sudo_secure_open_{file,dir}: always check thatreturn value is not -1.

Avoids false positives from static analyzers that can't figure out that the fd is always valid when error is SUDO_PATH_SECURE.
2022-10-04 09:33:44 -06:00
parent 59765dd360
commit 3940020c94
4 changed files with 120 additions and 113 deletions
--- a/plugins/sudoers/timestamp.c
+++ b/plugins/sudoers/timestamp.c
@@ -235,56 +235,56 @@ ts_mkdirs(const char *path, uid_t owner, gid_t group, mode_t mode,
 static int
 ts_secure_opendir(const char *path, bool make_it, bool quiet)
 {
-    int error, fd = -1;
+    int error, fd;
    struct stat sb;
    debug_decl(ts_secure_opendir, SUDOERS_DEBUG_AUTH);

    sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO, "checking %s", path);
    fd = sudo_secure_open_dir(path, timestamp_uid, timestamp_gid, &sb, &error);
-    switch (error) {
-    case SUDO_PATH_SECURE:
-	break;
-    case SUDO_PATH_MISSING:
-	if (make_it) {
-	    fd = ts_mkdirs(path, timestamp_uid, timestamp_gid, S_IRWXU,
-		S_IRWXU|S_IXGRP|S_IXOTH, quiet);
-	    if (fd != -1)
-		break;
+    if (fd == -1) {
+	switch (error) {
+	case SUDO_PATH_MISSING:
+	    if (make_it) {
+		fd = ts_mkdirs(path, timestamp_uid, timestamp_gid, S_IRWXU,
+		    S_IRWXU|S_IXGRP|S_IXOTH, quiet);
+		if (fd != -1)
+		    break;
+	    }
+	    if (!quiet)
+		sudo_warn("%s", path);
+	    break;
+	case SUDO_PATH_BAD_TYPE:
+	    errno = ENOTDIR;
+	    if (!quiet)
+		sudo_warn("%s", path);
+	    break;
+	case SUDO_PATH_WRONG_OWNER:
+	    if (!quiet) {
+		sudo_warnx(U_("%s is owned by uid %u, should be %u"),
+		    path, (unsigned int)sb.st_uid, (unsigned int)timestamp_uid);
+	    }
+	    errno = EACCES;
+	    break;
+	case SUDO_PATH_WORLD_WRITABLE:
+	    if (!quiet)
+		sudo_warnx(U_("%s is world writable"), path);
+	    errno = EACCES;
+	    break;
+	case SUDO_PATH_GROUP_WRITABLE:
+	    if (!quiet) {
+		sudo_warnx(U_("%s is owned by gid %u, should be %u"),
+		    path, (unsigned int)sb.st_gid, (unsigned int)timestamp_gid);
+	    }
+	    errno = EACCES;
+	    break;
+	default:
+	    if (!quiet) {
+		sudo_warnx("%s: internal error, unexpected error %d",
+		    __func__, error);
+		errno = EINVAL;
+	    }
+	    break;
 	}
-	if (!quiet)
-	    sudo_warn("%s", path);
-	break;
-    case SUDO_PATH_BAD_TYPE:
-	errno = ENOTDIR;
-	if (!quiet)
-	    sudo_warn("%s", path);
-	break;
-    case SUDO_PATH_WRONG_OWNER:
-	if (!quiet) {
-	    sudo_warnx(U_("%s is owned by uid %u, should be %u"),
-		path, (unsigned int)sb.st_uid, (unsigned int)timestamp_uid);
-	}
-	errno = EACCES;
-	break;
-    case SUDO_PATH_WORLD_WRITABLE:
-	if (!quiet)
-	    sudo_warnx(U_("%s is world writable"), path);
-	errno = EACCES;
-	break;
-    case SUDO_PATH_GROUP_WRITABLE:
-	if (!quiet) {
-	    sudo_warnx(U_("%s is owned by gid %u, should be %u"),
-		path, (unsigned int)sb.st_gid, (unsigned int)timestamp_gid);
-	}
-	errno = EACCES;
-	break;
-    default:
-	if (!quiet) {
-	    sudo_warnx("%s: internal error, unexpected error %d",
-		__func__, error);
-	    errno = EINVAL;
-	}
-	break;
    }

    debug_return_int(fd);