diff --git a/plugins/sudoers/alias.c b/plugins/sudoers/alias.c index 118c6b23d..f7c728352 100644 --- a/plugins/sudoers/alias.c +++ b/plugins/sudoers/alias.c @@ -67,7 +67,7 @@ alias_compare(const void *v1, const void *v2) */ struct alias * alias_get(const struct sudoers_parse_tree *parse_tree, const char *name, - int type) + short type) { struct alias key; struct rbnode *node; @@ -114,8 +114,9 @@ alias_put(struct alias *a) * Returns true on success and false on failure, setting errno. */ bool -alias_add(struct sudoers_parse_tree *parse_tree, char *name, int type, - char *file, int line, int column, struct member *members) +alias_add(struct sudoers_parse_tree *parse_tree, char *name, + short type, char *file, int line, int column, + struct member *members) { struct alias *a; debug_decl(alias_add, SUDOERS_DEBUG_ALIAS); @@ -228,7 +229,8 @@ alias_free(void *v) * Find the named alias, remove it from the tree and return it. */ struct alias * -alias_remove(struct sudoers_parse_tree *parse_tree, const char *name, int type) +alias_remove(struct sudoers_parse_tree *parse_tree, const char *name, + short type) { struct rbnode *node; struct alias key; @@ -262,7 +264,7 @@ free_aliases(struct rbtree *aliases) } const char * -alias_type_to_string(int alias_type) +alias_type_to_string(short alias_type) { return alias_type == HOSTALIAS ? "Host_Alias" : alias_type == CMNDALIAS ? "Cmnd_Alias" : @@ -277,7 +279,7 @@ alias_type_to_string(int alias_type) */ static bool alias_remove_recursive(struct sudoers_parse_tree *parse_tree, char *name, - int type, struct rbtree *freelist) + short type, struct rbtree *freelist) { struct member *m; struct alias *a; @@ -299,7 +301,7 @@ alias_remove_recursive(struct sudoers_parse_tree *parse_tree, char *name, static int alias_find_used_members(struct sudoers_parse_tree *parse_tree, - struct member_list *members, int atype, struct rbtree *used_aliases) + struct member_list *members, short atype, struct rbtree *used_aliases) { struct member *m; int errors = 0; diff --git a/plugins/sudoers/auth/pam.c b/plugins/sudoers/auth/pam.c index 92cd2dd72..70651fb3e 100644 --- a/plugins/sudoers/auth/pam.c +++ b/plugins/sudoers/auth/pam.c @@ -683,7 +683,8 @@ converse(int num_msg, PAM_CONST struct pam_message **msg, sudo_debug_printf(SUDO_DEBUG_DEBUG|SUDO_DEBUG_LINENO, "number of PAM messages: %d", num_msg); - if ((reply = calloc(num_msg, sizeof(struct pam_response))) == NULL) { + reply = calloc((size_t)num_msg, sizeof(struct pam_response)); + if (reply == NULL) { sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); debug_return_int(PAM_BUF_ERR); } diff --git a/plugins/sudoers/auth/sudo_auth.c b/plugins/sudoers/auth/sudo_auth.c index 341f97d5a..b58b3f9a6 100644 --- a/plugins/sudoers/auth/sudo_auth.c +++ b/plugins/sudoers/auth/sudo_auth.c @@ -465,7 +465,7 @@ auth_getpass(const char *prompt, int type, struct sudo_conv_callback *callback) /* Call conversation function. */ memset(&msg, 0, sizeof(msg)); msg.msg_type = type; - msg.timeout = def_passwd_timeout.tv_sec; + msg.timeout = (int)def_passwd_timeout.tv_sec; msg.msg = prompt; memset(&repl, 0, sizeof(repl)); sudo_conv(1, &msg, &repl, callback); diff --git a/plugins/sudoers/b64_encode.c b/plugins/sudoers/b64_encode.c index 8832ba91a..7f95f5859 100644 --- a/plugins/sudoers/b64_encode.c +++ b/plugins/sudoers/b64_encode.c @@ -43,14 +43,14 @@ base64_encode(const unsigned char *in, size_t in_len, char *out, size_t out_len) rem -= 6; if (io >= out_len) debug_return_size_t((size_t)-1); /* truncation is failure */ - out[io++] = base64enc_tab[(v >> rem) & 63]; + out[io++] = (char)base64enc_tab[(v >> rem) & 63]; } } if (rem != 0) { v <<= (6 - rem); if (io >= out_len) debug_return_size_t((size_t)-1); /* truncation is failure */ - out[io++] = base64enc_tab[v&63]; + out[io++] = (char)base64enc_tab[v&63]; } while (io & 3) { if (io >= out_len) diff --git a/plugins/sudoers/check_aliases.c b/plugins/sudoers/check_aliases.c index 1b3d03009..be9f8260f 100644 --- a/plugins/sudoers/check_aliases.c +++ b/plugins/sudoers/check_aliases.c @@ -1,7 +1,7 @@ /* * SPDX-License-Identifier: ISC * - * Copyright (c) 2004-2005, 2007-2018, 2021-2022 + * Copyright (c) 2004-2005, 2007-2018, 2021-2023 * Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any @@ -109,7 +109,7 @@ alias_warnx(const char *file, int line, int column, bool strict, bool quiet, static int check_alias(struct sudoers_parse_tree *parse_tree, - struct alias_warned_list *warned, char *name, int type, + struct alias_warned_list *warned, char *name, short type, char *file, int line, int column, bool strict, bool quiet) { struct member *m; diff --git a/plugins/sudoers/cvtsudoers.c b/plugins/sudoers/cvtsudoers.c index 4b4a2a899..9c57aec34 100644 --- a/plugins/sudoers/cvtsudoers.c +++ b/plugins/sudoers/cvtsudoers.c @@ -206,7 +206,8 @@ main(int argc, char *argv[]) } break; case 'I': - conf->order_increment = sudo_strtonum(optarg, 1, UINT_MAX, &errstr); + conf->order_increment = + (unsigned int)sudo_strtonum(optarg, 1, UINT_MAX, &errstr); if (errstr != NULL) { sudo_warnx(U_("order increment: %s: %s"), optarg, U_(errstr)); usage(); @@ -225,7 +226,8 @@ main(int argc, char *argv[]) output_file = optarg; break; case 'O': - conf->sudo_order = sudo_strtonum(optarg, 0, UINT_MAX, &errstr); + conf->sudo_order = + (unsigned int)sudo_strtonum(optarg, 0, UINT_MAX, &errstr); if (errstr != NULL) { sudo_warnx(U_("starting order: %s: %s"), optarg, U_(errstr)); usage(); @@ -235,7 +237,8 @@ main(int argc, char *argv[]) conf->prune_matches = true; break; case 'P': - conf->order_padding = sudo_strtonum(optarg, 1, UINT_MAX, &errstr); + conf->order_padding = + (unsigned int)sudo_strtonum(optarg, 1, UINT_MAX, &errstr); if (errstr != NULL ) { sudo_warnx(U_("order padding: %s: %s"), optarg, U_(errstr)); usage(); @@ -522,8 +525,8 @@ cvtsudoers_parse_keyword(const char *conf_file, const char *keyword, break; case CONF_UINT: { - unsigned int uval = - sudo_strtonum(value, 0, UINT_MAX, &errstr); + unsigned int uval = + (unsigned int)sudo_strtonum(value, 0, UINT_MAX, &errstr); if (errstr != NULL) { sudo_warnx(U_("%s: %s: %s: %s"), conf_file, keyword, value, U_(errstr)); @@ -590,7 +593,7 @@ cvtsudoers_conf_read(const char *path) keyword = line; if ((value = strchr(line, '=')) == NULL || value == line) continue; - len = value - line; + len = (size_t)(value - line); /* Trim whitespace after keyword and NUL-terminate. */ while (len > 0 && isblank((unsigned char)line[len - 1])) @@ -870,7 +873,7 @@ hostlist_matches_filter(struct sudoers_parse_tree *parse_tree, char *lhost, *shost; bool ret = false; char **shosts; - int n = 0; + size_t n = 0; debug_decl(hostlist_matches_filter, SUDOERS_DEBUG_UTIL); if (filters == NULL || STAILQ_EMPTY(&filters->hosts)) @@ -1132,7 +1135,7 @@ filter_userspecs(struct sudoers_parse_tree *parse_tree, */ static bool alias_matches(struct sudoers_parse_tree *parse_tree, const char *name, - const char *alias_name, int alias_type) + const char *alias_name, short alias_type) { struct alias *a; struct member *m; @@ -1249,7 +1252,7 @@ alias_used_by_userspecs(struct sudoers_parse_tree *parse_tree, */ static void free_aliases_by_members(struct sudoers_parse_tree *parse_tree, - struct member_list *members, int type) + struct member_list *members, short type) { struct member *m; struct alias *a; @@ -1277,7 +1280,7 @@ filter_defaults(struct sudoers_parse_tree *parse_tree, struct member_list cmnd_aliases = TAILQ_HEAD_INITIALIZER(cmnd_aliases); struct defaults *def, *def_next; struct member *m, *m_next; - int alias_type; + short alias_type; debug_decl(filter_defaults, SUDOERS_DEBUG_DEFAULTS); if (filters == NULL && conf->defaults == CVT_DEFAULTS_ALL) diff --git a/plugins/sudoers/cvtsudoers.h b/plugins/sudoers/cvtsudoers.h index 9f0475e47..a0297a969 100644 --- a/plugins/sudoers/cvtsudoers.h +++ b/plugins/sudoers/cvtsudoers.h @@ -48,8 +48,8 @@ struct cvtsudoers_config { unsigned int order_increment; unsigned int order_padding; unsigned int order_max; - short defaults; - short suppress; + int defaults; + int suppress; bool store_options; bool expand_aliases; bool prune_matches; diff --git a/plugins/sudoers/cvtsudoers_csv.c b/plugins/sudoers/cvtsudoers_csv.c index d37da233f..1358164ab 100644 --- a/plugins/sudoers/cvtsudoers_csv.c +++ b/plugins/sudoers/cvtsudoers_csv.c @@ -36,7 +36,7 @@ #include "cvtsudoers.h" #include -static void print_member_list_csv(FILE *fp, const struct sudoers_parse_tree *parse_tree, struct member_list *members, bool negated, int alias_type, bool expand_aliases); +static void print_member_list_csv(FILE *fp, const struct sudoers_parse_tree *parse_tree, struct member_list *members, bool negated, short alias_type, bool expand_aliases); /* * Print sudoOptions from a defaults_list. @@ -88,7 +88,7 @@ defaults_type_to_string(int defaults_type) /* * Map a Defaults type to an alias type. */ -static int +static short defaults_to_alias_type(int defaults_type) { switch (defaults_type) { @@ -185,7 +185,7 @@ format_cmnd(struct sudo_command *c, bool negated) cp = buf; TAILQ_FOREACH(digest, &c->digests, entries) { - len = snprintf(cp, bufsiz - (cp - buf), "%s:%s%s ", + len = snprintf(cp, bufsiz - (size_t)(cp - buf), "%s:%s%s ", digest_type_to_name(digest->digest_type), digest->digest_str, TAILQ_NEXT(digest, entries) ? "," : ""); if (len < 0 || len >= (int)bufsiz - (cp - buf)) @@ -193,8 +193,8 @@ format_cmnd(struct sudo_command *c, bool negated) cp += len; } - len = snprintf(cp, bufsiz - (cp - buf), "%s%s%s%s", negated ? "!" : "", - cmnd, c->args ? " " : "", c->args ? c->args : ""); + len = snprintf(cp, bufsiz - (size_t)(cp - buf), "%s%s%s%s", + negated ? "!" : "", cmnd, c->args ? " " : "", c->args ? c->args : ""); if (len < 0 || len >= (int)bufsiz - (cp - buf)) sudo_fatalx(U_("internal error, %s overflow"), __func__); @@ -207,7 +207,7 @@ format_cmnd(struct sudo_command *c, bool negated) */ static void print_member_csv(FILE *fp, const struct sudoers_parse_tree *parse_tree, - char *name, int type, bool negated, bool quoted, int alias_type, + char *name, int type, bool negated, bool quoted, short alias_type, bool expand_aliases) { struct alias *a; @@ -260,7 +260,7 @@ print_member_csv(FILE *fp, const struct sudoers_parse_tree *parse_tree, */ static void print_member_list_csv(FILE *fp, const struct sudoers_parse_tree *parse_tree, - struct member_list *members, bool negated, int alias_type, + struct member_list *members, bool negated, short alias_type, bool expand_aliases) { struct member *m, *next; @@ -292,7 +292,7 @@ print_defaults_binding_csv(FILE *fp, const struct sudoers_parse_tree *parse_tree, struct defaults_binding *binding, int type, bool expand_aliases) { - int alias_type; + short alias_type; debug_decl(print_defaults_binding_csv, SUDOERS_DEBUG_UTIL); if (type != DEFAULTS) { @@ -432,7 +432,7 @@ print_cmndspec_csv(FILE *fp, const struct sudoers_parse_tree *parse_tree, struct member *m; struct tm gmt; bool last_one, quoted = false; - int len; + size_t len; debug_decl(print_cmndspec_csv, SUDOERS_DEBUG_UTIL); if (cs->runasuserlist != NULL) { diff --git a/plugins/sudoers/cvtsudoers_json.c b/plugins/sudoers/cvtsudoers_json.c index 40c351a73..a78243f5c 100644 --- a/plugins/sudoers/cvtsudoers_json.c +++ b/plugins/sudoers/cvtsudoers_json.c @@ -42,7 +42,7 @@ struct json_alias_closure { struct json_container *jsonc; const char *title; unsigned int count; - int alias_type; + short alias_type; }; /* @@ -115,7 +115,7 @@ print_command_json(struct json_container *jsonc, const char *name, bool negated) * Map an alias type to enum word_type. */ static enum word_type -alias_to_word_type(int alias_type) +alias_to_word_type(short alias_type) { switch (alias_type) { case CMNDALIAS: @@ -162,7 +162,7 @@ print_member_json_int(struct json_container *jsonc, struct json_value value; const char *typestr = NULL; const char *errstr; - int alias_type = UNSPEC; + short alias_type = UNSPEC; id_t id; debug_decl(print_member_json_int, SUDOERS_DEBUG_UTIL); @@ -535,7 +535,7 @@ print_defaults_json(struct json_container *jsonc, */ static void print_aliases_by_type_json(struct json_container *jsonc, - const struct sudoers_parse_tree *parse_tree, int alias_type, + const struct sudoers_parse_tree *parse_tree, short alias_type, const char *title) { struct json_alias_closure closure; @@ -608,7 +608,7 @@ print_cmndspec_json(struct json_container *jsonc, struct defaults *def; struct member *m; struct tm gmt; - int len; + size_t len; debug_decl(print_cmndspec_json, SUDOERS_DEBUG_UTIL); /* Open Cmnd_Spec object. */ diff --git a/plugins/sudoers/cvtsudoers_ldif.c b/plugins/sudoers/cvtsudoers_ldif.c index 41962aa7b..0724094e7 100644 --- a/plugins/sudoers/cvtsudoers_ldif.c +++ b/plugins/sudoers/cvtsudoers_ldif.c @@ -67,7 +67,8 @@ seen_user_free(void *v) static bool safe_string(const char *str) { - unsigned int ch = *str++; + const unsigned char *ustr = (const unsigned char *)str; + unsigned char ch = *ustr++; debug_decl(safe_string, SUDOERS_DEBUG_UTIL); /* Initial char must be <= 127 and not LF, CR, SPACE, ':', '<' */ @@ -86,7 +87,7 @@ safe_string(const char *str) } /* Any value <= 127 decimal except NUL, LF, and CR is safe */ - while ((ch = *str++) != '\0') { + while ((ch = *ustr++) != '\0') { if (ch > 127 || ch == '\n' || ch == '\r') debug_return_bool(false); } @@ -237,7 +238,7 @@ format_cmnd(struct sudo_command *c, bool negated) cp = buf; TAILQ_FOREACH(digest, &c->digests, entries) { - len = snprintf(cp, bufsiz - (cp - buf), "%s:%s%s ", + len = snprintf(cp, bufsiz - (size_t)(cp - buf), "%s:%s%s ", digest_type_to_name(digest->digest_type), digest->digest_str, TAILQ_NEXT(digest, entries) ? "," : ""); if (len < 0 || len >= (int)bufsiz - (cp - buf)) @@ -245,8 +246,8 @@ format_cmnd(struct sudo_command *c, bool negated) cp += len; } - len = snprintf(cp, bufsiz - (cp - buf), "%s%s%s%s", negated ? "!" : "", - cmnd, c->args ? " " : "", c->args ? c->args : ""); + len = snprintf(cp, bufsiz - (size_t)(cp - buf), "%s%s%s%s", + negated ? "!" : "", cmnd, c->args ? " " : "", c->args ? c->args : ""); if (len < 0 || len >= (int)bufsiz - (cp - buf)) sudo_fatalx(U_("internal error, %s overflow"), __func__); @@ -259,7 +260,8 @@ format_cmnd(struct sudo_command *c, bool negated) */ static void print_member_ldif(FILE *fp, const struct sudoers_parse_tree *parse_tree, - char *name, int type, bool negated, int alias_type, const char *attr_name) + char *name, int type, bool negated, short alias_type, + const char *attr_name) { struct alias *a; struct member *m; @@ -322,7 +324,7 @@ print_cmndspec_ldif(FILE *fp, const struct sudoers_parse_tree *parse_tree, struct tm gmt; char *attr_val; bool last_one; - int len; + size_t len; debug_decl(print_cmndspec_ldif, SUDOERS_DEBUG_UTIL); /* Print runasuserlist as sudoRunAsUser attributes */ diff --git a/plugins/sudoers/cvtsudoers_merge.c b/plugins/sudoers/cvtsudoers_merge.c index 3afd5db90..a64c7614d 100644 --- a/plugins/sudoers/cvtsudoers_merge.c +++ b/plugins/sudoers/cvtsudoers_merge.c @@ -37,7 +37,7 @@ #include static struct member * -new_member(const char *name, int type) +new_member(const char *name, short type) { struct member *m; debug_decl(digest_list_equivalent, SUDOERS_DEBUG_PARSER); @@ -324,7 +324,7 @@ simplify_host_list(struct member_list *hosts, const char *file, int line, * subsequent parse_trees or merged_tree. */ static char * -alias_make_unique(const char *old_name, int type, +alias_make_unique(const char *old_name, short type, struct sudoers_parse_tree *parse_tree0, struct sudoers_parse_tree *merged_tree) { @@ -407,7 +407,7 @@ alias_rename_members(struct sudoers_parse_tree *parse_tree, struct alias *a, static void alias_rename_defaults(const char *old_name, const char *new_name, - int alias_type, struct defaults_list *defaults) + short alias_type, struct defaults_list *defaults) { struct defaults *def, *def_next; struct member *m; @@ -489,7 +489,7 @@ alias_rename_member_list(const char *old_name, const char *new_name, static bool alias_rename_userspecs(const char *old_name, const char *new_name, - int alias_type, struct userspec_list *userspecs) + short alias_type, struct userspec_list *userspecs) { struct privilege *priv; struct cmndspec *cs; @@ -531,8 +531,8 @@ alias_rename_userspecs(const char *old_name, const char *new_name, * Rename an alias in parse_tree and all the places where it is used. */ static bool -alias_rename(const char *old_name, const char *new_name, int alias_type, - struct sudoers_parse_tree *parse_tree) +alias_rename(const char *old_name, const char *new_name, + short alias_type, struct sudoers_parse_tree *parse_tree) { struct alias_rename_closure closure = { old_name, new_name, alias_type }; struct alias *a; diff --git a/plugins/sudoers/cvtsudoers_pwutil.c b/plugins/sudoers/cvtsudoers_pwutil.c index 64308457a..287ba815f 100644 --- a/plugins/sudoers/cvtsudoers_pwutil.c +++ b/plugins/sudoers/cvtsudoers_pwutil.c @@ -325,7 +325,7 @@ cvtsudoers_make_gidlist_item(const struct passwd *pw, char * const *unused1, /* Allocate gids[] array and fill it with parsed gids. */ if (ngids != 0) { - gids = reallocarray(NULL, ngids, sizeof(GETGROUPS_T)); + gids = reallocarray(NULL, (size_t)ngids, sizeof(GETGROUPS_T)); if (gids == NULL) { sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, "unable to allocate memory"); @@ -352,7 +352,7 @@ cvtsudoers_make_gidlist_item(const struct passwd *pw, char * const *unused1, /* Allocate in one big chunk for easy freeing. */ nsize = strlen(pw->pw_name) + 1; total = sizeof(*glitem) + nsize; - total += sizeof(gid_t *) * ngids; + total += sizeof(gid_t *) * (size_t)ngids; if ((glitem = calloc(1, total)) == NULL) { sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, @@ -369,7 +369,7 @@ cvtsudoers_make_gidlist_item(const struct passwd *pw, char * const *unused1, gidlist = &glitem->gidlist; cp = (char *)(glitem + 1); gidlist->gids = (gid_t *)cp; - cp += sizeof(gid_t) * ngids; + cp += sizeof(gid_t) * (size_t)ngids; /* Set key and datum. */ memcpy(cp, pw->pw_name, nsize); @@ -421,7 +421,7 @@ cvtsudoers_make_grlist_item(const struct passwd *pw, char * const *unused1) } #ifdef _SC_LOGIN_NAME_MAX - groupname_len = MAX(sysconf(_SC_LOGIN_NAME_MAX), 32); + groupname_len = MAX((size_t)sysconf(_SC_LOGIN_NAME_MAX), 32); #else groupname_len = MAX(LOGIN_NAME_MAX, 32); #endif @@ -469,7 +469,7 @@ again: } } len = strlen(s->str) + 1; - if (cp - (char *)grlitem + len > total) { + if ((size_t)(cp - (char *)grlitem) + len > total) { total += len + groupname_len; free(grlitem); goto again; @@ -478,7 +478,7 @@ again: grlist->groups[ngroups++] = cp; cp += len; } - grlist->ngroups = ngroups; + grlist->ngroups = (int)ngroups; debug_return_ptr(&grlitem->cache); } diff --git a/plugins/sudoers/defaults.c b/plugins/sudoers/defaults.c index 6f9511687..560c2d13b 100644 --- a/plugins/sudoers/defaults.c +++ b/plugins/sudoers/defaults.c @@ -131,8 +131,8 @@ dump_defaults(void) break; case T_TIMESPEC: { /* display timespec in minutes as a double */ - double d = cur->sd_un.tspec.tv_sec + - (cur->sd_un.tspec.tv_nsec / 1000000000.0); + double d = (double)cur->sd_un.tspec.tv_sec + + ((double)cur->sd_un.tspec.tv_nsec / 1000000000.0); sudo_printf(SUDO_CONV_INFO_MSG, desc, d / 60.0); sudo_printf(SUDO_CONV_INFO_MSG, "\n"); break; @@ -817,8 +817,7 @@ check_defaults(const struct sudoers_parse_tree *parse_tree, bool quiet) continue; } } - /* There was an error in the entry, flag it. */ - d->error = true; + /* There was an error in the entry. */ ret = false; } debug_return_bool(ret); @@ -834,7 +833,7 @@ store_int(const char *str, struct sudo_defs_types *def) if (str == NULL) { def->sd_un.ival = 0; } else { - i = sudo_strtonum(str, INT_MIN, INT_MAX, &errstr); + i = (int)sudo_strtonum(str, INT_MIN, INT_MAX, &errstr); if (errstr != NULL) { sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, "%s: %s", str, errstr); @@ -855,7 +854,7 @@ store_uint(const char *str, struct sudo_defs_types *def) if (str == NULL) { def->sd_un.uival = 0; } else { - u = sudo_strtonum(str, 0, UINT_MAX, &errstr); + u = (unsigned int)sudo_strtonum(str, 0, UINT_MAX, &errstr); if (errstr != NULL) { sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, "%s: %s", str, errstr); @@ -1043,7 +1042,7 @@ store_list(const char *str, struct sudo_defs_types *def, int op) } else { for (cp = sudo_strsplit(str, end, " \t", &ep); cp != NULL; cp = sudo_strsplit(NULL, end, " \t", &ep)) { - if (!list_op(cp, ep - cp, &def->sd_un.list, lop)) + if (!list_op(cp, (size_t)(ep - cp), &def->sd_un.list, lop)) debug_return_bool(false); } } diff --git a/plugins/sudoers/defaults.h b/plugins/sudoers/defaults.h index bff850b9c..fe7dfb17c 100644 --- a/plugins/sudoers/defaults.h +++ b/plugins/sudoers/defaults.h @@ -74,10 +74,10 @@ struct sudo_defs_types { * Defaults values to apply before others. */ struct early_default { - short idx; - short run_callback; - short line; - short column; + int idx; + int run_callback; + int line; + int column; char *file; }; diff --git a/plugins/sudoers/display.c b/plugins/sudoers/display.c index 431798014..3836d2338 100644 --- a/plugins/sudoers/display.c +++ b/plugins/sudoers/display.c @@ -343,7 +343,8 @@ display_bound_defaults_by_type(struct sudoers_parse_tree *parse_tree, struct defaults_binding *binding = NULL; struct member *m; const char *dsep; - int atype, nfound = 0; + short atype; + int nfound = 0; debug_decl(display_bound_defaults_by_type, SUDOERS_DEBUG_PARSER); switch (deftype) { @@ -425,7 +426,7 @@ output(const char *buf) memset(&repl, 0, sizeof(repl)); if (sudo_conv(1, &msg, &repl, NULL) == -1) debug_return_int(0); - debug_return_int(strlen(buf)); + debug_return_int((int)strlen(buf)); } /* @@ -437,8 +438,9 @@ display_privs(struct sudo_nss_list *snl, struct passwd *pw, bool verbose) { struct sudo_nss *nss; struct sudo_lbuf def_buf, priv_buf; + int cols, count, n; + unsigned int olen; struct stat sb; - int cols, count, olen, n; debug_decl(display_privs, SUDOERS_DEBUG_PARSER); cols = sudo_user.cols; diff --git a/plugins/sudoers/editor.c b/plugins/sudoers/editor.c index ed46a44ce..8900bfb9c 100644 --- a/plugins/sudoers/editor.c +++ b/plugins/sudoers/editor.c @@ -65,7 +65,7 @@ wordsplit(const char *str, const char *endstr, const char **last) if (*str == '"' || *str == '\'') { const char *endquote; for (cp = str + 1; cp < endstr; cp = endquote + 1) { - endquote = memchr(cp, *str, endstr - cp); + endquote = memchr(cp, *str, (size_t)(endstr - cp)); if (endquote == NULL) break; /* ignore escaped quotes */ @@ -142,7 +142,7 @@ resolve_editor(const char *ed, size_t edlen, int nfiles, char * const *files, cp = wordsplit(ed, edend, &ep); if (cp == NULL) debug_return_str(NULL); - editor = copy_arg(cp, ep - cp); + editor = copy_arg(cp, (size_t)(ep - cp)); if (editor == NULL) goto oom; @@ -158,7 +158,7 @@ resolve_editor(const char *ed, size_t edlen, int nfiles, char * const *files, nargc++; if (nfiles != 0) nargc += nfiles + 1; - nargv = reallocarray(NULL, nargc + 1, sizeof(char *)); + nargv = reallocarray(NULL, (size_t)(nargc + 1), sizeof(char *)); if (nargv == NULL) goto oom; sudoers_gc_add(GC_PTR, nargv); @@ -168,7 +168,7 @@ resolve_editor(const char *ed, size_t edlen, int nfiles, char * const *files, editor = NULL; for (nargc = 1; (cp = wordsplit(NULL, edend, &ep)) != NULL; nargc++) { /* Copy string, collapsing chars escaped with a backslash. */ - nargv[nargc] = copy_arg(cp, ep - cp); + nargv[nargc] = copy_arg(cp, (size_t)(ep - cp)); if (nargv[nargc] == NULL) goto oom; diff --git a/plugins/sudoers/env.c b/plugins/sudoers/env.c index 73f017a5c..1bded9010 100644 --- a/plugins/sudoers/env.c +++ b/plugins/sudoers/env.c @@ -391,7 +391,7 @@ sudo_putenv_nodebug(char *str, bool dupcheck, bool overwrite) ep--; } } - env.env_len = ep - env.envp; + env.env_len = (size_t)(ep - env.envp); } } @@ -1174,9 +1174,10 @@ validate_env_vars(char * const env_vars[]) if (okvar == false) { /* Not allowed, append to error buffer if space remains. */ if (errpos < &errbuf[sizeof(errbuf)]) { - size_t varlen = strcspn(*ep, "="); - int len = snprintf(errpos, sizeof(errbuf) - (errpos - errbuf), - "%s%.*s", errpos != errbuf ? ", " : "", (int)varlen, *ep); + const size_t varlen = strcspn(*ep, "="); + const size_t errsize = sizeof(errbuf) - (size_t)(errpos - errbuf); + int len = snprintf(errpos, errsize, "%s%.*s", + errpos != errbuf ? ", " : "", (int)varlen, *ep); if (len >= ssizeof(errbuf) - (errpos - errbuf)) { memcpy(&errbuf[sizeof(errbuf) - 4], "...", 4); errpos = &errbuf[sizeof(errbuf)]; diff --git a/plugins/sudoers/filedigest.c b/plugins/sudoers/filedigest.c index 6954e7c5a..e65817f60 100644 --- a/plugins/sudoers/filedigest.c +++ b/plugins/sudoers/filedigest.c @@ -45,7 +45,7 @@ sudo_filedigest(int fd, const char *file, unsigned int digest_type, int fd2; debug_decl(sudo_filedigest, SUDOERS_DEBUG_UTIL); - *digest_len = sudo_digest_getlen(digest_type); + *digest_len = (size_t)sudo_digest_getlen(digest_type); if (*digest_len == (size_t)-1) { sudo_warnx(U_("unsupported digest type %u for %s"), digest_type, file); debug_return_ptr(NULL); diff --git a/plugins/sudoers/fmtsudoers.c b/plugins/sudoers/fmtsudoers.c index 03cc242ae..5f38953d1 100644 --- a/plugins/sudoers/fmtsudoers.c +++ b/plugins/sudoers/fmtsudoers.c @@ -41,7 +41,7 @@ static bool sudoers_format_member_int(struct sudo_lbuf *lbuf, const struct sudoers_parse_tree *parse_tree, char *name, int type, - bool negated, const char *separator, int alias_type) + bool negated, const char *separator, short alias_type) { struct alias *a; struct member *m; @@ -137,7 +137,7 @@ sudoers_format_member_int(struct sudo_lbuf *lbuf, bool sudoers_format_member(struct sudo_lbuf *lbuf, const struct sudoers_parse_tree *parse_tree, struct member *m, - const char *separator, int alias_type) + const char *separator, short alias_type) { return sudoers_format_member_int(lbuf, parse_tree, m->name, m->type, m->negated, separator, alias_type); diff --git a/plugins/sudoers/fmtsudoers_cvt.c b/plugins/sudoers/fmtsudoers_cvt.c index 9f683da22..fe52d8da7 100644 --- a/plugins/sudoers/fmtsudoers_cvt.c +++ b/plugins/sudoers/fmtsudoers_cvt.c @@ -168,7 +168,7 @@ sudoers_format_default_line(struct sudo_lbuf *lbuf, struct defaults **next, bool expand_aliases) { struct member *m; - int alias_type; + short alias_type; debug_decl(sudoers_format_default_line, SUDOERS_DEBUG_UTIL); /* Print Defaults type and binding (if present) */ diff --git a/plugins/sudoers/getdate.c b/plugins/sudoers/getdate.c index c1d2e7846..25ebd7b14 100644 --- a/plugins/sudoers/getdate.c +++ b/plugins/sudoers/getdate.c @@ -2188,7 +2188,7 @@ LookupWord(char *buff) /* Make it lowercase. */ for (p = buff; *p; p++) { if (isupper((unsigned char)*p)) - *p = tolower((unsigned char)*p); + *p = (char)tolower((unsigned char)*p); } if ((bufflen = (int)(p - buff)) == 0) return '\0'; diff --git a/plugins/sudoers/getdate.y b/plugins/sudoers/getdate.y index ba602aeb0..c55ce3660 100644 --- a/plugins/sudoers/getdate.y +++ b/plugins/sudoers/getdate.y @@ -654,7 +654,7 @@ LookupWord(char *buff) /* Make it lowercase. */ for (p = buff; *p; p++) { if (isupper((unsigned char)*p)) - *p = tolower((unsigned char)*p); + *p = (char)tolower((unsigned char)*p); } if ((bufflen = (int)(p - buff)) == 0) return '\0'; diff --git a/plugins/sudoers/gram.c b/plugins/sudoers/gram.c index e403c223a..21c888bdd 100644 --- a/plugins/sudoers/gram.c +++ b/plugins/sudoers/gram.c @@ -2932,7 +2932,7 @@ yyreduce: #line 1024 "gram.y" { alias_line = this_lineno; - alias_column = sudolinebuf.toke_start + 1; + alias_column = (int)sudolinebuf.toke_start + 1; } #line 2932 "gram.c" break; @@ -2965,7 +2965,7 @@ yyreduce: #line 1051 "gram.y" { alias_line = this_lineno; - alias_column = sudolinebuf.toke_start + 1; + alias_column = (int)sudolinebuf.toke_start + 1; } #line 2965 "gram.c" break; @@ -2998,7 +2998,7 @@ yyreduce: #line 1078 "gram.y" { alias_line = this_lineno; - alias_column = sudolinebuf.toke_start + 1; + alias_column = (int)sudolinebuf.toke_start + 1; } #line 2998 "gram.c" break; @@ -3021,7 +3021,7 @@ yyreduce: #line 1097 "gram.y" { alias_line = this_lineno; - alias_column = sudolinebuf.toke_start + 1; + alias_column = (int)sudolinebuf.toke_start + 1; } #line 3021 "gram.c" break; diff --git a/plugins/sudoers/gram.y b/plugins/sudoers/gram.y index 358dae275..28d79b785 100644 --- a/plugins/sudoers/gram.y +++ b/plugins/sudoers/gram.y @@ -1023,7 +1023,7 @@ hostaliases : hostalias hostalias : ALIAS { alias_line = this_lineno; - alias_column = sudolinebuf.toke_start + 1; + alias_column = (int)sudolinebuf.toke_start + 1; } '=' hostlist { if (!alias_add(&parsed_policy, $1, HOSTALIAS, sudoers, alias_line, alias_column, $4)) { @@ -1050,7 +1050,7 @@ cmndaliases : cmndalias cmndalias : ALIAS { alias_line = this_lineno; - alias_column = sudolinebuf.toke_start + 1; + alias_column = (int)sudolinebuf.toke_start + 1; } '=' cmndlist { if (!alias_add(&parsed_policy, $1, CMNDALIAS, sudoers, alias_line, alias_column, $4)) { @@ -1077,7 +1077,7 @@ runasaliases : runasalias runasalias : ALIAS { alias_line = this_lineno; - alias_column = sudolinebuf.toke_start + 1; + alias_column = (int)sudolinebuf.toke_start + 1; } '=' userlist { if (!alias_add(&parsed_policy, $1, RUNASALIAS, sudoers, alias_line, alias_column, $4)) { @@ -1096,7 +1096,7 @@ useraliases : useralias useralias : ALIAS { alias_line = this_lineno; - alias_column = sudolinebuf.toke_start + 1; + alias_column = (int)sudolinebuf.toke_start + 1; } '=' userlist { if (!alias_add(&parsed_policy, $1, USERALIAS, sudoers, alias_line, alias_column, $4)) { diff --git a/plugins/sudoers/group_plugin.c b/plugins/sudoers/group_plugin.c index cf46f7208..30b08da5c 100644 --- a/plugins/sudoers/group_plugin.c +++ b/plugins/sudoers/group_plugin.c @@ -80,7 +80,7 @@ group_plugin_fallback(char *path, size_t pathsize) } /* If directory ends in /lib/, try again with /lib/64/ or /lib64/. */ - dirlen = slash - path; + dirlen = (int)(slash - path); if (dirlen < 4 || strncmp(slash - 4, "/lib", 4) != 0) { goto done; } @@ -98,7 +98,7 @@ group_plugin_fallback(char *path, size_t pathsize) if (dot == NULL) { goto done; } - plen = dot - path; + plen = (int)(dot - path); /* If basename(path) doesn't match libfoo64.so, try adding the 64. */ if (plen >= 2 && strncmp(dot - 2, "64", 2) == 0) { @@ -206,7 +206,7 @@ group_plugin_load(const char *plugin_info) } } if (ac != 0) { - argv = reallocarray(NULL, ac + 1, sizeof(char *)); + argv = reallocarray(NULL, (size_t)(ac + 1), sizeof(char *)); if (argv == NULL) { sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); diff --git a/plugins/sudoers/iolog.c b/plugins/sudoers/iolog.c index 3eded30cc..e5ec0d836 100644 --- a/plugins/sudoers/iolog.c +++ b/plugins/sudoers/iolog.c @@ -89,7 +89,7 @@ cb_maxseq(const char *file, int line, int column, unsigned int value; debug_decl(cb_maxseq, SUDOERS_DEBUG_UTIL); - value = sudo_strtonum(sd_un->str, 0, SESSID_MAX, &errstr); + value = (unsigned int)sudo_strtonum(sd_un->str, 0, SESSID_MAX, &errstr); if (errstr != NULL) { if (errno != ERANGE) { sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, @@ -234,7 +234,7 @@ deserialize_stringlist(const char *s) continue; if ((str = malloc(sizeof(*str))) == NULL) goto bad; - if ((str->str = strndup(cp, (ep - cp))) == NULL) { + if ((str->str = strndup(cp, (size_t)(ep - cp))) == NULL) { free(str); goto bad; } @@ -317,8 +317,8 @@ iolog_deserialize_info(struct log_details *details, char * const user_info[], switch (**cur) { case 'c': if (strncmp(*cur, "cols=", sizeof("cols=") - 1) == 0) { - int n = sudo_strtonum(*cur + sizeof("cols=") - 1, 1, INT_MAX, - NULL); + int n = (int)sudo_strtonum(*cur + sizeof("cols=") - 1, 1, + INT_MAX, NULL); if (n > 0) evlog->columns = n; continue; @@ -342,8 +342,8 @@ iolog_deserialize_info(struct log_details *details, char * const user_info[], break; case 'l': if (strncmp(*cur, "lines=", sizeof("lines=") - 1) == 0) { - int n = sudo_strtonum(*cur + sizeof("lines=") - 1, 1, INT_MAX, - NULL); + int n = (int)sudo_strtonum(*cur + sizeof("lines=") - 1, 1, + INT_MAX, NULL); if (n > 0) evlog->lines = n; continue; @@ -1132,7 +1132,7 @@ sudoers_io_change_winsize_local(unsigned int lines, unsigned int cols, *errstr = strerror(EOVERFLOW); goto done; } - if (iolog_write(&iolog_files[IOFD_TIMING], tbuf, len, errstr) == -1) + if (iolog_write(&iolog_files[IOFD_TIMING], tbuf, (size_t)len, errstr) == -1) goto done; /* Success. */ diff --git a/plugins/sudoers/iolog_path_escapes.c b/plugins/sudoers/iolog_path_escapes.c index a3a9bc006..c5483c3e8 100644 --- a/plugins/sudoers/iolog_path_escapes.c +++ b/plugins/sudoers/iolog_path_escapes.c @@ -55,7 +55,7 @@ fill_seq(char *str, size_t strsize, void *v) sessid[1], sessid[2], sessid[3], sessid[4], sessid[5]); if (len < 0) debug_return_size_t(strsize); /* handle non-standard snprintf() */ - debug_return_size_t(len); + debug_return_size_t((size_t)len); #endif /* SUDOERS_NO_SEQ */ } @@ -77,7 +77,7 @@ fill_group(char *str, size_t strsize, void *unused) len = strlcpy(str, grp->gr_name, strsize); sudo_gr_delref(grp); } else { - len = snprintf(str, strsize, "#%u", (unsigned int)user_gid); + len = (size_t)snprintf(str, strsize, "#%u", (unsigned int)user_gid); } debug_return_size_t(len); } @@ -103,7 +103,8 @@ fill_runas_group(char *str, size_t strsize, void *unused) len = strlcpy(str, grp->gr_name, strsize); sudo_gr_delref(grp); } else { - len = snprintf(str, strsize, "#%u", (unsigned int)runas_pw->pw_gid); + len = (size_t)snprintf(str, strsize, "#%u", + (unsigned int)runas_pw->pw_gid); } } debug_return_size_t(len); diff --git a/plugins/sudoers/ldap.c b/plugins/sudoers/ldap.c index 7271bf849..1f4030fc4 100644 --- a/plugins/sudoers/ldap.c +++ b/plugins/sudoers/ldap.c @@ -163,7 +163,7 @@ sudo_ldap_join_uri(struct ldap_config_str_list *uri_list) char *cp = buf; STAILQ_FOREACH(uri, uri_list, entries) { - cp += strlcpy(cp, uri->val, len - (cp - buf)); + cp += strlcpy(cp, uri->val, len - (size_t)(cp - buf)); *cp++ = ' '; } cp[-1] = '\0'; @@ -484,7 +484,8 @@ sudo_ldap_timefilter(char *buffer, size_t buffersize) bool ret = false; struct tm gmt; time_t now; - int len; + size_t tblen; + int buflen; debug_decl(sudo_ldap_timefilter, SUDOERS_DEBUG_LDAP); /* Make sure we have a formatted timestamp for __now__. */ @@ -496,16 +497,16 @@ sudo_ldap_timefilter(char *buffer, size_t buffersize) /* Format the timestamp according to the RFC. */ timebuffer[sizeof(timebuffer) - 1] = '\0'; - len = strftime(timebuffer, sizeof(timebuffer), "%Y%m%d%H%M%S.0Z", &gmt); - if (len == 0 || timebuffer[sizeof(timebuffer) - 1] != '\0') { + tblen = strftime(timebuffer, sizeof(timebuffer), "%Y%m%d%H%M%S.0Z", &gmt); + if (tblen == 0 || timebuffer[sizeof(timebuffer) - 1] != '\0') { sudo_warnx("%s", U_("unable to format timestamp")); goto done; } /* Build filter. */ - len = snprintf(buffer, buffersize, "(&(|(!(sudoNotAfter=*))(sudoNotAfter>=%s))(|(!(sudoNotBefore=*))(sudoNotBefore<=%s)))", + buflen = snprintf(buffer, buffersize, "(&(|(!(sudoNotAfter=*))(sudoNotAfter>=%s))(|(!(sudoNotBefore=*))(sudoNotBefore<=%s)))", timebuffer, timebuffer); - if (len < 0 || (size_t)len >= buffersize) { + if (buflen < 0 || (size_t)buflen >= buffersize) { sudo_warnx(U_("internal error, %s overflow"), __func__); errno = EOVERFLOW; goto done; @@ -1236,7 +1237,7 @@ sudo_set_krb5_ccache_name(const char *name, const char **old_name) * gss_krb5_ccache_name(). */ if (sudo_gss_krb5_ccache_name != NULL) { - ret = sudo_gss_krb5_ccache_name(&junk, name, old_name); + ret = (int)sudo_gss_krb5_ccache_name(&junk, name, old_name); } else { /* No gss_krb5_ccache_name(), fall back on KRB5CCNAME. */ if (old_name != NULL) @@ -1286,7 +1287,8 @@ sudo_krb5_copy_cc_file(const char *old_ccname) while ((nread = read(ofd, buf, sizeof(buf))) > 0) { ssize_t off = 0; do { - nwritten = write(nfd, buf + off, nread - off); + nwritten = write(nfd, buf + off, + (size_t)(nread - off)); if (nwritten == -1) { sudo_warn("error writing to %s", new_ccname); goto write_error; @@ -1773,7 +1775,7 @@ sudo_ldap_result_add_entry(struct ldap_result *lres, LDAPMessage *entry) * of 100 entries to save on allocation time. */ if (++lres->nentries > lres->allocated_entries) { - int allocated_entries = lres->allocated_entries + ALLOCATION_INCREMENT; + size_t allocated_entries = lres->allocated_entries + ALLOCATION_INCREMENT; struct ldap_entry_wrapper *entries = reallocarray(lres->entries, allocated_entries, sizeof(lres->entries[0])); if (entries == NULL) diff --git a/plugins/sudoers/ldap_conf.c b/plugins/sudoers/ldap_conf.c index 334f9fa69..ec11692a0 100644 --- a/plugins/sudoers/ldap_conf.c +++ b/plugins/sudoers/ldap_conf.c @@ -425,7 +425,7 @@ sudo_ldap_parse_keyword(const char *keyword, const char *value, *(int *)(cur->valp) = sudo_strtobool(value) == true; break; case CONF_INT: - *(int *)(cur->valp) = sudo_strtonum(value, INT_MIN, INT_MAX, + *(int *)(cur->valp) = (int)sudo_strtonum(value, INT_MIN, INT_MAX, &errstr); if (errstr != NULL) { sudo_warnx(U_("%s: %s: %s: %s"), diff --git a/plugins/sudoers/ldap_innetgr.c b/plugins/sudoers/ldap_innetgr.c index 2d8b70f72..28cb340fb 100644 --- a/plugins/sudoers/ldap_innetgr.c +++ b/plugins/sudoers/ldap_innetgr.c @@ -112,19 +112,19 @@ sudo_ldap_match_netgroup(const char *triple, const char *host, /* Parse host. */ cp = triple + 1; ep = strchr(cp, ','); - if (ep == NULL || !sudo_ldap_netgroup_match_str(host, cp, ep - cp, true)) + if (ep == NULL || !sudo_ldap_netgroup_match_str(host, cp, (size_t)(ep - cp), true)) debug_return_int(0); /* Parse user. */ cp = ep + 1; ep = strchr(cp, ','); - if (ep == NULL || !sudo_ldap_netgroup_match_str(user, cp, ep - cp, def_case_insensitive_user)) + if (ep == NULL || !sudo_ldap_netgroup_match_str(user, cp, (size_t)(ep - cp), def_case_insensitive_user)) debug_return_int(0); /* Parse domain. */ cp = ep + 1; ep = strchr(cp, ')'); - if (ep == NULL || !sudo_ldap_netgroup_match_str(domain, cp, ep - cp, true)) + if (ep == NULL || !sudo_ldap_netgroup_match_str(domain, cp, (size_t)(ep - cp), true)) debug_return_int(0); debug_return_int(1); diff --git a/plugins/sudoers/ldap_util.c b/plugins/sudoers/ldap_util.c index dfb74a6b0..bc4ea7837 100644 --- a/plugins/sudoers/ldap_util.c +++ b/plugins/sudoers/ldap_util.c @@ -253,7 +253,7 @@ sudo_ldap_extract_digest(const char *cmnd, char **endptr, { const char *ep, *cp = cmnd; struct command_digest *digest; - int digest_type = SUDO_DIGEST_INVALID; + unsigned int digest_type = SUDO_DIGEST_INVALID; debug_decl(sudo_ldap_extract_digest, SUDOERS_DEBUG_LDAP); /* @@ -671,7 +671,7 @@ sudo_ldap_value_cat(char *dst, const char *src, size_t size) /* Find the end of dst and adjust bytes left but don't go past end */ while (n-- != 0 && *d != '\0') d++; - dlen = d - dst; + dlen = (size_t)(d - dst); n = size - dlen; if (n == 0) @@ -723,7 +723,7 @@ done: *d = '\0'; while (*s != '\0') s++; - return dlen + (s - src); /* count does not include NUL */ + return dlen + (size_t)(s - src); /* count does not include NUL */ } /* diff --git a/plugins/sudoers/linux_audit.c b/plugins/sudoers/linux_audit.c index e5eb2c2cc..e3fb498f8 100644 --- a/plugins/sudoers/linux_audit.c +++ b/plugins/sudoers/linux_audit.c @@ -87,8 +87,9 @@ linux_audit_command(char *const argv[], int result) goto done; } for (av = argv, cp = command; *av != NULL; av++) { - n = strlcpy(cp, *av, size - (cp - command)); - if (n >= size - (cp - command)) { + const size_t rem = size - (size_t)(cp - command); + n = strlcpy(cp, *av, rem); + if (n >= rem) { sudo_warnx(U_("internal error, %s overflow"), __func__); goto done; } diff --git a/plugins/sudoers/log_client.c b/plugins/sudoers/log_client.c index 04cf81d3d..83d056856 100644 --- a/plugins/sudoers/log_client.c +++ b/plugins/sudoers/log_client.c @@ -959,8 +959,8 @@ fmt_accept_message(struct client_closure *closure, struct eventlog *evlog) sudo_warn("%s", U_("unable to get time of day")); debug_return_bool(false); } - ts.tv_sec = now.tv_sec; - ts.tv_nsec = now.tv_nsec; + ts.tv_sec = (int64_t)now.tv_sec; + ts.tv_nsec = (int32_t)now.tv_nsec; accept_msg.submit_time = &ts; /* Client will send IoBuffer messages. */ @@ -1008,8 +1008,8 @@ fmt_reject_message(struct client_closure *closure, struct eventlog *evlog) sudo_warn("%s", U_("unable to get time of day")); debug_return_bool(false); } - ts.tv_sec = now.tv_sec; - ts.tv_nsec = now.tv_nsec; + ts.tv_sec = (int64_t)now.tv_sec; + ts.tv_nsec = (int32_t)now.tv_nsec; reject_msg.submit_time = &ts; /* Reason for rejecting the request. */ @@ -1057,8 +1057,8 @@ fmt_alert_message(struct client_closure *closure, struct eventlog *evlog) sudo_warn("%s", U_("unable to get time of day")); debug_return_bool(false); } - ts.tv_sec = now.tv_sec; - ts.tv_nsec = now.tv_nsec; + ts.tv_sec = (int64_t)now.tv_sec; + ts.tv_nsec = (int32_t)now.tv_nsec; alert_msg.alert_time = &ts; /* Reason for the alert. */ @@ -1184,8 +1184,8 @@ fmt_exit_message(struct client_closure *closure, int exit_status, int error) } sudo_timespecsub(&run_time, &closure->start_time, &run_time); - ts.tv_sec = run_time.tv_sec; - ts.tv_nsec = run_time.tv_nsec; + ts.tv_sec = (int64_t)run_time.tv_sec; + ts.tv_nsec = (int32_t)run_time.tv_nsec; exit_msg.run_time = &ts; if (error != 0) { @@ -1256,8 +1256,8 @@ fmt_io_buf(struct client_closure *closure, int type, const char *buf, debug_decl(fmt_io_buf, SUDOERS_DEBUG_UTIL); /* Fill in IoBuffer. */ - ts.tv_sec = delay->tv_sec; - ts.tv_nsec = delay->tv_nsec; + ts.tv_sec = (int64_t)delay->tv_sec; + ts.tv_nsec = (int32_t)delay->tv_nsec; iobuf_msg.delay = &ts; iobuf_msg.data.data = (void *)buf; iobuf_msg.data.len = len; @@ -1294,11 +1294,11 @@ fmt_winsize(struct client_closure *closure, unsigned int lines, debug_decl(fmt_winsize, SUDOERS_DEBUG_UTIL); /* Fill in ChangeWindowSize message. */ - ts.tv_sec = delay->tv_sec; - ts.tv_nsec = delay->tv_nsec; + ts.tv_sec = (int64_t)delay->tv_sec; + ts.tv_nsec = (int32_t)delay->tv_nsec; winsize_msg.delay = &ts; - winsize_msg.rows = lines; - winsize_msg.cols = cols; + winsize_msg.rows = (int32_t)lines; + winsize_msg.cols = (int32_t)cols; sudo_debug_printf(SUDO_DEBUG_INFO, "%s: sending ChangeWindowSize, %dx%d", __func__, winsize_msg.rows, winsize_msg.cols); @@ -1330,8 +1330,8 @@ fmt_suspend(struct client_closure *closure, const char *signame, struct timespec debug_decl(fmt_suspend, SUDOERS_DEBUG_UTIL); /* Fill in CommandSuspend message. */ - ts.tv_sec = delay->tv_sec; - ts.tv_nsec = delay->tv_nsec; + ts.tv_sec = (int64_t)delay->tv_sec; + ts.tv_nsec = (int32_t)delay->tv_nsec; suspend_msg.delay = &ts; suspend_msg.signal = (char *)signame; @@ -1779,7 +1779,7 @@ server_msg_cb(int fd, int what, void *v) default: break; } - buf->len += nread; + buf->len += (size_t)nread; while (buf->len - buf->off >= sizeof(msg_len)) { /* Read wire message size (uint32_t in network byte order). */ @@ -1905,7 +1905,7 @@ client_msg_cb(int fd, int what, void *v) sudo_warn("send"); goto bad; } - buf->off += nwritten; + buf->off += (size_t)nwritten; if (buf->off == buf->len) { /* sent entire message, move buf to free list */ diff --git a/plugins/sudoers/logging.c b/plugins/sudoers/logging.c index df61f0018..f4bb3fb8c 100644 --- a/plugins/sudoers/logging.c +++ b/plugins/sudoers/logging.c @@ -394,7 +394,7 @@ fmt_authfail_message(unsigned int tries) debug_return_ptr(ret); } - len = snprintf(numbuf, sizeof(numbuf), "%u", tries); + len = (size_t)snprintf(numbuf, sizeof(numbuf), "%u", tries); if (len >= sizeof(numbuf)) goto overflow; @@ -436,7 +436,7 @@ fmt_authfail_message(unsigned int tries) src++; break; case 'd': - len = strlcpy(dst, numbuf, dst_end - dst); + len = strlcpy(dst, numbuf, (size_t)(dst_end - dst)); if (len >= (size_t)(dst_end - dst)) goto overflow; dst += len; diff --git a/plugins/sudoers/match_addr.c b/plugins/sudoers/match_addr.c index 16d464d7e..992211ed8 100644 --- a/plugins/sudoers/match_addr.c +++ b/plugins/sudoers/match_addr.c @@ -127,7 +127,7 @@ addr_matches_if_netmask(const char *n, const char *m) debug_return_bool(false); } } else { - i = sudo_strtonum(m, 1, 32, &errstr); + i = (size_t)sudo_strtonum(m, 1, 32, &errstr); if (errstr != NULL) { sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, "IPv4 netmask %s: %s", m, errstr); @@ -140,7 +140,7 @@ addr_matches_if_netmask(const char *n, const char *m) #ifdef HAVE_STRUCT_IN6_ADDR else { if (inet_pton(AF_INET6, m, &mask.ip6) != 1) { - j = sudo_strtonum(m, 1, 128, &errstr); + j = (size_t)sudo_strtonum(m, 1, 128, &errstr); if (errstr != NULL) { sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, "IPv6 netmask %s: %s", m, errstr); diff --git a/plugins/sudoers/match_command.c b/plugins/sudoers/match_command.c index fec1f0ced..3c08f137c 100644 --- a/plugins/sudoers/match_command.c +++ b/plugins/sudoers/match_command.c @@ -674,7 +674,7 @@ command_matches_normal(const char *sudoers_cmnd, const char *sudoers_args, const char *slash = strrchr(sudoers_cmnd, '/'); if (slash != NULL) { char sudoers_cmnd_dir[PATH_MAX], *resolved; - const size_t len = slash - sudoers_cmnd; + const size_t len = (size_t)(slash - sudoers_cmnd); if (len >= sizeof(sudoers_cmnd_dir)) goto bad; if (len != 0) diff --git a/plugins/sudoers/parse.h b/plugins/sudoers/parse.h index a80d50899..144beeb4f 100644 --- a/plugins/sudoers/parse.h +++ b/plugins/sudoers/parse.h @@ -275,7 +275,7 @@ struct sudoers_comment { */ struct alias { char *name; /* alias name */ - unsigned short type; /* {USER,HOST,RUNAS,CMND}ALIAS */ + short type; /* {USER,HOST,RUNAS,CMND}ALIAS */ short used; /* "used" flag for cycle detection */ int line; /* line number of alias entry */ int column; /* column number of alias entry */ @@ -292,9 +292,8 @@ struct defaults { char *val; /* variable value */ struct defaults_binding *binding; /* user/host/runas binding */ char *file; /* file Defaults entry was in */ - short type; /* DEFAULTS{,_USER,_RUNAS,_HOST} */ - char op; /* true, false, '+', '-' */ - char error; /* parse error flag */ + int type; /* DEFAULTS{,_USER,_RUNAS,_HOST} */ + int op; /* true, false, '+', '-' */ int line; /* line number of Defaults entry */ int column; /* column number of Defaults entry */ }; @@ -390,10 +389,10 @@ SLIST_HEAD(parser_leak_list, parser_leak_entry); struct rbtree *alloc_aliases(void); void free_aliases(struct rbtree *aliases); bool no_aliases(const struct sudoers_parse_tree *parse_tree); -bool alias_add(struct sudoers_parse_tree *parse_tree, char *name, int type, char *file, int line, int column, struct member *members); -const char *alias_type_to_string(int alias_type); -struct alias *alias_get(const struct sudoers_parse_tree *parse_tree, const char *name, int type); -struct alias *alias_remove(struct sudoers_parse_tree *parse_tree, const char *name, int type); +bool alias_add(struct sudoers_parse_tree *parse_tree, char *name, short type, char *file, int line, int column, struct member *members); +const char *alias_type_to_string(short alias_type); +struct alias *alias_get(const struct sudoers_parse_tree *parse_tree, const char *name, short type); +struct alias *alias_remove(struct sudoers_parse_tree *parse_tree, const char *name, short type); bool alias_find_used(struct sudoers_parse_tree *parse_tree, struct rbtree *used_aliases); void alias_apply(struct sudoers_parse_tree *parse_tree, int (*func)(struct sudoers_parse_tree *, struct alias *, void *), void *cookie); void alias_free(void *a); @@ -495,7 +494,7 @@ bool sudoers_parse_ldif(struct sudoers_parse_tree *parse_tree, FILE *fp, const c struct sudo_lbuf; bool sudoers_format_cmndspec(struct sudo_lbuf *lbuf, const struct sudoers_parse_tree *parse_tree, struct cmndspec *cs, struct cmndspec *prev_cs, struct cmndtag tags, bool expand_aliases); bool sudoers_format_default(struct sudo_lbuf *lbuf, struct defaults *d); -bool sudoers_format_member(struct sudo_lbuf *lbuf, const struct sudoers_parse_tree *parse_tree, struct member *m, const char *separator, int alias_type); +bool sudoers_format_member(struct sudo_lbuf *lbuf, const struct sudoers_parse_tree *parse_tree, struct member *m, const char *separator, short alias_type); bool sudoers_defaults_to_tags(const char *var, const char *val, int op, struct cmndtag *tags); bool sudoers_defaults_list_to_tags(struct defaults_list *defs, struct cmndtag *tags); diff --git a/plugins/sudoers/parse_ldif.c b/plugins/sudoers/parse_ldif.c index 2b7109294..a9944171b 100644 --- a/plugins/sudoers/parse_ldif.c +++ b/plugins/sudoers/parse_ldif.c @@ -577,7 +577,7 @@ sudoers_parse_ldif(struct sudoers_parse_tree *parse_tree, bool in_role = false; size_t linesize = 0; char *attr, *name, *line = NULL, *savedline = NULL; - ssize_t savedlen = 0; + size_t savedlen = 0; bool mismatch = false; int errors = 0; debug_decl(sudoers_parse_ldif, SUDOERS_DEBUG_UTIL); @@ -647,12 +647,12 @@ sudoers_parse_ldif(struct sudoers_parse_tree *parse_tree, char *tmp; /* Append to saved line. */ - linesize = savedlen + len + 1; + linesize = savedlen + (size_t)len + 1; if ((tmp = realloc(savedline, linesize)) == NULL) { sudo_fatalx(U_("%s: %s"), __func__, U_("unable to allocate memory")); } - memcpy(tmp + savedlen, line, len + 1); + memcpy(tmp + savedlen, line, (size_t)len + 1); free(line); line = tmp; savedline = NULL; @@ -661,7 +661,7 @@ sudoers_parse_ldif(struct sudoers_parse_tree *parse_tree, /* Check for folded line */ if ((ch = getc(fp)) == ' ') { /* folded line, append to the saved portion. */ - savedlen = len; + savedlen = (size_t)len; savedline = line; line = NULL; linesize = 0; diff --git a/plugins/sudoers/policy.c b/plugins/sudoers/policy.c index 700afd178..b2e210afc 100644 --- a/plugins/sudoers/policy.c +++ b/plugins/sudoers/policy.c @@ -191,7 +191,7 @@ sudoers_policy_deserialize_info(void *v, struct defaults_list *defaults) if (MATCHES(*cur, "closefrom=")) { errno = 0; p = *cur + sizeof("closefrom=") - 1; - user_closefrom = sudo_strtonum(p, 3, INT_MAX, &errstr); + user_closefrom = (int)sudo_strtonum(p, 3, INT_MAX, &errstr); if (user_closefrom == 0) { sudo_warnx(U_("%s: %s"), *cur, U_(errstr)); goto bad; @@ -361,7 +361,7 @@ sudoers_policy_deserialize_info(void *v, struct defaults_list *defaults) if (MATCHES(*cur, "max_groups=")) { errno = 0; p = *cur + sizeof("max_groups=") - 1; - sudo_user.max_groups = sudo_strtonum(p, 1, 1024, &errstr); + sudo_user.max_groups = (int)sudo_strtonum(p, 1, 1024, &errstr); if (sudo_user.max_groups == 0) { sudo_warnx(U_("%s: %s"), *cur, U_(errstr)); goto bad; @@ -473,7 +473,7 @@ sudoers_policy_deserialize_info(void *v, struct defaults_list *defaults) if (MATCHES(*cur, "lines=")) { errno = 0; p = *cur + sizeof("lines=") - 1; - sudo_user.lines = sudo_strtonum(p, 1, INT_MAX, &errstr); + sudo_user.lines = (int)sudo_strtonum(p, 1, INT_MAX, &errstr); if (sudo_user.lines == 0) { sudo_warnx(U_("%s: %s"), *cur, U_(errstr)); goto bad; @@ -483,7 +483,7 @@ sudoers_policy_deserialize_info(void *v, struct defaults_list *defaults) if (MATCHES(*cur, "cols=")) { errno = 0; p = *cur + sizeof("cols=") - 1; - sudo_user.cols = sudo_strtonum(p, 1, INT_MAX, &errstr); + sudo_user.cols = (int)sudo_strtonum(p, 1, INT_MAX, &errstr); if (sudo_user.cols == 0) { sudo_warnx(U_("%s: %s"), *cur, U_(errstr)); goto bad; @@ -803,7 +803,7 @@ sudoers_policy_store_result(bool accepted, char *argv[], char *envp[], /* We reserve an extra spot in the list for the effective gid. */ glsize = sizeof("runas_groups=") - 1 + - ((gidlist->ngids + 1) * (MAX_UID_T_LEN + 1)); + ((size_t)(gidlist->ngids + 1) * (MAX_UID_T_LEN + 1)); gid_list = malloc(glsize); if (gid_list == NULL) { sudo_gidlist_delref(gidlist); @@ -811,29 +811,32 @@ sudoers_policy_store_result(bool accepted, char *argv[], char *envp[], } memcpy(gid_list, "runas_groups=", sizeof("runas_groups=") - 1); cp = gid_list + sizeof("runas_groups=") - 1; + glsize -= (size_t)(cp - gid_list); /* On BSD systems the effective gid is the first group in the list. */ egid = runas_gr ? (unsigned int)runas_gr->gr_gid : (unsigned int)runas_pw->pw_gid; - len = snprintf(cp, glsize - (cp - gid_list), "%u", (unsigned int)egid); - if (len < 0 || (size_t)len >= glsize - (cp - gid_list)) { + len = snprintf(cp, glsize, "%u", (unsigned int)egid); + if (len < 0 || (size_t)len >= glsize) { sudo_warnx(U_("internal error, %s overflow"), __func__); free(gid_list); sudo_gidlist_delref(gidlist); goto bad; } cp += len; + glsize -= (size_t)len; for (i = 0; i < gidlist->ngids; i++) { if (gidlist->gids[i] != egid) { - len = snprintf(cp, glsize - (cp - gid_list), ",%u", - (unsigned int) gidlist->gids[i]); - if (len < 0 || (size_t)len >= glsize - (cp - gid_list)) { + len = snprintf(cp, glsize, ",%u", + (unsigned int)gidlist->gids[i]); + if (len < 0 || (size_t)len >= glsize) { sudo_warnx(U_("internal error, %s overflow"), __func__); free(gid_list); sudo_gidlist_delref(gidlist); goto bad; } cp += len; + glsize -= (size_t)len; } } command_info[info_len++] = gid_list; diff --git a/plugins/sudoers/pwutil.c b/plugins/sudoers/pwutil.c index c75c3b9f3..24207990d 100644 --- a/plugins/sudoers/pwutil.c +++ b/plugins/sudoers/pwutil.c @@ -902,7 +902,8 @@ done: } static void -sudo_debug_group_list(const char *user, char * const *groups, int level) +sudo_debug_group_list(const char *user, char * const *groups, + unsigned int level) { size_t i, len = 0; debug_decl(sudo_debug_group_list, SUDOERS_DEBUG_NSS); @@ -918,7 +919,8 @@ sudo_debug_group_list(const char *user, char * const *groups, int level) if (groupstr != NULL) { char *cp = groupstr; for (i = 0; groups[i] != NULL; i++) { - size_t n = snprintf(cp, len, "%s%s", i ? "," : "", groups[i]); + size_t n = (size_t)snprintf(cp, len, "%s%s", i ? "," : "", + groups[i]); if (n >= len) break; cp += n; diff --git a/plugins/sudoers/pwutil_impl.c b/plugins/sudoers/pwutil_impl.c index ab2cb2e38..a940ebcf6 100644 --- a/plugins/sudoers/pwutil_impl.c +++ b/plugins/sudoers/pwutil_impl.c @@ -270,7 +270,7 @@ PREFIX(make_gidlist_item)(const struct passwd *pw, char * const *gidstrs, ngids = 1; for (i = 0; gidstrs[i] != NULL; i++) ngids++; - gids = reallocarray(NULL, ngids, sizeof(GETGROUPS_T)); + gids = reallocarray(NULL, (size_t)ngids, sizeof(GETGROUPS_T)); if (gids == NULL) { sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, "unable to allocate memory"); @@ -301,7 +301,7 @@ PREFIX(make_gidlist_item)(const struct passwd *pw, char * const *gidstrs, type = ENTRY_TYPE_QUERIED; if (sudo_user.max_groups > 0) { ngids = sudo_user.max_groups; - gids = reallocarray(NULL, ngids, sizeof(GETGROUPS_T)); + gids = reallocarray(NULL, (size_t)ngids, sizeof(GETGROUPS_T)); if (gids == NULL) { sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, "unable to allocate memory"); @@ -328,7 +328,7 @@ PREFIX(make_gidlist_item)(const struct passwd *pw, char * const *gidstrs, /* Allocate in one big chunk for easy freeing. */ nsize = strlen(pw->pw_name) + 1; total = sizeof(*glitem) + nsize; - total += sizeof(gid_t *) * ngids; + total += sizeof(gid_t *) * (size_t)ngids; if ((glitem = calloc(1, total)) == NULL) { sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, @@ -345,7 +345,7 @@ PREFIX(make_gidlist_item)(const struct passwd *pw, char * const *gidstrs, gidlist = &glitem->gidlist; cp = (char *)(glitem + 1); gidlist->gids = (gid_t *)cp; - cp += sizeof(gid_t) * ngids; + cp += sizeof(gid_t) * (size_t)ngids; /* Set key and datum. */ memcpy(cp, pw->pw_name, nsize); @@ -390,7 +390,7 @@ PREFIX(make_grlist_item)(const struct passwd *pw, char * const *unused1) } #ifdef _SC_LOGIN_NAME_MAX - groupname_len = MAX(sysconf(_SC_LOGIN_NAME_MAX), 32); + groupname_len = MAX((size_t)sysconf(_SC_LOGIN_NAME_MAX), 32); #else groupname_len = MAX(LOGIN_NAME_MAX, 32); #endif @@ -398,8 +398,8 @@ PREFIX(make_grlist_item)(const struct passwd *pw, char * const *unused1) /* Allocate in one big chunk for easy freeing. */ nsize = strlen(pw->pw_name) + 1; total = sizeof(*grlitem) + nsize; - total += sizeof(char *) * gidlist->ngids; - total += groupname_len * gidlist->ngids; + total += sizeof(char *) * (size_t)gidlist->ngids; + total += groupname_len * (size_t)gidlist->ngids; again: if ((grlitem = calloc(1, total)) == NULL) { @@ -417,7 +417,7 @@ again: grlist = &grlitem->grlist; cp = (char *)(grlitem + 1); grlist->groups = (char **)cp; - cp += sizeof(char *) * gidlist->ngids; + cp += sizeof(char *) * (size_t)gidlist->ngids; /* Set key and datum. */ memcpy(cp, pw->pw_name, nsize); @@ -437,7 +437,7 @@ again: for (i = 0; i < gidlist->ngids; i++) { if ((grp = sudo_getgrgid(gidlist->gids[i])) != NULL) { len = strlen(grp->gr_name) + 1; - if (cp - (char *)grlitem + len > total) { + if ((size_t)(cp - (char *)grlitem) + len > total) { total += len + groupname_len; free(grlitem); sudo_gr_delref(grp); @@ -449,7 +449,7 @@ again: sudo_gr_delref(grp); } } - grlist->ngroups = ngroups; + grlist->ngroups = (int)ngroups; sudo_gidlist_delref(gidlist); #ifdef HAVE_SETAUTHDB diff --git a/plugins/sudoers/regress/fuzz/fuzz_policy.c b/plugins/sudoers/regress/fuzz/fuzz_policy.c index 2fad6cbce..e24f092d5 100644 --- a/plugins/sudoers/regress/fuzz/fuzz_policy.c +++ b/plugins/sudoers/regress/fuzz/fuzz_policy.c @@ -435,11 +435,11 @@ LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) break; case PASS_CHECK_LOG_LOCAL: { /* sudo command w/ local I/O logging (MODE_RUN) */ - sudoers_policy.check_policy(argv.len, argv.entries, + sudoers_policy.check_policy((int)argv.len, argv.entries, env_add.entries, &command_info, &argv_out, &user_env_out, &errstr); /* call check_policy() again to check for leaks. */ - sudoers_policy.check_policy(argv.len, argv.entries, + sudoers_policy.check_policy((int)argv.len, argv.entries, env_add.entries, &command_info, &argv_out, &user_env_out, &errstr); /* sudo_auth_begin_session() is stubbed out below. */ @@ -448,11 +448,11 @@ LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) } case PASS_CHECK_LOG_REMOTE: /* sudo command w/ remote I/O logging (MODE_RUN) */ - sudoers_policy.check_policy(argv.len, argv.entries, + sudoers_policy.check_policy((int)argv.len, argv.entries, env_add.entries, &command_info, &argv_out, &user_env_out, &errstr); /* call check_policy() again to check for leaks. */ - sudoers_policy.check_policy(argv.len, argv.entries, + sudoers_policy.check_policy((int)argv.len, argv.entries, env_add.entries, &command_info, &argv_out, &user_env_out, &errstr); /* sudo_auth_begin_session() is stubbed out below. */ @@ -460,7 +460,7 @@ LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) break; case PASS_CHECK_NOT_FOUND: /* sudo command (not found) */ - sudoers_policy.check_policy(argv.len, argv.entries, + sudoers_policy.check_policy((int)argv.len, argv.entries, env_add.entries, &command_info, &argv_out, &user_env_out, &errstr); /* sudo_auth_begin_session() is stubbed out below. */ @@ -468,11 +468,11 @@ LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) break; case PASS_CHECK_NOT_FOUND_DOT: /* sudo command (found but in cwd) */ - sudoers_policy.check_policy(argv.len, argv.entries, + sudoers_policy.check_policy((int)argv.len, argv.entries, env_add.entries, &command_info, &argv_out, &user_env_out, &errstr); /* call check_policy() again to check for leaks. */ - sudoers_policy.check_policy(argv.len, argv.entries, + sudoers_policy.check_policy((int)argv.len, argv.entries, env_add.entries, &command_info, &argv_out, &user_env_out, &errstr); /* sudo_auth_begin_session() is stubbed out below. */ @@ -492,10 +492,10 @@ LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) break; case PASS_LIST_CHECK: /* sudo -l command (MODE_CHECK) */ - sudoers_policy.list(argv.len, argv.entries, false, NULL, + sudoers_policy.list((int)argv.len, argv.entries, false, NULL, &errstr); /* call list() again to check for leaks. */ - sudoers_policy.list(argv.len, argv.entries, false, NULL, + sudoers_policy.list((int)argv.len, argv.entries, false, NULL, &errstr); break; case PASS_VALIDATE: diff --git a/plugins/sudoers/regress/parser/check_addr.c b/plugins/sudoers/regress/parser/check_addr.c index 28fd22ac9..b97e2b103 100644 --- a/plugins/sudoers/regress/parser/check_addr.c +++ b/plugins/sudoers/regress/parser/check_addr.c @@ -52,7 +52,7 @@ check_addr(char *input) cp = input + len; while (isspace((unsigned char)*cp)) cp++; - expected = sudo_strtonum(cp, 0, 1, &errstr); + expected = (int)sudo_strtonum(cp, 0, 1, &errstr); if (errstr != NULL) sudo_fatalx("expecting 0 or 1, got %s", cp); input[len] = '\0'; diff --git a/plugins/sudoers/regress/parser/check_fill.c b/plugins/sudoers/regress/parser/check_fill.c index 06ca6ded1..d3ef4886d 100644 --- a/plugins/sudoers/regress/parser/check_fill.c +++ b/plugins/sudoers/regress/parser/check_fill.c @@ -48,8 +48,8 @@ YYSTYPE sudoerslval; struct fill_test { const char *input; const char *output; - int len; - int addspace; + size_t len; + bool addspace; }; /* @@ -82,16 +82,16 @@ static struct fill_test cmd_data[] = { * Arguments get appended. */ static struct fill_test args_data[] = { - { "/", "/", 0, 0 }, - { "-type", "/ -type", 0, 1 }, - { "f", "/ -type f", 0, 1 }, - { "-exec", "/ -type f -exec", 0, 1 }, - { "ls", "/ -type f -exec ls", 0, 1 }, - { "{}", "/ -type f -exec ls {}", 0, 1 } + { "/", "/", 0, false }, + { "-type", "/ -type", 0, true }, + { "f", "/ -type f", 0, true }, + { "-exec", "/ -type f -exec", 0, true }, + { "ls", "/ -type f -exec ls", 0, true }, + { "{}", "/ -type f -exec ls {}", 0, true } }; static int -check_fill(const char *input, int len, int addspace, const char *expect, char **resultp) +check_fill(const char *input, size_t len, bool addspace, const char *expect, char **resultp) { if (sudoerslval.string != NULL) { free(sudoerslval.string); @@ -104,7 +104,7 @@ check_fill(const char *input, int len, int addspace, const char *expect, char ** } static int -check_fill_cmnd(const char *input, int len, int addspace, const char *expect, char **resultp) +check_fill_cmnd(const char *input, size_t len, bool addspace, const char *expect, char **resultp) { if (sudoerslval.command.cmnd != NULL) { free(sudoerslval.command.cmnd); @@ -117,7 +117,7 @@ check_fill_cmnd(const char *input, int len, int addspace, const char *expect, ch } static int -check_fill_args(const char *input, int len, int addspace, const char *expect, char **resultp) +check_fill_args(const char *input, size_t len, bool addspace, const char *expect, char **resultp) { /* Must not free old sudoerslval.command.args as gets appended to. */ if (!fill_args(input, len, addspace)) @@ -127,11 +127,12 @@ check_fill_args(const char *input, int len, int addspace, const char *expect, ch } static int -do_tests(int (*checker)(const char *, int, int, const char *, char **), +do_tests(int (*checker)(const char *, size_t, bool, const char *, char **), struct fill_test *data, size_t ntests) { - int len, errors = 0; + int errors = 0; unsigned int i; + size_t len; char *result; for (i = 0; i < ntests; i++) { diff --git a/plugins/sudoers/set_perms.c b/plugins/sudoers/set_perms.c index a4de109ab..bb6bc9736 100644 --- a/plugins/sudoers/set_perms.c +++ b/plugins/sudoers/set_perms.c @@ -42,6 +42,10 @@ #include "sudoers.h" #include "check.h" +/* No change when passed to setresuid(), etc. */ +#define NO_UID (uid_t)-1 +#define NO_GID (gid_t)-1 + /* * Prototypes */ @@ -72,9 +76,9 @@ static struct perm_state perm_stack[PERM_STACK_MAX]; static int perm_stack_depth = 0; #undef ID -#define ID(x) (state->x == ostate->x ? (uid_t)-1 : state->x) +#define ID(x) (state->x == ostate->x ? NO_UID : state->x) #undef OID -#define OID(x) (ostate->x == state->x ? (uid_t)-1 : ostate->x) +#define OID(x) (ostate->x == state->x ? NO_UID : ostate->x) bool rewind_perms(void) @@ -396,7 +400,7 @@ restore_perms(void) /* XXX - more cases here where euid != ruid */ if (OID(euid) == ROOT_UID) { - if (setresuid(-1, ROOT_UID, -1)) { + if (setresuid(NO_UID, ROOT_UID, NO_UID)) { sudo_warn("setresuid() [%d, %d, %d] -> [%d, %d, %d]", (int)state->ruid, (int)state->euid, (int)state->suid, -1, ROOT_UID, -1); @@ -742,7 +746,7 @@ restore_perms(void) __func__, (int)state->rgid, (int)state->egid, (int)state->sgid, (int)ostate->rgid, (int)ostate->egid, (int)ostate->sgid); - if (OID(ruid) != (uid_t)-1 || OID(euid) != (uid_t)-1 || OID(suid) != (uid_t)-1) { + if (OID(ruid) != NO_UID || OID(euid) != NO_UID || OID(suid) != NO_UID) { if (OID(euid) == ROOT_UID) { sudo_debug_printf(SUDO_DEBUG_INFO, "%s: setuidx(ID_EFFECTIVE, %d)", __func__, ROOT_UID); @@ -763,7 +767,7 @@ restore_perms(void) (int)OID(ruid), (int)OID(euid), (int)OID(suid)); goto bad; } - } else if (OID(ruid) == (uid_t)-1 && OID(suid) == (uid_t)-1) { + } else if (OID(ruid) == NO_UID && OID(suid) == NO_UID) { /* May have already changed euid to ROOT_UID above. */ if (OID(euid) != ROOT_UID) { sudo_debug_printf(SUDO_DEBUG_INFO, @@ -775,7 +779,7 @@ restore_perms(void) goto bad; } } - } else if (OID(suid) == (uid_t)-1) { + } else if (OID(suid) == NO_UID) { /* Cannot set the real uid alone. */ sudo_debug_printf(SUDO_DEBUG_INFO, "%s: setuidx(ID_REAL|ID_EFFECTIVE, %d)", __func__, OID(ruid)); @@ -796,7 +800,7 @@ restore_perms(void) } } } - if (OID(rgid) != (gid_t)-1 || OID(egid) != (gid_t)-1 || OID(sgid) != (gid_t)-1) { + if (OID(rgid) != NO_GID || OID(egid) != NO_GID || OID(sgid) != NO_GID) { if (OID(rgid) == OID(egid) && OID(egid) == OID(sgid)) { sudo_debug_printf(SUDO_DEBUG_INFO, "%s: setgidx(ID_EFFECTIVE|ID_REAL|ID_SAVED, %d)", @@ -807,7 +811,7 @@ restore_perms(void) (int)OID(rgid), (int)OID(egid), (int)OID(sgid)); goto bad; } - } else if (OID(rgid) == (gid_t)-1 && OID(sgid) == (gid_t)-1) { + } else if (OID(rgid) == NO_GID && OID(sgid) == NO_GID) { sudo_debug_printf(SUDO_DEBUG_INFO, "%s: setgidx(ID_EFFECTIVE, %d)", __func__, (int)OID(egid)); if (setgidx(ID_EFFECTIVE, OID(egid))) { @@ -816,7 +820,7 @@ restore_perms(void) (int)OID(rgid), (int)OID(egid), (int)OID(sgid)); goto bad; } - } else if (OID(sgid) == (gid_t)-1) { + } else if (OID(sgid) == NO_GID) { sudo_debug_printf(SUDO_DEBUG_INFO, "%s: setgidx(ID_EFFECTIVE|ID_REAL, %d)", __func__, OID(rgid)); if (setgidx(ID_REAL|ID_EFFECTIVE, OID(rgid))) { @@ -904,14 +908,14 @@ set_perms(int perm) * setreuid(0, 0) may fail on some systems if euid is not already 0. */ if (ostate->euid != ROOT_UID) { - if (setreuid(-1, ROOT_UID)) { + if (setreuid(NO_UID, ROOT_UID)) { (void)snprintf(errbuf, sizeof(errbuf), "PERM_ROOT: setreuid(-1, %d)", ROOT_UID); goto bad; } } if (ostate->ruid != ROOT_UID) { - if (setreuid(ROOT_UID, -1)) { + if (setreuid(ROOT_UID, NO_UID)) { (void)snprintf(errbuf, sizeof(errbuf), "PERM_ROOT: setreuid(%d, -1)", ROOT_UID); goto bad; @@ -1121,7 +1125,7 @@ restore_perms(void) if (OID(euid) == ROOT_UID) { /* setuid() may not set the saved ID unless the euid is ROOT_UID */ if (ID(euid) != ROOT_UID) { - if (setreuid(-1, ROOT_UID) != 0) { + if (setreuid(NO_UID, ROOT_UID) != 0) { sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO, "setreuid() [%d, %d] -> [-1, %d)", (int)state->ruid, (int)state->euid, ROOT_UID); @@ -1441,7 +1445,7 @@ restore_perms(void) goto bad; } - if (OID(egid) != (gid_t)-1 && setegid(ostate->egid)) { + if (OID(egid) != NO_GID && setegid(ostate->egid)) { sudo_warn("setegid(%d)", (int)ostate->egid); goto bad; } @@ -1451,7 +1455,7 @@ restore_perms(void) goto bad; } } - if (OID(euid) != (uid_t)-1 && seteuid(ostate->euid)) { + if (OID(euid) != NO_UID && seteuid(ostate->euid)) { sudo_warn("seteuid(%d)", (int)ostate->euid); goto bad; } @@ -1593,7 +1597,7 @@ restore_perms(void) sudo_debug_printf(SUDO_DEBUG_INFO, "%s: gid: [%d] -> [%d]", __func__, (int)state->rgid, (int)ostate->rgid); - if (OID(rgid) != (gid_t)-1 && setgid(ostate->rgid)) { + if (OID(rgid) != NO_GID && setgid(ostate->rgid)) { sudo_warn("setgid(%d)", (int)ostate->rgid); goto bad; } @@ -1604,7 +1608,7 @@ restore_perms(void) } } sudo_gidlist_delref(state->gidlist); - if (OID(ruid) != (uid_t)-1 && setuid(ostate->ruid)) { + if (OID(ruid) != NO_UID && setuid(ostate->ruid)) { sudo_warn("setuid(%d)", (int)ostate->ruid); goto bad; } diff --git a/plugins/sudoers/sssd.c b/plugins/sudoers/sssd.c index 68fc32180..e7cd0d613 100644 --- a/plugins/sudoers/sssd.c +++ b/plugins/sudoers/sssd.c @@ -489,7 +489,8 @@ sudo_sss_result_get(const struct sudo_nss *nss, struct passwd *pw) { struct sudo_sss_handle *handle = nss->handle; struct sss_sudo_result *sss_result = NULL; - uint32_t sss_error = 0, rc; + uint32_t sss_error = 0; + int rc; debug_decl(sudo_sss_result_get, SUDOERS_DEBUG_SSSD); sudo_debug_printf(SUDO_DEBUG_DIAG, " username=%s", pw->pw_name); diff --git a/plugins/sudoers/starttime.c b/plugins/sudoers/starttime.c index 44d153116..84889da74 100644 --- a/plugins/sudoers/starttime.c +++ b/plugins/sudoers/starttime.c @@ -129,8 +129,8 @@ get_starttime(pid_t pid, struct timespec *starttime) TIMEVAL_TO_TIMESPEC(&ki_proc->kp_proc.p_starttime, starttime); #else /* NetBSD and OpenBSD */ - starttime->tv_sec = ki_proc->p_ustart_sec; - starttime->tv_nsec = ki_proc->p_ustart_usec * 1000; + starttime->tv_sec = (time_t)ki_proc->p_ustart_sec; + starttime->tv_nsec = (long)(ki_proc->p_ustart_usec * 1000); #endif sudo_debug_printf(SUDO_DEBUG_INFO, "%s: start time for %d: { %lld, %ld }", __func__, @@ -201,7 +201,7 @@ get_starttime(pid_t pid, struct timespec *starttime) (void)snprintf(path, sizeof(path), "/proc/%u/stat", (unsigned int)pid); if ((fd = open(path, O_RDONLY | O_NOFOLLOW)) != -1) { cp = buf; - while ((nread = read(fd, cp, buf + sizeof(buf) - cp)) != 0) { + while ((nread = read(fd, cp, sizeof(buf) - (size_t)(cp - buf))) != 0) { if (nread == -1) { if (errno == EAGAIN || errno == EINTR) continue; @@ -211,7 +211,7 @@ get_starttime(pid_t pid, struct timespec *starttime) if (cp >= buf + sizeof(buf)) break; } - if (nread == 0 && memchr(buf, '\0', cp - buf) == NULL) { + if (nread == 0 && memchr(buf, '\0', (size_t)(cp - buf)) == NULL) { /* * Field 22 is the start time (%ull). * Since the process name at field 2 "(comm)" may include @@ -245,9 +245,9 @@ get_starttime(pid_t pid, struct timespec *starttime) goto done; /* Convert from ticks to timespec */ - starttime->tv_sec = ullval / tps; + starttime->tv_sec = (time_t)(ullval / tps); starttime->tv_nsec = - (ullval % tps) * (1000000000 / tps); + (long)(ullval % tps) * (1000000000 / tps); ret = 0; sudo_debug_printf(SUDO_DEBUG_INFO, @@ -290,7 +290,7 @@ get_starttime(pid_t pid, struct timespec *starttime) */ rc = pstat_getproc(&pst, sizeof(pst), 0, pid); if (rc != -1 || errno == EOVERFLOW) { - starttime->tv_sec = pst.pst_start; + starttime->tv_sec = (time_t)pst.pst_start; starttime->tv_nsec = 0; sudo_debug_printf(SUDO_DEBUG_INFO, @@ -319,8 +319,8 @@ get_starttime(pid_t pid, struct timespec *starttime) count = sizeof(info) / sizeof(integer_t); error = task_info(target, TASK_BASIC_INFO, (task_info_t)&info, &count); if (error == KERN_SUCCESS) { - starttime->tv_sec = info.creation_time.seconds; - starttime->tv_nsec = info.creation_time.microseconds * 1000; + starttime->tv_sec = (time_t)info.creation_time.seconds; + starttime->tv_nsec = (long)(info.creation_time.microseconds * 1000); debug_return_int(0); } } diff --git a/plugins/sudoers/sudoers.c b/plugins/sudoers/sudoers.c index 2a96a72de..f7f0dbfe1 100644 --- a/plugins/sudoers/sudoers.c +++ b/plugins/sudoers/sudoers.c @@ -623,13 +623,13 @@ sudoers_check_cmnd(int argc, char * const argv[], char *env_add[], sudoers_gc_remove(GC_PTR, NewArgv); free(NewArgv); } - NewArgv = reallocarray(NULL, argc + 2, sizeof(char *)); + NewArgv = reallocarray(NULL, (size_t)argc + 2, sizeof(char *)); if (NewArgv == NULL) { sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); goto error; } sudoers_gc_add(GC_PTR, NewArgv); - memcpy(NewArgv, argv, argc * sizeof(char *)); + memcpy(NewArgv, argv, (size_t)argc * sizeof(char *)); NewArgc = argc; NewArgv[NewArgc] = NULL; if (ISSET(sudo_mode, MODE_LOGIN_SHELL) && runas_pw != NULL) { @@ -691,7 +691,7 @@ sudoers_check_cmnd(int argc, char * const argv[], char *env_add[], if (NewArgc > 1 && strcmp(NewArgv[0], "-bash") == 0 && strcmp(NewArgv[1], "-c") == 0) { /* We allocated extra space for the --login above. */ - memmove(&NewArgv[2], &NewArgv[1], sizeof(char *) * NewArgc); + memmove(&NewArgv[2], &NewArgv[1], (size_t)NewArgc * sizeof(char *)); NewArgv[1] = (char *)"--login"; NewArgc++; } @@ -896,7 +896,7 @@ sudoers_list(int argc, char * const argv[], const char *list_user, bool verbose) } } - NewArgv = reallocarray(NULL, argc + 2, sizeof(char *)); + NewArgv = reallocarray(NULL, (size_t)argc + 2, sizeof(char *)); if (NewArgv == NULL) { sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); goto done; @@ -904,7 +904,7 @@ sudoers_list(int argc, char * const argv[], const char *list_user, bool verbose) sudoers_gc_add(GC_PTR, NewArgv); NewArgv[0] = (char *)"list"; if (argc != 0) - memcpy(NewArgv + 1, argv, argc * sizeof(char *)); + memcpy(NewArgv + 1, argv, (size_t)argc * sizeof(char *)); NewArgc = argc + 1; NewArgv[NewArgc] = NULL; @@ -1720,7 +1720,7 @@ cb_syslog_maxlen(const char *file, int line, int column, { debug_decl(cb_syslog_maxlen, SUDOERS_DEBUG_PLUGIN); - eventlog_set_syslog_maxlen(sd_un->ival); + eventlog_set_syslog_maxlen((size_t)sd_un->ival); debug_return_bool(true); } @@ -1731,7 +1731,7 @@ cb_loglinelen(const char *file, int line, int column, { debug_decl(cb_loglinelen, SUDOERS_DEBUG_PLUGIN); - eventlog_set_file_maxlen(sd_un->ival); + eventlog_set_file_maxlen((size_t)sd_un->ival); debug_return_bool(true); } diff --git a/plugins/sudoers/sudoreplay.c b/plugins/sudoers/sudoreplay.c index 1516c8c51..27f132fe8 100644 --- a/plugins/sudoers/sudoreplay.c +++ b/plugins/sudoers/sudoreplay.c @@ -90,9 +90,9 @@ struct replay_closure { bool interactive; bool suspend_wait; struct io_buffer { - unsigned int len; /* buffer length (how much produced) */ - unsigned int off; /* write position (how much already consumed) */ - unsigned int toread; /* how much remains to be read */ + size_t len; /* buffer length (how much produced) */ + size_t off; /* write position (how much already consumed) */ + size_t toread; /* how much remains to be read */ int lastc; /* last char written */ char buf[64 * 1024]; } iobuf; @@ -269,9 +269,9 @@ main(int argc, char *argv[]) if (dval <= 0.0) { sudo_timespecclear(&max_delay_storage); } else { - max_delay_storage.tv_sec = dval; - max_delay_storage.tv_nsec = - (dval - max_delay_storage.tv_sec) * 1000000000.0; + max_delay_storage.tv_sec = (time_t)dval; + max_delay_storage.tv_nsec = (long) + ((dval - (double)max_delay_storage.tv_sec) * 1000000000.0); } max_delay = &max_delay_storage; break; @@ -857,7 +857,7 @@ fill_iobuf(struct replay_closure *closure) if (nread <= 0) { if (nread == 0) { sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, - "%s/%s: premature EOF, expected %u bytes", + "%s/%s: premature EOF, expected %zu bytes", closure->iolog_dir, iolog_fd_to_name(timing->event), closure->iobuf.toread); } else { @@ -869,8 +869,8 @@ fill_iobuf(struct replay_closure *closure) closure->iolog_dir, iolog_fd_to_name(timing->event), errstr); debug_return_bool(false); } - closure->iobuf.toread -= nread; - closure->iobuf.len += nread; + closure->iobuf.toread -= (size_t)nread; + closure->iobuf.len += (size_t)nread; } debug_return_bool(true); @@ -1096,10 +1096,11 @@ write_output(int fd, int what, void *v) struct replay_closure *closure = v; const struct timing_closure *timing = &closure->timing; struct io_buffer *iobuf = &closure->iobuf; - unsigned iovcnt = 1; + int iovcnt = 1; struct iovec iov[2]; bool added_cr = false; - size_t nbytes, nwritten; + size_t nbytes; + ssize_t nwritten; debug_decl(write_output, SUDO_DEBUG_UTIL); /* Refill iobuf if there is more to read and buf is empty. */ @@ -1136,7 +1137,7 @@ write_output(int fd, int what, void *v) } nwritten = writev(fd, iov, iovcnt); - switch ((ssize_t)nwritten) { + switch (nwritten) { case -1: if (errno != EINTR && errno != EAGAIN) sudo_fatal(U_("unable to write to %s"), "stdout"); @@ -1145,9 +1146,9 @@ write_output(int fd, int what, void *v) /* Should not happen. */ break; default: - if (added_cr && nwritten >= nbytes - 1) { + if (added_cr && (size_t)nwritten >= nbytes - 1) { /* The last char written was either '\r' or '\n'. */ - iobuf->lastc = nwritten == nbytes ? '\n' : '\r'; + iobuf->lastc = (size_t)nwritten == nbytes ? '\n' : '\r'; } else { /* Stash the last char written. */ iobuf->lastc = *((char *)iov[0].iov_base + nwritten); @@ -1156,7 +1157,7 @@ write_output(int fd, int what, void *v) /* Subtract one for the carriage return we added above. */ nwritten--; } - iobuf->off += nwritten; + iobuf->off += (size_t)nwritten; break; } @@ -1266,7 +1267,7 @@ parse_expr(struct search_node_list *head, char *argv[], bool sub_expr) goto bad; if (!sub_expr) sudo_fatalx("%s", U_("unmatched ')' in expression")); - debug_return_int(av - argv + 1); + debug_return_int((int)(av - argv) + 1); default: bad: sudo_fatalx(U_("unknown search term \"%s\""), *av); @@ -1309,7 +1310,7 @@ parse_expr(struct search_node_list *head, char *argv[], bool sub_expr) if (not) sudo_fatalx("%s", U_("illegal trailing \"!\"")); - debug_return_int(av - argv); + debug_return_int((int)(av - argv)); } static char * @@ -1550,11 +1551,11 @@ find_sessions(const char *dir, regex_t *re, const char *user, const char *tty) /* Check for dir with a log file. */ if (lstat(pathbuf, &sb) == 0 && S_ISREG(sb.st_mode)) { - pathbuf[sdlen + len - 4] = '\0'; + pathbuf[sdlen + (size_t)(len - 4)] = '\0'; list_session(&lbuf, pathbuf, re, user, tty); } else { /* Strip off "/log" and recurse if a non-log dir. */ - pathbuf[sdlen + len - 4] = '\0'; + pathbuf[sdlen + (size_t)(len - 4)] = '\0'; if (checked_type || (lstat(pathbuf, &sb) == 0 && S_ISDIR(sb.st_mode))) find_sessions(pathbuf, re, user, tty); diff --git a/plugins/sudoers/testsudoers.c b/plugins/sudoers/testsudoers.c index 8c29d713f..0eedba726 100644 --- a/plugins/sudoers/testsudoers.c +++ b/plugins/sudoers/testsudoers.c @@ -264,8 +264,8 @@ main(int argc, char *argv[]) if ((user_args = malloc(size)) == NULL) sudo_fatalx(U_("%s: %s"), __func__, U_("unable to allocate memory")); for (to = user_args, from = argv; *from; from++) { - n = strlcpy(to, *from, size - (to - user_args)); - if (n >= size - (to - user_args)) + n = strlcpy(to, *from, size - (size_t)(to - user_args)); + if (n >= size - (size_t)(to - user_args)) sudo_fatalx(U_("internal error, %s overflow"), getprogname()); to += n; *to++ = ' '; diff --git a/plugins/sudoers/timeout.c b/plugins/sudoers/timeout.c index 517db378e..4a2162e17 100644 --- a/plugins/sudoers/timeout.c +++ b/plugins/sudoers/timeout.c @@ -50,7 +50,7 @@ parse_timeout(const char *timestr) do { char *ep; - char ch; + int ch; long l; /* Parse number, must be present and positive. */ @@ -99,7 +99,7 @@ parse_timeout(const char *timestr) } cp = ep; - timeout += l; + timeout += (int)l; } while (*cp != '\0'); debug_return_int(timeout); diff --git a/plugins/sudoers/timestamp.c b/plugins/sudoers/timestamp.c index d48342dd6..d6537e10e 100644 --- a/plugins/sudoers/timestamp.c +++ b/plugins/sudoers/timestamp.c @@ -390,8 +390,8 @@ ts_write(int fd, const char *fname, struct timestamp_entry *entry, off_t offset) * based on auth user pw. Does not set the time stamp. */ static void -ts_init_key(struct timestamp_entry *entry, struct passwd *pw, int flags, - enum def_tuple ticket_type) +ts_init_key(struct timestamp_entry *entry, struct passwd *pw, + unsigned short flags, enum def_tuple ticket_type) { struct stat sb; debug_decl(ts_init_key, SUDOERS_DEBUG_AUTH); @@ -438,7 +438,8 @@ ts_init_key(struct timestamp_entry *entry, struct passwd *pw, int flags, } static void -ts_init_key_nonglobal(struct timestamp_entry *entry, struct passwd *pw, int flags) +ts_init_key_nonglobal(struct timestamp_entry *entry, struct passwd *pw, + unsigned short flags) { /* * Even if the timestamp type is global or kernel we still want to do @@ -701,7 +702,7 @@ timestamp_lock(void *vcookie, struct passwd *pw) /* Old sudo record, convert it to TS_LOCKEXCL. */ entry.type = TS_LOCKEXCL; memset((char *)&entry + offsetof(struct timestamp_entry, flags), 0, - nread - offsetof(struct timestamp_entry, flags)); + (size_t)nread - offsetof(struct timestamp_entry, flags)); if (ts_write(cookie->fd, cookie->fname, &entry, 0) == -1) debug_return_bool(false); } else { @@ -977,7 +978,7 @@ timestamp_update(void *vcookie, struct passwd *pw) if (def_timestamp_type == kernel) { int fd = open(_PATH_TTY, O_RDWR); if (fd != -1) { - int secs = def_timestamp_timeout.tv_sec; + int secs = (int)def_timestamp_timeout.tv_sec; if (secs > 0) { if (secs > 3600) secs = 3600; /* OpenBSD limitation */ diff --git a/plugins/sudoers/toke.c b/plugins/sudoers/toke.c index a501d0cf9..351a38e38 100644 --- a/plugins/sudoers/toke.c +++ b/plugins/sudoers/toke.c @@ -3324,7 +3324,7 @@ static int prev_state; static unsigned int digest_type = SUDO_DIGEST_INVALID; static bool pop_include(void); -static yy_size_t sudoers_input(char *buf, yy_size_t max_size); +static int sudoers_input(char *buf, yy_size_t max_size); #ifndef TRACELEXER static struct sudo_lbuf trace_lbuf; @@ -3332,18 +3332,18 @@ static struct sudo_lbuf trace_lbuf; int (*trace_print)(const char *msg) = sudoers_trace_print; -#define ECHO ignore_result(fwrite(sudoerstext, sudoersleng, 1, sudoersout)) +#define ECHO ignore_result(fwrite(sudoerstext, (size_t)sudoersleng, 1, sudoersout)) -#define YY_INPUT(buf, result, max_size) (result) = sudoers_input(buf, max_size) +#define YY_INPUT(buf, result, max_size) (result) = sudoers_input(buf, (yy_size_t)(max_size)) #define YY_USER_ACTION do { \ sudolinebuf.toke_start = sudolinebuf.toke_end; \ - sudolinebuf.toke_end += sudoersleng; \ + sudolinebuf.toke_end += (size_t)sudoersleng; \ } while (0); #define sudoersless(n) do { \ - sudolinebuf.toke_end = sudolinebuf.toke_start + (n); \ - yyless(n); \ + sudolinebuf.toke_end = sudolinebuf.toke_start + (size_t)(n); \ + yyless((int)n); \ } while (0); #line 3344 "toke.c" @@ -3906,9 +3906,9 @@ YY_RULE_SETUP #line 319 "toke.l" { /* Only return DIGEST if the length is correct. */ - yy_size_t digest_len = + int digest_len = sudo_digest_getlen(digest_type); - if ((yy_size_t)sudoersleng == digest_len * 2) { + if (sudoersleng == digest_len * 2) { if (!fill(sudoerstext, sudoersleng)) yyterminate(); BEGIN INITIAL; @@ -3924,7 +3924,7 @@ YY_RULE_SETUP #line 334 "toke.l" { /* Only return DIGEST if the length is correct. */ - yy_size_t len, digest_len = + int len, digest_len = sudo_digest_getlen(digest_type); if (sudoerstext[sudoersleng - 1] == '=') { /* use padding */ @@ -3933,7 +3933,7 @@ YY_RULE_SETUP /* no padding */ len = (4 * digest_len + 2) / 3; } - if ((yy_size_t)sudoersleng == len) { + if (sudoersleng == len) { if (!fill(sudoerstext, sudoersleng)) yyterminate(); BEGIN INITIAL; @@ -5987,7 +5987,7 @@ expand_include(const char *src) dst_size = 0; for (cp = sudo_strsplit(path, path_end, ":", &ep); cp != NULL; cp = sudo_strsplit(NULL, path_end, ":", &ep)) { - char *dirend = memrchr(cp, '/', ep - cp); + char *dirend = memrchr(cp, '/', (size_t)(ep - cp)); if (dirend != NULL) { dst_size += (size_t)(dirend - cp) + 1; } @@ -6014,7 +6014,7 @@ expand_include(const char *src) dst_size--; } - dirend = memrchr(cp, '/', ep - cp); + dirend = memrchr(cp, '/', (size_t)(ep - cp)); if (dirend != NULL) { len = (size_t)(dirend - cp) + 1; if (len >= dst_size) @@ -6250,7 +6250,7 @@ sudoers_trace_print(const char *msg) int sudoers_trace_print(const char *msg) { - const int sudo_debug_subsys = SUDOERS_DEBUG_PARSER; + const unsigned int sudo_debug_subsys = SUDOERS_DEBUG_PARSER; if (sudo_debug_needed(SUDO_DEBUG_DEBUG)) { sudo_lbuf_append(&trace_lbuf, "%s", msg); @@ -6273,7 +6273,7 @@ sudoers_trace_print(const char *msg) * On success, buf is guaranteed to end in a newline and not contain * embedded NULs. Calls YY_FATAL_ERROR on error. */ -static yy_size_t +static int sudoers_input(char *buf, yy_size_t max_size) { char *cp; @@ -6291,12 +6291,12 @@ sudoers_input(char *buf, yy_size_t max_size) if (ch == EOF) goto sudoers_eof; ungetc(ch, sudoersin); - avail = getdelim(&sudolinebuf.buf, &sudolinebuf.size, '\n', sudoersin); + avail = (size_t)getdelim(&sudolinebuf.buf, &sudolinebuf.size, '\n', sudoersin); if (avail == (size_t)-1) { sudoers_eof: /* EOF or error. */ if (feof(sudoersin)) - return 0; + debug_return_int(0); YY_FATAL_ERROR("input in flex scanner failed"); } @@ -6314,7 +6314,7 @@ sudoers_eof: cp = realloc(sudolinebuf.buf, avail + 2); if (cp == NULL) { YY_FATAL_ERROR("unable to allocate memory"); - return 0; + debug_return_int(0); } sudolinebuf.buf = cp; sudolinebuf.size = avail + 2; @@ -6336,6 +6336,6 @@ sudoers_eof: memcpy(buf, sudolinebuf.buf + sudolinebuf.off, avail); sudolinebuf.off += avail; - debug_return_size_t(avail); + debug_return_int((int)avail); } diff --git a/plugins/sudoers/toke.h b/plugins/sudoers/toke.h index ddd36a1a5..d902e3437 100644 --- a/plugins/sudoers/toke.h +++ b/plugins/sudoers/toke.h @@ -34,10 +34,10 @@ extern struct sudolinebuf sudolinebuf; extern int sudolineno; extern char *sudoers_search_path; -bool append(const char *, size_t); -bool fill_args(const char *, size_t, int); -bool fill_cmnd(const char *, size_t); -bool fill(const char *, size_t); +bool append(const char *, int); +bool fill_args(const char *, int, bool); +bool fill_cmnd(const char *, int); +bool fill(const char *, int); void init_lexer(void); bool ipv6_valid(const char *s); int sudoers_trace_print(const char *); diff --git a/plugins/sudoers/toke.l b/plugins/sudoers/toke.l index be86939f5..f0c0d1eab 100644 --- a/plugins/sudoers/toke.l +++ b/plugins/sudoers/toke.l @@ -64,7 +64,7 @@ static int prev_state; static unsigned int digest_type = SUDO_DIGEST_INVALID; static bool pop_include(void); -static yy_size_t sudoers_input(char *buf, yy_size_t max_size); +static int sudoers_input(char *buf, yy_size_t max_size); #ifndef TRACELEXER static struct sudo_lbuf trace_lbuf; @@ -72,18 +72,18 @@ static struct sudo_lbuf trace_lbuf; int (*trace_print)(const char *msg) = sudoers_trace_print; -#define ECHO ignore_result(fwrite(sudoerstext, sudoersleng, 1, sudoersout)) +#define ECHO ignore_result(fwrite(sudoerstext, (size_t)sudoersleng, 1, sudoersout)) -#define YY_INPUT(buf, result, max_size) (result) = sudoers_input(buf, max_size) +#define YY_INPUT(buf, result, max_size) (result) = sudoers_input(buf, (yy_size_t)(max_size)) #define YY_USER_ACTION do { \ sudolinebuf.toke_start = sudolinebuf.toke_end; \ - sudolinebuf.toke_end += sudoersleng; \ + sudolinebuf.toke_end += (size_t)sudoersleng; \ } while (0); #define sudoersless(n) do { \ - sudolinebuf.toke_end = sudolinebuf.toke_start + (n); \ - yyless(n); \ + sudolinebuf.toke_end = sudolinebuf.toke_start + (size_t)(n); \ + yyless((int)n); \ } while (0); %} @@ -318,9 +318,9 @@ DEFVAR [a-z_]+ [[:xdigit:]]+ { /* Only return DIGEST if the length is correct. */ - yy_size_t digest_len = + int digest_len = sudo_digest_getlen(digest_type); - if ((yy_size_t)sudoersleng == digest_len * 2) { + if (sudoersleng == digest_len * 2) { if (!fill(sudoerstext, sudoersleng)) yyterminate(); BEGIN INITIAL; @@ -333,7 +333,7 @@ DEFVAR [a-z_]+ [A-Za-z0-9\+/=]+ { /* Only return DIGEST if the length is correct. */ - yy_size_t len, digest_len = + int len, digest_len = sudo_digest_getlen(digest_type); if (sudoerstext[sudoersleng - 1] == '=') { /* use padding */ @@ -342,7 +342,7 @@ DEFVAR [a-z_]+ /* no padding */ len = (4 * digest_len + 2) / 3; } - if ((yy_size_t)sudoersleng == len) { + if (sudoersleng == len) { if (!fill(sudoerstext, sudoersleng)) yyterminate(); BEGIN INITIAL; @@ -1208,7 +1208,7 @@ expand_include(const char *src) dst_size = 0; for (cp = sudo_strsplit(path, path_end, ":", &ep); cp != NULL; cp = sudo_strsplit(NULL, path_end, ":", &ep)) { - char *dirend = memrchr(cp, '/', ep - cp); + char *dirend = memrchr(cp, '/', (size_t)(ep - cp)); if (dirend != NULL) { dst_size += (size_t)(dirend - cp) + 1; } @@ -1235,7 +1235,7 @@ expand_include(const char *src) dst_size--; } - dirend = memrchr(cp, '/', ep - cp); + dirend = memrchr(cp, '/', (size_t)(ep - cp)); if (dirend != NULL) { len = (size_t)(dirend - cp) + 1; if (len >= dst_size) @@ -1471,7 +1471,7 @@ sudoers_trace_print(const char *msg) int sudoers_trace_print(const char *msg) { - const int sudo_debug_subsys = SUDOERS_DEBUG_PARSER; + const unsigned int sudo_debug_subsys = SUDOERS_DEBUG_PARSER; if (sudo_debug_needed(SUDO_DEBUG_DEBUG)) { sudo_lbuf_append(&trace_lbuf, "%s", msg); @@ -1494,7 +1494,7 @@ sudoers_trace_print(const char *msg) * On success, buf is guaranteed to end in a newline and not contain * embedded NULs. Calls YY_FATAL_ERROR on error. */ -static yy_size_t +static int sudoers_input(char *buf, yy_size_t max_size) { char *cp; @@ -1512,12 +1512,12 @@ sudoers_input(char *buf, yy_size_t max_size) if (ch == EOF) goto sudoers_eof; ungetc(ch, sudoersin); - avail = getdelim(&sudolinebuf.buf, &sudolinebuf.size, '\n', sudoersin); + avail = (size_t)getdelim(&sudolinebuf.buf, &sudolinebuf.size, '\n', sudoersin); if (avail == (size_t)-1) { sudoers_eof: /* EOF or error. */ if (feof(sudoersin)) - return 0; + debug_return_int(0); YY_FATAL_ERROR("input in flex scanner failed"); } @@ -1535,7 +1535,7 @@ sudoers_eof: cp = realloc(sudolinebuf.buf, avail + 2); if (cp == NULL) { YY_FATAL_ERROR("unable to allocate memory"); - return 0; + debug_return_int(0); } sudolinebuf.buf = cp; sudolinebuf.size = avail + 2; @@ -1557,5 +1557,5 @@ sudoers_eof: memcpy(buf, sudolinebuf.buf + sudolinebuf.off, avail); sudolinebuf.off += avail; - debug_return_size_t(avail); + debug_return_int((int)avail); } diff --git a/plugins/sudoers/toke_util.c b/plugins/sudoers/toke_util.c index e75c96115..c5295f698 100644 --- a/plugins/sudoers/toke_util.c +++ b/plugins/sudoers/toke_util.c @@ -37,8 +37,8 @@ #include "toke.h" #include -static unsigned int arg_len = 0; -static unsigned int arg_size = 0; +static size_t arg_len = 0; +static size_t arg_size = 0; /* * Copy the string and collapse any escaped characters. @@ -52,7 +52,7 @@ copy_string(char *dst, const char *src, size_t len) while (len--) { if (*src == '\\' && len) { if (src[1] == 'x' && len >= 3 && (h = sudo_hexchar(src + 2)) != -1) { - *dst++ = h; + *dst++ = (char)h; src += 4; len -= 3; } else { @@ -68,8 +68,9 @@ copy_string(char *dst, const char *src, size_t len) } bool -fill(const char *src, size_t len) +fill(const char *src, int ilen) { + const size_t len = (size_t)ilen; char *dst; debug_decl(fill, SUDOERS_DEBUG_PARSER); @@ -87,8 +88,9 @@ fill(const char *src, size_t len) } bool -append(const char *src, size_t len) +append(const char *src, int ilen) { + const size_t len = (size_t)ilen; size_t olen = 0; char *dst; debug_decl(append, SUDOERS_DEBUG_PARSER); @@ -118,8 +120,9 @@ append(const char *src, size_t len) ((c) == ',' || (c) == ':' || (c) == '=' || (c) == ' ' || (c) == '\t' || (c) == '#') bool -fill_cmnd(const char *src, size_t len) +fill_cmnd(const char *src, int ilen) { + const size_t len = (size_t)ilen; char *dst; size_t i; debug_decl(fill_cmnd, SUDOERS_DEBUG_PARSER); @@ -170,9 +173,10 @@ fill_cmnd(const char *src, size_t len) } bool -fill_args(const char *s, size_t len, int addspace) +fill_args(const char *s, int ilen, bool addspace) { - unsigned int new_len; + size_t len = (size_t)ilen; + size_t new_len; char *p; debug_decl(fill_args, SUDOERS_DEBUG_PARSER); @@ -192,7 +196,7 @@ fill_args(const char *s, size_t len, int addspace) if (new_len >= arg_size) { /* Allocate in increments of 128 bytes to avoid excessive realloc(). */ - arg_size = (new_len + 1 + 127) & ~127; + arg_size = (new_len + 1 + 127) & ~127U; parser_leak_remove(LEAK_PTR, sudoerslval.command.args); p = realloc(sudoerslval.command.args, arg_size); @@ -208,7 +212,7 @@ fill_args(const char *s, size_t len, int addspace) p = sudoerslval.command.args + arg_len; if (addspace) *p++ = ' '; - len = arg_size - (p - sudoerslval.command.args); + len = arg_size - (size_t)(p - sudoerslval.command.args); if (strlcpy(p, s, len) >= len) { sudo_warnx(U_("internal error, %s overflow"), __func__); parser_leak_remove(LEAK_PTR, sudoerslval.command.args); diff --git a/plugins/sudoers/tsgetgrpw.c b/plugins/sudoers/tsgetgrpw.c index 435c7dd06..418f58136 100644 --- a/plugins/sudoers/tsgetgrpw.c +++ b/plugins/sudoers/tsgetgrpw.c @@ -360,7 +360,7 @@ testsudoers_getgrouplist2(const char *name, GETGROUPS_T basegid, grpsize = sysconf(_SC_NGROUPS_MAX); if (grpsize < 0) grpsize = NGROUPS_MAX; - groups = reallocarray(NULL, grpsize, 4 * sizeof(*groups)); + groups = reallocarray(NULL, (size_t)grpsize, 4 * sizeof(*groups)); if (groups == NULL) return -1; grpsize <<= 2; @@ -398,7 +398,7 @@ testsudoers_getgrouplist2(const char *name, GETGROUPS_T basegid, /* Static group vector. */ goto done; } - tmp = reallocarray(groups, grpsize, 2 * sizeof(*groups)); + tmp = reallocarray(groups, (size_t)grpsize, 2 * sizeof(*groups)); if (tmp == NULL) { free(groups); groups = NULL; diff --git a/plugins/sudoers/visudo.c b/plugins/sudoers/visudo.c index 794e0033c..a7c87c9f6 100644 --- a/plugins/sudoers/visudo.c +++ b/plugins/sudoers/visudo.c @@ -514,7 +514,7 @@ edit_sudoers(struct sudoersfile *sp, char *editor, int editor_argc, (void) lseek(sp->fd, (off_t)0, SEEK_SET); while ((nread = read(sp->fd, buf, sizeof(buf))) > 0) { - if (write(tfd, buf, nread) != nread) + if (write(tfd, buf, (size_t)nread) == -1) sudo_fatal("%s", U_("write error")); lastch = buf[nread - 1]; } @@ -522,7 +522,7 @@ edit_sudoers(struct sudoersfile *sp, char *editor, int editor_argc, /* Add missing newline at EOF if needed. */ if (lastch != '\n') { lastch = '\n'; - if (write(tfd, &lastch, 1) != 1) + if (write(tfd, &lastch, 1) == -1) sudo_fatal("%s", U_("write error")); } } @@ -1068,7 +1068,7 @@ new_sudoers(const char *path, bool doedit) cp != NULL; cp = sudo_strsplit(NULL, path_end, ":", &ep)) { char fname[PATH_MAX]; - len = ep - cp; + len = (size_t)(ep - cp); if (len >= sizeof(fname)) { errno = ENAMETOOLONG; break;