diff --git a/plugins/python/pyhelpers.c b/plugins/python/pyhelpers.c index d20e459cf..27e9ffb3b 100644 --- a/plugins/python/pyhelpers.c +++ b/plugins/python/pyhelpers.c @@ -143,15 +143,13 @@ py_log_last_error(const char *context_message) PyObject *py_type = NULL, *py_message = NULL, *py_traceback = NULL; PyErr_Fetch(&py_type, &py_message, &py_traceback); - char *message = py_message ? py_create_string_rep(py_message) : strdup("(NULL)"); - if (message == NULL) - message = strdup("?"); + char *message = py_message ? py_create_string_rep(py_message) : NULL; py_sudo_log(SUDO_CONV_ERROR_MSG, "%s%s(%s) %s\n", context_message ? context_message : "", context_message && *context_message ? ": " : "", py_type ? ((PyTypeObject *)py_type)->tp_name : "None", - message); + message ? message : "(NULL)"); free(message); if (py_traceback != NULL) { @@ -216,6 +214,9 @@ py_str_array_from_tuple(PyObject *py_tuple) // we need an extra 0 at the end char **result = calloc(Py_SSIZE2SIZE(tuple_size) + 1, sizeof(char*)); + if (result == NULL) { + debug_return_ptr(NULL); + } for (int i = 0; i < tuple_size; ++i) { PyObject *py_value = PyTuple_GetItem(py_tuple, i); @@ -343,13 +344,9 @@ _py_debug_python_function(const char *class_name, const char *function_name, con Py_DECREF(py_kwargs_sorted); } - if (args_str == NULL) - args_str = strdup("()"); - if (kwargs_str == NULL) - kwargs_str = strdup(""); - sudo_debug_printf(SUDO_DEBUG_DIAG, "%s.%s %s: %s %s\n", class_name, - function_name, message, args_str, kwargs_str); + function_name, message, args_str ? args_str : "()", + kwargs_str ? kwargs_str : ""); free(args_str); free(kwargs_str); } diff --git a/plugins/python/python_plugin_common.h b/plugins/python/python_plugin_common.h index 4b986a6f5..b7481a1ac 100644 --- a/plugins/python/python_plugin_common.h +++ b/plugins/python/python_plugin_common.h @@ -76,7 +76,7 @@ const char *python_plugin_name(struct PluginContext *plugin_ctx); // version is enough and "errstr" is valid #define CALLBACK_SET_ERROR(plugin_ctx, errstr) \ do { \ - if ((plugin_ctx)->sudo_api_version >= SUDO_API_MKVERSION(1, 15) && errstr != NULL) { \ + if ((plugin_ctx)->sudo_api_version >= SUDO_API_MKVERSION(1, 15)) { \ if (errstr != NULL) \ *errstr = (plugin_ctx)->callback_error; \ } \ diff --git a/plugins/python/sudo_python_module.c b/plugins/python/sudo_python_module.c index 116b9e3d2..cb4b20186 100644 --- a/plugins/python/sudo_python_module.c +++ b/plugins/python/sudo_python_module.c @@ -351,6 +351,8 @@ python_sudo_conversation(PyObject *Py_UNUSED(self), PyObject *py_args, PyObject } replies = calloc(Py_SSIZE2SIZE(num_msgs), sizeof(struct sudo_conv_reply)); + if (replies == NULL) + goto cleanup; py_result = PyTuple_New(num_msgs); if (py_result == NULL) goto cleanup; diff --git a/src/parse_args.c b/src/parse_args.c index 119cea8e1..ebdcc4e7b 100644 --- a/src/parse_args.c +++ b/src/parse_args.c @@ -374,8 +374,8 @@ parse_args(int argc, char **argv, int *old_optind, int *nargc, char ***nargv, * If we see a non-option after the -h flag, treat as * remote host and bump optind to skip over it. */ - if (got_host_flag && !is_envar && - argv[optind] != NULL && argv[optind][0] != '-') { + if (got_host_flag && argv[optind] != NULL && + argv[optind][0] != '-' && !is_envar) { if (sudo_settings[ARG_REMOTE_HOST].value != NULL) usage(); sudo_settings[ARG_REMOTE_HOST].value = argv[optind++]; diff --git a/src/selinux.c b/src/selinux.c index 69d2db606..a2f73f8d0 100644 --- a/src/selinux.c +++ b/src/selinux.c @@ -206,7 +206,7 @@ relabel_tty(const char *ttyn, int ptyfd) if (tty_con != NULL) { security_class_t tclass = string_to_security_class("chr_file"); if (tclass == 0) { - sudo_warn(U_("unknown security class \"chr_file\", not relabeling tty")); + sudo_warn("%s", U_("unknown security class \"chr_file\", not relabeling tty")); goto bad; } if (security_compute_relabel(se_state.new_context, tty_con,