diff options
| author | Luke Shumaker <lukeshu@sbcglobal.net> | 2014-12-15 04:35:09 -0500 |
|---|---|---|
| committer | Luke Shumaker <lukeshu@sbcglobal.net> | 2014-12-15 04:35:09 -0500 |
| commit | 2a86df94e9441527456e0d24648039882031a9a2 (patch) | |
| tree | ae1769334a4efd35ba7524b294ac186942df5d97 | |
| parent | 24a303bc75ce02d3242dc76869e5ec91f81a29f3 (diff) | |
be stricter everywhere (-D_FORTIFY_SOURCE=2)
| -rw-r--r-- | common/Makefile.am | 4 | ||||
| -rw-r--r-- | compat/Makefile.am | 4 | ||||
| -rw-r--r-- | nslcd/Makefile.am | 2 | ||||
| -rw-r--r-- | nslcd/hackers_parse.c | 6 | ||||
| -rw-r--r-- | nslcd/hackers_watch.c | 9 | ||||
| -rw-r--r-- | nslcd/hackers_watch.h | 2 | ||||
| -rw-r--r-- | nslcd/invalidator.c | 6 | ||||
| -rw-r--r-- | tests/Makefile.am | 4 |
8 files changed, 23 insertions, 14 deletions
diff --git a/common/Makefile.am b/common/Makefile.am index 0549426..8b30964 100644 --- a/common/Makefile.am +++ b/common/Makefile.am @@ -19,8 +19,8 @@ noinst_LIBRARIES = libtio.a libprot.a libdict.a libexpr.a libinotify_helpers.a -AM_CPPFLAGS=-I$(top_srcdir) -AM_CFLAGS = -fPIC +AM_CPPFLAGS=-I$(top_srcdir) -D_FORTIFY_SOURCE=2 +AM_CFLAGS = -fPIC -Wall -Werror -Wextra -Wno-unused-parameter libtio_a_SOURCES = tio.c tio.h diff --git a/compat/Makefile.am b/compat/Makefile.am index b240b1c..922b7c6 100644 --- a/compat/Makefile.am +++ b/compat/Makefile.am @@ -19,8 +19,8 @@ noinst_LIBRARIES = libcompat.a -AM_CPPFLAGS=-I$(top_srcdir) -AM_CFLAGS = -fPIC +AM_CPPFLAGS=-I$(top_srcdir) -D_FORTIFY_SOURCE=2 +AM_CFLAGS = -fPIC -Wall -Werror -Wextra -Wno-unused-parameter EXTRA_DIST = getopt_long.c getopt_long.h \ shell.h \ diff --git a/nslcd/Makefile.am b/nslcd/Makefile.am index cda2716..8afc690 100644 --- a/nslcd/Makefile.am +++ b/nslcd/Makefile.am @@ -20,7 +20,7 @@ sbin_PROGRAMS = nslcd -AM_CPPFLAGS=-I$(top_srcdir) -D_XOPEN_SOURCE=500 # for pthread_rwlock +AM_CPPFLAGS=-I$(top_srcdir) -D_FORTIFY_SOURCE=2 -D_XOPEN_SOURCE=500 AM_CFLAGS = -std=c99 $(PTHREAD_CFLAGS) -Wall -Werror -Wextra -Wno-unused-parameter nslcd_SOURCES = nslcd.c ../nslcd.h ../common/nslcd-prot.h \ diff --git a/nslcd/hackers_parse.c b/nslcd/hackers_parse.c index 7d63995..2a98fc1 100644 --- a/nslcd/hackers_parse.c +++ b/nslcd/hackers_parse.c @@ -126,7 +126,8 @@ load_user_password(struct passwd *user) { ssize_t line_len; size_t line_cap = 0; - asprintf(&filename, "%s/.password", user->pw_dir); + if (asprintf(&filename, "%s/.password", user->pw_dir) < 0) + goto nopassword; if ((file = fopen(filename, "r")) == NULL) goto nopassword; // TODO: check permissions on 'file' @@ -175,7 +176,8 @@ load_user_yaml(const char *filename, struct passwd *user) { yaml_node_t *val = NODE(pair->value); if (strcmp("username", STR_VALUE(key))==0) { user->pw_name = strdup(STR_VALUE(val)); - asprintf(&(user->pw_dir), "/home/%s", user->pw_name); + if (asprintf(&(user->pw_dir), "/home/%s", user->pw_name) < 0) + goto error; flags |= PW_NAME | PW_DIR; } if (strcmp("fullname", STR_VALUE(key))==0) { diff --git a/nslcd/hackers_watch.c b/nslcd/hackers_watch.c index 31e7e3b..1516593 100644 --- a/nslcd/hackers_watch.c +++ b/nslcd/hackers_watch.c @@ -50,7 +50,8 @@ hackers_init(const char *yamldir, struct session *sess) { sess->in_wd_yaml = inotify_add_watch(sess->in_fd, yamldir, EVENT_CHILD_ANY); sess->in_wd_home = inotify_add_watch(sess->in_fd, "/home" , EVENT_CHILD_ADD); - asprintf(&glob_pattern, "%s/*.yml", yamldir); + if (asprintf(&glob_pattern, "%s/*.yml", yamldir) < 0) + return -1; glob(glob_pattern, 0, NULL, &glob_results); free(glob_pattern); @@ -136,9 +137,10 @@ worker_handle_del_yaml(struct session *sess, uid_t uid) { pthread_rwlock_unlock(&(sess->lock)); } -void +int hackers_worker(struct session *sess) { - chdir(sess->yamldir); + if (chdir(sess->yamldir) < 0) + return -1; for (INOTIFY_ITERATOR(sess->in_fd, event)) { if (event->wd == sess->in_wd_yaml) { /* handle updates to yaml files */ @@ -183,4 +185,5 @@ hackers_worker(struct session *sess) { } } } + return -1; } diff --git a/nslcd/hackers_watch.h b/nslcd/hackers_watch.h index dd2f372..91e6319 100644 --- a/nslcd/hackers_watch.h +++ b/nslcd/hackers_watch.h @@ -4,6 +4,6 @@ #include "hackers.h" int hackers_init(const char *yamldir, struct session *session); -void hackers_worker(struct session *session); +int hackers_worker(struct session *session); #endif diff --git a/nslcd/invalidator.c b/nslcd/invalidator.c index 11ffa5c..550ca8b 100644 --- a/nslcd/invalidator.c +++ b/nslcd/invalidator.c @@ -159,7 +159,11 @@ static void handle_requests(int fd) const char *db; log_log(LOG_DEBUG, "invalidator: starting"); /* set up environment */ - (void)chdir("/"); + if (chdir("/") < 0) + { + log_log(LOG_ERR, "invalidator: could not chdir to root"); + _exit(EXIT_SUCCESS); + } putenv("PATH=/usr/sbin:/usr/bin:/sbin:/bin"); /* handle incoming requests */ while (1) diff --git a/tests/Makefile.am b/tests/Makefile.am index 867ca02..9674551 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -37,8 +37,8 @@ EXTRA_DIST = README nslcd-test.conf usernames.txt testenv.sh test_myldap.sh \ CLEANFILES = $(EXTRA_PROGRAMS) -AM_CPPFLAGS = -I$(top_srcdir) -AM_CFLAGS = $(PTHREAD_CFLAGS) -g +AM_CPPFLAGS = -I$(top_srcdir) -D_FORTIFY_SOURCE=2 +AM_CFLAGS = $(PTHREAD_CFLAGS) -g -Wall -Werror -Wextra -Wno-unused-parameter test_dict_SOURCES = test_dict.c ../common/dict.h test_dict_LDADD = ../common/libdict.a |