Fix some potential problems found by the clang static analyzer,

none serious.
2011-07-28 10:59:37 -04:00
parent 6365c779c0
commit 4f9a93f658
7 changed files with 55 additions and 36 deletions
--- a/plugins/sudoers/check.c
+++ b/plugins/sudoers/check.c
@@ -653,7 +653,8 @@ remove_timestamp(int remove)
 		    path, strerror(errno));
 		remove = FALSE;
 	    }
-	} else {
+	}
+	if (!remove) {
 	    timevalclear(&tv);
 	    if (touch(-1, path, &tv) == -1 && errno != ENOENT)
 		error(1, _("unable to reset %s to the epoch"), path);
--- a/plugins/sudoers/group_plugin.c
+++ b/plugins/sudoers/group_plugin.c
@@ -77,7 +77,6 @@ group_plugin_load(char *plugin_info)
    /*
     * Fill in .so path and split out args (if any).
     */
-    args = strpbrk(plugin_info, " \t");
    if ((args = strpbrk(plugin_info, " \t")) != NULL) {
 	len = snprintf(path, sizeof(path), "%s%.*s",
 	    (*plugin_info != '/') ? _PATH_SUDO_PLUGIN_DIR : "",
--- a/plugins/sudoers/ldap.c
+++ b/plugins/sudoers/ldap.c
@@ -2059,7 +2059,7 @@ sudo_ldap_setdefs(struct sudo_nss *nss)
 	}
 	result = NULL;
 	rc = ldap_search_ext_s(ld, base->val, LDAP_SCOPE_SUBTREE,
-	    filt, NULL, 0, NULL, NULL, NULL, 0, &result);
+	    filt, NULL, 0, NULL, NULL, tvp, 0, &result);
 	if (rc == LDAP_SUCCESS && (entry = ldap_first_entry(ld, result))) {
 	    DPRINTF(("found:%s", ldap_get_dn(ld, entry)), 1);
 	    sudo_ldap_parse_options(ld, entry);
@@ -2083,7 +2083,7 @@ sudo_ldap_lookup(struct sudo_nss *nss, int ret, int pwflag)
    struct sudo_ldap_handle *handle = nss->handle;
    LDAP *ld;
    LDAPMessage *entry;
-    int i, rc, setenv_implied, matched = UNSPEC;
+    int i, rc, setenv_implied;
    struct ldap_result *lres = NULL;

    if (handle == NULL || handle->ld == NULL)
@@ -2098,11 +2098,12 @@ sudo_ldap_lookup(struct sudo_nss *nss, int ret, int pwflag)
     * password is required, so the order of the entries doesn't matter.
     */
    if (pwflag) {
-	DPRINTF(("perform search for pwflag %d", pwflag), 1);
 	int doauth = UNSPEC;
+	int matched = UNSPEC;
 	enum def_tuple pwcheck = 
 	    (pwflag == -1) ? never : sudo_defs_table[pwflag].sd_un.tuple;

+	DPRINTF(("perform search for pwflag %d", pwflag), 1);
 	for (i = 0; i < lres->nentries; i++) {
 	    entry = lres->entries[i].entry;
 	    if ((pwcheck == any && doauth != FALSE) ||
@@ -2152,7 +2153,6 @@ sudo_ldap_lookup(struct sudo_nss *nss, int ret, int pwflag)
 	if (rc != UNSPEC) {
 	    /* We have a match. */
 	    DPRINTF(("Command %sallowed", rc == TRUE ? "" : "NOT "), 1);
-	    matched = TRUE;
 	    if (rc == TRUE) {
 		DPRINTF(("LDAP entry: %p", entry), 1);
 		/* Apply entry-specific options. */
@@ -2354,7 +2354,7 @@ sudo_ldap_result_get(struct sudo_nss *nss, struct passwd *pw)
 	    }
 	    result = NULL;
 	    rc = ldap_search_ext_s(ld, base->val, LDAP_SCOPE_SUBTREE, filt,
-		NULL, 0, NULL, NULL, NULL, 0, &result);
+		NULL, 0, NULL, NULL, tvp, 0, &result);
 	    if (rc != LDAP_SUCCESS) {
 		DPRINTF(("nothing found for '%s'", filt), 1);
 		continue;
--- a/plugins/sudoers/parse.c
+++ b/plugins/sudoers/parse.c
@@ -500,34 +500,29 @@ display_bound_defaults(int dtype, struct lbuf *lbuf)
 {
    struct defaults *d;
    struct member *m, *binding = NULL;
-    char *dname, *dsep;
+    char *dsep;
    int atype, nfound = 0;

    switch (dtype) {
 	case DEFAULTS_HOST:
 	    atype = HOSTALIAS;
-	    dname = "host";
 	    dsep = "@";
 	    break;
 	case DEFAULTS_USER:
 	    atype = USERALIAS;
-	    dname = "user";
 	    dsep = ":";
 	    break;
 	case DEFAULTS_RUNAS:
 	    atype = RUNASALIAS;
-	    dname = "runas";
 	    dsep = ">";
 	    break;
 	case DEFAULTS_CMND:
 	    atype = CMNDALIAS;
-	    dname = "cmnd";
 	    dsep = "!";
 	    break;
 	default:
 	    return -1;
    }
-    /* sudo_printf(SUDO_CONV_INFO_MSG, _("Per-%s Defaults entries:\n"), dname); */
    tq_foreach_fwd(&defaults, d) {
 	if (d->type != dtype)
 	    continue;
--- a/plugins/sudoers/set_perms.c
+++ b/plugins/sudoers/set_perms.c
@@ -98,7 +98,7 @@ rewind_perms(void)
 int
 set_perms(int perm)
 {
-    struct perm_state *state, *ostate = NULL;
+    struct perm_state *state, *ostate;
    const char *errstr;
    int noexit;

@@ -112,11 +112,16 @@ set_perms(int perm)
    }

    state = &perm_stack[perm_stack_depth];
-    if (perm_stack_depth)
+    if (perm != PERM_INITIAL) {
+	if (perm_stack_depth == 0) {
+	    errstr = _("perm stack underflow");
+	    errno = EINVAL;
+	    goto bad;
+	}
 	ostate = &perm_stack[perm_stack_depth - 1];
-
-    if (perm != PERM_INITIAL && memcmp(state, ostate, sizeof(*state)) == 0)
-	goto done;
+	if (memcmp(state, ostate, sizeof(*state)) == 0)
+	    goto done;
+    }

    switch (perm) {
    case PERM_INITIAL:
@@ -339,7 +344,7 @@ bad:
 int
 set_perms(int perm)
 {
-    struct perm_state *state, *ostate = NULL;
+    struct perm_state *state, *ostate;
    const char *errstr;
    int noexit;

@@ -353,11 +358,16 @@ set_perms(int perm)
    }

    state = &perm_stack[perm_stack_depth];
-    if (perm_stack_depth)
+    if (perm != PERM_INITIAL) {
+	if (perm_stack_depth == 0) {
+	    errstr = _("perm stack underflow");
+	    errno = EINVAL;
+	    goto bad;
+	}
 	ostate = &perm_stack[perm_stack_depth - 1];
-
-    if (perm != PERM_INITIAL && memcmp(state, ostate, sizeof(*state)) == 0)
-	goto done;
+	if (memcmp(state, ostate, sizeof(*state)) == 0)
+	    goto done;
+    }

    switch (perm) {
    case PERM_INITIAL:
@@ -566,7 +576,7 @@ bad:
 int
 set_perms(int perm)
 {
-    struct perm_state *state, *ostate = NULL;
+    struct perm_state *state, *ostate;
    const char *errstr;
    int noexit;

@@ -580,11 +590,16 @@ set_perms(int perm)
    }

    state = &perm_stack[perm_stack_depth];
-    if (perm_stack_depth)
+    if (perm != PERM_INITIAL) {
+	if (perm_stack_depth == 0) {
+	    errstr = _("perm stack underflow");
+	    errno = EINVAL;
+	    goto bad;
+	}
 	ostate = &perm_stack[perm_stack_depth - 1];
-
-    if (perm != PERM_INITIAL && memcmp(state, ostate, sizeof(*state)) == 0)
-	goto done;
+	if (memcmp(state, ostate, sizeof(*state)) == 0)
+	    goto done;
+    }

    /*
     * Since we only have setuid() and seteuid() and semantics
@@ -795,7 +810,7 @@ bad:
 int
 set_perms(int perm)
 {
-    struct perm_state *state, *ostate = NULL;
+    struct perm_state *state, *ostate;
    const char *errstr;
    int noexit;

@@ -809,11 +824,16 @@ set_perms(int perm)
    }

    state = &perm_stack[perm_stack_depth];
-    if (perm_stack_depth)
+    if (perm != PERM_INITIAL) {
+	if (perm_stack_depth == 0) {
+	    errstr = _("perm stack underflow");
+	    errno = EINVAL;
+	    goto bad;
+	}
 	ostate = &perm_stack[perm_stack_depth - 1];
-
-    if (perm != PERM_INITIAL && memcmp(state, ostate, sizeof(*state)) == 0)
-	goto done;
+	if (memcmp(state, ostate, sizeof(*state)) == 0)
+	    goto done;
+    }

    switch (perm) {
    case PERM_INITIAL:
--- a/plugins/sudoers/toke.c
+++ b/plugins/sudoers/toke.c
@@ -4,7 +4,7 @@
 /* A lexical scanner generated by flex */

 /* Scanner skeleton version:
- * $Header: /home/cvs/openbsd/src/usr.bin/lex/flex.skl,v 1.11 2010/08/04 18:24:50 millert Exp $
+ * $Header: /cvs/src/usr.bin/lex/flex.skl,v 1.11 2010/08/04 18:24:50 millert Exp $
 */

 #define FLEX_SCANNER
@@ -3609,8 +3609,10 @@ parse_include(char *base)

    /* Make a copy of path and return it. */
    len += (int)(ep - cp);
-    if ((path = malloc(len + 1)) == NULL)
+    if ((path = malloc(len + 1)) == NULL) {
 	yyerror(_("unable to allocate memory"));
+	return NULL;
+    }
    if (subst) {
 	/* substitute for %h */
 	char *pp = path;
--- a/plugins/sudoers/toke.l
+++ b/plugins/sudoers/toke.l
@@ -900,8 +900,10 @@ parse_include(char *base)

    /* Make a copy of path and return it. */
    len += (int)(ep - cp);
-    if ((path = malloc(len + 1)) == NULL)
+    if ((path = malloc(len + 1)) == NULL) {
 	yyerror(_("unable to allocate memory"));
+	return NULL;
+    }
    if (subst) {
 	/* substitute for %h */
 	char *pp = path;