diff options
Diffstat (limited to 'src/sh_unix.c')
-rw-r--r-- | src/sh_unix.c | 199 |
1 files changed, 112 insertions, 87 deletions
diff --git a/src/sh_unix.c b/src/sh_unix.c index c383bef..bb08dc2 100644 --- a/src/sh_unix.c +++ b/src/sh_unix.c @@ -82,7 +82,7 @@ #define FD_SETSIZE 32 #endif #ifndef FD_ZERO -#define FD_ZERO(p) memset((char *)(p), '\0', sizeof(*(p))) +#define FD_ZERO(p) memset((char *)(p), 0, sizeof(*(p))) #endif @@ -513,7 +513,7 @@ void sh_unix_sigexit (int mysignal) { ++immediate_exit_normal; if ((skey != NULL) && (immediate_exit_normal == 2)) - memset (skey, '\0', sizeof(sh_key_t)); + memset (skey, 0, sizeof(sh_key_t)); if (immediate_exit_normal == 2) { int val_return; @@ -578,7 +578,7 @@ void sh_unix_sigexit_fast (int mysignal) #if !defined(SL_DEBUG) || (!defined(USE_SYSTEM_MALLOC) && defined(USE_MALLOC_LOCK)) ++immediate_exit_fast; if (skey != NULL && immediate_exit_fast < 2) - memset (skey, '\0', sizeof(sh_key_t)); + memset (skey, 0, sizeof(sh_key_t)); if (immediate_exit_fast < 2) safe_logger (mysignal, 0, NULL); raise(SIGKILL); @@ -590,7 +590,7 @@ void sh_unix_sigexit_fast (int mysignal) { ++immediate_exit_fast; if (skey != NULL) - memset (skey, '\0', sizeof(sh_key_t)); + memset (skey, 0, sizeof(sh_key_t)); close_ipc (); safe_logger (mysignal, 0, NULL); do { @@ -630,7 +630,7 @@ void sh_unix_sigexit_fast (int mysignal) sh.prg_name, sh_sig_msg); if (skey != NULL) - memset (skey, '\0', sizeof(sh_key_t)); + memset (skey, 0, sizeof(sh_key_t)); close_ipc (); do { @@ -1209,6 +1209,8 @@ int tf_trust_check (const char * file, int mode) int status; int level; uid_t ff_euid = (uid_t) -1; + uid_t baduid; + gid_t badgid; SL_ENTER(_("tf_trust_check")); @@ -1255,11 +1257,14 @@ int tf_trust_check (const char * file, int mode) else level = SH_ERR_ERR; - tmp = sh_util_safe_name (file); - p = sl_trust_errfile(); + tmp = sh_util_safe_name (file); + p = sh_util_strdup(sl_trust_errfile()); + baduid = sl_trust_baduid(); + badgid = sl_trust_badgid(); + if (p && *p != '\0') { - tmp2 = sh_util_safe_name (sl_trust_errfile()); + tmp2 = sh_util_safe_name (p); sh_error_handle(level, FIL__, __LINE__, status, MSG_E_TRUST2, sl_error_string(status), tmp, tmp2); SH_FREE(tmp2); @@ -1269,7 +1274,6 @@ int tf_trust_check (const char * file, int mode) sh_error_handle(level, FIL__, __LINE__, status, MSG_E_TRUST1, sl_error_string(status), tmp); } - SH_FREE(tmp); if (status == SL_EBADUID || status == SL_EBADGID || status == SL_EBADOTH || status == SL_ETRUNC || @@ -1281,43 +1285,37 @@ int tf_trust_check (const char * file, int mode) _("An internal error occured in the trustfile function.\n")); break; case SL_ETRUNC: - tmp = sh_util_safe_name (file); dlog(1, FIL__, __LINE__, _("A filename truncation occured in the trustfile function.\nProbably the normalized filename for %s\nis too long. This may be due e.g. to deep or circular softlinks.\n"), tmp); - SH_FREE(tmp); break; case SL_EBADOTH: - tmp = sh_util_safe_name (file); - p = sl_trust_errfile(); dlog(1, FIL__, __LINE__, _("The path element: %s\nin the filename: %s is world writeable.\n"), - p, tmp); - SH_FREE(tmp); + (p) ? p : _("(null)"), tmp); break; case SL_EBADUID: - tmp = sh_util_safe_name (file); - p = sl_trust_errfile(); dlog(1, FIL__, __LINE__, _("The owner (UID = %ld) of the path element: %s\nin the filename: %s\nis not in the list of trusted users.\nTo fix the problem, you can:\n - run ./configure again with the option --with-trusted=0,...,UID\n where UID is the UID of the untrusted user, or\n - use the option TrustedUser=UID in the configuration file.\n"), - (UID_CAST)sl_trust_baduid(), p, tmp); - SH_FREE(tmp); + (UID_CAST)baduid, (p) ? p : _("(null)"), tmp); break; case SL_EBADGID: - tmp = sh_util_safe_name (file); - p = sl_trust_errfile(); dlog(1, FIL__, __LINE__, _("The path element: %s\nin the filename: %s\nis group writeable (GID = %ld), and at least one of the group\nmembers (UID = %ld) is not in the list of trusted users.\nTo fix the problem, you can:\n - run ./configure again with the option --with-trusted=0,...,UID\n where UID is the UID of the untrusted user, or\n - use the option TrustedUser=UID in the configuration file.\n"), - p, tmp, (UID_CAST)sl_trust_badgid(), - (UID_CAST)sl_trust_baduid()); - SH_FREE(tmp); + (p) ? p : _("(null)"), tmp, (UID_CAST)badgid, + (UID_CAST)baduid); break; default: break; } - + SH_FREE(tmp); + if (p) SH_FREE(p); SL_RETURN((-1), _("tf_trust_check")); } + else { + SH_FREE(tmp); + if (p) SH_FREE(p); + } } SL_RETURN((0), _("tf_trust_check")); @@ -2342,11 +2340,11 @@ char * t_zone(const time_t * xx) diff = diff - (sign * 24 * 60); /* datum wrap-around correction */ hh = diff / 60; mm = diff - (hh * 60); - sprintf (tz, _("%+03d%02d"), hh, mm); /* known to fit */ + sl_snprintf (tz, sizeof(tz), _("%+03d%02d"), hh, mm); /* known to fit */ } else { - sprintf (tz, _("%+03d%02d"), 0, 0); + sl_snprintf (tz, sizeof(tz), _("%+03d%02d"), 0, 0); } SL_RETURN(tz, _("t_zone")); } @@ -2484,6 +2482,7 @@ char * sh_unix_time (time_t thetime, char * buffer, size_t len) sh_error_handle ((-1), FIL__, __LINE__, error_num, MSG_E_NET, errmsg, error_call, _("time"), sh.srvtime.name); + errflag = error_num; fail = 1; } @@ -2828,7 +2827,9 @@ static char * sh_userid_get (uid_t id, int which, char * out, size_t len) } /* --------- end caching code --------- */ - + +#include "sh_subuid.h" + char * sh_unix_getUIDname (int level, uid_t uid, char * out, size_t len) { struct passwd * tempres; @@ -2864,21 +2865,10 @@ char * sh_unix_getUIDname (int level, uid_t uid, char * out, size_t len) tempres = sh_getpwuid(uid); status = errno; #endif - - if (tempres == NULL) - { - sh_error_handle (level, FIL__, __LINE__, EINVAL, MSG_E_PWNULL, - sh_error_message(status, errbuf, sizeof(errbuf)), - _("getpwuid"), (long) uid, _("completely missing")); -#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETGRGID_R) - SH_FREE(buffer); -#endif - sh_userid_add(uid, NULL, CACHE_UID); - SL_RETURN( NULL, _("sh_unix_getUIDname")); - } - - if (tempres->pw_name != NULL) + /* case 1: we have it + */ + if (tempres && tempres->pw_name != NULL) { sl_strlcpy(out, tempres->pw_name, len); @@ -2889,18 +2879,37 @@ char * sh_unix_getUIDname (int level, uid_t uid, char * out, size_t len) #endif SL_RETURN( out, _("sh_unix_getUIDname")); - } - else + } + +#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETGRGID_R) + SH_FREE(buffer); +#endif + + if (tempres == NULL) { + char * pwname = sh_get_subuid ((unsigned long) uid); + + if (pwname) + { + sl_strlcpy(out, pwname, len); + sh_userid_add(uid, out, CACHE_UID); + SL_RETURN( out, _("sh_unix_getUIDname")); + } + sh_error_handle (level, FIL__, __LINE__, EINVAL, MSG_E_PWNULL, sh_error_message(status, errbuf, sizeof(errbuf)), - _("getpwuid"), (long) uid, _("pw_user")); -#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETGRGID_R) - SH_FREE(buffer); -#endif + _("getpwuid"), (long) uid, _("completely missing")); + sh_userid_add(uid, NULL, CACHE_UID); SL_RETURN( NULL, _("sh_unix_getUIDname")); } - /* notreached */ + + + /* getwpuid returns struct, but no pw_name + */ + sh_error_handle (level, FIL__, __LINE__, EINVAL, MSG_E_PWNULL, + sh_error_message(status, errbuf, sizeof(errbuf)), + _("getpwuid"), (long) uid, _("pw_user")); + SL_RETURN( NULL, _("sh_unix_getUIDname")); } char * sh_unix_getGIDname (int level, gid_t gid, char * out, size_t len) @@ -2960,21 +2969,7 @@ char * sh_unix_getGIDname (int level, gid_t gid, char * out, size_t len) SL_RETURN( NULL, _("sh_unix_getGIDname")); } - if (tempres == NULL) - { - sh_error_handle (level, FIL__, __LINE__, EINVAL, MSG_E_GRNULL, - sh_error_message(status, errbuf, sizeof(errbuf)), - _("getgrgid"), (long) gid, _("completely missing")); - -#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETGRGID_R) - SH_FREE(buffer); -#endif - - sh_userid_add(gid, NULL, CACHE_GID); - SL_RETURN( NULL, _("sh_unix_getGIDname")); - } - - if (tempres->gr_name != NULL) + if (tempres && tempres->gr_name != NULL) { sl_strlcpy(out, tempres->gr_name, len); @@ -2986,19 +2981,33 @@ char * sh_unix_getGIDname (int level, gid_t gid, char * out, size_t len) SL_RETURN( out, _("sh_unix_getGIDname")); } - else - { - sh_error_handle (level, FIL__, __LINE__, EINVAL, MSG_E_GRNULL, - sh_error_message(status, errbuf, sizeof(errbuf)), - _("getgrgid"), (long) gid, _("gr_name")); #if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETGRGID_R) - SH_FREE(buffer); + SH_FREE(buffer); #endif + if (tempres == NULL) + { + char * grname = sh_get_subgid ((unsigned long) gid); + + if (grname) + { + sl_strlcpy(out, grname, len); + sh_userid_add((uid_t)gid, out, CACHE_GID); + SL_RETURN( out, _("sh_unix_getGIDname")); + } + + sh_error_handle (level, FIL__, __LINE__, EINVAL, MSG_E_GRNULL, + sh_error_message(status, errbuf, sizeof(errbuf)), + _("getgrgid"), (long) gid, _("completely missing")); + sh_userid_add(gid, NULL, CACHE_GID); SL_RETURN( NULL, _("sh_unix_getGIDname")); } - /* notreached */ + + sh_error_handle (level, FIL__, __LINE__, EINVAL, MSG_E_GRNULL, + sh_error_message(status, errbuf, sizeof(errbuf)), + _("getgrgid"), (long) gid, _("gr_name")); + SL_RETURN( NULL, _("sh_unix_getGIDname")); } int sh_unix_getUser () @@ -3067,7 +3076,7 @@ int sh_unix_getUser () /* notreached */ } - +/* return >0 on success, -1 on EOF */ int sh_unix_getline (SL_TICKET fd, char * line, int sizeofline) { register int count; @@ -3593,8 +3602,10 @@ int sh_check_rotated_log (const char * path, retval = S_TRUE; } } - SH_FREE(rotated_file); } + if (rotated_file) { + SH_FREE(rotated_file); + } } return retval; } @@ -3793,8 +3804,8 @@ int sh_unix_setcheckacl (const char * c) static void * sh_dummy_filename; -static void * sh_dummy_tmp; -static void * sh_dummy_tmp2; +void * sh_dummy_tmp; +void * sh_dummy_tmp2; int sh_unix_getinfo (int level, const char * filename, file_type * theFile, char * fileHash, int policy) @@ -3894,6 +3905,7 @@ int sh_unix_getinfo (int level, const char * filename, file_type * theFile, if (errno == EBADF && try == 0) /* obsolete, but we keep this, just in case */ { + /* cppcheck-suppress syntaxError */ ++try; goto try_again; } @@ -4593,7 +4605,7 @@ int sh_unix_lock (char * lockfile, char * flag) SL_ENTER(_("sh_unix_lock")); - sprintf (myPid, "%ld\n", (long) sh.pid); /* known to fit */ + sl_snprintf (myPid, sizeof(myPid), "%ld\n", (long) sh.pid); /* known to fit */ if (flag == NULL) /* PID file, check for directory */ { @@ -4861,8 +4873,8 @@ int sh_unix_file_exists(char * path) if (0 == retry_lstat(FIL__, __LINE__, path, &buf)) SL_RETURN( S_TRUE, _("sh_unix_file_exists")); - else - SL_RETURN( S_FALSE, _("sh_unix_file_exists")); + + SL_RETURN( S_FALSE, _("sh_unix_file_exists")); } @@ -4877,10 +4889,10 @@ int sh_unix_device_readable(int fd) if (retry_fstat(FIL__, __LINE__, fd, &buf) == -1) SL_RETURN( (-1), _("sh_unix_device_readable")); - else if ( S_ISCHR(buf.st_mode) && 0 != (S_IROTH & buf.st_mode) ) + if ( S_ISCHR(buf.st_mode) && 0 != (S_IROTH & buf.st_mode) ) SL_RETURN( (0), _("sh_unix_device_readable")); - else - SL_RETURN( (-1), _("sh_unix_device_readable")); + + SL_RETURN( (-1), _("sh_unix_device_readable")); } static char preq[16]; @@ -5397,6 +5409,7 @@ unsigned long first_hex_block(SL_TICKET fd, unsigned long * max); int sh_unix_getline_stealth (SL_TICKET fd, char * str, int len) { int add_off = 0, llen; + unsigned long bread; static unsigned long off_data = 0; static unsigned long max_data = 0; static unsigned long bytes_read = 0; @@ -5444,8 +5457,13 @@ int sh_unix_getline_stealth (SL_TICKET fd, char * str, int len) /* --- Read one line. --- */ - add_off = hideout_hex_block(fd, (unsigned char *) str, len, &bytes_read); - off_data += add_off; + add_off = hideout_hex_block(fd, (unsigned char *) str, len, &bread); + if (add_off > 0) + off_data += add_off; + bytes_read += bread; + + if (bread == 0 || add_off <= 0) /* EOF */ + str[0] = '\0'; llen = sl_strlen(str); SL_RETURN(llen, _("sh_unix_getline_stealth")); @@ -5467,6 +5485,8 @@ int hideout_hex_block(SL_TICKET fd, unsigned char * str, int len, ASSERT_RET((len > 1), _("len > 1"), (0)); + str[0] = '\0'; + *bytes_read = 0; --len; i = 0; @@ -5484,14 +5504,17 @@ int hideout_hex_block(SL_TICKET fd, unsigned char * str, int len, c = ' '; do { do { + errno = 0; num = sl_read (fd, &c, 1); } while (num == 0 && errno == EINTR); if (num > 0) ++here; - else if (num == 0) - SL_RETURN((0), _("hideout_hex_block")); - else + else if (num == 0) { SL_RETURN((-1), _("hideout_hex_block")); + } + else { + SL_RETURN((-1), _("hideout_hex_block")); + } } while (c == '\n' || c == '\t' || c == '\r' || c == ' '); } @@ -5513,8 +5536,10 @@ int hideout_hex_block(SL_TICKET fd, unsigned char * str, int len, if (i != 0) str[i] = '\0'; - else + else if (str[0] == '\n') str[i+1] = '\0'; /* keep newline and terminate */ + else + str[0] = '\0'; retval += here; *bytes_read += (bread/8); |