[Pkg-shadow-commits] r3232 - in upstream/trunk: . lib libmisc src

Nicolas FRANÇOIS nekral-guest at alioth.debian.org
Sun Aug 22 19:14:35 UTC 2010


Author: nekral-guest
Date: 2010-08-22 19:13:53 +0000 (Sun, 22 Aug 2010)
New Revision: 3232

Modified:
   upstream/trunk/ChangeLog
   upstream/trunk/lib/prototypes.h
   upstream/trunk/libmisc/basename.c
   upstream/trunk/libmisc/chowndir.c
   upstream/trunk/libmisc/chowntty.c
   upstream/trunk/libmisc/failure.c
   upstream/trunk/libmisc/find_new_gid.c
   upstream/trunk/libmisc/find_new_uid.c
   upstream/trunk/libmisc/getdate.h
   upstream/trunk/libmisc/getgr_nam_gid.c
   upstream/trunk/libmisc/hushed.c
   upstream/trunk/libmisc/limits.c
   upstream/trunk/libmisc/loginprompt.c
   upstream/trunk/libmisc/obscure.c
   upstream/trunk/libmisc/salt.c
   upstream/trunk/libmisc/setupenv.c
   upstream/trunk/libmisc/shell.c
   upstream/trunk/libmisc/sub.c
   upstream/trunk/libmisc/system.c
   upstream/trunk/libmisc/ttytype.c
   upstream/trunk/libmisc/valid.c
   upstream/trunk/libmisc/xmalloc.c
   upstream/trunk/src/newusers.c
   upstream/trunk/src/su.c
   upstream/trunk/src/useradd.c
   upstream/trunk/src/userdel.c
   upstream/trunk/src/usermod.c
   upstream/trunk/src/vipw.c
Log:
	* libmisc/limits.c: Avoid implicit conversion of integer to
	boolean.
	* libmisc/basename.c: Avoid implicit conversion of pointer to
	boolean.
	* libmisc/basename.c, lib/prototypes.h (Basename): Return a
	constant string.
	* libmisc/basename.c, libmisc/obscure.c, lib/prototypes.h,
	libmisc/xmalloc.c, libmisc/getdate.h, libmisc/system.c,
	libmisc/getgr_nam_gid.c, libmisc/failure.c, libmisc/valid.c: Add
	splint annotations.
	* libmisc/chowndir.c: Avoid memory leak.
	* libmisc/chowndir.c: Do not check *printf/*puts return value.
	* libmisc/chowntty.c: Avoid implicit conversion between integer
	types.
	* libmisc/obscure.c: Return a bool when possible instead of int.
	* libmisc/shell.c: Do not check *printf/*puts return value.
	* libmisc/shell.c: Do not check execle return value.
	* libmisc/setupenv.c: Avoid implicit conversion between integer
	types.
	* libmisc/xmalloc.c: size should not be zero to avoid returning
	NULL pointers.
	* libmisc/hushed.c: Do not check *printf/*puts return value.
	* libmisc/system.c: Avoid implicit conversion of integer to
	boolean. safe_system last argument is a boolean.
	* libmisc/system.c: Check return value of dup2.
	* libmisc/system.c: Do not check *printf/*puts return value.
	* libmisc/system.c: Do not check execve return value. 
	* libmisc/salt.c: Do not check *printf/*puts return value.
	* libmisc/loginprompt.c: Do not check gethostname return value.
	* libmisc/find_new_gid.c, libmisc/find_new_uid.c: Do not check
	gr_rewind/pw_rewind return value.
	* libmisc/ttytype.c: Limit the number of parsed characters in the
	sscanf format.
	* libmisc/ttytype.c: Test if a type was really read.
	* libmisc/sub.c: Do not check *printf/*puts return value.
	* libmisc/sub.c: Avoid implicit conversion of integer to boolean.
	* src/userdel.c: Fix typo in comment.
	* src/userdel.c: Avoid implicit conversion of boolean to integer.
	* src/userdel.c: safe_system last argument is a boolean.
	* src/newusers.c: Avoid implicit conversion of boolean to integer.
	* src/newusers.c: Avoid implicit conversion of integer to boolean.
	* src/usermod.c: Add brackets.
	* src/usermod.c: Avoid implicit conversion of characters or
	integers to booleans.
	* src/vipw.c: Avoid implicit conversion of integer to boolean.
	* src/su.c: Avoid implicit conversion of integer to boolean.
	* src/su.c: Add brackets.
	* src/useradd.c: Avoid implicit conversion of characters or
	integers to booleans.


Modified: upstream/trunk/ChangeLog
===================================================================
--- upstream/trunk/ChangeLog	2010-08-22 13:04:54 UTC (rev 3231)
+++ upstream/trunk/ChangeLog	2010-08-22 19:13:53 UTC (rev 3232)
@@ -1,5 +1,57 @@
 2010-08-22  Nicolas François  <nicolas.francois at centraliens.net>
 
+	* libmisc/limits.c: Avoid implicit conversion of integer to
+	boolean.
+	* libmisc/basename.c: Avoid implicit conversion of pointer to
+	boolean.
+	* libmisc/basename.c, lib/prototypes.h (Basename): Return a
+	constant string.
+	* libmisc/basename.c, libmisc/obscure.c, lib/prototypes.h,
+	libmisc/xmalloc.c, libmisc/getdate.h, libmisc/system.c,
+	libmisc/getgr_nam_gid.c, libmisc/failure.c, libmisc/valid.c: Add
+	splint annotations.
+	* libmisc/chowndir.c: Avoid memory leak.
+	* libmisc/chowndir.c: Do not check *printf/*puts return value.
+	* libmisc/chowntty.c: Avoid implicit conversion between integer
+	types.
+	* libmisc/obscure.c: Return a bool when possible instead of int.
+	* libmisc/shell.c: Do not check *printf/*puts return value.
+	* libmisc/shell.c: Do not check execle return value.
+	* libmisc/setupenv.c: Avoid implicit conversion between integer
+	types.
+	* libmisc/xmalloc.c: size should not be zero to avoid returning
+	NULL pointers.
+	* libmisc/hushed.c: Do not check *printf/*puts return value.
+	* libmisc/system.c: Avoid implicit conversion of integer to
+	boolean. safe_system last argument is a boolean.
+	* libmisc/system.c: Check return value of dup2.
+	* libmisc/system.c: Do not check *printf/*puts return value.
+	* libmisc/system.c: Do not check execve return value. 
+	* libmisc/salt.c: Do not check *printf/*puts return value.
+	* libmisc/loginprompt.c: Do not check gethostname return value.
+	* libmisc/find_new_gid.c, libmisc/find_new_uid.c: Do not check
+	gr_rewind/pw_rewind return value.
+	* libmisc/ttytype.c: Limit the number of parsed characters in the
+	sscanf format.
+	* libmisc/ttytype.c: Test if a type was really read.
+	* libmisc/sub.c: Do not check *printf/*puts return value.
+	* libmisc/sub.c: Avoid implicit conversion of integer to boolean.
+	* src/userdel.c: Fix typo in comment.
+	* src/userdel.c: Avoid implicit conversion of boolean to integer.
+	* src/userdel.c: safe_system last argument is a boolean.
+	* src/newusers.c: Avoid implicit conversion of boolean to integer.
+	* src/newusers.c: Avoid implicit conversion of integer to boolean.
+	* src/usermod.c: Add brackets.
+	* src/usermod.c: Avoid implicit conversion of characters or
+	integers to booleans.
+	* src/vipw.c: Avoid implicit conversion of integer to boolean.
+	* src/su.c: Avoid implicit conversion of integer to boolean.
+	* src/su.c: Add brackets.
+	* src/useradd.c: Avoid implicit conversion of characters or
+	integers to booleans.
+
+2010-08-22  Nicolas François  <nicolas.francois at centraliens.net>
+
 	* libmisc/obscure.c, lib/prototypes.h (obscure): Return a bool
 	instead of an int.
 	* libmisc/obscure.c, libmisc/tz.c, src/passwd.c, lib/encrypt.c,

Modified: upstream/trunk/lib/prototypes.h
===================================================================
--- upstream/trunk/lib/prototypes.h	2010-08-22 13:04:54 UTC (rev 3231)
+++ upstream/trunk/lib/prototypes.h	2010-08-22 19:13:53 UTC (rev 3232)
@@ -57,7 +57,7 @@
 #include "defines.h"
 #include "commonio.h"
 
-extern char *Prog;
+extern /*@observer@*/ const char *Prog;
 
 /* addgrps.c */
 #if defined (HAVE_SETGROUPS) && ! defined (USE_PAM)
@@ -72,7 +72,7 @@
 
 /* basename() renamed to Basename() to avoid libc name space confusion */
 /* basename.c */
-extern char *Basename (char *str);
+extern /*@observer@*/const char *Basename (char *str);
 
 /* chowndir.c */
 extern int chown_tree (const char *root,
@@ -156,7 +156,7 @@
 extern int get_gid (const char *gidstr, gid_t *gid);
 
 /* getgr_nam_gid.c */
-extern /*@null@*/struct group *getgr_nam_gid (const char *grname);
+extern /*@null@*/struct group *getgr_nam_gid (/*@null@*/const char *grname);
 
 /* getlong.c */
 extern int getlong (const char *numstr, /*@out@*/long int *result);
@@ -340,8 +340,8 @@
 /* system.c */
 extern int safe_system (const char *command,
                         const char *argv[],
-                        const char *env[],
-                        int ignore_stderr);
+                        /*@null@*/const char *env[],
+                        bool ignore_stderr);
 
 /* strtoday.c */
 extern long strtoday (const char *);
@@ -391,9 +391,9 @@
 extern bool valid (const char *, const struct passwd *);
 
 /* xmalloc.c */
-extern /*@maynotreturn@*/ /*@out@*//*@only@*/char *xmalloc (size_t size)
+extern /*@maynotreturn@*/ /*@only@*//*@out@*//*@notnull@*/char *xmalloc (size_t size)
   /*@ensures MaxSet(result) == (size - 1); @*/;
-extern /*@maynotreturn@*/ /*@only@*/char *xstrdup (const char *);
+extern /*@maynotreturn@*/ /*@only@*//*@notnull@*/char *xstrdup (const char *);
 
 /* xgetpwnam.c */
 extern /*@null@*/ /*@only@*/struct passwd *xgetpwnam (const char *);

Modified: upstream/trunk/libmisc/basename.c
===================================================================
--- upstream/trunk/libmisc/basename.c	2010-08-22 13:04:54 UTC (rev 3231)
+++ upstream/trunk/libmisc/basename.c	2010-08-22 19:13:53 UTC (rev 3232)
@@ -42,9 +42,9 @@
 
 #include "defines.h"
 #include "prototypes.h"
-char *Basename (char *str)
+/*@observer@*/const char *Basename (char *str)
 {
 	char *cp = strrchr (str, '/');
 
-	return cp ? cp + 1 : str;
+	return (NULL != cp) ? cp + 1 : str;
 }

Modified: upstream/trunk/libmisc/chowndir.c
===================================================================
--- upstream/trunk/libmisc/chowndir.c	2010-08-22 13:04:54 UTC (rev 3231)
+++ upstream/trunk/libmisc/chowndir.c	2010-08-22 19:13:53 UTC (rev 3232)
@@ -78,6 +78,7 @@
 	 */
 
 	if (access (root, F_OK) != 0) {
+		free (new_name);
 		return -1;
 	}
 
@@ -90,6 +91,7 @@
 
 	dir = opendir (root);
 	if (NULL == dir) {
+		free (new_name);
 		return -1;
 	}
 
@@ -120,7 +122,7 @@
 			new_name_len += 1024;
 		}
 
-		snprintf (new_name, new_name_len, "%s/%s", root, ent->d_name);
+		(void) snprintf (new_name, new_name_len, "%s/%s", root, ent->d_name);
 
 		/* Don't follow symbolic links! */
 		if (LSTAT (new_name, &sb) == -1) {

Modified: upstream/trunk/libmisc/chowntty.c
===================================================================
--- upstream/trunk/libmisc/chowntty.c	2010-08-22 13:04:54 UTC (rev 3231)
+++ upstream/trunk/libmisc/chowntty.c	2010-08-22 19:13:53 UTC (rev 3232)
@@ -72,7 +72,7 @@
 	 */
 
 	if (   (fchown (STDIN_FILENO, info->pw_uid, gid) != 0)
-	    || (fchmod (STDIN_FILENO, getdef_num ("TTYPERM", 0600)) != 0)) {
+	    || (fchmod (STDIN_FILENO, (mode_t)getdef_num ("TTYPERM", 0600)) != 0)) {
 		int err = errno;
 
 		fprintf (stderr,

Modified: upstream/trunk/libmisc/failure.c
===================================================================
--- upstream/trunk/libmisc/failure.c	2010-08-22 13:04:54 UTC (rev 3231)
+++ upstream/trunk/libmisc/failure.c	2010-08-22 19:13:53 UTC (rev 3232)
@@ -273,12 +273,14 @@
 		lasttime++;
 	}
 #endif
+	/*@-formatconst@*/
 	(void) printf (ngettext ("%d failure since last login.\n"
 	                         "Last was %s on %s.\n",
 	                         "%d failures since last login.\n"
 	                         "Last was %s on %s.\n",
 	                         (unsigned long) fail->fail_cnt),
 	               fail->fail_cnt, lasttime, fail->fail_line);
+	/*@=formatconst@*/
 }
 
 /*

Modified: upstream/trunk/libmisc/find_new_gid.c
===================================================================
--- upstream/trunk/libmisc/find_new_gid.c	2010-08-22 13:04:54 UTC (rev 3231)
+++ upstream/trunk/libmisc/find_new_gid.c	2010-08-22 19:13:53 UTC (rev 3232)
@@ -115,7 +115,7 @@
 			}
 		}
 
-		gr_rewind ();
+		(void) gr_rewind ();
 		while ((grp = gr_next ()) != NULL) {
 			if ((grp->gr_gid <= group_id) && (grp->gr_gid >= gid_min)) {
 				group_id = grp->gr_gid - 1;
@@ -139,7 +139,7 @@
 		}
 		endgrent ();
 
-		gr_rewind ();
+		(void) gr_rewind ();
 		while ((grp = gr_next ()) != NULL) {
 			if ((grp->gr_gid >= group_id) && (grp->gr_gid <= gid_max)) {
 				group_id = grp->gr_gid + 1;

Modified: upstream/trunk/libmisc/find_new_uid.c
===================================================================
--- upstream/trunk/libmisc/find_new_uid.c	2010-08-22 13:04:54 UTC (rev 3231)
+++ upstream/trunk/libmisc/find_new_uid.c	2010-08-22 19:13:53 UTC (rev 3232)
@@ -115,7 +115,7 @@
 			}
 		}
 
-		pw_rewind ();
+		(void) pw_rewind ();
 		while ((pwd = pw_next ()) != NULL) {
 			if ((pwd->pw_uid <= user_id) && (pwd->pw_uid >= uid_min)) {
 				user_id = pwd->pw_uid - 1;
@@ -139,7 +139,7 @@
 		}
 		endpwent ();
 
-		pw_rewind ();
+		(void) pw_rewind ();
 		while ((pwd = pw_next ()) != NULL) {
 			if ((pwd->pw_uid >= user_id) && (pwd->pw_uid <= uid_max)) {
 				user_id = pwd->pw_uid + 1;

Modified: upstream/trunk/libmisc/getdate.h
===================================================================
--- upstream/trunk/libmisc/getdate.h	2010-08-22 13:04:54 UTC (rev 3231)
+++ upstream/trunk/libmisc/getdate.h	2010-08-22 19:13:53 UTC (rev 3232)
@@ -35,5 +35,5 @@
 #include <config.h>
 #include "defines.h"
 
-time_t get_date (const char *, const time_t *);
+time_t get_date (const char *p, /*@null@*/const time_t *now);
 #endif

Modified: upstream/trunk/libmisc/getgr_nam_gid.c
===================================================================
--- upstream/trunk/libmisc/getgr_nam_gid.c	2010-08-22 13:04:54 UTC (rev 3231)
+++ upstream/trunk/libmisc/getgr_nam_gid.c	2010-08-22 19:13:53 UTC (rev 3232)
@@ -44,7 +44,7 @@
  * The string may be a valid GID or a valid groupname.
  * If the group does not exist on the system, NULL is returned.
  */
-extern /*@null@*/struct group *getgr_nam_gid (const char *grname)
+extern /*@null@*/struct group *getgr_nam_gid (/*@null@*/const char *grname)
 {
 	long long int gid;
 	char *endptr;

Modified: upstream/trunk/libmisc/hushed.c
===================================================================
--- upstream/trunk/libmisc/hushed.c	2010-08-22 13:04:54 UTC (rev 3231)
+++ upstream/trunk/libmisc/hushed.c	2010-08-22 19:13:53 UTC (rev 3232)
@@ -76,7 +76,7 @@
 	 */
 
 	if (hushfile[0] != '/') {
-		snprintf (buf, sizeof (buf), "%s/%s", pw->pw_dir, hushfile);
+		(void) snprintf (buf, sizeof (buf), "%s/%s", pw->pw_dir, hushfile);
 		return (access (buf, F_OK) == 0);
 	}
 

Modified: upstream/trunk/libmisc/limits.c
===================================================================
--- upstream/trunk/libmisc/limits.c	2010-08-22 13:04:54 UTC (rev 3231)
+++ upstream/trunk/libmisc/limits.c	2010-08-22 19:13:53 UTC (rev 3232)
@@ -547,8 +547,7 @@
 	if (getdef_bool ("QUOTAS_ENAB")) {
 #ifdef LIMITS
 		if (info->pw_uid != 0) {
-			if (setup_user_limits (info->pw_name) &
-			    LOGIN_ERROR_LOGIN) {
+			if ((setup_user_limits (info->pw_name) & LOGIN_ERROR_LOGIN) != 0) {
 				(void) fputs (_("Too many logins.\n"), stderr);
 				(void) sleep (2); /* XXX: Should be FAIL_DELAY */
 				exit (EXIT_FAILURE);

Modified: upstream/trunk/libmisc/loginprompt.c
===================================================================
--- upstream/trunk/libmisc/loginprompt.c	2010-08-22 13:04:54 UTC (rev 3231)
+++ upstream/trunk/libmisc/loginprompt.c	2010-08-22 19:13:53 UTC (rev 3232)
@@ -98,7 +98,7 @@
 				(void) fclose (fp);
 			}
 		}
-		gethostname (buf, sizeof buf);
+		(void) gethostname (buf, sizeof buf);
 		printf (prompt, buf);
 		(void) fflush (stdout);
 	}

Modified: upstream/trunk/libmisc/obscure.c
===================================================================
--- upstream/trunk/libmisc/obscure.c	2010-08-22 13:04:54 UTC (rev 3231)
+++ upstream/trunk/libmisc/obscure.c	2010-08-22 19:13:53 UTC (rev 3232)
@@ -69,7 +69,7 @@
  * more than half of the characters are different ones.
  */
 
-static bool similar (const char *old, const char *new)
+static bool similar (/*@notnull@*/const char *old, /*@notnull@*/const char *new)
 {
 	int i, j;
 
@@ -100,7 +100,7 @@
  * a nice mix of characters.
  */
 
-static int simple (unused const char *old, const char *new)
+static bool simple (unused const char *old, const char *new)
 {
 	bool digits = false;
 	bool uppers = false;
@@ -147,7 +147,7 @@
 	return true;
 }
 
-static char *str_lower (char *string)
+static char *str_lower (/*@returned@*/char *string)
 {
 	char *cp;
 
@@ -157,8 +157,10 @@
 	return string;
 }
 
-static const char *password_check (const char *old, const char *new,
-				   const struct passwd *pwdp)
+static /*@observer@*//*@null@*/const char *password_check (
+	/*@notnull@*/const char *old,
+	/*@notnull@*/const char *new,
+	/*@notnull@*/const struct passwd *pwdp)
 {
 	const char *msg = NULL;
 	char *oldmono, *newmono, *wrapped;
@@ -219,9 +221,10 @@
 	return msg;
 }
 
-/*ARGSUSED*/
-static const char *obscure_msg (const char *old, const char *new,
-				    const struct passwd *pwdp)
+static /*@observer@*//*@null@*/const char *obscure_msg (
+	/*@notnull@*/const char *old,
+	/*@notnull@*/const char *new,
+	/*@notnull@*/const struct passwd *pwdp)
 {
 	size_t maxlen, oldlen, newlen;
 	char *new1, *old1;

Modified: upstream/trunk/libmisc/salt.c
===================================================================
--- upstream/trunk/libmisc/salt.c	2010-08-22 13:04:54 UTC (rev 3231)
+++ upstream/trunk/libmisc/salt.c	2010-08-22 19:13:53 UTC (rev 3232)
@@ -150,7 +150,7 @@
 		rounds = ROUNDS_MAX;
 	}
 
-	snprintf (rounds_prefix, 18, "rounds=%ld$", rounds);
+	(void) snprintf (rounds_prefix, 18, "rounds=%ld$", rounds);
 
 	/* Sanity checks. That should not be necessary. */
 	rounds_prefix[17] = '\0';

Modified: upstream/trunk/libmisc/setupenv.c
===================================================================
--- upstream/trunk/libmisc/setupenv.c	2010-08-22 13:04:54 UTC (rev 3231)
+++ upstream/trunk/libmisc/setupenv.c	2010-08-22 19:13:53 UTC (rev 3232)
@@ -74,7 +74,7 @@
 	if (NULL == fp) {
 		return;
 	}
-	while (fgets (buf, sizeof buf, fp) == buf) {
+	while (fgets (buf, (int)(sizeof buf), fp) == buf) {
 		cp = strrchr (buf, '\n');
 		if (NULL == cp) {
 			break;

Modified: upstream/trunk/libmisc/shell.c
===================================================================
--- upstream/trunk/libmisc/shell.c	2010-08-22 13:04:54 UTC (rev 3231)
+++ upstream/trunk/libmisc/shell.c	2010-08-22 19:13:53 UTC (rev 3232)
@@ -68,7 +68,8 @@
 	 * don't want to tell us what it is themselves.
 	 */
 	if (arg == (char *) 0) {
-		snprintf (arg0, sizeof arg0, "-%s", Basename ((char *) file));
+		(void) snprintf (arg0, sizeof arg0, "-%s", Basename ((char *) file));
+		arg0[sizeof arg0 - 1] = '\0';
 		arg = arg0;
 	}
 
@@ -77,7 +78,7 @@
 	 * able to figure out what we are up to without too much
 	 * grief.
 	 */
-	execle (file, arg, (char *) 0, envp);
+	(void) execle (file, arg, (char *) 0, envp);
 	err = errno;
 
 	if (access (file, R_OK|X_OK) == 0) {
@@ -85,7 +86,7 @@
 		 * Assume this is a shell script (with no shebang).
 		 * Interpret it with /bin/sh
 		 */
-		execle (SHELL, "sh", "-", file, (char *)0, envp);
+		(void) execle (SHELL, "sh", "-", file, (char *)0, envp);
 		err = errno;
 	}
 
@@ -94,7 +95,7 @@
 	 * how to execute this stupid shell, so I might as well give
 	 * up in disgust ...
 	 */
-	snprintf (arg0, sizeof arg0, _("Cannot execute %s"), file);
+	(void) snprintf (arg0, sizeof arg0, _("Cannot execute %s"), file);
 	errno = err;
 	perror (arg0);
 	return err;

Modified: upstream/trunk/libmisc/sub.c
===================================================================
--- upstream/trunk/libmisc/sub.c	2010-08-22 13:04:54 UTC (rev 3231)
+++ upstream/trunk/libmisc/sub.c	2010-08-22 19:13:53 UTC (rev 3232)
@@ -66,11 +66,13 @@
 	 * must be able to change into it.
 	 */
 
-	if (chdir (pw->pw_dir) || chroot (pw->pw_dir)) {
-		printf (_("Can't change root directory to '%s'\n"),
-			pw->pw_dir);
+	if (   (chdir (pw->pw_dir) != 0)
+	    || (chroot (pw->pw_dir) != 0)) {
+		(void) printf (_("Can't change root directory to '%s'\n"),
+		               pw->pw_dir);
 		SYSLOG ((LOG_WARN, NO_SUBROOT2, pw->pw_dir, pw->pw_name));
 		closelog ();
 		exit (EXIT_FAILURE);
 	}
 }
+

Modified: upstream/trunk/libmisc/system.c
===================================================================
--- upstream/trunk/libmisc/system.c	2010-08-22 13:04:54 UTC (rev 3231)
+++ upstream/trunk/libmisc/system.c	2010-08-22 19:13:53 UTC (rev 3232)
@@ -1,5 +1,6 @@
 /*
  * Copyright (c) 2009       , Dan Walsh <dwalsh at redhat.com>
+ * Copyright (c) 2010       , Nicolas François
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -38,8 +39,8 @@
 
 int safe_system (const char *command,
                  const char *argv[],
-                 const char *env[],
-                 int ignore_stderr)
+                 /*@null@*/const char *env[],
+                 bool ignore_stderr)
 {
 	int status = -1;
 	int fd;
@@ -50,7 +51,7 @@
 		return -1;
 	}
 
-	if (pid) {       /* Parent */
+	if (pid != 0) {       /* Parent */
 		if (waitpid (pid, &status, 0) > 0) {
 			return status;
 		} else {
@@ -60,13 +61,19 @@
 
 	fd = open ("/dev/null", O_RDWR);
 	/* Child */
-	dup2 (fd, 0);           /* Close Stdin */
+	/* Close Stdin */
+	if (dup2 (fd, 0) == -1) {
+		exit (EXIT_FAILURE);
+	}
 	if (ignore_stderr) {
-		dup2 (fd, 2);   /* Close Stderr */
+		/* Close Stderr */
+		if (dup2 (fd, 2) == -1) {
+			exit (EXIT_FAILURE);
+		}
 	}
 
-	execve (command, (char *const *) argv, (char *const *) env);
-	fprintf (stderr, _("Failed to exec '%s'\n"), argv[0]);
+	(void) execve (command, (char *const *) argv, (char *const *) env);
+	(void) fprintf (stderr, _("Failed to exec '%s'\n"), argv[0]);
 	exit (EXIT_FAILURE);
 }
 

Modified: upstream/trunk/libmisc/ttytype.c
===================================================================
--- upstream/trunk/libmisc/ttytype.c	2010-08-22 13:04:54 UTC (rev 3231)
+++ upstream/trunk/libmisc/ttytype.c	2010-08-22 19:13:53 UTC (rev 3232)
@@ -47,8 +47,8 @@
 	char buf[BUFSIZ];
 	const char *typefile;
 	char *cp;
-	char type[BUFSIZ];
-	char port[BUFSIZ];
+	char type[1024] = "";
+	char port[1024];
 
 	if (getenv ("TERM") != NULL) {
 		return;
@@ -76,12 +76,12 @@
 			*cp = '\0';
 		}
 
-		if ((sscanf (buf, "%s %s", type, port) == 2) &&
-		    (strcmp (line, port) == 0)) {
+		if (   (sscanf (buf, "%1023s %1023s", type, port) == 2)
+		    && (strcmp (line, port) == 0)) {
 			break;
 		}
 	}
-	if ((feof (fp) == 0) && (ferror (fp) == 0)) {
+	if ((feof (fp) == 0) && (ferror (fp) == 0) && (type[0] != '\0')) {
 		addenv ("TERM", type);
 	}
 

Modified: upstream/trunk/libmisc/valid.c
===================================================================
--- upstream/trunk/libmisc/valid.c	2010-08-22 13:04:54 UTC (rev 3231)
+++ upstream/trunk/libmisc/valid.c	2010-08-22 19:13:53 UTC (rev 3232)
@@ -52,7 +52,7 @@
 bool valid (const char *password, const struct passwd *ent)
 {
 	const char *encrypted;
-	const char *salt;
+	/*@observer@*/const char *salt;
 
 	/*
 	 * Start with blank or empty password entries.  Always encrypt

Modified: upstream/trunk/libmisc/xmalloc.c
===================================================================
--- upstream/trunk/libmisc/xmalloc.c	2010-08-22 13:04:54 UTC (rev 3231)
+++ upstream/trunk/libmisc/xmalloc.c	2010-08-22 19:13:53 UTC (rev 3232)
@@ -47,19 +47,19 @@
 #include "defines.h"
 #include "prototypes.h"
 
-char *xmalloc (size_t size)
+/*@maynotreturn@*/ /*@only@*//*@out@*//*@notnull@*/char *xmalloc (size_t size)
 {
 	char *ptr;
 
 	ptr = (char *) malloc (size);
-	if ((NULL == ptr) && (0 != size)) {
-		fprintf (stderr, _("malloc(%d) failed\n"), (int) size);
+	if (NULL == ptr) {
+		(void) fprintf (stderr, _("malloc(%d) failed\n"), (int) size);
 		exit (13);
 	}
 	return ptr;
 }
 
-char *xstrdup (const char *str)
+/*@maynotreturn@*/ /*@only@*//*@notnull@*/char *xstrdup (const char *str)
 {
 	return strcpy (xmalloc (strlen (str) + 1), str);
 }

Modified: upstream/trunk/src/newusers.c
===================================================================
--- upstream/trunk/src/newusers.c	2010-08-22 13:04:54 UTC (rev 3231)
+++ upstream/trunk/src/newusers.c	2010-08-22 19:13:53 UTC (rev 3232)
@@ -378,7 +378,7 @@
 	pwent.pw_dir = "";	/* XXX warning: const */
 	pwent.pw_shell = "";	/* XXX warning: const */
 
-	return (pw_update (&pwent) == 0);
+	return (pw_update (&pwent) == 0) ? -1 : 0;
 }
 
 #ifndef USE_PAM
@@ -976,7 +976,7 @@
 		usernames[nusers-1] = strdup (fields[0]);
 		passwords[nusers-1] = strdup (fields[1]);
 #endif				/* USE_PAM */
-		if (add_passwd (&newpw, fields[1])) {
+		if (add_passwd (&newpw, fields[1]) != 0) {
 			fprintf (stderr,
 			         _("%s: line %d: can't update password\n"),
 			         Prog, line);

Modified: upstream/trunk/src/su.c
===================================================================
--- upstream/trunk/src/su.c	2010-08-22 13:04:54 UTC (rev 3231)
+++ upstream/trunk/src/su.c	2010-08-22 19:13:53 UTC (rev 3232)
@@ -127,12 +127,13 @@
 {
 	static TERMIO sgtty;
 
-	if (killed)
+	if (killed != 0) {
 		STTY (0, &sgtty);
-	else
+	} else {
 		GTTY (0, &sgtty);
+	}
 
-	if (killed) {
+	if (killed != 0) {
 		closelog ();
 		exit (128+killed);
 	}
@@ -813,8 +814,9 @@
 	 * The first character of an administrator defined method is an '@'
 	 * character.
 	 */
-	if (!amroot && pw_auth (pwent.pw_passwd, name, PW_SU, (char *) 0)) {
-		SYSLOG ((pwent.pw_uid ? LOG_NOTICE : LOG_WARN,
+	if (   !amroot
+	    && (pw_auth (pwent.pw_passwd, name, PW_SU, (char *) 0) != 0)) {
+		SYSLOG (((pwent.pw_uid != 0)? LOG_NOTICE : LOG_WARN,
 		         "Authentication failed for %s", name));
 		fprintf(stderr, _("%s: Authentication failure\n"), Prog);
 		su_failure (tty);
@@ -831,7 +833,7 @@
 			spwd = pwd_to_spwd (&pwent);
 		}
 
-		if (expire (&pwent, spwd)) {
+		if (expire (&pwent, spwd) != 0) {
 			/* !USE_PAM, no need for xgetpwnam */
 			struct passwd *pwd = getpwnam (name);
 

Modified: upstream/trunk/src/useradd.c
===================================================================
--- upstream/trunk/src/useradd.c	2010-08-22 13:04:54 UTC (rev 3231)
+++ upstream/trunk/src/useradd.c	2010-08-22 19:13:53 UTC (rev 3232)
@@ -1731,7 +1731,7 @@
 static void selinux_update_mapping (void) {
 	if (is_selinux_enabled () <= 0) return;
 
-	if (*user_selinux) { /* must be done after passwd write() */
+	if ('\0' != *user_selinux) { /* must be done after passwd write() */
 		const char *argv[7];
 		argv[0] = "/usr/sbin/semanage";
 		argv[1] = "login";
@@ -1740,7 +1740,7 @@
 		argv[4] = user_selinux;
 		argv[5] = user_name;
 		argv[6] = NULL;
-		if (safe_system (argv[0], argv, NULL, 0)) {
+		if (safe_system (argv[0], argv, NULL, false) != 0) {
 			fprintf (stderr,
 			         _("%s: warning: the user name %s to %s SELinux user mapping failed.\n"),
 			         Prog, user_name, user_selinux);

Modified: upstream/trunk/src/userdel.c
===================================================================
--- upstream/trunk/src/userdel.c	2010-08-22 13:04:54 UTC (rev 3231)
+++ upstream/trunk/src/userdel.c	2010-08-22 19:13:53 UTC (rev 3232)
@@ -632,7 +632,7 @@
  *
  * Return
  *  1: path exists and is owned by uid
- *  0: path is not owned by uid, or a failure occured
+ *  0: path is not owned by uid, or a failure occurred
  * -1: path does not exist
  */
 static int is_owner (uid_t uid, const char *path)
@@ -648,7 +648,7 @@
 			return 0;
 		}
 	}
-	return (st.st_uid == uid);
+	return (st.st_uid == uid) ? 1 : 0;
 }
 
 static int remove_mailbox (void)
@@ -1043,7 +1043,7 @@
 		args[2] = "-d";
 		args[3] = user_name;
 		args[4] = NULL;
-		safe_system (args[0], args, NULL, 1);
+		safe_system (args[0], args, NULL, true);
 	}
 #endif				/* WITH_SELINUX */
 

Modified: upstream/trunk/src/usermod.c
===================================================================
--- upstream/trunk/src/usermod.c	2010-08-22 13:04:54 UTC (rev 3231)
+++ upstream/trunk/src/usermod.c	2010-08-22 19:13:53 UTC (rev 3232)
@@ -1851,9 +1851,11 @@
 static void selinux_update_mapping (void) {
 	const char *argv[7];
 
-	if (is_selinux_enabled () <= 0) return;
+	if (is_selinux_enabled () <= 0) {
+		return;
+	}
 
-	if (*user_selinux) {
+	if ('\0' != *user_selinux) {
 		argv[0] = "/usr/sbin/semanage";
 		argv[1] = "login";
 		argv[2] = "-m";
@@ -1861,9 +1863,9 @@
 		argv[4] = user_selinux;
 		argv[5] = user_name;
 		argv[6] = NULL;
-		if (safe_system (argv[0], argv, NULL, 1)) {
+		if (safe_system (argv[0], argv, NULL, true) != 0) {
 			argv[2] = "-a";
-			if (safe_system (argv[0], argv, NULL, 0)) {
+			if (safe_system (argv[0], argv, NULL, false) != 0) {
 				fprintf (stderr,
 				         _("%s: warning: the user name %s to %s SELinux user mapping failed.\n"),
 				         Prog, user_name, user_selinux);

Modified: upstream/trunk/src/vipw.c
===================================================================
--- upstream/trunk/src/vipw.c	2010-08-22 13:04:54 UTC (rev 3231)
+++ upstream/trunk/src/vipw.c	2010-08-22 19:13:53 UTC (rev 3232)
@@ -231,7 +231,7 @@
 #ifdef WITH_SELINUX
 	/* if SE Linux is enabled then set the context of all new files
 	   to be the context of the file we are editing */
-	if (is_selinux_enabled ()) {
+	if (is_selinux_enabled () != 0) {
 		security_context_t passwd_context=NULL;
 		int ret = 0;
 		if (getfilecon (file, &passwd_context) < 0) {
@@ -332,7 +332,7 @@
 	}
 #ifdef WITH_SELINUX
 	/* unset the fscreatecon */
-	if (is_selinux_enabled ()) {
+	if (is_selinux_enabled () != 0) {
 		if (setfscreatecon (NULL) != 0) {
 			vipwexit (_("setfscreatecon () failed"), errno, 1);
 		}




More information about the Pkg-shadow-commits mailing list