diff --git a/logsrvd/iolog_writer.c b/logsrvd/iolog_writer.c index 157f100dc..ca8375b85 100644 --- a/logsrvd/iolog_writer.c +++ b/logsrvd/iolog_writer.c @@ -170,7 +170,7 @@ evlog_new(TimeSpec *submit_time, InfoMessage **info_msgs, size_t infolen, errno = ERANGE; sudo_warn(U_("%s: %s"), source, "columns"); } else { - evlog->columns = info->u.numval; + evlog->columns = (int)info->u.numval; } } continue; @@ -193,7 +193,7 @@ evlog_new(TimeSpec *submit_time, InfoMessage **info_msgs, size_t infolen, errno = ERANGE; sudo_warn(U_("%s: %s"), source, "lines"); } else { - evlog->lines = info->u.numval; + evlog->lines = (int)info->u.numval; } } continue; @@ -242,7 +242,7 @@ evlog_new(TimeSpec *submit_time, InfoMessage **info_msgs, size_t infolen, errno = ERANGE; sudo_warn(U_("%s: %s"), source, "rungid"); } else { - evlog->rungid = info->u.numval; + evlog->rungid = (gid_t)info->u.numval; } } continue; @@ -263,7 +263,7 @@ evlog_new(TimeSpec *submit_time, InfoMessage **info_msgs, size_t infolen, errno = ERANGE; sudo_warn(U_("%s: %s"), source, "runuid"); } else { - evlog->runuid = info->u.numval; + evlog->runuid = (uid_t)info->u.numval; } } continue; @@ -417,7 +417,7 @@ fill_seq(char *str, size_t strsize, void *v) sudo_warnx(U_("%s: unable to format session id"), __func__); debug_return_size_t(strsize); /* handle non-standard snprintf() */ } - debug_return_size_t(len); + debug_return_size_t((size_t)len); } static size_t @@ -527,7 +527,7 @@ create_iolog_path(struct connection_closure *closure) struct eventlog *evlog = closure->evlog; struct iolog_path_closure path_closure; char expanded_dir[PATH_MAX], expanded_file[PATH_MAX], pathbuf[PATH_MAX]; - size_t len; + int len; debug_decl(create_iolog_path, SUDO_DEBUG_UTIL); path_closure.evlog = evlog; @@ -549,7 +549,7 @@ create_iolog_path(struct connection_closure *closure) len = snprintf(pathbuf, sizeof(pathbuf), "%s/%s", expanded_dir, expanded_file); - if (len >= sizeof(pathbuf)) { + if (len < 0 || len >= ssizeof(pathbuf)) { errno = ENAMETOOLONG; sudo_warn("%s/%s", expanded_dir, expanded_file); goto bad; @@ -681,14 +681,14 @@ iolog_copy(struct iolog_file *src, struct iolog_file *dst, off_t remainder, sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO, "copying %lld bytes", (long long)remainder); while (remainder > 0) { - const ssize_t toread = MIN(remainder, ssizeof(buf)); + const size_t toread = MIN((size_t)remainder, sizeof(buf)); nread = iolog_read(src, buf, toread, errstr); if (nread == -1) debug_return_bool(false); remainder -= nread; do { - ssize_t nwritten = iolog_write(dst, buf, nread, errstr); + ssize_t nwritten = iolog_write(dst, buf, (size_t)nread, errstr); if (nwritten == -1) debug_return_bool(false); nread -= nwritten; @@ -753,7 +753,7 @@ iolog_rewrite(const struct timespec *target, struct connection_closure *closure) evlog->iolog_path, iolog_fd_to_name(timing.event)); goto done; } - iolog_file_sizes[timing.event] += timing.u.nbytes; + iolog_file_sizes[timing.event] += (off_t)timing.u.nbytes; } if (sudo_timespeccmp(&closure->elapsed_time, target, >=)) { diff --git a/logsrvd/logsrv_util.c b/logsrvd/logsrv_util.c index 629ca34ef..0c4aa7e62 100644 --- a/logsrvd/logsrv_util.c +++ b/logsrvd/logsrv_util.c @@ -166,7 +166,7 @@ iolog_seekto(int iolog_dir_fd, const char *iolog_path, iolog_fd_to_name(timing.event)); goto bad; } - pos = iolog_seek(&iolog_files[timing.event], timing.u.nbytes, + pos = iolog_seek(&iolog_files[timing.event], (off_t)timing.u.nbytes, SEEK_CUR); if (pos == -1) { sudo_warn(U_("%s/%s: unable to seek forward %zu"), iolog_path, diff --git a/logsrvd/logsrvd.c b/logsrvd/logsrvd.c index a568c88c4..52f486a6d 100644 --- a/logsrvd/logsrvd.c +++ b/logsrvd/logsrvd.c @@ -978,7 +978,7 @@ server_msg_cb(int fd, int what, void *v) sudo_warn("%s: write", closure->ipaddr); goto finished; } - buf->off += nwritten; + buf->off += (size_t)nwritten; if (buf->off == buf->len) { /* sent entire message, move buf to free list */ @@ -1102,7 +1102,7 @@ client_msg_cb(int fd, int what, void *v) default: break; } - buf->len += nread; + buf->len += (size_t)nread; while (buf->len - buf->off >= sizeof(msg_len)) { /* Read wire message size (uint32_t in network byte order). */ @@ -1207,7 +1207,7 @@ server_commit_cb(int unused, int what, void *v) iolog_flush_all(closure); commit_point.tv_sec = closure->elapsed_time.tv_sec; - commit_point.tv_nsec = closure->elapsed_time.tv_nsec; + commit_point.tv_nsec = (int32_t)closure->elapsed_time.tv_nsec; if (!schedule_commit_point(&commit_point, closure)) connection_close(closure); diff --git a/logsrvd/logsrvd_conf.c b/logsrvd/logsrvd_conf.c index 99d092410..d528027f3 100644 --- a/logsrvd/logsrvd_conf.c +++ b/logsrvd/logsrvd_conf.c @@ -468,7 +468,7 @@ cb_iolog_maxseq(struct logsrvd_config *config, const char *str, size_t offset) unsigned int value; debug_decl(cb_iolog_maxseq, SUDO_DEBUG_UTIL); - value = sudo_strtonum(str, 0, SESSID_MAX, &errstr); + value = (unsigned int)sudo_strtonum(str, 0, SESSID_MAX, &errstr); if (errstr != NULL) { if (errno != ERANGE) { sudo_warnx(U_("invalid value for %s: %s"), "maxseq", errstr); @@ -932,7 +932,7 @@ cb_syslog_maxlen(struct logsrvd_config *config, const char *str, size_t offset) const char *errstr; debug_decl(cb_syslog_maxlen, SUDO_DEBUG_UTIL); - maxlen = sudo_strtonum(str, 1, UINT_MAX, &errstr); + maxlen = (unsigned int)sudo_strtonum(str, 1, UINT_MAX, &errstr); if (errstr != NULL) debug_return_bool(false); diff --git a/logsrvd/logsrvd_journal.c b/logsrvd/logsrvd_journal.c index 5f66866db..20e220d52 100644 --- a/logsrvd/logsrvd_journal.c +++ b/logsrvd/logsrvd_journal.c @@ -90,7 +90,7 @@ journal_fdopen(int fd, const char *journal_path, } static int -journal_mkstemp(const char *parent_dir, char *pathbuf, int pathlen) +journal_mkstemp(const char *parent_dir, char *pathbuf, size_t pathsize) { int len, dfd = -1, fd = -1; mode_t dirmode, oldmask; @@ -105,9 +105,9 @@ journal_mkstemp(const char *parent_dir, char *pathbuf, int pathlen) dirmode |= S_IXOTH; oldmask = umask(ACCESSPERMS & ~dirmode); - len = snprintf(pathbuf, pathlen, "%s/%s/%s", + len = snprintf(pathbuf, pathsize, "%s/%s/%s", logsrvd_conf_relay_dir(), parent_dir, RELAY_TEMPLATE); - if (len >= pathlen) { + if ((size_t)len >= pathsize) { errno = ENAMETOOLONG; sudo_warn("%s/%s/%s", logsrvd_conf_relay_dir(), parent_dir, RELAY_TEMPLATE); @@ -120,7 +120,7 @@ journal_mkstemp(const char *parent_dir, char *pathbuf, int pathlen) "unable to create parent dir for %s", pathbuf); goto done; } - template = pathbuf + (len - strlen(RELAY_TEMPLATE)); + template = &pathbuf[(size_t)len - (sizeof(RELAY_TEMPLATE) - 1)]; if ((fd = mkostempsat(dfd, template, 0, 0)) == -1) { sudo_warn(U_("%s: %s"), "mkstemp", pathbuf); goto done; diff --git a/logsrvd/logsrvd_local.c b/logsrvd/logsrvd_local.c index 99b0a3f02..4d328ef8f 100644 --- a/logsrvd/logsrvd_local.c +++ b/logsrvd/logsrvd_local.c @@ -430,6 +430,8 @@ store_exit_local(ExitMessage *msg, uint8_t *buf, size_t len, } if (closure->log_io) { + mode_t mode; + /* Store the run time and exit status in log.json. */ if (!store_exit_info_json(closure->iolog_dir_fd, evlog)) { closure->errstr = _("error logging exit event"); @@ -437,7 +439,7 @@ store_exit_local(ExitMessage *msg, uint8_t *buf, size_t len, } /* Clear write bits from I/O timing file to indicate completion. */ - mode_t mode = logsrvd_conf_iolog_mode(); + mode = logsrvd_conf_iolog_mode(); CLR(mode, S_IWUSR|S_IWGRP|S_IWOTH); if (fchmodat(closure->iolog_dir_fd, "timing", mode, 0) == -1) { sudo_warn("chmod 0%o %s/%s", (unsigned int)mode, "timing", @@ -603,7 +605,7 @@ store_iobuf_local(int iofd, IoBuffer *iobuf, uint8_t *buf, size_t buflen, /* Write timing data. */ if (!iolog_write(&closure->iolog_files[IOFD_TIMING], tbuf, - len, &errstr)) { + (size_t)len, &errstr)) { sudo_warnx(U_("%s/%s: %s"), evlog->iolog_path, iolog_fd_to_name(IOFD_TIMING), errstr); goto bad; @@ -651,7 +653,7 @@ store_winsize_local(ChangeWindowSize *msg, uint8_t *buf, size_t buflen, /* Write timing data. */ if (!iolog_write(&closure->iolog_files[IOFD_TIMING], tbuf, - len, &errstr)) { + (size_t)len, &errstr)) { sudo_warnx(U_("%s/%s: %s"), closure->evlog->iolog_path, iolog_fd_to_name(IOFD_TIMING), errstr); goto bad; @@ -686,7 +688,7 @@ store_suspend_local(CommandSuspend *msg, uint8_t *buf, size_t buflen, /* Write timing data. */ if (!iolog_write(&closure->iolog_files[IOFD_TIMING], tbuf, - len, &errstr)) { + (size_t)len, &errstr)) { sudo_warnx(U_("%s/%s: %s"), closure->evlog->iolog_path, iolog_fd_to_name(IOFD_TIMING), errstr); goto bad; diff --git a/logsrvd/logsrvd_queue.c b/logsrvd/logsrvd_queue.c index f164e8256..4152d7a30 100644 --- a/logsrvd/logsrvd_queue.c +++ b/logsrvd/logsrvd_queue.c @@ -225,7 +225,7 @@ logsrvd_queue_scan(struct sudo_event_base *evbase) sudo_warn("%s/outgoing/%s", logsrvd_conf_relay_dir(), RELAY_TEMPLATE); debug_return_bool(false); } - dirlen -= sizeof(RELAY_TEMPLATE) - 1; + dirlen -= (int)sizeof(RELAY_TEMPLATE) - 1; path[dirlen] = '\0'; dirp = opendir(path); diff --git a/logsrvd/logsrvd_relay.c b/logsrvd/logsrvd_relay.c index 337b61256..d9659dee4 100644 --- a/logsrvd/logsrvd_relay.c +++ b/logsrvd/logsrvd_relay.c @@ -833,7 +833,7 @@ relay_server_msg_cb(int fd, int what, void *v) default: break; } - buf->len += nread; + buf->len += (size_t)nread; while (buf->len - buf->off >= sizeof(msg_len)) { /* Read wire message size (uint32_t in network byte order). */ @@ -984,7 +984,7 @@ relay_client_msg_cb(int fd, int what, void *v) goto send_error; } } - buf->off += nwritten; + buf->off += (size_t)nwritten; if (buf->off == buf->len) { /* sent entire message, move buf to free list */ diff --git a/logsrvd/regress/fuzz/fuzz_logsrvd_conf.c b/logsrvd/regress/fuzz/fuzz_logsrvd_conf.c index afe1f2d8e..958661f5d 100644 --- a/logsrvd/regress/fuzz/fuzz_logsrvd_conf.c +++ b/logsrvd/regress/fuzz/fuzz_logsrvd_conf.c @@ -181,7 +181,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { char tempfile[] = "/tmp/logsrvd_conf.XXXXXX"; - size_t nwritten; + ssize_t nwritten; int fd; initprogname("fuzz_logsrvd_conf"); @@ -193,7 +193,7 @@ LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) if (fd == -1) return 0; nwritten = write(fd, data, size); - if (nwritten != size) { + if (nwritten == -1) { close(fd); return 0; } diff --git a/logsrvd/sendlog.c b/logsrvd/sendlog.c index 248c2e647..c9444b165 100644 --- a/logsrvd/sendlog.c +++ b/logsrvd/sendlog.c @@ -279,7 +279,7 @@ read_io_buf(struct client_closure *closure) { struct timing_closure *timing = &closure->timing; const char *errstr = NULL; - size_t nread; + ssize_t nread; debug_decl(read_io_buf, SUDO_DEBUG_UTIL); if (!closure->iolog_files[timing->event].enabled) { @@ -310,7 +310,7 @@ read_io_buf(struct client_closure *closure) nread = iolog_read(&closure->iolog_files[timing->event], closure->buf, timing->u.nbytes, &errstr); - if (nread != timing->u.nbytes) { + if (nread == -1) { sudo_warnx(U_("unable to read %s/%s: %s"), iolog_dir, iolog_fd_to_name(timing->event), errstr); debug_return_bool(false); @@ -665,8 +665,8 @@ fmt_reject_message(struct client_closure *closure) } /* Sudo I/O logs only store start time in seconds. */ - tv.tv_sec = closure->evlog->submit_time.tv_sec; - tv.tv_nsec = closure->evlog->submit_time.tv_nsec; + tv.tv_sec = (int64_t)closure->evlog->submit_time.tv_sec; + tv.tv_nsec = (int32_t)closure->evlog->submit_time.tv_nsec; reject_msg.submit_time = &tv; /* Why the command was rejected. */ @@ -724,8 +724,8 @@ fmt_accept_message(struct client_closure *closure) } /* Sudo I/O logs only store start time in seconds. */ - tv.tv_sec = closure->evlog->submit_time.tv_sec; - tv.tv_nsec = closure->evlog->submit_time.tv_nsec; + tv.tv_sec = (int64_t)closure->evlog->submit_time.tv_sec; + tv.tv_nsec = (int32_t)closure->evlog->submit_time.tv_nsec; accept_msg.submit_time = &tv; /* Client will send IoBuffer messages. */ @@ -776,8 +776,8 @@ fmt_restart_message(struct client_closure *closure) "%s: sending RestartMessage, [%lld, %ld]", __func__, (long long)closure->restart.tv_sec, closure->restart.tv_nsec); - tv.tv_sec = closure->restart.tv_sec; - tv.tv_nsec = closure->restart.tv_nsec; + tv.tv_sec = (int64_t)closure->restart.tv_sec; + tv.tv_nsec = (int32_t)closure->restart.tv_nsec; restart_msg.resume_point = &tv; restart_msg.log_id = (char *)closure->iolog_id; @@ -811,8 +811,8 @@ fmt_exit_message(struct client_closure *closure) if (evlog->exit_value != -1) exit_msg.exit_value = evlog->exit_value; if (sudo_timespecisset(&evlog->run_time)) { - run_time.tv_sec = evlog->run_time.tv_sec; - run_time.tv_nsec = evlog->run_time.tv_nsec; + run_time.tv_sec = (int64_t)evlog->run_time.tv_sec; + run_time.tv_nsec = (int32_t)evlog->run_time.tv_nsec; exit_msg.run_time = &run_time; } if (evlog->signal_name != NULL) { @@ -863,8 +863,8 @@ fmt_io_buf(int type, struct client_closure *closure) /* Fill in IoBuffer. */ /* TODO: split buffer if it is too large */ - delay.tv_sec = closure->timing.delay.tv_sec; - delay.tv_nsec = closure->timing.delay.tv_nsec; + delay.tv_sec = (int64_t)closure->timing.delay.tv_sec; + delay.tv_nsec = (int32_t)closure->timing.delay.tv_nsec; iobuf_msg.delay = &delay; iobuf_msg.data.data = (void *)closure->buf; iobuf_msg.data.len = closure->timing.u.nbytes; @@ -901,8 +901,8 @@ fmt_winsize(struct client_closure *closure) debug_decl(fmt_winsize, SUDO_DEBUG_UTIL); /* Fill in ChangeWindowSize message. */ - delay.tv_sec = timing->delay.tv_sec; - delay.tv_nsec = timing->delay.tv_nsec; + delay.tv_sec = (int64_t)timing->delay.tv_sec; + delay.tv_nsec = (int32_t)timing->delay.tv_nsec; winsize_msg.delay = &delay; winsize_msg.rows = timing->u.winsize.lines; winsize_msg.cols = timing->u.winsize.cols; @@ -938,8 +938,8 @@ fmt_suspend(struct client_closure *closure) debug_decl(fmt_suspend, SUDO_DEBUG_UTIL); /* Fill in CommandSuspend message. */ - delay.tv_sec = timing->delay.tv_sec; - delay.tv_nsec = timing->delay.tv_nsec; + delay.tv_sec = (int64_t)timing->delay.tv_sec; + delay.tv_nsec = (int32_t)timing->delay.tv_nsec; suspend_msg.delay = &delay; if (sig2str(timing->u.signo, closure->buf) == -1) goto done; @@ -1359,7 +1359,7 @@ server_msg_cb(int fd, int what, void *v) default: break; } - buf->len += nread; + buf->len += (size_t)nread; while (buf->len - buf->off >= sizeof(msg_len)) { /* Read wire message size (uint32_t in network byte order). */ @@ -1473,7 +1473,7 @@ client_msg_cb(int fd, int what, void *v) sudo_warn("send"); goto bad; } - buf->off += nwritten; + buf->off += (size_t)nwritten; if (buf->off == buf->len) { /* sent entire message */ @@ -1742,7 +1742,7 @@ main(int argc, char *argv[]) goto bad; break; case 't': - nr_of_conns = sudo_strtonum(optarg, 1, INT_MAX, &errstr); + nr_of_conns = (int)sudo_strtonum(optarg, 1, INT_MAX, &errstr); if (errstr != NULL) { sudo_warnx(U_("%s: %s"), optarg, U_(errstr)); goto bad;