+
+#endif  // include guard

lib/alloc/realloc.c

@@ -0,0 +1,11 @@
+// SPDX-FileCopyrightText: 1990-1994, Julianne Frances Haugh
+// SPDX-FileCopyrightText: 1996-1998, Marek Michałkiewicz
+// SPDX-FileCopyrightText: 2003-2006, Tomasz Kłoczko
+// SPDX-FileCopyrightText: 2008     , Nicolas François
+// SPDX-FileCopyrightText: 2023-2024, Alejandro Colomar <alx@kernel.org>
+// SPDX-License-Identifier: BSD-3-Clause
+
+
+#include <config.h>
+
+#include "alloc/realloc.h"

lib/alloc/realloc.h

@@ -0,0 +1,20 @@
+// SPDX-FileCopyrightText: 2023-2024, Alejandro Colomar <alx@kernel.org>
+// SPDX-License-Identifier: BSD-3-Clause
+
+
+#ifndef SHADOW_INCLUDE_LIB_ALLOC_REALLOC_H_
+#define SHADOW_INCLUDE_LIB_ALLOC_REALLOC_H_
+
+
+#include <config.h>
+
+#include <stdlib.h>
+
+
+#define REALLOC(p, n, type)                                                   \
+(                                                                             \
+	_Generic(p, type *: (type *) reallocarray(p, (n) ?: 1, sizeof(type))) \
+)
+
+
+#endif  // include guard

lib/alloc/reallocf.c

@@ -0,0 +1,16 @@
+// SPDX-FileCopyrightText: 1990-1994, Julianne Frances Haugh
+// SPDX-FileCopyrightText: 1996-1998, Marek Michałkiewicz
+// SPDX-FileCopyrightText: 2003-2006, Tomasz Kłoczko
+// SPDX-FileCopyrightText: 2008     , Nicolas François
+// SPDX-FileCopyrightText: 2023-2024, Alejandro Colomar <alx@kernel.org>
+// SPDX-License-Identifier: BSD-3-Clause
+
+
+#include <config.h>
+
+#include "alloc/reallocf.h"
+
+#include <stddef.h>
+
+
+extern inline void *reallocarrayf(void *p, size_t nmemb, size_t size);

lib/alloc/reallocf.h

@@ -0,0 +1,41 @@
+// SPDX-FileCopyrightText: 2023-2024, Alejandro Colomar <alx@kernel.org>
+// SPDX-License-Identifier: BSD-3-Clause
+
+
+#ifndef SHADOW_INCLUDE_LIB_ALLOC_REALLOCF_H_
+#define SHADOW_INCLUDE_LIB_ALLOC_REALLOCF_H_
+
+
+#include <config.h>
+
+#include <stddef.h>
+#include <stdlib.h>
+
+#include "attr.h"
+
+
+#define REALLOCF(p, n, type)                                                  \
+(                                                                             \
+	_Generic(p, type *: (type *) reallocarrayf(p, (n) ?: 1, sizeof(type)))\
+)
+
+
+ATTR_ALLOC_SIZE(2, 3)
+ATTR_MALLOC(free)
+inline void *reallocarrayf(void *p, size_t nmemb, size_t size);
+
+
+inline void *
+reallocarrayf(void *p, size_t nmemb, size_t size)
+{
+	void  *q;
+
+	q = reallocarray(p, nmemb ?: 1, size ?: 1);
+
+	if (q == NULL)
+		free(p);
+	return q;
+}
+
+
+#endif  // include guard

lib/alloc/x/xcalloc.c

@@ -0,0 +1,36 @@
+// SPDX-FileCopyrightText: 1990-1994, Julianne Frances Haugh
+// SPDX-FileCopyrightText: 1996-1998, Marek Michałkiewicz
+// SPDX-FileCopyrightText: 2003-2006, Tomasz Kłoczko
+// SPDX-FileCopyrightText: 2008     , Nicolas François
+// SPDX-FileCopyrightText: 2023-2024, Alejandro Colomar <alx@kernel.org>
+// SPDX-License-Identifier: BSD-3-Clause
+
+
+#include <config.h>
+
+#include "alloc/x/xcalloc.h"
+
+#include <stddef.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "defines.h"
+#include "shadowlog.h"
+
+
+void *
+xcalloc(size_t nmemb, size_t size)
+{
+	void  *p;
+
+	p = calloc(nmemb, size);
+	if (p == NULL)
+		goto x;
+
+	return p;
+
+x:
+	fprintf(log_get_logfd(), _("%s: %s\n"),
+	        log_get_progname(), strerror(errno));
+	exit(13);
+}

lib/alloc/x/xcalloc.h

@@ -0,0 +1,28 @@
+// SPDX-FileCopyrightText: 2023-2024, Alejandro Colomar <alx@kernel.org>
+// SPDX-License-Identifier: BSD-3-Clause
+
+
+#ifndef SHADOW_INCLUDE_LIB_ALLOC_X_XCALLOC_H_
+#define SHADOW_INCLUDE_LIB_ALLOC_X_XCALLOC_H_
+
+
+#include <config.h>
+
+#include <stddef.h>
+#include <stdlib.h>
+
+#include "attr.h"
+
+
+#define XCALLOC(n, type)                                                      \
+(                                                                             \
+	(type *) xcalloc(n, sizeof(type))                                     \
+)
+
+
+ATTR_ALLOC_SIZE(1, 2)
+ATTR_MALLOC(free)
+void *xcalloc(size_t nmemb, size_t size);
+
+
+#endif  // include guard

lib/alloc/x/xmalloc.c

@@ -0,0 +1,16 @@
+// SPDX-FileCopyrightText: 1990-1994, Julianne Frances Haugh
+// SPDX-FileCopyrightText: 1996-1998, Marek Michałkiewicz
+// SPDX-FileCopyrightText: 2003-2006, Tomasz Kłoczko
+// SPDX-FileCopyrightText: 2008     , Nicolas François
+// SPDX-FileCopyrightText: 2023-2024, Alejandro Colomar <alx@kernel.org>
+// SPDX-License-Identifier: BSD-3-Clause
+
+
+#include <config.h>
+
+#include "alloc/x/xmalloc.h"
+
+#include <stddef.h>
+
+
+extern inline void *xmallocarray(size_t nmemb, size_t size);

lib/alloc/x/xmalloc.h

@@ -0,0 +1,35 @@
+// SPDX-FileCopyrightText: 2023-2024, Alejandro Colomar <alx@kernel.org>
+// SPDX-License-Identifier: BSD-3-Clause
+
+
+#ifndef SHADOW_INCLUDE_LIB_ALLOC_X_XMALLOC_H_
+#define SHADOW_INCLUDE_LIB_ALLOC_X_XMALLOC_H_
+
+
+#include <config.h>
+
+#include <stddef.h>
+
+#include "alloc/x/xrealloc.h"
+#include "attr.h"
+
+
+#define XMALLOC(n, type)                                                      \
+(                                                                             \
+	(type *) xmallocarray(n, sizeof(type))                                \
+)
+
+
+ATTR_ALLOC_SIZE(1, 2)
+ATTR_MALLOC(free)
+inline void *xmallocarray(size_t nmemb, size_t size);
+
+
+inline void *
+xmallocarray(size_t nmemb, size_t size)
+{
+	return xreallocarray(NULL, nmemb, size);
+}
+
+
+#endif  // include guard

lib/alloc/x/xrealloc.c

@@ -0,0 +1,35 @@
+// SPDX-FileCopyrightText: 1990-1994, Julianne Frances Haugh
+// SPDX-FileCopyrightText: 1996-1998, Marek Michałkiewicz
+// SPDX-FileCopyrightText: 2003-2006, Tomasz Kłoczko
+// SPDX-FileCopyrightText: 2008     , Nicolas François
+// SPDX-FileCopyrightText: 2023-2024, Alejandro Colomar <alx@kernel.org>
+// SPDX-License-Identifier: BSD-3-Clause
+
+
+#include <config.h>
+
+#include "alloc/x/xrealloc.h"
+
+#include <stddef.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "alloc/reallocf.h"
+#include "defines.h"
+#include "shadowlog.h"
+
+
+void *
+xreallocarray(void *p, size_t nmemb, size_t size)
+{
+	p = reallocarrayf(p, nmemb, size);
+	if (p == NULL)
+		goto x;
+
+	return p;
+
+x:
+	fprintf(log_get_logfd(), _("%s: %s\n"),
+	        log_get_progname(), strerror(errno));
+	exit(13);
+}

lib/alloc/x/xrealloc.h

@@ -0,0 +1,31 @@
+// SPDX-FileCopyrightText: 2023-2024, Alejandro Colomar <alx@kernel.org>
+// SPDX-License-Identifier: BSD-3-Clause
+
+
+#ifndef SHADOW_INCLUDE_LIB_MALLOC_H_
+#define SHADOW_INCLUDE_LIB_MALLOC_H_
+
+
+#include <config.h>
+
+#include <assert.h>
+#include <errno.h>
+#include <stddef.h>
+#include <stdint.h>
+#include <stdlib.h>
+
+#include "attr.h"
+
+
+#define XREALLOC(ptr, n, type)                                                \
+(                                                                             \
+	_Generic(ptr, type *:  (type *) xreallocarray(ptr, n, sizeof(type)))  \
+)
+
+
+ATTR_ALLOC_SIZE(2, 3)
+ATTR_MALLOC(free)
+void *xreallocarray(void *p, size_t nmemb, size_t size);
+
+
+#endif  // include guard

lib/atoi/a2i.c

@@ -1,46 +0,0 @@
-// SPDX-FileCopyrightText: 2023-2024, Alejandro Colomar <alx@kernel.org>
-// SPDX-License-Identifier: BSD-3-Clause
-
-
-#include <config.h>
-
-#include "atoi/a2i.h"
-
-
-extern inline int a2sh_c(short *restrict n, const char *s,
-    const char **restrict endp, int base, short min, short max);
-extern inline int a2si_c(int *restrict n, const char *s,
-    const char **restrict endp, int base, int min, int max);
-extern inline int a2sl_c(long *restrict n, const char *s,
-    const char **restrict endp, int base, long min, long max);
-extern inline int a2sll_c(long long *restrict n, const char *s,
-    const char **restrict endp, int base, long long min, long long max);
-extern inline int a2uh_c(unsigned short *restrict n, const char *s,
-    const char **restrict endp, int base, unsigned short min,
-    unsigned short max);
-extern inline int a2ui_c(unsigned int *restrict n, const char *s,
-    const char **restrict endp, int base, unsigned int min, unsigned int max);
-extern inline int a2ul_c(unsigned long *restrict n, const char *s,
-    const char **restrict endp, int base, unsigned long min, unsigned long max);
-extern inline int a2ull_c(unsigned long long *restrict n, const char *s,
-    const char **restrict endp, int base, unsigned long long min,
-    unsigned long long max);
-
-
-extern inline int a2sh_nc(short *restrict n, char *s,
-    char **restrict endp, int base, short min, short max);
-extern inline int a2si_nc(int *restrict n, char *s,
-    char **restrict endp, int base, int min, int max);
-extern inline int a2sl_nc(long *restrict n, char *s,
-    char **restrict endp, int base, long min, long max);
-extern inline int a2sll_nc(long long *restrict n, char *s,
-    char **restrict endp, int base, long long min, long long max);
-extern inline int a2uh_nc(unsigned short *restrict n, char *s,
-    char **restrict endp, int base, unsigned short min, unsigned short max);
-extern inline int a2ui_nc(unsigned int *restrict n, char *s,
-    char **restrict endp, int base, unsigned int min, unsigned int max);
-extern inline int a2ul_nc(unsigned long *restrict n, char *s,
-    char **restrict endp, int base, unsigned long min, unsigned long max);
-extern inline int a2ull_nc(unsigned long long *restrict n, char *s,
-    char **restrict endp, int base, unsigned long long min,
-    unsigned long long max);

lib/atoi/a2i.h

@@ -1,386 +0,0 @@
-// SPDX-FileCopyrightText: 2023-2024, Alejandro Colomar <alx@kernel.org>
-// SPDX-License-Identifier: BSD-3-Clause
-
-
-#ifndef SHADOW_INCLUDE_LIB_ATOI_A2I_H_
-#define SHADOW_INCLUDE_LIB_ATOI_A2I_H_
-
-
-#include <config.h>
-
-#include <errno.h>
-
-#include "atoi/strtoi.h"
-#include "atoi/strtou_noneg.h"
-#include "attr.h"
-
-
-/*
- * See the manual of these macros in liba2i's documentation:
- * <http://www.alejandro-colomar.es/share/dist/liba2i/git/HEAD/liba2i-HEAD.pdf>
- */
-
-
-#define a2i(TYPE, n, s, ...)                                                  \
-(                                                                             \
-	_Generic((void (*)(TYPE, typeof(s))) 0,                               \
-		void (*)(short,              const char *):  a2sh_c,          \
-		void (*)(short,              const void *):  a2sh_c,          \
-		void (*)(short,              char *):        a2sh_nc,         \
-		void (*)(short,              void *):        a2sh_nc,         \
-		void (*)(int,                const char *):  a2si_c,          \
-		void (*)(int,                const void *):  a2si_c,          \
-		void (*)(int,                char *):        a2si_nc,         \
-		void (*)(int,                void *):        a2si_nc,         \
-		void (*)(long,               const char *):  a2sl_c,          \
-		void (*)(long,               const void *):  a2sl_c,          \
-		void (*)(long,               char *):        a2sl_nc,         \
-		void (*)(long,               void *):        a2sl_nc,         \
-		void (*)(long long,          const char *):  a2sll_c,         \
-		void (*)(long long,          const void *):  a2sll_c,         \
-		void (*)(long long,          char *):        a2sll_nc,        \
-		void (*)(long long,          void *):        a2sll_nc,        \
-		void (*)(unsigned short,     const char *):  a2uh_c,          \
-		void (*)(unsigned short,     const void *):  a2uh_c,          \
-		void (*)(unsigned short,     char *):        a2uh_nc,         \
-		void (*)(unsigned short,     void *):        a2uh_nc,         \
-		void (*)(unsigned int,       const char *):  a2ui_c,          \
-		void (*)(unsigned int,       const void *):  a2ui_c,          \
-		void (*)(unsigned int,       char *):        a2ui_nc,         \
-		void (*)(unsigned int,       void *):        a2ui_nc,         \
-		void (*)(unsigned long,      const char *):  a2ul_c,          \
-		void (*)(unsigned long,      const void *):  a2ul_c,          \
-		void (*)(unsigned long,      char *):        a2ul_nc,         \
-		void (*)(unsigned long,      void *):        a2ul_nc,         \
-		void (*)(unsigned long long, const char *):  a2ull_c,         \
-		void (*)(unsigned long long, const void *):  a2ull_c,         \
-		void (*)(unsigned long long, char *):        a2ull_nc,        \
-		void (*)(unsigned long long, void *):        a2ull_nc         \
-	)(n, s, __VA_ARGS__)                                                  \
-)
-
-
-#define a2sh(n, s, ...)                                                       \
-(                                                                             \
-	_Generic(s,                                                           \
-		const char *:  a2sh_c,                                        \
-		const void *:  a2sh_c,                                        \
-		char *:        a2sh_nc,                                       \
-		void *:        a2sh_nc                                        \
-	)(n, s, __VA_ARGS__)                                                  \
-)
-
-#define a2si(n, s, ...)                                                       \
-(                                                                             \
-	_Generic(s,                                                           \
-		const char *:  a2si_c,                                        \
-		const void *:  a2si_c,                                        \
-		char *:        a2si_nc,                                       \
-		void *:        a2si_nc                                        \
-	)(n, s, __VA_ARGS__)                                                  \
-)
-
-#define a2sl(n, s, ...)                                                       \
-(                                                                             \
-	_Generic(s,                                                           \
-		const char *:  a2sl_c,                                        \
-		const void *:  a2sl_c,                                        \
-		char *:        a2sl_nc,                                       \
-		void *:        a2sl_nc                                        \
-	)(n, s, __VA_ARGS__)                                                  \
-)
-
-#define a2sll(n, s, ...)                                                      \
-(                                                                             \
-	_Generic(s,                                                           \
-		const char *:  a2sll_c,                                       \
-		const void *:  a2sll_c,                                       \
-		char *:        a2sll_nc,                                      \
-		void *:        a2sll_nc                                       \
-	)(n, s, __VA_ARGS__)                                                  \
-)
-
-#define a2uh(n, s, ...)                                                       \
-(                                                                             \
-	_Generic(s,                                                           \
-		const char *:  a2uh_c,                                        \
-		const void *:  a2uh_c,                                        \
-		char *:        a2uh_nc,                                       \
-		void *:        a2uh_nc                                        \
-	)(n, s, __VA_ARGS__)                                                  \
-)
-
-#define a2ui(n, s, ...)                                                       \
-(                                                                             \
-	_Generic(s,                                                           \
-		const char *:  a2ui_c,                                        \
-		const void *:  a2ui_c,                                        \
-		char *:        a2ui_nc,                                       \
-		void *:        a2ui_nc                                        \
-	)(n, s, __VA_ARGS__)                                                  \
-)
-
-#define a2ul(n, s, ...)                                                       \
-(                                                                             \
-	_Generic(s,                                                           \
-		const char *:  a2ul_c,                                        \
-		const void *:  a2ul_c,                                        \
-		char *:        a2ul_nc,                                       \
-		void *:        a2ul_nc                                        \
-	)(n, s, __VA_ARGS__)                                                  \
-)
-
-#define a2ull(n, s, ...)                                                      \
-(                                                                             \
-	_Generic(s,                                                           \
-		const char *:  a2ull_c,                                       \
-		const void *:  a2ull_c,                                       \
-		char *:        a2ull_nc,                                      \
-		void *:        a2ull_nc                                       \
-	)(n, s, __VA_ARGS__)                                                  \
-)
-
-
-ATTR_STRING(2) ATTR_ACCESS(write_only, 1) ATTR_ACCESS(write_only, 3)
-inline int a2sh_c(short *restrict n, const char *s,
-    const char **restrict endp, int base, short min, short max);
-ATTR_STRING(2) ATTR_ACCESS(write_only, 1) ATTR_ACCESS(write_only, 3)
-inline int a2si_c(int *restrict n, const char *s,
-    const char **restrict endp, int base, int min, int max);
-ATTR_STRING(2) ATTR_ACCESS(write_only, 1) ATTR_ACCESS(write_only, 3)
-inline int a2sl_c(long *restrict n, const char *s,
-    const char **restrict endp, int base, long min, long max);
-ATTR_STRING(2) ATTR_ACCESS(write_only, 1) ATTR_ACCESS(write_only, 3)
-inline int a2sll_c(long long *restrict n, const char *s,
-    const char **restrict endp, int base, long long min, long long max);
-ATTR_STRING(2) ATTR_ACCESS(write_only, 1) ATTR_ACCESS(write_only, 3)
-inline int a2uh_c(unsigned short *restrict n, const char *s,
-    const char **restrict endp, int base, unsigned short min,
-    unsigned short max);
-ATTR_STRING(2) ATTR_ACCESS(write_only, 1) ATTR_ACCESS(write_only, 3)
-inline int a2ui_c(unsigned int *restrict n, const char *s,
-    const char **restrict endp, int base, unsigned int min, unsigned int max);
-ATTR_STRING(2) ATTR_ACCESS(write_only, 1) ATTR_ACCESS(write_only, 3)
-inline int a2ul_c(unsigned long *restrict n, const char *s,
-    const char **restrict endp, int base, unsigned long min, unsigned long max);
-ATTR_STRING(2) ATTR_ACCESS(write_only, 1) ATTR_ACCESS(write_only, 3)
-inline int a2ull_c(unsigned long long *restrict n, const char *s,
-    const char **restrict endp, int base, unsigned long long min,
-    unsigned long long max);
-
-ATTR_STRING(2) ATTR_ACCESS(write_only, 1) ATTR_ACCESS(write_only, 3)
-inline int a2sh_nc(short *restrict n, char *s,
-    char **restrict endp, int base, short min, short max);
-ATTR_STRING(2) ATTR_ACCESS(write_only, 1) ATTR_ACCESS(write_only, 3)
-inline int a2si_nc(int *restrict n, char *s,
-    char **restrict endp, int base, int min, int max);
-ATTR_STRING(2) ATTR_ACCESS(write_only, 1) ATTR_ACCESS(write_only, 3)
-inline int a2sl_nc(long *restrict n, char *s,
-    char **restrict endp, int base, long min, long max);
-ATTR_STRING(2) ATTR_ACCESS(write_only, 1) ATTR_ACCESS(write_only, 3)
-inline int a2sll_nc(long long *restrict n, char *s,
-    char **restrict endp, int base, long long min, long long max);
-ATTR_STRING(2) ATTR_ACCESS(write_only, 1) ATTR_ACCESS(write_only, 3)
-inline int a2uh_nc(unsigned short *restrict n, char *s,
-    char **restrict endp, int base, unsigned short min, unsigned short max);
-ATTR_STRING(2) ATTR_ACCESS(write_only, 1) ATTR_ACCESS(write_only, 3)
-inline int a2ui_nc(unsigned int *restrict n, char *s,
-    char **restrict endp, int base, unsigned int min, unsigned int max);
-ATTR_STRING(2) ATTR_ACCESS(write_only, 1) ATTR_ACCESS(write_only, 3)
-inline int a2ul_nc(unsigned long *restrict n, char *s,
-    char **restrict endp, int base, unsigned long min, unsigned long max);
-ATTR_STRING(2) ATTR_ACCESS(write_only, 1) ATTR_ACCESS(write_only, 3)
-inline int a2ull_nc(unsigned long long *restrict n, char *s,
-    char **restrict endp, int base, unsigned long long min,
-    unsigned long long max);
-
-
-inline int
-a2sh_c(short *restrict n, const char *s,
-    const char **restrict endp, int base, short min, short max)
-{
-	return a2sh(n, (char *) s, (char **) endp, base, min, max);
-}
-
-
-inline int
-a2si_c(int *restrict n, const char *s,
-    const char **restrict endp, int base, int min, int max)
-{
-	return a2si(n, (char *) s, (char **) endp, base, min, max);
-}
-
-
-inline int
-a2sl_c(long *restrict n, const char *s,
-    const char **restrict endp, int base, long min, long max)
-{
-	return a2sl(n, (char *) s, (char **) endp, base, min, max);
-}
-
-
-inline int
-a2sll_c(long long *restrict n, const char *s,
-    const char **restrict endp, int base, long long min, long long max)
-{
-	return a2sll(n, (char *) s, (char **) endp, base, min, max);
-}
-
-
-inline int
-a2uh_c(unsigned short *restrict n, const char *s,
-    const char **restrict endp, int base, unsigned short min,
-    unsigned short max)
-{
-	return a2uh(n, (char *) s, (char **) endp, base, min, max);
-}
-
-
-inline int
-a2ui_c(unsigned int *restrict n, const char *s,
-    const char **restrict endp, int base, unsigned int min, unsigned int max)
-{
-	return a2ui(n, (char *) s, (char **) endp, base, min, max);
-}
-
-
-inline int
-a2ul_c(unsigned long *restrict n, const char *s,
-    const char **restrict endp, int base, unsigned long min, unsigned long max)
-{
-	return a2ul(n, (char *) s, (char **) endp, base, min, max);
-}
-
-
-inline int
-a2ull_c(unsigned long long *restrict n, const char *s,
-    const char **restrict endp, int base, unsigned long long min,
-    unsigned long long max)
-{
-	return a2ull(n, (char *) s, (char **) endp, base, min, max);
-}
-
-
-inline int
-a2sh_nc(short *restrict n, char *s,
-    char **restrict endp, int base, short min, short max)
-{
-	int  status;
-
-	*n = strtoi_(s, endp, base, min, max, &status);
-	if (status != 0) {
-		errno = status;
-		return -1;
-	}
-	return 0;
-}
-
-
-inline int
-a2si_nc(int *restrict n, char *s,
-    char **restrict endp, int base, int min, int max)
-{
-	int  status;
-
-	*n = strtoi_(s, endp, base, min, max, &status);
-	if (status != 0) {
-		errno = status;
-		return -1;
-	}
-	return 0;
-}
-
-
-inline int
-a2sl_nc(long *restrict n, char *s,
-    char **restrict endp, int base, long min, long max)
-{
-	int  status;
-
-	*n = strtoi_(s, endp, base, min, max, &status);
-	if (status != 0) {
-		errno = status;
-		return -1;
-	}
-	return 0;
-}
-
-
-inline int
-a2sll_nc(long long *restrict n, char *s,
-    char **restrict endp, int base, long long min, long long max)
-{
-	int  status;
-
-	*n = strtoi_(s, endp, base, min, max, &status);
-	if (status != 0) {
-		errno = status;
-		return -1;
-	}
-	return 0;
-}
-
-
-inline int
-a2uh_nc(unsigned short *restrict n, char *s,
-    char **restrict endp, int base, unsigned short min,
-    unsigned short max)
-{
-	int  status;
-
-	*n = strtou_noneg(s, endp, base, min, max, &status);
-	if (status != 0) {
-		errno = status;
-		return -1;
-	}
-	return 0;
-}
-
-
-inline int
-a2ui_nc(unsigned int *restrict n, char *s,
-    char **restrict endp, int base, unsigned int min, unsigned int max)
-{
-	int  status;
-
-	*n = strtou_noneg(s, endp, base, min, max, &status);
-	if (status != 0) {
-		errno = status;
-		return -1;
-	}
-	return 0;
-}
-
-
-inline int
-a2ul_nc(unsigned long *restrict n, char *s,
-    char **restrict endp, int base, unsigned long min, unsigned long max)
-{
-	int  status;
-
-	*n = strtou_noneg(s, endp, base, min, max, &status);
-	if (status != 0) {
-		errno = status;
-		return -1;
-	}
-	return 0;
-}
-
-
-inline int
-a2ull_nc(unsigned long long *restrict n, char *s,
-    char **restrict endp, int base, unsigned long long min,
-    unsigned long long max)
-{
-	int  status;
-
-	*n = strtou_noneg(s, endp, base, min, max, &status);
-	if (status != 0) {
-		errno = status;
-		return -1;
-	}
-	return 0;
-}
-
-
-#endif  // include guard

lib/atoi/a2i/a2i.c

@@ -0,0 +1,7 @@
+// SPDX-FileCopyrightText: 2023-2024, Alejandro Colomar <alx@kernel.org>
+// SPDX-License-Identifier: BSD-3-Clause
+
+
+#include <config.h>
+
+#include "atoi/a2i/a2i.h"

lib/atoi/a2i/a2i.h

@@ -0,0 +1,62 @@
+// SPDX-FileCopyrightText: 2023-2024, Alejandro Colomar <alx@kernel.org>
+// SPDX-License-Identifier: BSD-3-Clause
+
+
+#ifndef SHADOW_INCLUDE_LIB_ATOI_A2I_A2I_H_
+#define SHADOW_INCLUDE_LIB_ATOI_A2I_A2I_H_
+
+
+#include <config.h>
+
+#include "atoi/a2i/a2s_c.h"
+#include "atoi/a2i/a2s_nc.h"
+#include "atoi/a2i/a2u_c.h"
+#include "atoi/a2i/a2u_nc.h"
+
+
+/*
+ * See the manual of these macros in liba2i's documentation:
+ * <http://www.alejandro-colomar.es/share/dist/liba2i/git/HEAD/liba2i-HEAD.pdf>
+ */
+
+
+#define a2i(TYPE, n, s, ...)                                                  \
+(                                                                             \
+	_Generic((void (*)(TYPE, typeof(s))) 0,                               \
+		void (*)(short,              const char *):  a2sh_c,          \
+		void (*)(short,              const void *):  a2sh_c,          \
+		void (*)(short,              char *):        a2sh_nc,         \
+		void (*)(short,              void *):        a2sh_nc,         \
+		void (*)(int,                const char *):  a2si_c,          \
+		void (*)(int,                const void *):  a2si_c,          \
+		void (*)(int,                char *):        a2si_nc,         \
+		void (*)(int,                void *):        a2si_nc,         \
+		void (*)(long,               const char *):  a2sl_c,          \
+		void (*)(long,               const void *):  a2sl_c,          \
+		void (*)(long,               char *):        a2sl_nc,         \
+		void (*)(long,               void *):        a2sl_nc,         \
+		void (*)(long long,          const char *):  a2sll_c,         \
+		void (*)(long long,          const void *):  a2sll_c,         \
+		void (*)(long long,          char *):        a2sll_nc,        \
+		void (*)(long long,          void *):        a2sll_nc,        \
+		void (*)(unsigned short,     const char *):  a2uh_c,          \
+		void (*)(unsigned short,     const void *):  a2uh_c,          \
+		void (*)(unsigned short,     char *):        a2uh_nc,         \
+		void (*)(unsigned short,     void *):        a2uh_nc,         \
+		void (*)(unsigned int,       const char *):  a2ui_c,          \
+		void (*)(unsigned int,       const void *):  a2ui_c,          \
+		void (*)(unsigned int,       char *):        a2ui_nc,         \
+		void (*)(unsigned int,       void *):        a2ui_nc,         \
+		void (*)(unsigned long,      const char *):  a2ul_c,          \
+		void (*)(unsigned long,      const void *):  a2ul_c,          \
+		void (*)(unsigned long,      char *):        a2ul_nc,         \
+		void (*)(unsigned long,      void *):        a2ul_nc,         \
+		void (*)(unsigned long long, const char *):  a2ull_c,         \
+		void (*)(unsigned long long, const void *):  a2ull_c,         \
+		void (*)(unsigned long long, char *):        a2ull_nc,        \
+		void (*)(unsigned long long, void *):        a2ull_nc         \
+	)(n, s, __VA_ARGS__)                                                  \
+)
+
+
+#endif  // include guard

lib/atoi/a2i/a2s.c

@@ -0,0 +1,7 @@
+// SPDX-FileCopyrightText: 2023-2024, Alejandro Colomar <alx@kernel.org>
+// SPDX-License-Identifier: BSD-3-Clause
+
+
+#include <config.h>
+
+#include "atoi/a2i/a2s.h"

lib/atoi/a2i/a2s.h

@@ -0,0 +1,56 @@
+// SPDX-FileCopyrightText: 2023-2024, Alejandro Colomar <alx@kernel.org>
+// SPDX-License-Identifier: BSD-3-Clause
+
+
+#ifndef SHADOW_INCLUDE_LIB_ATOI_A2I_A2S_H_
+#define SHADOW_INCLUDE_LIB_ATOI_A2I_A2S_H_
+
+
+#include <config.h>
+
+#include "atoi/a2i/a2s_c.h"
+#include "atoi/a2i/a2s_nc.h"
+
+
+#define a2sh(n, s, ...)                                                       \
+(                                                                             \
+	_Generic(s,                                                           \
+		const char *:  a2sh_c,                                        \
+		const void *:  a2sh_c,                                        \
+		char *:        a2sh_nc,                                       \
+		void *:        a2sh_nc                                        \
+	)(n, s, __VA_ARGS__)                                                  \
+)
+
+#define a2si(n, s, ...)                                                       \
+(                                                                             \
+	_Generic(s,                                                           \
+		const char *:  a2si_c,                                        \
+		const void *:  a2si_c,                                        \
+		char *:        a2si_nc,                                       \
+		void *:        a2si_nc                                        \
+	)(n, s, __VA_ARGS__)                                                  \
+)
+
+#define a2sl(n, s, ...)                                                       \
+(                                                                             \
+	_Generic(s,                                                           \
+		const char *:  a2sl_c,                                        \
+		const void *:  a2sl_c,                                        \
+		char *:        a2sl_nc,                                       \
+		void *:        a2sl_nc                                        \
+	)(n, s, __VA_ARGS__)                                                  \
+)
+
+#define a2sll(n, s, ...)                                                      \
+(                                                                             \
+	_Generic(s,                                                           \
+		const char *:  a2sll_c,                                       \
+		const void *:  a2sll_c,                                       \
+		char *:        a2sll_nc,                                      \
+		void *:        a2sll_nc                                       \
+	)(n, s, __VA_ARGS__)                                                  \
+)
+
+
+#endif  // include guard

lib/atoi/a2i/a2s_c.c

@@ -0,0 +1,17 @@
+// SPDX-FileCopyrightText: 2023-2024, Alejandro Colomar <alx@kernel.org>
+// SPDX-License-Identifier: BSD-3-Clause
+
+
+#include <config.h>
+
+#include "atoi/a2i/a2s_c.h"
+
+
+extern inline int a2sh_c(short *restrict n, const char *s,
+    const char **restrict endp, int base, short min, short max);
+extern inline int a2si_c(int *restrict n, const char *s,
+    const char **restrict endp, int base, int min, int max);
+extern inline int a2sl_c(long *restrict n, const char *s,
+    const char **restrict endp, int base, long min, long max);
+extern inline int a2sll_c(long long *restrict n, const char *s,
+    const char **restrict endp, int base, long long min, long long max);

lib/atoi/a2i/a2s_c.h

@@ -0,0 +1,64 @@
+// SPDX-FileCopyrightText: 2023-2024, Alejandro Colomar <alx@kernel.org>
+// SPDX-License-Identifier: BSD-3-Clause
+
+
+#ifndef SHADOW_INCLUDE_LIB_ATOI_A2I_A2S_C_H_
+#define SHADOW_INCLUDE_LIB_ATOI_A2I_A2S_C_H_
+
+
+#include <config.h>
+
+#include <errno.h>
+#include <inttypes.h>
+
+#include "atoi/a2i/a2s_nc.h"
+#include "attr.h"
+
+
+ATTR_STRING(2) ATTR_ACCESS(write_only, 1) ATTR_ACCESS(write_only, 3)
+inline int a2sh_c(short *restrict n, const char *s,
+    const char **restrict endp, int base, short min, short max);
+ATTR_STRING(2) ATTR_ACCESS(write_only, 1) ATTR_ACCESS(write_only, 3)
+inline int a2si_c(int *restrict n, const char *s,
+    const char **restrict endp, int base, int min, int max);
+ATTR_STRING(2) ATTR_ACCESS(write_only, 1) ATTR_ACCESS(write_only, 3)
+inline int a2sl_c(long *restrict n, const char *s,
+    const char **restrict endp, int base, long min, long max);
+ATTR_STRING(2) ATTR_ACCESS(write_only, 1) ATTR_ACCESS(write_only, 3)
+inline int a2sll_c(long long *restrict n, const char *s,
+    const char **restrict endp, int base, long long min, long long max);
+
+
+inline int
+a2sh_c(short *restrict n, const char *s,
+    const char **restrict endp, int base, short min, short max)
+{
+	return a2sh_nc(n, (char *) s, (char **) endp, base, min, max);
+}
+
+
+inline int
+a2si_c(int *restrict n, const char *s,
+    const char **restrict endp, int base, int min, int max)
+{
+	return a2si_nc(n, (char *) s, (char **) endp, base, min, max);
+}
+
+
+inline int
+a2sl_c(long *restrict n, const char *s,
+    const char **restrict endp, int base, long min, long max)
+{
+	return a2sl_nc(n, (char *) s, (char **) endp, base, min, max);
+}
+
+
+inline int
+a2sll_c(long long *restrict n, const char *s,
+    const char **restrict endp, int base, long long min, long long max)
+{
+	return a2sll_nc(n, (char *) s, (char **) endp, base, min, max);
+}
+
+
+#endif  // include guard

lib/atoi/a2i/a2s_nc.c

@@ -0,0 +1,17 @@
+// SPDX-FileCopyrightText: 2023-2024, Alejandro Colomar <alx@kernel.org>
+// SPDX-License-Identifier: BSD-3-Clause
+
+
+#include <config.h>
+
+#include "atoi/a2i/a2s_nc.h"
+
+
+extern inline int a2sh_nc(short *restrict n, char *s,
+    char **restrict endp, int base, short min, short max);
+extern inline int a2si_nc(int *restrict n, char *s,
+    char **restrict endp, int base, int min, int max);
+extern inline int a2sl_nc(long *restrict n, char *s,
+    char **restrict endp, int base, long min, long max);
+extern inline int a2sll_nc(long long *restrict n, char *s,
+    char **restrict endp, int base, long long min, long long max);

lib/atoi/a2i/a2s_nc.h

@@ -0,0 +1,91 @@
+// SPDX-FileCopyrightText: 2023-2024, Alejandro Colomar <alx@kernel.org>
+// SPDX-License-Identifier: BSD-3-Clause
+
+
+#ifndef SHADOW_INCLUDE_LIB_ATOI_A2I_A2S_NC_H_
+#define SHADOW_INCLUDE_LIB_ATOI_A2I_A2S_NC_H_
+
+
+#include <config.h>
+
+#include <errno.h>
+
+#include "atoi/strtoi/strtoi.h"
+#include "attr.h"
+
+
+ATTR_STRING(2) ATTR_ACCESS(write_only, 1) ATTR_ACCESS(write_only, 3)
+inline int a2sh_nc(short *restrict n, char *s,
+    char **restrict endp, int base, short min, short max);
+ATTR_STRING(2) ATTR_ACCESS(write_only, 1) ATTR_ACCESS(write_only, 3)
+inline int a2si_nc(int *restrict n, char *s,
+    char **restrict endp, int base, int min, int max);
+ATTR_STRING(2) ATTR_ACCESS(write_only, 1) ATTR_ACCESS(write_only, 3)
+inline int a2sl_nc(long *restrict n, char *s,
+    char **restrict endp, int base, long min, long max);
+ATTR_STRING(2) ATTR_ACCESS(write_only, 1) ATTR_ACCESS(write_only, 3)
+inline int a2sll_nc(long long *restrict n, char *s,
+    char **restrict endp, int base, long long min, long long max);
+
+
+inline int
+a2sh_nc(short *restrict n, char *s,
+    char **restrict endp, int base, short min, short max)
+{
+	int  status;
+
+	*n = strtoi_(s, endp, base, min, max, &status);
+	if (status != 0) {
+		errno = status;
+		return -1;
+	}
+	return 0;
+}
+
+
+inline int
+a2si_nc(int *restrict n, char *s,
+    char **restrict endp, int base, int min, int max)
+{
+	int  status;
+
+	*n = strtoi_(s, endp, base, min, max, &status);
+	if (status != 0) {
+		errno = status;
+		return -1;
+	}
+	return 0;
+}
+
+
+inline int
+a2sl_nc(long *restrict n, char *s,
+    char **restrict endp, int base, long min, long max)
+{
+	int  status;
+
+	*n = strtoi_(s, endp, base, min, max, &status);
+	if (status != 0) {
+		errno = status;
+		return -1;
+	}
+	return 0;
+}
+
+
+inline int
+a2sll_nc(long long *restrict n, char *s,
+    char **restrict endp, int base, long long min, long long max)
+{
+	int  status;
+
+	*n = strtoi_(s, endp, base, min, max, &status);
+	if (status != 0) {
+		errno = status;
+		return -1;
+	}
+	return 0;
+}
+
+
+#endif  // include guard

lib/atoi/a2i/a2u.c

@@ -0,0 +1,7 @@
+// SPDX-FileCopyrightText: 2023-2024, Alejandro Colomar <alx@kernel.org>
+// SPDX-License-Identifier: BSD-3-Clause
+
+
+#include <config.h>
+
+#include "atoi/a2i/a2u.h"

lib/atoi/a2i/a2u.h

@@ -0,0 +1,56 @@
+// SPDX-FileCopyrightText: 2023-2024, Alejandro Colomar <alx@kernel.org>
+// SPDX-License-Identifier: BSD-3-Clause
+
+
+#ifndef SHADOW_INCLUDE_LIB_ATOI_A2I_A2U_H_
+#define SHADOW_INCLUDE_LIB_ATOI_A2I_A2U_H_
+
+
+#include <config.h>
+
+#include "atoi/a2i/a2u_c.h"
+#include "atoi/a2i/a2u_nc.h"
+
+
+#define a2uh(n, s, ...)                                                       \
+(                                                                             \
+	_Generic(s,                                                           \
+		const char *:  a2uh_c,                                        \
+		const void *:  a2uh_c,                                        \
+		char *:        a2uh_nc,                                       \
+		void *:        a2uh_nc                                        \
+	)(n, s, __VA_ARGS__)                                                  \
+)
+
+#define a2ui(n, s, ...)                                                       \
+(                                                                             \
+	_Generic(s,                                                           \
+		const char *:  a2ui_c,                                        \
+		const void *:  a2ui_c,                                        \
+		char *:        a2ui_nc,                                       \
+		void *:        a2ui_nc                                        \
+	)(n, s, __VA_ARGS__)                                                  \
+)
+
+#define a2ul(n, s, ...)                                                       \
+(                                                                             \
+	_Generic(s,                                                           \
+		const char *:  a2ul_c,                                        \
+		const void *:  a2ul_c,                                        \
+		char *:        a2ul_nc,                                       \
+		void *:        a2ul_nc                                        \
+	)(n, s, __VA_ARGS__)                                                  \
+)
+
+#define a2ull(n, s, ...)                                                      \
+(                                                                             \
+	_Generic(s,                                                           \
+		const char *:  a2ull_c,                                       \
+		const void *:  a2ull_c,                                       \
+		char *:        a2ull_nc,                                      \
+		void *:        a2ull_nc                                       \
+	)(n, s, __VA_ARGS__)                                                  \
+)
+
+
+#endif  // include guard

lib/atoi/a2i/a2u_c.c

@@ -0,0 +1,19 @@
+// SPDX-FileCopyrightText: 2023-2024, Alejandro Colomar <alx@kernel.org>
+// SPDX-License-Identifier: BSD-3-Clause
+
+
+#include <config.h>
+
+#include "atoi/a2i/a2u_c.h"
+
+
+extern inline int a2uh_c(unsigned short *restrict n, const char *s,
+    const char **restrict endp, int base, unsigned short min,
+    unsigned short max);
+extern inline int a2ui_c(unsigned int *restrict n, const char *s,
+    const char **restrict endp, int base, unsigned int min, unsigned int max);
+extern inline int a2ul_c(unsigned long *restrict n, const char *s,
+    const char **restrict endp, int base, unsigned long min, unsigned long max);
+extern inline int a2ull_c(unsigned long long *restrict n, const char *s,
+    const char **restrict endp, int base, unsigned long long min,
+    unsigned long long max);

lib/atoi/a2i/a2u_c.h

@@ -0,0 +1,65 @@
+// SPDX-FileCopyrightText: 2023-2024, Alejandro Colomar <alx@kernel.org>
+// SPDX-License-Identifier: BSD-3-Clause
+
+
+#ifndef SHADOW_INCLUDE_LIB_ATOI_A2I_A2U_C_H_
+#define SHADOW_INCLUDE_LIB_ATOI_A2I_A2U_C_H_
+
+
+#include <config.h>
+
+#include "atoi/a2i/a2u_nc.h"
+#include "attr.h"
+
+
+ATTR_STRING(2) ATTR_ACCESS(write_only, 1) ATTR_ACCESS(write_only, 3)
+inline int a2uh_c(unsigned short *restrict n, const char *s,
+    const char **restrict endp, int base, unsigned short min,
+    unsigned short max);
+ATTR_STRING(2) ATTR_ACCESS(write_only, 1) ATTR_ACCESS(write_only, 3)
+inline int a2ui_c(unsigned int *restrict n, const char *s,
+    const char **restrict endp, int base, unsigned int min, unsigned int max);
+ATTR_STRING(2) ATTR_ACCESS(write_only, 1) ATTR_ACCESS(write_only, 3)
+inline int a2ul_c(unsigned long *restrict n, const char *s,
+    const char **restrict endp, int base, unsigned long min, unsigned long max);
+ATTR_STRING(2) ATTR_ACCESS(write_only, 1) ATTR_ACCESS(write_only, 3)
+inline int a2ull_c(unsigned long long *restrict n, const char *s,
+    const char **restrict endp, int base, unsigned long long min,
+    unsigned long long max);
+
+
+inline int
+a2uh_c(unsigned short *restrict n, const char *s,
+    const char **restrict endp, int base, unsigned short min,
+    unsigned short max)
+{
+	return a2uh_nc(n, (char *) s, (char **) endp, base, min, max);
+}
+
+
+inline int
+a2ui_c(unsigned int *restrict n, const char *s,
+    const char **restrict endp, int base, unsigned int min, unsigned int max)
+{
+	return a2ui_nc(n, (char *) s, (char **) endp, base, min, max);
+}
+
+
+inline int
+a2ul_c(unsigned long *restrict n, const char *s,
+    const char **restrict endp, int base, unsigned long min, unsigned long max)
+{
+	return a2ul_nc(n, (char *) s, (char **) endp, base, min, max);
+}
+
+
+inline int
+a2ull_c(unsigned long long *restrict n, const char *s,
+    const char **restrict endp, int base, unsigned long long min,
+    unsigned long long max)
+{
+	return a2ull_nc(n, (char *) s, (char **) endp, base, min, max);
+}
+
+
+#endif  // include guard

lib/atoi/a2i/a2u_nc.c

@@ -0,0 +1,18 @@
+// SPDX-FileCopyrightText: 2023-2024, Alejandro Colomar <alx@kernel.org>
+// SPDX-License-Identifier: BSD-3-Clause
+
+
+#include <config.h>
+
+#include "atoi/a2i/a2u_nc.h"
+
+
+extern inline int a2uh_nc(unsigned short *restrict n, char *s,
+    char **restrict endp, int base, unsigned short min, unsigned short max);
+extern inline int a2ui_nc(unsigned int *restrict n, char *s,
+    char **restrict endp, int base, unsigned int min, unsigned int max);
+extern inline int a2ul_nc(unsigned long *restrict n, char *s,
+    char **restrict endp, int base, unsigned long min, unsigned long max);
+extern inline int a2ull_nc(unsigned long long *restrict n, char *s,
+    char **restrict endp, int base, unsigned long long min,
+    unsigned long long max);

lib/atoi/a2i/a2u_nc.h

@@ -0,0 +1,94 @@
+// SPDX-FileCopyrightText: 2023-2024, Alejandro Colomar <alx@kernel.org>
+// SPDX-License-Identifier: BSD-3-Clause
+
+
+#ifndef SHADOW_INCLUDE_LIB_ATOI_A2I_A2U_NC_H_
+#define SHADOW_INCLUDE_LIB_ATOI_A2I_A2U_NC_H_
+
+
+#include <config.h>
+
+#include <errno.h>
+
+#include "atoi/strtoi/strtou_noneg.h"
+#include "attr.h"
+
+
+ATTR_STRING(2) ATTR_ACCESS(write_only, 1) ATTR_ACCESS(write_only, 3)
+inline int a2uh_nc(unsigned short *restrict n, char *s,
+    char **restrict endp, int base, unsigned short min, unsigned short max);
+ATTR_STRING(2) ATTR_ACCESS(write_only, 1) ATTR_ACCESS(write_only, 3)
+inline int a2ui_nc(unsigned int *restrict n, char *s,
+    char **restrict endp, int base, unsigned int min, unsigned int max);
+ATTR_STRING(2) ATTR_ACCESS(write_only, 1) ATTR_ACCESS(write_only, 3)
+inline int a2ul_nc(unsigned long *restrict n, char *s,
+    char **restrict endp, int base, unsigned long min, unsigned long max);
+ATTR_STRING(2) ATTR_ACCESS(write_only, 1) ATTR_ACCESS(write_only, 3)
+inline int a2ull_nc(unsigned long long *restrict n, char *s,
+    char **restrict endp, int base, unsigned long long min,
+    unsigned long long max);
+
+
+inline int
+a2uh_nc(unsigned short *restrict n, char *s,
+    char **restrict endp, int base, unsigned short min,
+    unsigned short max)
+{
+	int  status;
+
+	*n = strtou_noneg(s, endp, base, min, max, &status);
+	if (status != 0) {
+		errno = status;
+		return -1;
+	}
+	return 0;
+}
+
+
+inline int
+a2ui_nc(unsigned int *restrict n, char *s,
+    char **restrict endp, int base, unsigned int min, unsigned int max)
+{
+	int  status;
+
+	*n = strtou_noneg(s, endp, base, min, max, &status);
+	if (status != 0) {
+		errno = status;
+		return -1;
+	}
+	return 0;
+}
+
+
+inline int
+a2ul_nc(unsigned long *restrict n, char *s,
+    char **restrict endp, int base, unsigned long min, unsigned long max)
+{
+	int  status;
+
+	*n = strtou_noneg(s, endp, base, min, max, &status);
+	if (status != 0) {
+		errno = status;
+		return -1;
+	}
+	return 0;
+}
+
+
+inline int
+a2ull_nc(unsigned long long *restrict n, char *s,
+    char **restrict endp, int base, unsigned long long min,
+    unsigned long long max)
+{
+	int  status;
+
+	*n = strtou_noneg(s, endp, base, min, max, &status);
+	if (status != 0) {
+		errno = status;
+		return -1;
+	}
+	return 0;
+}
+
+
+#endif  // include guard

lib/atoi/getnum.c

@@ -0,0 +1,16 @@
+// SPDX-FileCopyrightText: 2009, Nicolas François
+// SPDX-FileCopyrightText: 2023-2024, Alejandro Colomar <alx@kernel.org>
+// SPDX-License-Identifier: BSD-3-Clause
+
+
+#include <config.h>
+
+#include <sys/types.h>
+
+#include "atoi/getnum.h"
+
+
+extern inline int get_fd(const char *restrict fdstr, int *restrict fd);
+extern inline int get_gid(const char *restrict gidstr, gid_t *restrict gid);
+extern inline int get_pid(const char *restrict pidstr, pid_t *restrict pid);
+extern inline int get_uid(const char *restrict uidstr, uid_t *restrict uid);

lib/atoi/getnum.h

@@ -0,0 +1,60 @@
+// SPDX-FileCopyrightText: 2009, Nicolas François
+// SPDX-FileCopyrightText: 2023-2024, Alejandro Colomar <alx@kernel.org>
+// SPDX-License-Identifier: BSD-3-Clause
+
+
+#ifndef SHADOW_INCLUDE_LIB_ATOI_GETNUM_H_
+#define SHADOW_INCLUDE_LIB_ATOI_GETNUM_H_
+
+
+#include <config.h>
+
+#include <limits.h>
+#include <stddef.h>
+#include <sys/types.h>
+
+#include "atoi/a2i/a2i.h"
+#include "atoi/a2i/a2s.h"
+#include "attr.h"
+#include "typetraits.h"
+
+
+ATTR_STRING(1) ATTR_ACCESS(write_only, 2)
+inline int get_fd(const char *restrict fdstr, int *restrict fd);
+ATTR_STRING(1) ATTR_ACCESS(write_only, 2)
+inline int get_gid(const char *restrict gidstr, gid_t *restrict gid);
+ATTR_STRING(1) ATTR_ACCESS(write_only, 2)
+inline int get_pid(const char *restrict pidstr, pid_t *restrict pid);
+ATTR_STRING(1) ATTR_ACCESS(write_only, 2)
+inline int get_uid(const char *restrict uidstr, uid_t *restrict uid);
+
+
+inline int
+get_fd(const char *restrict fdstr, int *restrict fd)
+{
+	return a2si(fd, fdstr, NULL, 10, 0, INT_MAX);
+}
+
+
+inline int
+get_gid(const char *restrict gidstr, gid_t *restrict gid)
+{
+	return a2i(gid_t, gid, gidstr, NULL, 10, type_min(gid_t), type_max(gid_t));
+}
+
+
+inline int
+get_pid(const char *restrict pidstr, pid_t *restrict pid)
+{
+	return a2i(pid_t, pid, pidstr, NULL, 10, 1, type_max(pid_t));
+}
+
+
+inline int
+get_uid(const char *restrict uidstr, uid_t *restrict uid)
+{
+	return a2i(uid_t, uid, uidstr, NULL, 10, type_min(uid_t), type_max(uid_t));
+}
+
+
+#endif  // include guard

lib/atoi/str2i.h

@@ -1,108 +0,0 @@
-// SPDX-FileCopyrightText: 2007-2009, Nicolas François
-// SPDX-FileCopyrightText: 2023-2024, Alejandro Colomar <alx@kernel.org>
-// SPDX-License-Identifier: BSD-3-Clause
-
-
-#ifndef SHADOW_INCLUDE_LIB_ATOI_STR2I_H_
-#define SHADOW_INCLUDE_LIB_ATOI_STR2I_H_
-
-
-#include <config.h>
-
-#include <limits.h>
-#include <stddef.h>
-
-#include "atoi/a2i.h"
-#include "attr.h"
-
-
-#define str2i(TYPE, ...)                                                      \
-(                                                                             \
-	_Generic((TYPE) 0,                                                    \
-		short:              str2sh,                                   \
-		int:                str2si,                                   \
-		long:               str2sl,                                   \
-		long long:          str2sll,                                  \
-		unsigned short:     str2uh,                                   \
-		unsigned int:       str2ui,                                   \
-		unsigned long:      str2ul,                                   \
-		unsigned long long: str2ull                                   \
-	)(__VA_ARGS__)                                                        \
-)
-
-
-ATTR_STRING(2) ATTR_ACCESS(write_only, 1)
-inline int str2sh(short *restrict n, const char *restrict s);
-ATTR_STRING(2) ATTR_ACCESS(write_only, 1)
-inline int str2si(int *restrict n, const char *restrict s);
-ATTR_STRING(2) ATTR_ACCESS(write_only, 1)
-inline int str2sl(long *restrict n, const char *restrict s);
-ATTR_STRING(2) ATTR_ACCESS(write_only, 1)
-inline int str2sll(long long *restrict n, const char *restrict s);
-ATTR_STRING(2) ATTR_ACCESS(write_only, 1)
-inline int str2uh(unsigned short *restrict n, const char *restrict s);
-ATTR_STRING(2) ATTR_ACCESS(write_only, 1)
-inline int str2ui(unsigned int *restrict n, const char *restrict s);
-ATTR_STRING(2) ATTR_ACCESS(write_only, 1)
-inline int str2ul(unsigned long *restrict n, const char *restrict s);
-ATTR_STRING(2) ATTR_ACCESS(write_only, 1)
-inline int str2ull(unsigned long long *restrict n, const char *restrict s);
-
-
-inline int
-str2sh(short *restrict n, const char *restrict s)
-{
-	return a2sh(n, s, NULL, 0, SHRT_MIN, SHRT_MAX);
-}
-
-
-inline int
-str2si(int *restrict n, const char *restrict s)
-{
-	return a2si(n, s, NULL, 0, INT_MIN, INT_MAX);
-}
-
-
-inline int
-str2sl(long *restrict n, const char *restrict s)
-{
-	return a2sl(n, s, NULL, 0, LONG_MIN, LONG_MAX);
-}
-
-
-inline int
-str2sll(long long *restrict n, const char *restrict s)
-{
-	return a2sll(n, s, NULL, 0, LLONG_MIN, LLONG_MAX);
-}
-
-
-inline int
-str2uh(unsigned short *restrict n, const char *restrict s)
-{
-	return a2uh(n, s, NULL, 0, 0, USHRT_MAX);
-}
-
-
-inline int
-str2ui(unsigned int *restrict n, const char *restrict s)
-{
-	return a2ui(n, s, NULL, 0, 0, UINT_MAX);
-}
-
-
-inline int
-str2ul(unsigned long *restrict n, const char *restrict s)
-{
-	return a2ul(n, s, NULL, 0, 0, ULONG_MAX);
-}
-
-
-inline int
-str2ull(unsigned long long *restrict n, const char *restrict s)
-{
-	return a2ull(n, s, NULL, 0, 0, ULLONG_MAX);
-}
-
-
-#endif  // include guard

lib/atoi/str2i/str2i.c

@@ -0,0 +1,8 @@
+// SPDX-FileCopyrightText: 2007-2009, Nicolas François
+// SPDX-FileCopyrightText: 2023-2024, Alejandro Colomar <alx@kernel.org>
+// SPDX-License-Identifier: BSD-3-Clause
+
+
+#include <config.h>
+
+#include "atoi/str2i/str2i.h"

lib/atoi/str2i/str2i.h

@@ -0,0 +1,31 @@
+// SPDX-FileCopyrightText: 2007-2009, Nicolas François
+// SPDX-FileCopyrightText: 2023-2024, Alejandro Colomar <alx@kernel.org>
+// SPDX-License-Identifier: BSD-3-Clause
+
+
+#ifndef SHADOW_INCLUDE_LIB_ATOI_STR2I_STR2I_H_
+#define SHADOW_INCLUDE_LIB_ATOI_STR2I_STR2I_H_
+
+
+#include <config.h>
+
+#include "atoi/str2i/str2s.h"
+#include "atoi/str2i/str2u.h"
+
+
+#define str2i(TYPE, ...)                                                      \
+(                                                                             \
+	_Generic((TYPE) 0,                                                    \
+		short:              str2sh,                                   \
+		int:                str2si,                                   \
+		long:               str2sl,                                   \
+		long long:          str2sll,                                  \
+		unsigned short:     str2uh,                                   \
+		unsigned int:       str2ui,                                   \
+		unsigned long:      str2ul,                                   \
+		unsigned long long: str2ull                                   \
+	)(__VA_ARGS__)                                                        \
+)
+
+
+#endif  // include guard

lib/atoi/str2i/str2s.c

@@ -0,0 +1,14 @@
+// SPDX-FileCopyrightText: 2007-2009, Nicolas François
+// SPDX-FileCopyrightText: 2023-2024, Alejandro Colomar <alx@kernel.org>
+// SPDX-License-Identifier: BSD-3-Clause
+
+
+#include <config.h>
+
+#include "atoi/str2i/str2s.h"
+
+
+extern inline int str2sh(short *restrict n, const char *restrict s);
+extern inline int str2si(int *restrict n, const char *restrict s);
+extern inline int str2sl(long *restrict n, const char *restrict s);
+extern inline int str2sll(long long *restrict n, const char *restrict s);

lib/atoi/str2i/str2s.h

@@ -0,0 +1,57 @@
+// SPDX-FileCopyrightText: 2007-2009, Nicolas François
+// SPDX-FileCopyrightText: 2023-2024, Alejandro Colomar <alx@kernel.org>
+// SPDX-License-Identifier: BSD-3-Clause
+
+
+#ifndef SHADOW_INCLUDE_LIB_ATOI_STR2I_STR2S_H_
+#define SHADOW_INCLUDE_LIB_ATOI_STR2I_STR2S_H_
+
+
+#include <config.h>
+
+#include <limits.h>
+#include <stddef.h>
+
+#include "atoi/a2i/a2s.h"
+#include "attr.h"
+
+
+ATTR_STRING(2) ATTR_ACCESS(write_only, 1)
+inline int str2sh(short *restrict n, const char *restrict s);
+ATTR_STRING(2) ATTR_ACCESS(write_only, 1)
+inline int str2si(int *restrict n, const char *restrict s);
+ATTR_STRING(2) ATTR_ACCESS(write_only, 1)
+inline int str2sl(long *restrict n, const char *restrict s);
+ATTR_STRING(2) ATTR_ACCESS(write_only, 1)
+inline int str2sll(long long *restrict n, const char *restrict s);
+
+
+inline int
+str2sh(short *restrict n, const char *restrict s)
+{
+	return a2sh(n, s, NULL, 0, SHRT_MIN, SHRT_MAX);
+}
+
+
+inline int
+str2si(int *restrict n, const char *restrict s)
+{
+	return a2si(n, s, NULL, 0, INT_MIN, INT_MAX);
+}
+
+
+inline int
+str2sl(long *restrict n, const char *restrict s)
+{
+	return a2sl(n, s, NULL, 0, LONG_MIN, LONG_MAX);
+}
+
+
+inline int
+str2sll(long long *restrict n, const char *restrict s)
+{
+	return a2sll(n, s, NULL, 0, LLONG_MIN, LLONG_MAX);
+}
+
+
+#endif  // include guard

lib/atoi/str2i/str2u.c

@@ -5,13 +5,9 @@
 
 #include <config.h>
 
-#include "atoi/str2i.h"
+#include "atoi/str2i/str2u.h"
 
 
-extern inline int str2sh(short *restrict n, const char *restrict s);
-extern inline int str2si(int *restrict n, const char *restrict s);
-extern inline int str2sl(long *restrict n, const char *restrict s);
-extern inline int str2sll(long long *restrict n, const char *restrict s);
 extern inline int str2uh(unsigned short *restrict n, const char *restrict s);
 extern inline int str2ui(unsigned int *restrict n, const char *restrict s);
 extern inline int str2ul(unsigned long *restrict n, const char *restrict s);

lib/atoi/str2i/str2u.h

@@ -0,0 +1,57 @@
+// SPDX-FileCopyrightText: 2007-2009, Nicolas François
+// SPDX-FileCopyrightText: 2023-2024, Alejandro Colomar <alx@kernel.org>
+// SPDX-License-Identifier: BSD-3-Clause
+
+
+#ifndef SHADOW_INCLUDE_LIB_ATOI_STR2I_STR2U_H_
+#define SHADOW_INCLUDE_LIB_ATOI_STR2I_STR2U_H_
+
+
+#include <config.h>
+
+#include <limits.h>
+#include <stddef.h>
+
+#include "atoi/a2i/a2u.h"
+#include "attr.h"
+
+
+ATTR_STRING(2) ATTR_ACCESS(write_only, 1)
+inline int str2uh(unsigned short *restrict n, const char *restrict s);
+ATTR_STRING(2) ATTR_ACCESS(write_only, 1)
+inline int str2ui(unsigned int *restrict n, const char *restrict s);
+ATTR_STRING(2) ATTR_ACCESS(write_only, 1)
+inline int str2ul(unsigned long *restrict n, const char *restrict s);
+ATTR_STRING(2) ATTR_ACCESS(write_only, 1)
+inline int str2ull(unsigned long long *restrict n, const char *restrict s);
+
+
+inline int
+str2uh(unsigned short *restrict n, const char *restrict s)
+{
+	return a2uh(n, s, NULL, 0, 0, USHRT_MAX);
+}
+
+
+inline int
+str2ui(unsigned int *restrict n, const char *restrict s)
+{
+	return a2ui(n, s, NULL, 0, 0, UINT_MAX);
+}
+
+
+inline int
+str2ul(unsigned long *restrict n, const char *restrict s)
+{
+	return a2ul(n, s, NULL, 0, 0, ULONG_MAX);
+}
+
+
+inline int
+str2ull(unsigned long long *restrict n, const char *restrict s)
+{
+	return a2ull(n, s, NULL, 0, 0, ULLONG_MAX);
+}
+
+
+#endif  // include guard

lib/atoi/strtoi.c

@@ -1,15 +0,0 @@
-// SPDX-FileCopyrightText: 2023, Alejandro Colomar <alx@kernel.org>
-// SPDX-License-Identifier: BSD-3-Clause
-
-
-#include <config.h>
-
-#include "atoi/strtoi.h"
-
-#include <stdint.h>
-
-
-extern inline intmax_t strtoi_(const char *s, char **restrict endp, int base,
-    intmax_t min, intmax_t max, int *restrict status);
-extern inline uintmax_t strtou_(const char *s, char **restrict endp, int base,
-    uintmax_t min, uintmax_t max, int *restrict status);

lib/atoi/strtoi.h

@@ -1,96 +0,0 @@
-// SPDX-FileCopyrightText: 2023, Alejandro Colomar <alx@kernel.org>
-// SPDX-License-Identifier: BSD-3-Clause
-
-
-#ifndef SHADOW_INCLUDE_LIB_ATOI_STRTOI_H_
-#define SHADOW_INCLUDE_LIB_ATOI_STRTOI_H_
-
-
-#include <config.h>
-
-#include <errno.h>
-#include <inttypes.h>
-#include <stddef.h>
-#include <stdint.h>
-#include <stdlib.h>
-#include <sys/param.h>
-
-#include "attr.h"
-
-
-#define strtoNmax(TYPE, ...)                                                  \
-(                                                                             \
-	_Generic((TYPE) 0,                                                    \
-		intmax_t:  strtoimax,                                         \
-		uintmax_t: strtoumax                                          \
-	)(__VA_ARGS__)                                                        \
-)
-
-
-#define strtoN(s, endp, base, min, max, status, TYPE)                         \
-({                                                                            \
-	const char  *s_ = s;                                                  \
-	char        **endp_ = endp;                                           \
-	int         base_ = base;                                             \
-	TYPE        min_ = min;                                               \
-	TYPE        max_ = max;                                               \
-	int         *status_ = status;                                        \
-                                                                              \
-	int         e_, st_;                                                  \
-	char        *end_;                                                    \
-	TYPE        n_;                                                       \
-                                                                              \
-	if (endp_ == NULL)                                                    \
-		endp_ = &end_;                                                \
-	if (status_ == NULL)                                                  \
-		status_ = &st_;                                               \
-                                                                              \
-	if (base_ != 0 && (base_ < 0 || base_ > 36)) {                        \
-		*status_ = EINVAL;                                            \
-		n_ = 0;                                                       \
-                                                                              \
-	} else {                                                              \
-		e_ = errno;                                                   \
-		errno = 0;                                                    \
-		n_ = strtoNmax(TYPE, s_, endp_, base_);                       \
-                                                                              \
-		if (*endp_ == s_)                                             \
-			*status_ = ECANCELED;                                 \
-		else if (errno == ERANGE || n_ < min_ || n_ > max_)           \
-			*status_ = ERANGE;                                    \
-		else if (**endp_ != '\0')                                     \
-			*status_ = ENOTSUP;                                   \
-		else                                                          \
-			*status_ = 0;                                         \
-                                                                              \
-		errno = e_;                                                   \
-	}                                                                     \
-	MAX(min_, MIN(max_, n_));                                             \
-})
-
-
-ATTR_STRING(1) ATTR_ACCESS(write_only, 2) ATTR_ACCESS(write_only, 6)
-inline intmax_t strtoi_(const char *s, char **restrict endp, int base,
-    intmax_t min, intmax_t max, int *restrict status);
-ATTR_STRING(1) ATTR_ACCESS(write_only, 2) ATTR_ACCESS(write_only, 6)
-inline uintmax_t strtou_(const char *s, char **restrict endp, int base,
-    uintmax_t min, uintmax_t max, int *restrict status);
-
-
-inline intmax_t
-strtoi_(const char *s, char **restrict endp, int base,
-    intmax_t min, intmax_t max, int *restrict status)
-{
-	return strtoN(s, endp, base, min, max, status, intmax_t);
-}
-
-
-inline uintmax_t
-strtou_(const char *s, char **restrict endp, int base,
-    uintmax_t min, uintmax_t max, int *restrict status)
-{
-	return strtoN(s, endp, base, min, max, status, uintmax_t);
-}
-
-
-#endif  // include guard

lib/atoi/strtoi/strtoi.c

@@ -0,0 +1,13 @@
+// SPDX-FileCopyrightText: 2023-2024, Alejandro Colomar <alx@kernel.org>
+// SPDX-License-Identifier: BSD-3-Clause
+
+
+#include <config.h>
+
+#include "atoi/strtoi/strtoi.h"
+
+#include <stdint.h>
+
+
+extern inline intmax_t strtoi_(const char *s, char **restrict endp, int base,
+    intmax_t min, intmax_t max, int *restrict status);

lib/atoi/strtoi/strtoi.h

@@ -0,0 +1,64 @@
+// SPDX-FileCopyrightText: 2023-2024, Alejandro Colomar <alx@kernel.org>
+// SPDX-License-Identifier: BSD-3-Clause
+
+
+#ifndef SHADOW_INCLUDE_LIB_ATOI_STRTOI_STRTOI_H_
+#define SHADOW_INCLUDE_LIB_ATOI_STRTOI_STRTOI_H_
+
+
+#include <config.h>
+
+#include <errno.h>
+#include <inttypes.h>
+#include <stddef.h>
+#include <stdint.h>
+#include <stdlib.h>
+#include <sys/param.h>
+
+#include "attr.h"
+
+
+ATTR_STRING(1) ATTR_ACCESS(write_only, 2) ATTR_ACCESS(write_only, 6)
+inline intmax_t strtoi_(const char *s, char **restrict endp, int base,
+    intmax_t min, intmax_t max, int *restrict status);
+
+
+inline intmax_t
+strtoi_(const char *s, char **restrict endp, int base,
+    intmax_t min, intmax_t max, int *restrict status)
+{
+	int        e, st;
+	char       *end;
+	intmax_t   n;
+
+	if (endp == NULL)
+		endp = &end;
+	if (status == NULL)
+		status = &st;
+
+	if (base != 0 && (base < 2 || base > 36)) {
+		*status = EINVAL;
+		return MAX(min, MIN(max, 0));
+	}
+
+	e = errno;
+	errno = 0;
+
+	n = strtoimax(s, endp, base);
+
+	if (*endp == s)
+		*status = ECANCELED;
+	else if (errno == ERANGE || n < min || n > max)
+		*status = ERANGE;
+	else if (**endp != '\0')
+		*status = ENOTSUP;
+	else
+		*status = 0;
+
+	errno = e;
+
+	return MAX(min, MIN(max, n));
+}
+
+
+#endif  // include guard

lib/atoi/strtoi/strtou.c

@@ -0,0 +1,13 @@
+// SPDX-FileCopyrightText: 2023-2024, Alejandro Colomar <alx@kernel.org>
+// SPDX-License-Identifier: BSD-3-Clause
+
+
+#include <config.h>
+
+#include "atoi/strtoi/strtou.h"
+
+#include <stdint.h>
+
+
+extern inline uintmax_t strtou_(const char *s, char **restrict endp, int base,
+    uintmax_t min, uintmax_t max, int *restrict status);

lib/atoi/strtoi/strtou.h

@@ -0,0 +1,64 @@
+// SPDX-FileCopyrightText: 2023-2024, Alejandro Colomar <alx@kernel.org>
+// SPDX-License-Identifier: BSD-3-Clause
+
+
+#ifndef SHADOW_INCLUDE_LIB_ATOI_STRTOI_STRTOU_H_
+#define SHADOW_INCLUDE_LIB_ATOI_STRTOI_STRTOU_H_
+
+
+#include <config.h>
+
+#include <errno.h>
+#include <inttypes.h>
+#include <stddef.h>
+#include <stdint.h>
+#include <stdlib.h>
+#include <sys/param.h>
+
+#include "attr.h"
+
+
+ATTR_STRING(1) ATTR_ACCESS(write_only, 2) ATTR_ACCESS(write_only, 6)
+inline uintmax_t strtou_(const char *s, char **restrict endp, int base,
+    uintmax_t min, uintmax_t max, int *restrict status);
+
+
+inline uintmax_t
+strtou_(const char *s, char **restrict endp, int base,
+    uintmax_t min, uintmax_t max, int *restrict status)
+{
+	int        e, st;
+	char       *end;
+	uintmax_t  n;
+
+	if (endp == NULL)
+		endp = &end;
+	if (status == NULL)
+		status = &st;
+
+	if (base != 0 && (base < 2 || base > 36)) {
+		*status = EINVAL;
+		return MAX(min, 0);
+	}
+
+	e = errno;
+	errno = 0;
+
+	n = strtoumax(s, endp, base);
+
+	if (*endp == s)
+		*status = ECANCELED;
+	else if (errno == ERANGE || n < min || n > max)
+		*status = ERANGE;
+	else if (**endp != '\0')
+		*status = ENOTSUP;
+	else
+		*status = 0;
+
+	errno = e;
+
+	return MAX(min, MIN(max, n));
+}
+
+
+#endif  // include guard

lib/atoi/strtoi/strtou_noneg.c

@@ -1,10 +1,10 @@
-// SPDX-FileCopyrightText: 2023, Alejandro Colomar <alx@kernel.org>
+// SPDX-FileCopyrightText: 2023-2024, Alejandro Colomar <alx@kernel.org>
 // SPDX-License-Identifier: BSD-3-Clause
 
 
 #include <config.h>
 
-#include "atoi/strtou_noneg.h"
+#include "atoi/strtoi/strtou_noneg.h"
 
 #include <stdint.h>
 

lib/atoi/strtoi/strtou_noneg.h

@@ -1,9 +1,9 @@
-// SPDX-FileCopyrightText: 2023, Alejandro Colomar <alx@kernel.org>
+// SPDX-FileCopyrightText: 2023-2024, Alejandro Colomar <alx@kernel.org>
 // SPDX-License-Identifier: BSD-3-Clause
 
 
-#ifndef SHADOW_INCLUDE_LIB_ATOI_STRTOU_NONEG_H_
-#define SHADOW_INCLUDE_LIB_ATOI_STRTOU_NONEG_H_
+#ifndef SHADOW_INCLUDE_LIB_ATOI_STRTOI_STRTOU_NONEG_H_
+#define SHADOW_INCLUDE_LIB_ATOI_STRTOI_STRTOU_NONEG_H_
 
 
 #include <config.h>
@@ -12,7 +12,8 @@
 #include <stddef.h>
 #include <stdint.h>
 
-#include "atoi/strtoi.h"
+#include "atoi/strtoi/strtoi.h"
+#include "atoi/strtoi/strtou.h"
 #include "attr.h"
 
 

lib/attr.h

@@ -6,15 +6,17 @@
 
 
 #if defined(__GNUC__)
-# define MAYBE_UNUSED                __attribute__((unused))
-# define NORETURN                    __attribute__((__noreturn__))
-# define format_attr(type, fmt, va)  __attribute__((format(type, fmt, va)))
-# define ATTR_ACCESS(...)            __attribute__((access(__VA_ARGS__)))
+# define MAYBE_UNUSED                [[gnu::unused]]
+# define NORETURN                    [[gnu::__noreturn__]]
+# define format_attr(type, fmt, va)  [[gnu::format(type, fmt, va)]]
+# define ATTR_ACCESS(...)            [[gnu::access(__VA_ARGS__)]]
+# define ATTR_ALLOC_SIZE(...)        [[gnu::alloc_size(__VA_ARGS__)]]
 #else
 # define MAYBE_UNUSED
 # define NORETURN
 # define format_attr(type, fmt, va)
 # define ATTR_ACCESS(...)
+# define ATTR_ALLOC_SIZE(...)
 #endif
 
 #if (__GNUC__ >= 11) && !defined(__clang__)
@@ -24,9 +26,9 @@
 #endif
 
 #if (__GNUC__ >= 14)
-# define ATTR_STRING(...)       [[gnu::null_terminated_string_arg(__VA_ARGS__)]]
+# define ATTR_STRING(i)              [[gnu::null_terminated_string_arg(i)]]
 #else
-# define ATTR_STRING(...)
+# define ATTR_STRING(i)
 #endif
 
 

lib/chkname.c

@@ -12,6 +12,9 @@
  * return values:
  *   true  - OK
  *   false - bad name
+ * errors:
+ *   EINVAL	Invalid name characters or sequences
+ *   EOVERFLOW	Name longer than maximum size
  */
 
 
@@ -24,10 +27,13 @@
 #include <limits.h>
 #include <stdbool.h>
 #include <stddef.h>
+#include <stdint.h>
+#include <sys/param.h>
 #include <unistd.h>
 
 #include "defines.h"
 #include "chkname.h"
+#include "string/strcmp/streq.h"
 
 
 int allow_bad_names = false;
@@ -43,11 +49,12 @@ login_name_max_size(void)
 	if (conf == -1 && errno != 0)
 		return LOGIN_NAME_MAX;
 
-	return conf;
+	return MIN(conf, PTRDIFF_MAX);
 }
 
 
-static bool is_valid_name (const char *name)
+static bool
+is_valid_name(const char *name)
 {
 	if (allow_bad_names) {
 		return true;
@@ -71,13 +78,15 @@ static bool is_valid_name (const char *name)
 	      (*name >= 'A' && *name <= 'Z') ||
 	      (*name >= '0' && *name <= '9') ||
 	      *name == '_' ||
-	      *name == '.')) {
+	      *name == '.'))
+	{
+		errno = EINVAL;
 		return false;
 	}
 
 	numeric = isdigit(*name);
 
-	while ('\0' != *++name) {
+	while (!streq(++name, "")) {
 		if (!((*name >= 'a' && *name <= 'z') ||
 		      (*name >= 'A' && *name <= 'Z') ||
 		      (*name >= '0' && *name <= '9') ||
@@ -85,34 +94,46 @@ static bool is_valid_name (const char *name)
 		      *name == '.' ||
 		      *name == '-' ||
 		      (*name == '$' && name[1] == '\0')
-		     )) {
+		     ))
+		{
+			errno = EINVAL;
 			return false;
 		}
 		numeric &= isdigit(*name);
 	}
 
-	return !numeric;
+	if (numeric) {
+		errno = EINVAL;
+		return false;
+	}
+
+	return true;
 }
 
 
 bool
 is_valid_user_name(const char *name)
 {
-	if (strlen(name) >= login_name_max_size())
+	if (strlen(name) >= login_name_max_size()) {
+		errno = EOVERFLOW;
 		return false;
+	}
 
 	return is_valid_name(name);
 }
 
 
-bool is_valid_group_name (const char *name)
+bool
+is_valid_group_name(const char *name)
 {
 	/*
 	 * Arbitrary limit for group names.
 	 * HP-UX 10 limits to 16 characters
 	 */
 	if (   (GROUP_NAME_MAX_LENGTH > 0)
-	    && (strlen (name) > GROUP_NAME_MAX_LENGTH)) {
+	    && (strlen (name) > GROUP_NAME_MAX_LENGTH))
+	{
+		errno = EOVERFLOW;
 		return false;
 	}
 

lib/chowndir.c

@@ -13,12 +13,15 @@
 
 #include <sys/types.h>
 #include <sys/stat.h>
-#include "prototypes.h"
-#include "defines.h"
 #include <fcntl.h>
 #include <stdio.h>
 #include <unistd.h>
 
+#include "defines.h"
+#include "prototypes.h"
+#include "string/strcmp/streq.h"
+
+
 static int chown_tree_at (int at_fd,
                 const char *path,
                 uid_t old_uid,
@@ -56,8 +59,8 @@ static int chown_tree_at (int at_fd,
 		/*
 		 * Skip the "." and ".." entries
 		 */
-		if (   (strcmp (ent->d_name, ".") == 0)
-		    || (strcmp (ent->d_name, "..") == 0)) {
+		if (   streq(ent->d_name, ".")
+		    || streq(ent->d_name, "..")) {
 			continue;
 		}
 

lib/cleanup.c

@@ -44,7 +44,7 @@ void do_cleanups (void)
 {
 	unsigned int i;
 
-	/* Make sure there were no overflow */
+	/* Make sure there were no overflows */
 	assert (NULL == cleanup_functions[CLEANUP_FUNCTIONS-1]);
 
 	if (getpid () != cleanup_pid) {

lib/commonio.c

@@ -11,28 +11,33 @@
 
 #ident "$Id$"
 
-#include "defines.h"
 #include <assert.h>
+#include <errno.h>
+#include <fcntl.h>
+#include <limits.h>
+#include <signal.h>
+#include <stdio.h>
+#include <string.h>
 #include <sys/stat.h>
 #include <stdlib.h>
-#include <limits.h>
 #include <utime.h>
-#include <fcntl.h>
-#include <errno.h>
-#include <stdio.h>
-#include <signal.h>
 
-#include "alloc.h"
-#include "memzero.h"
+#include "alloc/malloc.h"
+#include "alloc/reallocf.h"
+#include "atoi/getnum.h"
+#include "commonio.h"
+#include "defines.h"
 #include "nscd.h"
-#include "sssd.h"
 #ifdef WITH_TCB
 #include <tcb.h>
 #endif				/* WITH_TCB */
 #include "prototypes.h"
-#include "commonio.h"
 #include "shadowlog_internal.h"
-#include "string/sprintf.h"
+#include "sssd.h"
+#include "string/memset/memzero.h"
+#include "string/sprintf/snprintf.h"
+#include "string/strcmp/streq.h"
+#include "string/strtok/stpsep.h"
 
 
 /* local function prototypes */
@@ -194,7 +199,7 @@ static int do_lock_file (const char *file, const char *lock, bool log)
 		errno = EINVAL;
 		return 0;
 	}
-	buf[len] = '\0';
+	stpcpy(&buf[len], "");
 	if (get_pid(buf, &pid) == -1) {
 		if (log) {
 			(void) fprintf (shadow_logfd,
@@ -573,9 +578,7 @@ static void add_one_entry_nis (struct commonio_db *db,
 int commonio_open (struct commonio_db *db, int mode)
 {
 	char *buf;
-	char *cp;
 	char *line;
-	struct commonio_entry *p;
 	void *eptr = NULL;
 	int flags = mode;
 	size_t buflen;
@@ -636,21 +639,21 @@ int commonio_open (struct commonio_db *db, int mode)
 
 	buflen = BUFLEN;
 	buf = MALLOC(buflen, char);
-	if (NULL == buf) {
-		goto cleanup_ENOMEM;
-	}
+	if (NULL == buf)
+		goto cleanup_errno;
 
 	while (db->ops->fgets (buf, buflen, db->fp) == buf) {
+		struct commonio_entry  *p;
+
 		while (   (strrchr (buf, '\n') == NULL)
 		       && (feof (db->fp) == 0)) {
 			size_t len;
 
 			buflen += BUFLEN;
-			cp = REALLOC(buf, buflen, char);
-			if (NULL == cp) {
-				goto cleanup_buf;
-			}
-			buf = cp;
+			buf = REALLOCF(buf, buflen, char);
+			if (NULL == buf)
+				goto cleanup_errno;
+
 			len = strlen (buf);
 			if (db->ops->fgets (buf + len,
 			                    (int) (buflen - len),
@@ -658,10 +661,7 @@ int commonio_open (struct commonio_db *db, int mode)
 				goto cleanup_buf;
 			}
 		}
-		cp = strrchr (buf, '\n');
-		if (NULL != cp) {
-			*cp = '\0';
-		}
+		stpsep(buf, "\n");
 
 		line = strdup (buf);
 		if (NULL == line) {
@@ -713,7 +713,6 @@ int commonio_open (struct commonio_db *db, int mode)
 	free (line);
       cleanup_buf:
 	free (buf);
-      cleanup_ENOMEM:
 	errno = ENOMEM;
       cleanup_errno:
 	saved_errno = errno;
@@ -832,10 +831,8 @@ int commonio_sort_wrt (struct commonio_db *shadow,
 			if (NULL == spw_ptr->eptr) {
 				continue;
 			}
-			if (strcmp (name, shadow->ops->getname (spw_ptr->eptr))
-			    == 0) {
+			if (streq(name, shadow->ops->getname(spw_ptr->eptr)))
 				break;
-			}
 		}
 		if (NULL == spw_ptr) {
 			continue;
@@ -1036,7 +1033,7 @@ static /*@dependent@*/ /*@null@*/struct commonio_entry *next_entry_by_name (
 	for (p = pos; NULL != p; p = p->next) {
 		ep = p->eptr;
 		if (   (NULL != ep)
-		    && (strcmp (db->ops->getname (ep), name) == 0)) {
+		    && streq(db->ops->getname(ep), name)) {
 			break;
 		}
 	}
@@ -1242,7 +1239,7 @@ int commonio_rewind (struct commonio_db *db)
 
 	if (!db->isopen) {
 		errno = EINVAL;
-		return 0;
+		return NULL;
 	}
 	if (NULL == db->cursor) {
 		db->cursor = db->head;

lib/console.c

@@ -9,20 +9,25 @@
  */
 
 #include <config.h>
-#include "defines.h"
+
 #include <stdio.h>
+#include <string.h>
+
+#include "defines.h"
 #include "getdef.h"
 #include "prototypes.h"
-#include "string/strtcpy.h"
+#include "string/strcmp/streq.h"
+#include "string/strcpy/strtcpy.h"
+#include "string/strtok/stpsep.h"
 
-#ident "$Id$"
 
 /*
  * This is now rather generic function which decides if "tty" is listed
  * under "cfgin" in config (directly or indirectly). Fallback to default if
  * something is bad.
  */
-static bool is_listed (const char *cfgin, const char *tty, bool def)
+static bool
+is_listed(const char *cfgin, const char *tty, bool def)
 {
 	FILE *fp;
 	char buf[1024], *s;
@@ -45,14 +50,13 @@ static bool is_listed (const char *cfgin, const char *tty, bool def)
 
 	if (*cons != '/') {
 		char *pbuf;
+
 		STRTCPY(buf, cons);
-		pbuf = &buf[0];
-		while ((s = strtok (pbuf, ":")) != NULL) {
-			if (strcmp (s, tty) == 0) {
+		pbuf = buf;
+		while (NULL != (s = strsep(&pbuf, ":"))) {
+			if (streq(s, tty)) {
 				return true;
 			}
-
-			pbuf = NULL;
 		}
 		return false;
 	}
@@ -72,9 +76,8 @@ static bool is_listed (const char *cfgin, const char *tty, bool def)
 	 */
 
 	while (fgets (buf, sizeof (buf), fp) != NULL) {
-		/* Remove optional trailing '\n'. */
-		buf[strcspn (buf, "\n")] = '\0';
-		if (strcmp (buf, tty) == 0) {
+		stpsep(buf, "\n");
+		if (streq(buf, tty)) {
 			(void) fclose (fp);
 			return true;
 		}

lib/copydir.c

@@ -17,9 +17,11 @@
 #include <sys/time.h>
 #include <fcntl.h>
 #include <stdio.h>
+#include <string.h>
 
-#include "alloc.h"
+#include "alloc/x/xmalloc.h"
 #include "attr.h"
+#include "fs/readlink/areadlink.h"
 #include "prototypes.h"
 #include "defines.h"
 #ifdef WITH_SELINUX
@@ -36,7 +38,8 @@
 #include <attr/libattr.h>
 #endif				/* WITH_ATTR */
 #include "shadowlog.h"
-#include "string/sprintf.h"
+#include "string/sprintf/xasprintf.h"
+#include "string/strcmp/streq.h"
 
 
 static /*@null@*/const char *src_orig;
@@ -66,7 +69,6 @@ static int copy_dir (const struct path_info *src, const struct path_info *dst,
                      const struct stat *statp, const struct timespec mt[],
                      uid_t old_uid, uid_t new_uid,
                      gid_t old_gid, gid_t new_gid);
-static /*@null@*/char *readlink_malloc (const char *filename);
 static int copy_symlink (const struct path_info *src, const struct path_info *dst,
                          MAYBE_UNUSED bool reset_selinux,
                          const struct stat *statp, const struct timespec mt[],
@@ -313,8 +315,8 @@ static int copy_tree_impl (const struct path_info *src, const struct path_info *
 		/*
 		 * Skip the "." and ".." entries
 		 */
-		if (strcmp(ent->d_name, ".") == 0 ||
-		    strcmp(ent->d_name, "..") == 0)
+		if (streq(ent->d_name, ".") ||
+		    streq(ent->d_name, ".."))
 		{
 			continue;
 		}
@@ -536,42 +538,6 @@ static int copy_dir (const struct path_info *src, const struct path_info *dst,
 	return err;
 }
 
-/*
- * readlink_malloc - wrapper for readlink
- *
- * return NULL on error.
- * The return string shall be freed by the caller.
- */
-static /*@null@*/char *readlink_malloc (const char *filename)
-{
-	size_t size = 1024;
-
-	while (true) {
-		ssize_t nchars;
-		char *buffer = MALLOC(size, char);
-		if (NULL == buffer) {
-			return NULL;
-		}
-
-		nchars = readlink (filename, buffer, size);
-
-		if (nchars < 0) {
-			free(buffer);
-			return NULL;
-		}
-
-		if ((size_t) nchars < size) { /* The buffer was large enough */
-			/* readlink does not nul-terminate */
-			buffer[nchars] = '\0';
-			return buffer;
-		}
-
-		/* Try again with a bigger buffer */
-		free (buffer);
-		size *= 2;
-	}
-}
-
 /*
  * copy_symlink - copy a symlink
  *
@@ -602,10 +568,9 @@ static int copy_symlink (const struct path_info *src, const struct path_info *ds
 	 * destination directory name.
 	 */
 
-	oldlink = readlink_malloc (src->full_path);
-	if (NULL == oldlink) {
+	oldlink = areadlink(src->full_path);
+	if (NULL == oldlink)
 		return -1;
-	}
 
 	/* If src was a link to an entry of the src_orig directory itself,
 	 * create a link to the corresponding entry in the dst_orig

lib/csrand.c

@@ -1,21 +1,19 @@
-/*
- * SPDX-FileCopyrightText:  Alejandro Colomar <alx@kernel.org>
- *
- * SPDX-License-Identifier:  BSD-3-Clause
- */
+// SPDX-FileCopyrightText: 2022-2024, Alejandro Colomar <alx@kernel.org>
+// SPDX-License-Identifier: BSD-3-Clause
 
 #include <config.h>
 
 #ident "$Id$"
 
+#include <fcntl.h>
 #include <limits.h>
 #include <stdint.h>
-#include <stdio.h>
 #include <stdlib.h>
 #include <unistd.h>
 #if HAVE_SYS_RANDOM_H
 #include <sys/random.h>
 #endif
+
 #include "bit.h"
 #include "defines.h"
 #include "prototypes.h"
@@ -34,7 +32,7 @@ static unsigned long csrand_uniform_slow(unsigned long n);
 unsigned long
 csrand(void)
 {
-	FILE           *fp;
+	int            fd;
 	unsigned long  r;
 
 #ifdef HAVE_GETENTROPY
@@ -56,17 +54,16 @@ csrand(void)
 #endif
 
 	/* Use /dev/urandom as a last resort.  */
-	fp = fopen("/dev/urandom", "r");
-	if (NULL == fp) {
+	fd = open("/dev/urandom", O_RDONLY);
+	if (fd == -1)
+		goto fail;
+
+	if (read(fd, &r, sizeof(r)) != sizeof(r)) {
+		close(fd);
 		goto fail;
 	}
 
-	if (fread(&r, sizeof(r), 1, fp) != 1) {
-		fclose(fp);
-		goto fail;
-	}
-
-	fclose(fp);
+	close(fd);
 	return r;
 
 fail:

lib/env.c

@@ -16,11 +16,14 @@
 #include <stdlib.h>
 #include <string.h>
 
-#include "alloc.h"
+#include "alloc/x/xmalloc.h"
+#include "alloc/x/xrealloc.h"
 #include "prototypes.h"
 #include "defines.h"
 #include "shadowlog.h"
-#include "string/sprintf.h"
+#include "string/sprintf/snprintf.h"
+#include "string/sprintf/xasprintf.h"
+#include "string/strdup/xstrdup.h"
 
 
 /*

lib/failure.c

@@ -18,10 +18,10 @@
 #include "defines.h"
 #include "faillog.h"
 #include "failure.h"
-#include "memzero.h"
 #include "prototypes.h"
+#include "string/memset/memzero.h"
 #include "string/strftime.h"
-#include "string/strtcpy.h"
+#include "string/strcpy/strtcpy.h"
 
 
 #define	YEAR	(365L*DAY)
@@ -82,7 +82,7 @@ void failure (uid_t uid, const char *tty, struct faillog *fl)
 	}
 
 	STRTCPY(fl->fail_line, tty);
-	(void) time (&fl->fail_time);
+	fl->fail_time = time(NULL);
 
 	/*
 	 * Seek back to the correct position in the file and write the
@@ -126,7 +126,7 @@ static bool too_many_failures (const struct faillog *fl)
 		return true;	/* locked until reset manually */
 	}
 
-	(void) time (&now);
+	now = time(NULL);
 	if ((fl->fail_time + fl->fail_locktime) < now) {
 		return false;	/* enough time since last failure */
 	}
@@ -242,14 +242,12 @@ void failprint (const struct faillog *fail)
 	struct tm *tp;
 	char lasttimeb[256];
 	char *lasttime = lasttimeb;
-	time_t NOW;
 
 	if (0 == fail->fail_cnt) {
 		return;
 	}
 
 	tp = localtime (&(fail->fail_time));
-	(void) time (&NOW);
 
 	/*
 	 * Print all information we have.

lib/fields.c

@@ -14,7 +14,13 @@
 #include <ctype.h>
 #include <string.h>
 #include <stdio.h>
+
 #include "prototypes.h"
+#include "string/strchr/stpspn.h"
+#include "string/strchr/strrspn.h"
+#include "string/strcmp/streq.h"
+#include "string/strtok/stpsep.h"
+
 
 /*
  * valid_field - insure that a field contains all legal characters
@@ -42,7 +48,7 @@ int valid_field (const char *field, const char *illegal)
 	}
 
 	/* Search if there are non-printable or control characters */
-	for (cp = field; '\0' != *cp; cp++) {
+	for (cp = field; !streq(cp, ""); cp++) {
 		unsigned char c = *cp;
 		if (!isprint (c)) {
 			err = 1;
@@ -62,7 +68,8 @@ int valid_field (const char *field, const char *illegal)
  * prompt the user with the name of the field being changed and the
  * current value.
  */
-void change_field (char *buf, size_t maxsize, const char *prompt)
+void
+change_field(char *buf, size_t maxsize, const char *prompt)
 {
 	char newf[200];
 	char *cp;
@@ -77,29 +84,17 @@ void change_field (char *buf, size_t maxsize, const char *prompt)
 		return;
 	}
 
-	cp = strchr (newf, '\n');
-	if (NULL == cp) {
+	if (stpsep(newf, "\n") == NULL)
 		return;
-	}
-	*cp = '\0';
 
-	if ('\0' != newf[0]) {
+	if (!streq(newf, "")) {
 		/*
 		 * Remove leading and trailing whitespace.  This also
 		 * makes it possible to change the field to empty, by
 		 * entering a space.  --marekm
 		 */
-
-		while (newf < cp && isspace (cp[-1])) {
-			cp--;
-		}
-		*cp = '\0';
-
-		cp = newf;
-		while (isspace (*cp)) {
-			cp++;
-		}
-
+		stpcpy(strrspn(newf, " \t"), "");
+		cp = stpspn(newf, " \t");
 		strcpy (buf, cp);
 	}
 }

lib/find_new_gid.c

@@ -9,10 +9,11 @@
 #include <config.h>
 
 #include <assert.h>
+#include <stdint.h>
 #include <stdio.h>
 #include <errno.h>
 
-#include "alloc.h"
+#include "alloc/calloc.h"
 #include "prototypes.h"
 #include "groupio.h"
 #include "getdef.h"

lib/find_new_uid.c

@@ -9,10 +9,11 @@
 #include <config.h>
 
 #include <assert.h>
+#include <stdint.h>
 #include <stdio.h>
 #include <errno.h>
 
-#include "alloc.h"
+#include "alloc/calloc.h"
 #include "prototypes.h"
 #include "pwio.h"
 #include "getdef.h"
@@ -304,7 +305,7 @@ int find_new_uid(bool sys_user,
 				return 0;
 			} else if (result == EEXIST || result == EINVAL) {
 				/*
-				 * This GID is in use or unusable, we'll
+				 * This UID is in use or unusable, we'll
 				 * continue to the next.
 				 */
 			} else {
@@ -350,7 +351,7 @@ int find_new_uid(bool sys_user,
 					return 0;
 				} else if (result == EEXIST || result == EINVAL) {
 					/*
-					 * This GID is in use or unusable, we'll
+					 * This UID is in use or unusable, we'll
 					 * continue to the next.
 					 */
 				} else {
@@ -413,7 +414,7 @@ int find_new_uid(bool sys_user,
 				return 0;
 			} else if (result == EEXIST || result == EINVAL) {
 				/*
-				 * This GID is in use or unusable, we'll
+				 * This UID is in use or unusable, we'll
 				 * continue to the next.
 				 */
 			} else {
@@ -459,7 +460,7 @@ int find_new_uid(bool sys_user,
 					return 0;
 				} else if (result == EEXIST || result == EINVAL) {
 					/*
-					 * This GID is in use or unusable, we'll
+					 * This UID is in use or unusable, we'll
 					 * continue to the next.
 					 */
 				} else {

lib/fputsx.c

@@ -10,10 +10,11 @@
 #include <config.h>
 
 #include <stdio.h>
+#include <string.h>
+
 #include "defines.h"
 #include "prototypes.h"
-
-#ident "$Id$"
+#include "string/strcmp/streq.h"
 
 
 /*@null@*/char *
@@ -25,7 +26,7 @@ fgetsx(/*@returned@*/char *restrict buf, int cnt, FILE *restrict f)
 	while (cnt > 0) {
 		if (fgets (cp, cnt, f) != cp) {
 			if (cp == buf) {
-				return 0;
+				return NULL;
 			} else {
 				break;
 			}
@@ -33,10 +34,8 @@ fgetsx(/*@returned@*/char *restrict buf, int cnt, FILE *restrict f)
 		ep = strrchr (cp, '\\');
 		if ((NULL != ep) && (*(ep + 1) == '\n')) {
 			cnt -= ep - cp;
-			if (cnt > 0) {
-				cp = ep;
-				*cp = '\0';
-			}
+			if (cnt > 0)
+				cp = stpcpy(ep, "");
 		} else {
 			break;
 		}
@@ -48,7 +47,7 @@ int fputsx (const char *s, FILE * stream)
 {
 	int i;
 
-	for (i = 0; '\0' != *s; i++, s++) {
+	for (i = 0; !streq(s, ""); i++, s++) {
 		if (putc (*s, stream) == EOF) {
 			return EOF;
 		}

lib/fs/readlink/areadlink.c

@@ -0,0 +1,10 @@
+// SPDX-FileCopyrightText: 2024, Alejandro Colomar <alx@kernel.org>
+// SPDX-License-Identifier: BSD-3-Clause
+
+
+#include <config.h>
+
+#include "fs/readlink/areadlink.h"
+
+
+extern inline char *areadlink(const char *link);

lib/fs/readlink/areadlink.h

@@ -0,0 +1,53 @@
+// SPDX-FileCopyrightText: 2024, Alejandro Colomar <alx@kernel.org>
+// SPDX-License-Identifier: BSD-3-Clause
+
+
+#ifndef SHADOW_INCLUDE_LIB_FS_READLINK_AREADLINK_H_
+#define SHADOW_INCLUDE_LIB_FS_READLINK_AREADLINK_H_
+
+
+#include <config.h>
+
+#include <errno.h>
+#include <limits.h>
+#include <stdbool.h>
+#include <stddef.h>
+#include <stdlib.h>
+
+#include "alloc/malloc.h"
+#include "attr.h"
+#include "fs/readlink/readlinknul.h"
+
+
+ATTR_STRING(1)
+inline char *areadlink(const char *link);
+
+
+// Similar to readlink(2), but allocate and terminate the string.
+inline char *
+areadlink(const char *link)
+{
+	size_t  size = PATH_MAX;
+
+	while (true) {
+		int   len;
+		char  *buf;
+
+		buf = MALLOC(size, char);
+		if (NULL == buf)
+			return NULL;
+
+		len = readlinknul(link, buf, size);
+		if (len != -1)
+			return buf;
+
+		free(buf);
+		if (errno != E2BIG)
+			return NULL;
+
+		size *= 2;
+	}
+}
+
+
+#endif  // include guard

lib/fs/readlink/readlinknul.c

@@ -0,0 +1,14 @@
+// SPDX-FileCopyrightText: 2024, Alejandro Colomar <alx@kernel.org>
+// SPDX-License-Identifier: BSD-3-Clause
+
+
+#include <config.h>
+
+#include "fs/readlink/readlinknul.h"
+
+#include <stddef.h>
+#include <sys/types.h>
+
+
+extern inline ssize_t readlinknul(const char *restrict link, char *restrict buf,
+    size_t size);

lib/fs/readlink/readlinknul.h

@@ -0,0 +1,53 @@
+// SPDX-FileCopyrightText: 2024, Alejandro Colomar <alx@kernel.org>
+// SPDX-License-Identifier: BSD-3-Clause
+
+
+#ifndef SHADOW_INCLUDE_LIB_FS_READLINK_READLINKNUL_H_
+#define SHADOW_INCLUDE_LIB_FS_READLINK_READLINKNUL_H_
+
+
+#include <config.h>
+
+#include <errno.h>
+#include <stddef.h>
+#include <string.h>
+#include <sys/types.h>
+#include <unistd.h>
+
+#include "attr.h"
+#include "sizeof.h"
+
+
+#define READLINKNUL(link, buf)  readlinknul(link, buf, NITEMS(buf))
+
+
+ATTR_STRING(1)
+inline ssize_t readlinknul(const char *restrict link, char *restrict buf,
+    size_t size);
+
+
+// Similar to readlink(2), but terminate the string.
+inline ssize_t
+readlinknul(const char *restrict link, char *restrict buf, size_t size)
+{
+	size_t   ulen;
+	ssize_t  slen;
+
+	slen = readlink(link, buf, size);
+	if (slen == -1)
+		return -1;
+
+	ulen = slen;
+	if (ulen == size) {
+		stpcpy(&buf[size-1], "");
+		errno = E2BIG;
+		return -1;
+	}
+
+	stpcpy(&buf[ulen], "");
+
+	return slen;
+}
+
+
+#endif  // include guard

lib/get_gid.c

@@ -1,34 +0,0 @@
-/*
- * SPDX-FileCopyrightText: 2009       , Nicolas François
- *
- * SPDX-License-Identifier: BSD-3-Clause
- */
-
-
-#include <config.h>
-
-#ident "$Id$"
-
-#include "prototypes.h"
-#include "defines.h"
-
-
-int
-get_gid(const char *gidstr, gid_t *gid)
-{
-	char       *end;
-	long long  val;
-
-	errno = 0;
-	val = strtoll(gidstr, &end, 10);
-	if (   ('\0' == *gidstr)
-	    || ('\0' != *end)
-	    || (0 != errno)
-	    || (/*@+longintegral@*/val != (gid_t)val)/*@=longintegral@*/) {
-		return -1;
-	}
-
-	*gid = val;
-	return 0;
-}
-

lib/get_pid.c

@@ -1,8 +1,7 @@
-/*
- * SPDX-FileCopyrightText: 2009       , Nicolas François
- *
- * SPDX-License-Identifier: BSD-3-Clause
- */
+// SPDX-FileCopyrightText: 2009, Nicolas François
+// SPDX-FileCopyrightText: 2023-2024, Alejandro Colomar <alx@kernel.org>
+// SPDX-License-Identifier: BSD-3-Clause
+
 
 #include <config.h>
 
@@ -14,29 +13,10 @@
 #include <sys/stat.h>
 #include <fcntl.h>
 
-#include "string/sprintf.h"
+#include "atoi/getnum.h"
+#include "string/sprintf/snprintf.h"
 
 
-int
-get_pid(const char *pidstr, pid_t *pid)
-{
-	char       *end;
-	long long  val;
-
-	errno = 0;
-	val = strtoll(pidstr, &end, 10);
-	if (   ('\0' == *pidstr)
-	    || ('\0' != *end)
-	    || (0 != errno)
-	    || (val < 1)
-	    || (/*@+longintegral@*/val != (pid_t)val)/*@=longintegral@*/) {
-		return -1;
-	}
-
-	*pid = val;
-	return 0;
-}
-
 /*
  * If use passed in fd:4 as an argument, then return the
  * value '4', the fd to use.
@@ -44,20 +24,12 @@ get_pid(const char *pidstr, pid_t *pid)
  */
 int get_pidfd_from_fd(const char *pidfdstr)
 {
-	char         *end;
-	long long    val;
+	int          pidfd;
 	struct stat  st;
 	dev_t proc_st_dev, proc_st_rdev;
 
-	errno = 0;
-	val = strtoll(pidfdstr, &end, 10);
-	if (   ('\0' == *pidfdstr)
-	    || ('\0' != *end)
-	    || (0 != errno)
-	    || (val < 0)
-	    || (/*@+longintegral@*/val != (int)val)/*@=longintegral@*/) {
+	if (get_fd(pidfdstr, &pidfd) == -1)
 		return -1;
-	}
 
 	if (stat("/proc/self/uid_map", &st) < 0) {
 		return -1;
@@ -66,7 +38,7 @@ int get_pidfd_from_fd(const char *pidfdstr)
 	proc_st_dev = st.st_dev;
 	proc_st_rdev = st.st_rdev;
 
-	if (fstat(val, &st) < 0) {
+	if (fstat(pidfd, &st) < 0) {
 		return -1;
 	}
 
@@ -74,7 +46,7 @@ int get_pidfd_from_fd(const char *pidfdstr)
 		return -1;
 	}
 
-	return (int)val;
+	return pidfd;
 }
 
 int open_pidfd(const char *pidstr)

lib/get_uid.c

@@ -1,34 +0,0 @@
-/*
- * SPDX-FileCopyrightText: 2009       , Nicolas François
- *
- * SPDX-License-Identifier: BSD-3-Clause
- */
-
-
-#include <config.h>
-
-#ident "$Id$"
-
-#include "prototypes.h"
-#include "defines.h"
-
-
-int
-get_uid(const char *uidstr, uid_t *uid)
-{
-	char       *end;
-	long long  val;
-
-	errno = 0;
-	val = strtoll(uidstr, &end, 10);
-	if (   ('\0' == *uidstr)
-	    || ('\0' != *end)
-	    || (0 != errno)
-	    || (/*@+longintegral@*/val != (uid_t)val)/*@=longintegral@*/) {
-		return -1;
-	}
-
-	*uid = val;
-	return 0;
-}
-

lib/getdate.y

@@ -24,14 +24,16 @@
 # undef static
 #endif
 
-#include <stdio.h>
 #include <ctype.h>
+#include <stdio.h>
+#include <string.h>
 #include <time.h>
 
 #include "attr.h"
 #include "getdate.h"
+#include "string/strchr/stpspn.h"
+#include "string/strcmp/streq.h"
 
-#include <string.h>
 
 /* Some old versions of bison generate parsers that use bcopy.
    That loses on systems that don't provide the function, so we have
@@ -625,16 +627,16 @@ static int LookupWord (char *buff)
   bool abbrev;
 
   /* Make it lowercase. */
-  for (p = buff; '\0' != *p; p++)
+  for (p = buff; !streq(p, ""); p++)
     if (isupper (*p))
       *p = tolower (*p);
 
-  if (strcmp (buff, "am") == 0 || strcmp (buff, "a.m.") == 0)
+  if (streq(buff, "am") || streq(buff, "a.m."))
     {
       yylval.Meridian = MERam;
       return tMERIDIAN;
     }
-  if (strcmp (buff, "pm") == 0 || strcmp (buff, "p.m.") == 0)
+  if (streq(buff, "pm") || streq(buff, "p.m."))
     {
       yylval.Meridian = MERpm;
       return tMERIDIAN;
@@ -646,7 +648,7 @@ static int LookupWord (char *buff)
   else if (strlen (buff) == 4 && buff[3] == '.')
     {
       abbrev = true;
-      buff[3] = '\0';
+      stpcpy(&buff[3], "");
     }
   else
     abbrev = false;
@@ -661,7 +663,7 @@ static int LookupWord (char *buff)
 	      return tp->type;
 	    }
 	}
-      else if (strcmp (buff, tp->name) == 0)
+      else if (streq(buff, tp->name))
 	{
 	  yylval.Number = tp->value;
 	  return tp->type;
@@ -669,17 +671,17 @@ static int LookupWord (char *buff)
     }
 
   for (tp = TimezoneTable; tp->name; tp++)
-    if (strcmp (buff, tp->name) == 0)
+    if (streq(buff, tp->name))
       {
 	yylval.Number = tp->value;
 	return tp->type;
       }
 
-  if (strcmp (buff, "dst") == 0)
+  if (streq(buff, "dst"))
     return tDST;
 
   for (tp = UnitsTable; tp->name; tp++)
-    if (strcmp (buff, tp->name) == 0)
+    if (streq(buff, tp->name))
       {
 	yylval.Number = tp->value;
 	return tp->type;
@@ -689,9 +691,9 @@ static int LookupWord (char *buff)
   i = strlen (buff) - 1;
   if (buff[i] == 's')
     {
-      buff[i] = '\0';
+      stpcpy(&buff[i], "");
       for (tp = UnitsTable; tp->name; tp++)
-	if (strcmp (buff, tp->name) == 0)
+	if (streq(buff, tp->name))
 	  {
 	    yylval.Number = tp->value;
 	    return tp->type;
@@ -700,7 +702,7 @@ static int LookupWord (char *buff)
     }
 
   for (tp = OtherTable; tp->name; tp++)
-    if (strcmp (buff, tp->name) == 0)
+    if (streq(buff, tp->name))
       {
 	yylval.Number = tp->value;
 	return tp->type;
@@ -710,7 +712,7 @@ static int LookupWord (char *buff)
   if (buff[1] == '\0' && isalpha (*buff))
     {
       for (tp = MilitaryTable; tp->name; tp++)
-	if (strcmp (buff, tp->name) == 0)
+	if (streq(buff, tp->name))
 	  {
 	    yylval.Number = tp->value;
 	    return tp->type;
@@ -718,15 +720,15 @@ static int LookupWord (char *buff)
     }
 
   /* Drop out any periods and try the timezone table again. */
-  for (i = 0, p = q = buff; '\0' != *q; q++)
+  for (i = 0, p = q = buff; !streq(q, ""); q++)
     if (*q != '.')
       *p++ = *q;
     else
       i++;
-  *p = '\0';
+  stpcpy(p, "");
   if (0 != i)
     for (tp = TimezoneTable; NULL != tp->name; tp++)
-      if (strcmp (buff, tp->name) == 0)
+      if (streq(buff, tp->name))
 	{
 	  yylval.Number = tp->value;
 	  return tp->type;
@@ -746,8 +748,7 @@ yylex (void)
 
   for (;;)
     {
-      while (isspace (*yyInput))
-	yyInput++;
+      yyInput = stpspn(yyInput, " \t");
 
       if (isdigit (c = *yyInput) || c == '-' || c == '+')
 	{
@@ -772,7 +773,7 @@ yylex (void)
 	  for (p = buff; (c = *yyInput++, isalpha (c)) || c == '.';)
 	    if (p < &buff[sizeof buff - 1])
 	      *p++ = c;
-	  *p = '\0';
+          stpcpy(p, "");
 	  yyInput--;
 	  return LookupWord (buff);
 	}
@@ -821,7 +822,7 @@ time_t get_date (const char *p, const time_t *now)
   time_t Start;
 
   yyInput = p;
-  Start = now ? *now : time ((time_t *) NULL);
+  Start = now ? *now : time(NULL);
   tmp = localtime (&Start);
   yyYear = tmp->tm_year + TM_YEAR_ORIGIN;
   yyMonth = tmp->tm_mon + 1;
@@ -935,7 +936,7 @@ main(void)
   buff[MAX_BUFF_LEN] = 0;
   while (fgets (buff, MAX_BUFF_LEN, stdin) && buff[0])
     {
-      d = get_date (buff, (time_t *) NULL);
+      d = get_date(buff, NULL);
       if (d == -1)
 	(void) printf ("Bad format - couldn't convert.\n");
       else

lib/getdef.c

@@ -11,22 +11,29 @@
 
 #ident "$Id$"
 
-#include "prototypes.h"
-#include "defines.h"
+#include <ctype.h>
+#include <errno.h>
 #include <stddef.h>
 #include <stdio.h>
 #include <stdlib.h>
-#include <ctype.h>
-#include <errno.h>
+#include <string.h>
+
 #ifdef USE_ECONF
 #include <libeconf.h>
 #endif
 
-#include "alloc.h"
-#include "atoi/str2i.h"
+#include "atoi/a2i/a2s.h"
+#include "atoi/a2i/a2u.h"
+#include "atoi/str2i/str2u.h"
+#include "defines.h"
 #include "getdef.h"
+#include "prototypes.h"
 #include "shadowlog_internal.h"
-#include "string/sprintf.h"
+#include "string/sprintf/xasprintf.h"
+#include "string/strchr/stpspn.h"
+#include "string/strchr/strrspn.h"
+#include "string/strcmp/streq.h"
+#include "string/strtok/stpsep.h"
 
 
 /*
@@ -151,7 +158,6 @@ static struct itemdef def_table[] = {
 	{NULL, NULL}
 };
 
-#define NUMKNOWNDEFS	(sizeof(knowndef_table)/sizeof(knowndef_table[0]))
 static struct itemdef knowndef_table[] = {
 #ifdef USE_PAM
 	PAMDEFS
@@ -232,10 +238,11 @@ bool getdef_bool (const char *item)
  * values are handled.
  */
 
-int getdef_num (const char *item, int dflt)
+int
+getdef_num(const char *item, int dflt)
 {
-	struct itemdef *d;
-	long val;
+	int             val;
+	struct itemdef  *d;
 
 	if (!def_loaded) {
 		def_load ();
@@ -246,9 +253,7 @@ int getdef_num (const char *item, int dflt)
 		return dflt;
 	}
 
-	if (   (str2sl(&val, d->value) == -1)
-	    || (val > INT_MAX)
-	    || (val < -1)) {
+	if (a2si(&val, d->value, NULL, 0, -1, INT_MAX) == -1) {
 		fprintf (shadow_logfd,
 		         _("configuration error - cannot parse %s value: '%s'"),
 		         item, d->value);
@@ -267,10 +272,11 @@ int getdef_num (const char *item, int dflt)
  * values are handled.
  */
 
-unsigned int getdef_unum (const char *item, unsigned int dflt)
+unsigned int
+getdef_unum(const char *item, unsigned int dflt)
 {
-	struct itemdef *d;
-	long val;
+	unsigned int    val;
+	struct itemdef  *d;
 
 	if (!def_loaded) {
 		def_load ();
@@ -281,9 +287,7 @@ unsigned int getdef_unum (const char *item, unsigned int dflt)
 		return dflt;
 	}
 
-	if (   (str2sl(&val, d->value) == -1)
-	    || (val < 0)
-	    || (val > INT_MAX)) {
+	if (a2ui(&val, d->value, NULL, 0, 0, UINT_MAX) == -1) {
 		fprintf (shadow_logfd,
 		         _("configuration error - cannot parse %s value: '%s'"),
 		         item, d->value);
@@ -316,7 +320,7 @@ long getdef_long (const char *item, long dflt)
 		return dflt;
 	}
 
-	if (str2sl(&val, d->value) == -1 || val < -1) {
+	if (a2sl(&val, d->value, NULL, 0, -1, LONG_MAX) == -1) {
 		fprintf (shadow_logfd,
 		         _("configuration error - cannot parse %s value: '%s'"),
 		         item, d->value);
@@ -416,7 +420,7 @@ static /*@observer@*/ /*@null@*/struct itemdef *def_find (const char *name, cons
 	 */
 
 	for (ptr = def_table; NULL != ptr->name; ptr++) {
-		if (strcmp (ptr->name, name) == 0) {
+		if (streq(ptr->name, name)) {
 			return ptr;
 		}
 	}
@@ -426,7 +430,7 @@ static /*@observer@*/ /*@null@*/struct itemdef *def_find (const char *name, cons
 	 */
 
 	for (ptr = knowndef_table; NULL != ptr->name; ptr++) {
-		if (strcmp (ptr->name, name) == 0) {
+		if (streq(ptr->name, name)) {
 			goto out;
 		}
 	}
@@ -526,7 +530,6 @@ static void def_load (void)
 #else /* USE_ECONF */
 static void def_load (void)
 {
-	int i;
 	FILE *fp;
 	char buf[1024], *name, *value, *s;
 
@@ -558,28 +561,21 @@ static void def_load (void)
 		/*
 		 * Trim trailing whitespace.
 		 */
-		for (i = (ptrdiff_t) strlen (buf) - 1; i >= 0; --i) {
-			if (!isspace (buf[i])) {
-				break;
-			}
-		}
-		i++;
-		buf[i] = '\0';
+		stpcpy(strrspn(buf, " \t\n"), "");
 
 		/*
 		 * Break the line into two fields.
 		 */
-		name = buf + strspn (buf, " \t");	/* first nonwhite */
-		if (*name == '\0' || *name == '#')
+		name = stpspn(buf, " \t");	/* first nonwhite */
+		if (streq(name, "") || *name == '#')
 			continue;	/* comment or empty */
 
-		s = name + strcspn (name, " \t");	/* end of field */
-		if (*s == '\0')
+		s = stpsep(name, " \t");  /* next field */
+		if (s == NULL)
 			continue;	/* only 1 field?? */
 
-		*s++ = '\0';
-		value = s + strspn (s, " \"\t");	/* next nonwhite */
-		*(value + strcspn (value, "\"")) = '\0';
+		value = stpspn(s, " \"\t");	/* next nonwhite */
+		stpsep(value, "\"");
 
 		/*
 		 * Store the value in def_table.

lib/getgr_nam_gid.c

@@ -1,11 +1,10 @@
-/*
- * SPDX-FileCopyrightText: 1991 - 1994, Julianne Frances Haugh
- * SPDX-FileCopyrightText: 1996 - 2000, Marek Michałkiewicz
- * SPDX-FileCopyrightText: 2000 - 2006, Tomasz Kłoczko
- * SPDX-FileCopyrightText: 2007 - 2009, Nicolas François
- *
- * SPDX-License-Identifier: BSD-3-Clause
- */
+// SPDX-FileCopyrightText: 1991-1994, Julianne Frances Haugh
+// SPDX-FileCopyrightText: 1996-2000, Marek Michałkiewicz
+// SPDX-FileCopyrightText: 2000-2006, Tomasz Kłoczko
+// SPDX-FileCopyrightText: 2007-2009, Nicolas François
+// SPDX-FileCopyrightText: 2023-2024, Alejandro Colomar <alx@kernel.org>
+// SPDX-License-Identifier: BSD-3-Clause
+
 
 #include <config.h>
 
@@ -14,30 +13,27 @@
 #include <stdlib.h>
 #include <errno.h>
 #include <grp.h>
+#include <sys/types.h>
+
+#include "atoi/getnum.h"
 #include "prototypes.h"
 
+
 /*
  * getgr_nam_gid - Return a pointer to the group specified by a string.
  * The string may be a valid GID or a valid groupname.
  * If the group does not exist on the system, NULL is returned.
  */
-extern /*@only@*//*@null@*/struct group *getgr_nam_gid (/*@null@*/const char *grname)
+extern /*@only@*//*@null@*/struct group *
+getgr_nam_gid(/*@null@*/const char *grname)
 {
-	char       *end;
-	long long  gid;
+	gid_t  gid;
 
-	if (NULL == grname) {
+	if (NULL == grname)
 		return NULL;
-	}
 
-	errno = 0;
-	gid = strtoll(grname, &end, 10);
-	if (   ('\0' != *grname)
-	    && ('\0' == *end)
-	    && (0 == errno)
-	    && (/*@+longintegral@*/gid == (gid_t)gid)/*@=longintegral@*/) {
-		return xgetgrgid (gid);
-	}
-	return xgetgrnam (grname);
+	if (get_gid(grname, &gid) == 0)
+		return xgetgrgid(gid);
+	return xgetgrnam(grname);
 }
 

lib/getrange.c

@@ -10,9 +10,10 @@
 #include <ctype.h>
 #include <stdlib.h>
 
-#include "atoi/a2i.h"
+#include "atoi/a2i/a2u.h"
 #include "defines.h"
 #include "prototypes.h"
+#include "string/strcmp/streq.h"
 
 
 /*
@@ -53,7 +54,7 @@ getrange(const char *range,
 		return 0;  /* <long> */
 
 	case '-':
-		if ('\0' == *end)
+		if (streq(end, ""))
 			return 0;  /* <long>- */
 parse_max:
 		if (!isdigit((unsigned char) *end))

lib/gettime.c

@@ -11,7 +11,7 @@
 #include <limits.h>
 #include <stdio.h>
 
-#include "atoi/a2i.h"
+#include "atoi/a2i/a2i.h"
 #include "defines.h"
 #include "prototypes.h"
 #include "shadowlog.h"

lib/groupio.c

@@ -15,12 +15,14 @@
 #include <assert.h>
 #include <stdio.h>
 
-#include "alloc.h"
-#include "prototypes.h"
-#include "defines.h"
+#include "alloc/calloc.h"
+#include "alloc/malloc.h"
 #include "commonio.h"
+#include "defines.h"
 #include "getdef.h"
 #include "groupio.h"
+#include "prototypes.h"
+#include "string/strcmp/streq.h"
 
 
 static /*@null@*/struct commonio_entry *merge_group_entries (
@@ -262,8 +264,8 @@ static int group_open_hook (void)
 			struct group *g2 = gr2->eptr;
 			if (NULL != g1 &&
 			    NULL != g2 &&
-			    0 == strcmp (g1->gr_name, g2->gr_name) &&
-			    0 == strcmp (g1->gr_passwd, g2->gr_passwd) &&
+			    streq(g1->gr_name, g2->gr_name) &&
+			    streq(g1->gr_passwd, g2->gr_passwd) &&
 			    g1->gr_gid == g2->gr_gid) {
 				/* Both group entries refer to the same
 				 * group. It is a split group. Merge the
@@ -331,7 +333,7 @@ static /*@null@*/struct commonio_entry *merge_group_entries (
 	for (i=0; NULL != gptr2->gr_mem[i]; i++) {
 		char **pmember = gptr1->gr_mem;
 		while (NULL != *pmember) {
-			if (0 == strcmp(*pmember, gptr2->gr_mem[i])) {
+			if (streq(*pmember, gptr2->gr_mem[i])) {
 				break;
 			}
 			pmember++;
@@ -354,7 +356,7 @@ static /*@null@*/struct commonio_entry *merge_group_entries (
 	for (i=0; NULL != gptr2->gr_mem[i]; i++) {
 		char **pmember = new_members;
 		while (NULL != *pmember) {
-			if (0 == strcmp(*pmember, gptr2->gr_mem[i])) {
+			if (streq(*pmember, gptr2->gr_mem[i])) {
 				break;
 			}
 			pmember++;

lib/groupmem.c

@@ -12,11 +12,13 @@
 
 #ident "$Id$"
 
-#include "alloc.h"
-#include "memzero.h"
+#include "alloc/calloc.h"
+#include "alloc/malloc.h"
 #include "prototypes.h"
 #include "defines.h"
 #include "groupio.h"
+#include "string/memset/memzero.h"
+
 
 /*@null@*/ /*@only@*/struct group *__gr_dup (const struct group *grent)
 {
@@ -81,10 +83,9 @@ void
 gr_free(/*@only@*/struct group *grent)
 {
 	free (grent->gr_name);
-	if (NULL != grent->gr_passwd) {
-		strzero (grent->gr_passwd);
-		free (grent->gr_passwd);
-	}
+	if (NULL != grent->gr_passwd)
+		free(strzero(grent->gr_passwd));
+
 	gr_free_members(grent);
 	free (grent);
 }

lib/gshadow.c

@@ -14,45 +14,40 @@
 
 #ident "$Id$"
 
+#include <stddef.h>
 #include <stdio.h>
 #include <string.h>
 
-#include "alloc.h"
-#include "prototypes.h"
+#include "alloc/malloc.h"
+#include "alloc/realloc.h"
+#include "alloc/x/xmalloc.h"
 #include "defines.h"
+#include "prototypes.h"
+#include "string/strchr/strchrcnt.h"
+#include "string/strcmp/streq.h"
+#include "string/strtok/stpsep.h"
+
 
 static /*@null@*/FILE *shadow;
-static /*@null@*//*@only@*/char **members = NULL;
-static size_t nmembers = 0;
-static /*@null@*//*@only@*/char **admins = NULL;
-static size_t nadmins = 0;
-static struct sgrp sgroup;
+static struct sgrp  sgroup = {};
 
 #define	FIELDS	4
 
 
-static /*@null@*/char **build_list (char *s, char **list[], size_t * nlist)
+static /*@null@*/char **
+build_list(char *s)
 {
-	char **ptr = *list;
-	size_t nelem = *nlist, size;
+	char    **l;
+	size_t  i;
 
-	while (s != NULL && *s != '\0') {
-		size = (nelem + 1) * sizeof (ptr);
-		ptr = REALLOC(*list, size, char *);
-		if (NULL != ptr) {
-			ptr[nelem] = strsep(&s, ",");
-			nelem++;
-			*list = ptr;
-			*nlist = nelem;
-		}
-	}
-	size = (nelem + 1) * sizeof (ptr);
-	ptr = REALLOC(*list, size, char *);
-	if (NULL != ptr) {
-		ptr[nelem] = NULL;
-		*list = ptr;
-	}
-	return ptr;
+	l = XMALLOC(strchrcnt(s, ',') + 2, char *);
+
+	for (i = 0; s != NULL && !streq(s, ""); i++)
+		l[i] = strsep(&s, ",");
+
+	l[i] = NULL;
+
+	return l;
 }
 
 void setsgent (void)
@@ -73,7 +68,8 @@ void endsgent (void)
 	shadow = NULL;
 }
 
-/*@observer@*//*@null@*/struct sgrp *sgetsgent (const char *string)
+/*@observer@*//*@null@*/struct sgrp *
+sgetsgent(const char *string)
 {
 	static char *sgrbuf = NULL;
 	static size_t sgrbuflen = 0;
@@ -85,19 +81,15 @@ void endsgent (void)
 
 	if (len > sgrbuflen) {
 		char *buf = REALLOC(sgrbuf, len, char);
-		if (NULL == buf) {
+		if (NULL == buf)
 			return NULL;
-		}
+
 		sgrbuf = buf;
 		sgrbuflen = len;
 	}
 
 	strcpy (sgrbuf, string);
-
-	cp = strrchr (sgrbuf, '\n');
-	if (NULL != cp) {
-		*cp = '\0';
-	}
+	stpsep(sgrbuf, "\n");
 
 	/*
 	 * There should be exactly 4 colon separated fields.  Find
@@ -113,22 +105,16 @@ void endsgent (void)
 	 */
 
 	if (NULL != cp || i != FIELDS)
-		return 0;
+		return NULL;
 
 	sgroup.sg_name = fields[0];
 	sgroup.sg_passwd = fields[1];
-	if (0 != nadmins) {
-		nadmins = 0;
-		free (admins);
-		admins = NULL;
-	}
-	if (0 != nmembers) {
-		nmembers = 0;
-		free (members);
-		members = NULL;
-	}
-	sgroup.sg_adm = build_list (fields[2], &admins, &nadmins);
-	sgroup.sg_mem = build_list (fields[3], &members, &nmembers);
+
+	free(sgroup.sg_adm);
+	free(sgroup.sg_mem);
+
+	sgroup.sg_adm = build_list(fields[2]);
+	sgroup.sg_mem = build_list(fields[3]);
 
 	return &sgroup;
 }
@@ -159,32 +145,29 @@ void endsgent (void)
 		return NULL;
 	}
 
-	if (fgetsx(buf, buflen, fp) == buf) {
-		while (   ((cp = strrchr (buf, '\n')) == NULL)
-		       && (feof (fp) == 0)) {
-			size_t len;
+	if (fgetsx(buf, buflen, fp) == NULL)
+		return NULL;
 
-			cp = REALLOC(buf, buflen * 2, char);
-			if (NULL == cp) {
-				return NULL;
-			}
-			buf = cp;
-			buflen *= 2;
+	while (   (strrchr(buf, '\n') == NULL)
+	       && (feof (fp) == 0)) {
+		size_t len;
 
-			len = strlen (buf);
-			if (fgetsx (&buf[len],
-			            (int) (buflen - len),
-			            fp) != &buf[len]) {
-				return NULL;
-			}
+		cp = REALLOC(buf, buflen * 2, char);
+		if (NULL == cp) {
+			return NULL;
 		}
-		cp = strrchr (buf, '\n');
-		if (NULL != cp) {
-			*cp = '\0';
+		buf = cp;
+		buflen *= 2;
+
+		len = strlen (buf);
+		if (fgetsx (&buf[len],
+			    (int) (buflen - len),
+			    fp) != &buf[len]) {
+			return NULL;
 		}
-		return (sgetsgent (buf));
 	}
-	return NULL;
+	stpsep(buf, "\n");
+	return (sgetsgent (buf));
 }
 
 /*
@@ -210,7 +193,7 @@ void endsgent (void)
 	setsgent ();
 
 	while ((sgrp = getsgent ()) != NULL) {
-		if (strcmp (name, sgrp->sg_name) == 0) {
+		if (streq(name, sgrp->sg_name)) {
 			break;
 		}
 	}
@@ -253,53 +236,36 @@ int putsgent (const struct sgrp *sgrp, FILE * fp)
 	/*
 	 * Copy the group name and passwd.
 	 */
-
-	strcpy (cp, sgrp->sg_name);
-	cp += strlen (cp);
-	*cp++ = ':';
-
-	strcpy (cp, sgrp->sg_passwd);
-	cp += strlen (cp);
-	*cp++ = ':';
+	cp = stpcpy(stpcpy(cp, sgrp->sg_name), ":");
+	cp = stpcpy(stpcpy(cp, sgrp->sg_passwd), ":");
 
 	/*
 	 * Copy the administrators, separating each from the other
 	 * with a ",".
 	 */
-
 	for (i = 0; NULL != sgrp->sg_adm[i]; i++) {
-		if (i > 0) {
-			*cp++ = ',';
-		}
+		if (i > 0)
+			cp = stpcpy(cp, ",");
 
-		strcpy (cp, sgrp->sg_adm[i]);
-		cp += strlen (cp);
+		cp = stpcpy(cp, sgrp->sg_adm[i]);
 	}
-	*cp = ':';
-	cp++;
+	cp = stpcpy(cp, ":");
 
 	/*
 	 * Now do likewise with the group members.
 	 */
-
 	for (i = 0; NULL != sgrp->sg_mem[i]; i++) {
-		if (i > 0) {
-			*cp = ',';
-			cp++;
-		}
+		if (i > 0)
+			cp = stpcpy(cp, ",");
 
-		strcpy (cp, sgrp->sg_mem[i]);
-		cp += strlen (cp);
+		cp = stpcpy(cp, sgrp->sg_mem[i]);
 	}
-	*cp = '\n';
-	cp++;
-	*cp = '\0';
+	stpcpy(cp, "\n");
 
 	/*
 	 * Output using the function which understands the line
 	 * continuation conventions.
 	 */
-
 	if (fputsx (buf, fp) == EOF) {
 		free (buf);
 		return -1;

lib/gshadow_.h

@@ -30,7 +30,6 @@ struct sgrp {
 
 #include <stdio.h>		/* for FILE */
 
-#if __STDC__
 /*@observer@*//*@null@*/struct sgrp *getsgent (void);
 /*@observer@*//*@null@*/struct sgrp *getsgnam (const char *);
 /*@observer@*//*@null@*/struct sgrp *sgetsgent (const char *);
@@ -38,15 +37,6 @@ struct sgrp {
 void setsgent (void);
 void endsgent (void);
 int putsgent (const struct sgrp *, FILE *);
-#else
-/*@observer@*//*@null@*/struct sgrp *getsgent ();
-/*@observer@*//*@null@*/struct sgrp *getsgnam ();
-/*@observer@*//*@null@*/struct sgrp *sgetsgent ();
-/*@observer@*//*@null@*/struct sgrp *fgetsgent ();
-void setsgent ();
-void endsgent ();
-int putsgent ();
-#endif
 
 #define	GSHADOW	"/etc/gshadow"
 #endif				/* ifndef _H_GSHADOW */

lib/hushed.c

@@ -12,13 +12,17 @@
 
 #ident "$Id$"
 
-#include <sys/types.h>
-#include <stdio.h>
 #include <pwd.h>
+#include <stdio.h>
+#include <string.h>
+#include <sys/types.h>
+
 #include "defines.h"
-#include "prototypes.h"
 #include "getdef.h"
-#include "string/sprintf.h"
+#include "prototypes.h"
+#include "string/sprintf/snprintf.h"
+#include "string/strcmp/streq.h"
+#include "string/strtok/stpsep.h"
 
 
 /*
@@ -70,9 +74,9 @@ bool hushed (const char *username)
 		return false;
 	}
 	for (found = false; !found && (fgets (buf, sizeof buf, fp) == buf);) {
-		buf[strcspn (buf, "\n")] = '\0';
-		found = (strcmp (buf, pw->pw_shell) == 0) ||
-		        (strcmp (buf, pw->pw_name) == 0);
+		stpsep(buf, "\n");
+		found = streq(buf, pw->pw_shell) ||
+		        streq(buf, pw->pw_name);
 	}
 	(void) fclose (fp);
 	return found;

lib/idmapping.c

@@ -12,24 +12,26 @@
 #include <stdlib.h>
 #include <stdio.h>
 #include <strings.h>
-
-#include "alloc.h"
-#include "atoi/str2i.h"
-#include "prototypes.h"
-#include "string/stpeprintf.h"
-#include "idmapping.h"
 #if HAVE_SYS_CAPABILITY_H
 #include <sys/prctl.h>
 #include <sys/capability.h>
 #endif
+
+#include "alloc/calloc.h"
+#include "alloc/x/xmalloc.h"
+#include "atoi/a2i/a2u.h"
+#include "idmapping.h"
+#include "prototypes.h"
 #include "shadowlog.h"
 #include "sizeof.h"
+#include "string/sprintf/stpeprintf.h"
+#include "string/strcmp/streq.h"
 
 
-struct map_range *get_map_ranges(int ranges, int argc, char **argv)
+struct map_range *
+get_map_ranges(int ranges, int argc, char **argv)
 {
-	struct map_range *mappings, *mapping;
-	int idx, argidx;
+	struct map_range  *mappings, *m;
 
 	if (ranges < 0 || argc < 0) {
 		fprintf(log_get_logfd(), "%s: error calculating number of arguments\n", log_get_progname());
@@ -45,45 +47,30 @@ struct map_range *get_map_ranges(int ranges, int argc, char **argv)
 	if (!mappings) {
 		fprintf(log_get_logfd(), _( "%s: Memory allocation failure\n"),
 			log_get_progname());
-		exit(EXIT_FAILURE);
+		return NULL;
 	}
 
 	/* Gather up the ranges from the command line */
-	mapping = mappings;
-	for (idx = 0, argidx = 0; idx < ranges; idx++, argidx += 3, mapping++) {
-		if (str2ul(&mapping->upper, argv[argidx + 0]) == -1) {
+	m = mappings;
+	for (int i = 0; i < ranges * 3; i+=3, m++) {
+		if (a2ul(&m->upper, argv[i + 0], NULL, 0, 0, UINT_MAX - 1) == -1) {
+			if (errno == ERANGE)
+				fprintf(log_get_logfd(), _( "%s: subuid overflow detected.\n"), log_get_progname());
 			free(mappings);
 			return NULL;
 		}
-		if (str2ul(&mapping->lower, argv[argidx + 1]) == -1) {
+		if (a2ul(&m->lower, argv[i + 1], NULL, 0, 0, UINT_MAX - 1) == -1) {
+			if (errno == ERANGE)
+				fprintf(log_get_logfd(), _( "%s: subuid overflow detected.\n"), log_get_progname());
 			free(mappings);
 			return NULL;
 		}
-		if (str2ul(&mapping->count, argv[argidx + 2]) == -1) {
+		if (a2ul(&m->count, argv[i + 2], NULL, 0, 1, UINT_MAX - MAX(m->lower, m->upper)) == -1) {
+			if (errno == ERANGE)
+				fprintf(log_get_logfd(), _( "%s: subuid overflow detected.\n"), log_get_progname());
 			free(mappings);
 			return NULL;
 		}
-		if (ULONG_MAX - mapping->upper <= mapping->count || ULONG_MAX - mapping->lower <= mapping->count) {
-			fprintf(log_get_logfd(), _( "%s: subuid overflow detected.\n"), log_get_progname());
-			exit(EXIT_FAILURE);
-		}
-		if (mapping->upper > UINT_MAX ||
-			mapping->lower > UINT_MAX ||
-			mapping->count > UINT_MAX)  {
-			fprintf(log_get_logfd(), _( "%s: subuid overflow detected.\n"), log_get_progname());
-			exit(EXIT_FAILURE);
-		}
-		if (mapping->lower + mapping->count > UINT_MAX ||
-				mapping->upper + mapping->count > UINT_MAX) {
-			fprintf(log_get_logfd(), _( "%s: subuid overflow detected.\n"), log_get_progname());
-			exit(EXIT_FAILURE);
-		}
-		if (mapping->lower + mapping->count < mapping->lower ||
-				mapping->upper + mapping->count < mapping->upper) {
-			/* this one really shouldn't be possible given previous checks */
-			fprintf(log_get_logfd(), _( "%s: subuid overflow detected.\n"), log_get_progname());
-			exit(EXIT_FAILURE);
-		}
 	}
 	return mappings;
 }
@@ -147,9 +134,9 @@ void write_mapping(int proc_dir_fd, int ranges, const struct map_range *mappings
 	struct __user_cap_header_struct hdr = {_LINUX_CAPABILITY_VERSION_3, 0};
 	struct __user_cap_data_struct data[2] = {{0}};
 
-	if (strcmp(map_file, "uid_map") == 0) {
+	if (streq(map_file, "uid_map")) {
 		cap = CAP_SETUID;
-	} else if (strcmp(map_file, "gid_map") == 0) {
+	} else if (streq(map_file, "gid_map")) {
 		cap = CAP_SETGID;
 	} else {
 		fprintf(log_get_logfd(), _("%s: Invalid map file %s specified\n"), log_get_progname(), map_file);
@@ -158,7 +145,7 @@ void write_mapping(int proc_dir_fd, int ranges, const struct map_range *mappings
 
 	/* Align setuid- and fscaps-based new{g,u}idmap behavior. */
 	if (geteuid() == 0 && geteuid() != ruid) {
-		if (prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0) < 0) {
+		if (prctl(PR_SET_KEEPCAPS, 1L) == -1) {
 			fprintf(log_get_logfd(), _("%s: Could not prctl(PR_SET_KEEPCAPS)\n"), log_get_progname());
 			exit(EXIT_FAILURE);
 		}

lib/isexpired.c

@@ -21,6 +21,7 @@
 #include "adds.h"
 #include "defines.h"
 #include "prototypes.h"
+#include "string/strcmp/streq.h"
 
 #ident "$Id$"
 
@@ -67,7 +68,7 @@ int isexpired (const struct passwd *pw, /*@null@*/const struct spwd *sp)
 	 * returns sp_lstchg==0 (must change password) instead of -1!
 	 */
 	if (   (0 == sp->sp_lstchg)
-	    && (strcmp (pw->pw_passwd, SHADOW_PASSWD_STRING) == 0)) {
+	    && streq(pw->pw_passwd, SHADOW_PASSWD_STRING)) {
 		return 1;
 	}
 

lib/limits.c

@@ -30,8 +30,15 @@
 #include "shadowlog.h"
 #include <sys/resource.h>
 
-#include "atoi/str2i.h"
-#include "memzero.h"
+#include "atoi/a2i/a2i.h"
+#include "atoi/a2i/a2s.h"
+#include "atoi/str2i/str2i.h"
+#include "atoi/str2i/str2s.h"
+#include "atoi/str2i/str2u.h"
+#include "string/memset/memzero.h"
+#include "string/strchr/stpspn.h"
+#include "string/strcmp/streq.h"
+#include "typetraits.h"
 
 
 #ifndef LIMITS_FILE
@@ -49,9 +56,7 @@ static int setrlimit_value (unsigned int resource,
                             const char *value,
                             unsigned int multiplier)
 {
-	char           *end;
-	long           l;
-	rlim_t         limit;
+	rlim_t         l, limit;
 	struct rlimit  rlim;
 
 	/* The "-" is special, not belonging to a strange negative limit.
@@ -59,18 +64,13 @@ static int setrlimit_value (unsigned int resource,
 	 */
 	if ('-' == value[0]) {
 		limit = RLIM_INFINITY;
-	}
-	else {
-		/* We cannot use str2sl() here because it fails when there
-		 * is more to the value than just this number!
-		 * Also, we are limited to base 10 here (hex numbers will not
-		 * work with the limit string parser as is anyway)
-		 */
-		errno = 0;
-		l = strtol(value, &end, 10);
 
-		if (value == end || errno != 0)
+	} else {
+		if (a2i(rlim_t, &l, value, NULL, 10, 0, type_max(rlim_t)) == -1
+		    && errno != ENOTSUP)
+		{
 			return 0;  // FIXME: We could instead throw an error, though.
+		}
 
 		if (__builtin_mul_overflow(l, multiplier, &limit)) {
 			/* FIXME: Again, silent error handling...
@@ -89,14 +89,14 @@ static int setrlimit_value (unsigned int resource,
 }
 
 
-static int set_prio (const char *value)
+static int
+set_prio(const char *value)
 {
-	long prio;
+	int  prio;
 
-	if (   (str2sl(&prio, value) == -1)
-	    || (prio != (int) prio)) {
+	if (str2si(&prio, value) == -1)
 		return 0;
-	}
+
 	if (setpriority (PRIO_PROCESS, 0, prio) != 0) {
 		return LOGIN_ERROR_RLIMIT;
 	}
@@ -104,14 +104,13 @@ static int set_prio (const char *value)
 }
 
 
-static int set_umask (const char *value)
+static int
+set_umask(const char *value)
 {
-	unsigned long  mask;
+	mode_t  mask;
 
-	if (   (str2ul(&mask, value) == -1)
-	    || (mask != (mode_t) mask)) {
+	if (str2i(mode_t, &mask, value) == -1)
 		return 0;
-	}
 
 	(void) umask (mask);
 	return 0;
@@ -124,6 +123,10 @@ static int check_logins (const char *name, const char *maxlogins)
 	unsigned long limit, count;
 
 	if (str2ul(&limit, maxlogins) == -1) {
+		if (errno == ERANGE) {
+			SYSLOG((LOG_WARN, "Invalid maxlogins value\n"));
+			return LOGIN_ERROR_LOGIN;
+		}
 		return 0;
 	}
 
@@ -184,11 +187,7 @@ static int do_user_limits (const char *buf, const char *name)
 	int retval = 0;
 	bool reported = false;
 
-	pp = buf;
-	/* Skip leading whitespace. */
-	while ((' ' == *pp) || ('\t' == *pp)) {
-		pp++;
-	}
+	pp = stpspn(buf, " \t");
 
 	/* The special limit string "-" results in no limit for all known
 	 * limits.
@@ -196,7 +195,7 @@ static int do_user_limits (const char *buf, const char *name)
 	 * being ignored if a limit type is not known to the system.
 	 * Though, there will be complaining for unknown limit types.
 	 */
-	if (strcmp (pp, "-") == 0) {
+	if (streq(pp, "-")) {
 		/* Remember to extend this, too, when adding new limits!
 		 * Oh... but "unlimited" does not make sense for umask,
 		 * or does it? (K-)
@@ -204,7 +203,7 @@ static int do_user_limits (const char *buf, const char *name)
 		pp = "A- C- D- F- I- L- M- N- O- P- R- S- T- U-";
 	}
 
-	while ('\0' != *pp) {
+	while (!streq(pp, "")) {
 		switch (*pp++) {
 		case 'a':
 		case 'A':
@@ -312,12 +311,7 @@ static int do_user_limits (const char *buf, const char *name)
 		 * So, let's skip all digits, "-" and our limited set of
 		 * whitespace.
 		 */
-		while (   isdigit (*pp)
-		       || ('-'  == *pp)
-		       || (' '  == *pp)
-		       || ('\t' ==*pp)) {
-			pp++;
-		}
+		pp = stpspn(pp, "0123456789- \t");
 	}
 	return retval;
 }
@@ -402,10 +396,10 @@ static int setup_user_limits (const char *uname)
 		 */
 		if (sscanf (buf, "%s%[ACDFIKLMNOPRSTUacdfiklmnoprstu0-9 \t-]",
 		            name, tempbuf) == 2) {
-			if (strcmp (name, uname) == 0) {
+			if (streq(name, uname)) {
 				strcpy (limits, tempbuf);
 				break;
-			} else if (strcmp (name, "*") == 0) {
+			} else if (streq(name, "*")) {
 				strcpy (deflimits, tempbuf);
 			} else if (name[0] == '@') {
 				/* If the user is in the group, the group
@@ -419,9 +413,9 @@ static int setup_user_limits (const char *uname)
 		}
 	}
 	(void) fclose (fil);
-	if (limits[0] == '\0') {
+	if (streq(limits, "")) {
 		/* no user specific limits */
-		if (deflimits[0] == '\0') {	/* no default limits */
+		if (streq(deflimits, "")) {	/* no default limits */
 			return 0;
 		}
 		strcpy (limits, deflimits);	/* use the default limits */
@@ -443,7 +437,7 @@ static void setup_usergroups (const struct passwd *info)
 		/* local, no need for xgetgrgid */
 		grp = getgrgid (info->pw_gid);
 		if (   (NULL != grp)
-		    && (strcmp (info->pw_name, grp->gr_name) == 0)) {
+		    && streq(info->pw_name, grp->gr_name)) {
 			mode_t tmpmask;
 			tmpmask = umask (0777);
 			tmpmask = (tmpmask & ~070) | ((tmpmask >> 3) & 070);
@@ -484,10 +478,9 @@ void setup_limits (const struct passwd *info)
 			}
 
 			if (strncmp (cp, "pri=", 4) == 0) {
-				long  inc;
+				int  inc;
 
-				if (   (str2sl(&inc, cp + 4) == 0)
-				    && (inc >= -20) && (inc <= 20)) {
+				if (a2si(&inc, cp + 4, NULL, 0, -20, 20) == 0) {
 					errno = 0;
 					if (   (nice (inc) != -1)
 					    || (0 != errno)) {
@@ -503,9 +496,9 @@ void setup_limits (const struct passwd *info)
 				continue;
 			}
 			if (strncmp (cp, "ulimit=", 7) == 0) {
-				long  blocks;
-				if (   (str2sl(&blocks, cp + 7) == -1)
-				    || (blocks != (int) blocks)
+				int  blocks;
+
+				if (   (str2si(&blocks, cp + 7) == -1)
 				    || (set_filesize_limit (blocks) != 0)) {
 					SYSLOG ((LOG_WARN,
 					         "Can't set the ulimit for user %s",
@@ -514,10 +507,9 @@ void setup_limits (const struct passwd *info)
 				continue;
 			}
 			if (strncmp (cp, "umask=", 6) == 0) {
-				unsigned long  mask;
+				mode_t  mask;
 
-				if (   (str2ul(&mask, cp + 6) == -1)
-				    || (mask != (mode_t) mask)) {
+				if (str2i(mode_t, &mask, cp + 6) == -1) {
 					SYSLOG ((LOG_WARN,
 					         "Can't set umask value for user %s",
 					         info->pw_name));

lib/list.c

@@ -12,9 +12,14 @@
 
 #include <assert.h>
 
-#include "alloc.h"
+#include "alloc/x/xmalloc.h"
 #include "prototypes.h"
 #include "defines.h"
+#include "string/strchr/strchrcnt.h"
+#include "string/strcmp/streq.h"
+#include "string/strdup/xstrdup.h"
+
+
 /*
  * add_list - add a member to a list of group members
  *
@@ -37,7 +42,7 @@ add_list(/*@returned@*/ /*@only@*/char **list, const char *member)
 	 */
 
 	for (i = 0; list[i] != NULL; i++) {
-		if (strcmp (list[i], member) == 0) {
+		if (streq(list[i], member)) {
 			return list;
 		}
 	}
@@ -88,7 +93,7 @@ del_list(/*@returned@*/ /*@only@*/char **list, const char *member)
 	 */
 
 	for (i = j = 0; list[i] != NULL; i++) {
-		if (strcmp (list[i], member) != 0) {
+		if (!streq(list[i], member)) {
 			j++;
 		}
 	}
@@ -111,7 +116,7 @@ del_list(/*@returned@*/ /*@only@*/char **list, const char *member)
 	 */
 
 	for (i = j = 0; list[i] != NULL; i++) {
-		if (strcmp (list[i], member) != 0) {
+		if (!streq(list[i], member)) {
 			tmp[j] = list[i];
 			j++;
 		}
@@ -163,7 +168,7 @@ bool is_on_list (char *const *list, const char *member)
 	assert (NULL != list);
 
 	while (NULL != *list) {
-		if (strcmp (*list, member) == 0) {
+		if (streq(*list, member)) {
 			return true;
 		}
 		list++;
@@ -176,7 +181,8 @@ bool is_on_list (char *const *list, const char *member)
  * comma_to_list - convert comma-separated list to (char *) array
  */
 
-/*@only@*/char **comma_to_list (const char *comma)
+/*@only@*/char **
+comma_to_list(const char *comma)
 {
 	char *members;
 	char **array;
@@ -192,36 +198,18 @@ bool is_on_list (char *const *list, const char *member)
 
 	members = xstrdup (comma);
 
-	/*
-	 * Count the number of commas in the list
-	 */
-
-	for (cp = members, i = 0;; i++) {
-		cp2 = strchr (cp, ',');
-		if (NULL != cp2) {
-			cp = cp2 + 1;
-		} else {
-			break;
-		}
-	}
-
-	/*
-	 * Add 2 - one for the ending NULL, the other for the last item
-	 */
-
-	i += 2;
-
 	/*
 	 * Allocate the array we're going to store the pointers into.
+	 * n: number of delimiters + last element + NULL
 	 */
 
-	array = XMALLOC(i, char *);
+	array = XMALLOC(strchrcnt(members, ',') + 2, char *);
 
 	/*
 	 * Empty list is special - 0 members, not 1 empty member.  --marekm
 	 */
 
-	if ('\0' == *members) {
+	if (streq(members, "")) {
 		*array = NULL;
 		free (members);
 		return array;

lib/log.c

@@ -17,10 +17,10 @@
 #include <time.h>
 #include "defines.h"
 #include <lastlog.h>
-#include "memzero.h"
 #include "prototypes.h"
-#include "string/strncpy.h"
-#include "string/strtcpy.h"
+#include "string/memset/memzero.h"
+#include "string/strcpy/strncpy.h"
+#include "string/strcpy/strtcpy.h"
 
 
 /*
@@ -79,7 +79,7 @@ void dolastlog (
 	}
 
 	ll_time = newlog.ll_time;
-	(void) time (&ll_time);
+	ll_time = time(NULL);
 	newlog.ll_time = ll_time;
 	STRTCPY(newlog.ll_line, line);
 #if HAVE_LL_HOST

lib/loginprompt.c

@@ -15,12 +15,15 @@
 #include <stdio.h>
 #include <signal.h>
 
-#include "alloc.h"
 #include "attr.h"
-#include "memzero.h"
-#include "prototypes.h"
 #include "defines.h"
 #include "getdef.h"
+#include "prototypes.h"
+#include "string/memset/memzero.h"
+#include "string/strchr/stpspn.h"
+#include "string/strcpy/strtcpy.h"
+#include "string/strtok/stpsep.h"
+
 
 static void login_exit (MAYBE_UNUSED int sig)
 {
@@ -33,8 +36,8 @@ static void login_exit (MAYBE_UNUSED int sig)
  * login_prompt() displays the standard login prompt.  If ISSUE_FILE
  * is set in login.defs, this file is displayed before the prompt.
  */
-
-void login_prompt (char *name, int namesize)
+void
+login_prompt(char *name, int namesize)
 {
 	char buf[1024];
 
@@ -84,22 +87,16 @@ void login_prompt (char *name, int namesize)
 		exit (EXIT_FAILURE);
 	}
 
-	cp = strchr (buf, '\n');
-	if (NULL == cp) {
-		exit (EXIT_FAILURE);
-	}
-	*cp = '\0';		/* remove \n [ must be there ] */
+	if (stpsep(buf, "\n") == NULL)
+		exit(EXIT_FAILURE);
 
 	/*
 	 * Skip leading whitespace.  This makes "  username" work right.
 	 * Then copy the rest (up to the end) into the username.
 	 */
 
-	for (cp = buf; *cp == ' ' || *cp == '\t'; cp++);
-
-	for (i = 0; i < namesize - 1 && *cp != '\0'; name[i++] = *cp++);
-
-	name[i] = '\0';
+	cp = stpspn(buf, " \t");
+	strtcpy(name, cp, namesize);
 
 	/*
 	 * Set the SIGQUIT handler back to its original value

lib/mail.c

@@ -15,9 +15,8 @@
 #include <stdio.h>
 #include <string.h>
 
-#include "alloc.h"
 #include "getdef.h"
-#include "string/sprintf.h"
+#include "string/sprintf/xasprintf.h"
 
 #ident "$Id$"
 

lib/memzero.c

@@ -1,17 +0,0 @@
-/*
- * SPDX-FileCopyrightText: 2023, Alejandro Colomar <alx@kernel.org>
- * SPDX-License-Identifier: BSD-3-Clause
- */
-
-
-#include <config.h>
-
-#ident "$Id$"
-
-#include <stddef.h>
-
-#include "memzero.h"
-
-
-extern inline void memzero(void *ptr, size_t size);
-extern inline void strzero(char *s);

lib/motd.c

@@ -12,11 +12,14 @@
 #ident "$Id$"
 
 #include <stdio.h>
+#include <string.h>
 
-#include "alloc.h"
 #include "defines.h"
 #include "getdef.h"
 #include "prototypes.h"
+#include "string/strdup/xstrdup.h"
+
+
 /*
  * motd -- output the /etc/motd file
  *
@@ -24,7 +27,8 @@
  * it to the user's terminal at login time.  The MOTD_FILE configuration
  * option is a colon-delimited list of filenames.
  */
-void motd (void)
+void
+motd(void)
 {
 	FILE *fp;
 	char *motdlist;
@@ -39,12 +43,8 @@ void motd (void)
 
 	motdlist = xstrdup (motdfile);
 
-	for (mb = motdlist; ;mb = NULL) {
-		motdfile = strtok (mb, ":");
-		if (NULL == motdfile) {
-			break;
-		}
-
+	mb = motdlist;
+	while (NULL != (motdfile = strsep(&mb, ":"))) {
 		fp = fopen (motdfile, "r");
 		if (NULL != fp) {
 			while ((c = getc (fp)) != EOF) {