summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorderaadt@openbsd.org <deraadt@openbsd.org>2019-06-28 13:35:04 +0000
committerDamien Miller <djm@mindrot.org>2019-07-05 11:10:39 +1000
commit4d28fa78abce2890e136281950633fae2066cc29 (patch)
tree33226ec64ced661bb7e40005e30744b68fa59a80
parente8c974043c1648eab0ad67a7ba6a3e444fe79d2d (diff)
upstream: When system calls indicate an error they return -1, not
some arbitrary value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if this strictness helps us in the future. OpenBSD-Commit-ID: 48081f00db7518e3b712a49dca06efc2a5428075
Diffstat
-rw-r--r--auth-rhosts.c10
-rw-r--r--auth.c16
-rw-r--r--authfd.c6
-rw-r--r--authfile.c12
-rw-r--r--canohost.c6
-rw-r--r--channels.c46
-rw-r--r--clientloop.c12
-rw-r--r--misc.c18
-rw-r--r--monitor.c10
-rw-r--r--monitor_wrap.c4
-rw-r--r--mux.c8
-rw-r--r--nchan.c6
-rw-r--r--packet.c14
-rw-r--r--readconf.c4
-rw-r--r--readpass.c10
-rw-r--r--scp.c24
-rw-r--r--serverloop.c8
-rw-r--r--session.c48
-rw-r--r--sftp-server.c24
-rw-r--r--ssh-add.c6
-rw-r--r--ssh-agent.c10
-rw-r--r--ssh-keygen.c24
-rw-r--r--ssh-keyscan.c12
-rw-r--r--ssh.c18
-rw-r--r--sshconnect.c26
-rw-r--r--sshconnect2.c20
-rw-r--r--sshd.c30
-rw-r--r--sshkey-xmss.c14
-rw-r--r--sshlogin.c2
-rw-r--r--sshpty.c18
-rw-r--r--uidswap.c32
31 files changed, 249 insertions, 249 deletions
diff --git a/auth-rhosts.c b/auth-rhosts.c
index 57296e1f6..63c1c8acb 100644
--- a/auth-rhosts.c
+++ b/auth-rhosts.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: auth-rhosts.c,v 1.49 2018/07/09 21:35:50 markus Exp $ */ 1/* $OpenBSD: auth-rhosts.c,v 1.50 2019/06/28 13:35:04 deraadt Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -222,8 +222,8 @@ auth_rhosts2(struct passwd *pw, const char *client_user, const char *hostname,
222 * are no system-wide files. 222 * are no system-wide files.
223 */ 223 */
224 if (!rhosts_files[rhosts_file_index] && 224 if (!rhosts_files[rhosts_file_index] &&
225 stat(_PATH_RHOSTS_EQUIV, &st) < 0 && 225 stat(_PATH_RHOSTS_EQUIV, &st) == -1 &&
226 stat(_PATH_SSH_HOSTS_EQUIV, &st) < 0) { 226 stat(_PATH_SSH_HOSTS_EQUIV, &st) == -1) {
227 debug3("%s: no hosts access files exist", __func__); 227 debug3("%s: no hosts access files exist", __func__);
228 return 0; 228 return 0;
229 } 229 }
@@ -253,7 +253,7 @@ auth_rhosts2(struct passwd *pw, const char *client_user, const char *hostname,
253 * Check that the home directory is owned by root or the user, and is 253 * Check that the home directory is owned by root or the user, and is
254 * not group or world writable. 254 * not group or world writable.
255 */ 255 */
256 if (stat(pw->pw_dir, &st) < 0) { 256 if (stat(pw->pw_dir, &st) == -1) {
257 logit("Rhosts authentication refused for %.100s: " 257 logit("Rhosts authentication refused for %.100s: "
258 "no home directory %.200s", pw->pw_name, pw->pw_dir); 258 "no home directory %.200s", pw->pw_name, pw->pw_dir);
259 auth_debug_add("Rhosts authentication refused for %.100s: " 259 auth_debug_add("Rhosts authentication refused for %.100s: "
@@ -278,7 +278,7 @@ auth_rhosts2(struct passwd *pw, const char *client_user, const char *hostname,
278 /* Check users .rhosts or .shosts. */ 278 /* Check users .rhosts or .shosts. */
279 snprintf(buf, sizeof buf, "%.500s/%.100s", 279 snprintf(buf, sizeof buf, "%.500s/%.100s",
280 pw->pw_dir, rhosts_files[rhosts_file_index]); 280 pw->pw_dir, rhosts_files[rhosts_file_index]);
281 if (stat(buf, &st) < 0) 281 if (stat(buf, &st) == -1)
282 continue; 282 continue;
283 283
284 /* 284 /*
diff --git a/auth.c b/auth.c
index 8696f258e..b41d39cdc 100644
--- a/auth.c
+++ b/auth.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: auth.c,v 1.138 2019/01/19 21:41:18 djm Exp $ */ 1/* $OpenBSD: auth.c,v 1.139 2019/06/28 13:35:04 deraadt Exp $ */
2/* 2/*
3 * Copyright (c) 2000 Markus Friedl. All rights reserved. 3 * Copyright (c) 2000 Markus Friedl. All rights reserved.
4 * 4 *
@@ -167,7 +167,7 @@ allowed_user(struct ssh *ssh, struct passwd * pw)
167 char *shell = xstrdup((pw->pw_shell[0] == '\0') ? 167 char *shell = xstrdup((pw->pw_shell[0] == '\0') ?
168 _PATH_BSHELL : pw->pw_shell); /* empty = /bin/sh */ 168 _PATH_BSHELL : pw->pw_shell); /* empty = /bin/sh */
169 169
170 if (stat(shell, &st) != 0) { 170 if (stat(shell, &st) == -1) {
171 logit("User %.100s not allowed because shell %.100s " 171 logit("User %.100s not allowed because shell %.100s "
172 "does not exist", pw->pw_name, shell); 172 "does not exist", pw->pw_name, shell);
173 free(shell); 173 free(shell);
@@ -517,7 +517,7 @@ auth_openfile(const char *file, struct passwd *pw, int strict_modes,
517 return NULL; 517 return NULL;
518 } 518 }
519 519
520 if (fstat(fd, &st) < 0) { 520 if (fstat(fd, &st) == -1) {
521 close(fd); 521 close(fd);
522 return NULL; 522 return NULL;
523 } 523 }
@@ -746,7 +746,7 @@ remote_hostname(struct ssh *ssh)
746 fromlen = sizeof(from); 746 fromlen = sizeof(from);
747 memset(&from, 0, sizeof(from)); 747 memset(&from, 0, sizeof(from));
748 if (getpeername(ssh_packet_get_connection_in(ssh), 748 if (getpeername(ssh_packet_get_connection_in(ssh),
749 (struct sockaddr *)&from, &fromlen) < 0) { 749 (struct sockaddr *)&from, &fromlen) == -1) {
750 debug("getpeername failed: %.100s", strerror(errno)); 750 debug("getpeername failed: %.100s", strerror(errno));
751 return strdup(ntop); 751 return strdup(ntop);
752 } 752 }
@@ -884,7 +884,7 @@ subprocess(const char *tag, struct passwd *pw, const char *command,
884 return 0; 884 return 0;
885 } 885 }
886 temporarily_use_uid(pw); 886 temporarily_use_uid(pw);
887 if (stat(av[0], &st) < 0) { 887 if (stat(av[0], &st) == -1) {
888 error("Could not stat %s \"%s\": %s", tag, 888 error("Could not stat %s \"%s\": %s", tag,
889 av[0], strerror(errno)); 889 av[0], strerror(errno));
890 restore_uid(); 890 restore_uid();
@@ -896,7 +896,7 @@ subprocess(const char *tag, struct passwd *pw, const char *command,
896 return 0; 896 return 0;
897 } 897 }
898 /* Prepare to keep the child's stdout if requested */ 898 /* Prepare to keep the child's stdout if requested */
899 if (pipe(p) != 0) { 899 if (pipe(p) == -1) {
900 error("%s: pipe: %s", tag, strerror(errno)); 900 error("%s: pipe: %s", tag, strerror(errno));
901 restore_uid(); 901 restore_uid();
902 return 0; 902 return 0;
@@ -946,12 +946,12 @@ subprocess(const char *tag, struct passwd *pw, const char *command,
946 closefrom(STDERR_FILENO + 1); 946 closefrom(STDERR_FILENO + 1);
947 947
948 /* Don't use permanently_set_uid() here to avoid fatal() */ 948 /* Don't use permanently_set_uid() here to avoid fatal() */
949 if (setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) != 0) { 949 if (setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) == -1) {
950 error("%s: setresgid %u: %s", tag, (u_int)pw->pw_gid, 950 error("%s: setresgid %u: %s", tag, (u_int)pw->pw_gid,
951 strerror(errno)); 951 strerror(errno));
952 _exit(1); 952 _exit(1);
953 } 953 }
954 if (setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid) != 0) { 954 if (setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid) == -1) {
955 error("%s: setresuid %u: %s", tag, (u_int)pw->pw_uid, 955 error("%s: setresuid %u: %s", tag, (u_int)pw->pw_uid,
956 strerror(errno)); 956 strerror(errno));
957 _exit(1); 957 _exit(1);
diff --git a/authfd.c b/authfd.c
index 327a333d2..fd8f336fc 100644
--- a/authfd.c
+++ b/authfd.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: authfd.c,v 1.114 2019/06/21 04:21:04 djm Exp $ */ 1/* $OpenBSD: authfd.c,v 1.115 2019/06/28 13:35:04 deraadt Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -101,12 +101,12 @@ ssh_get_authentication_socket(int *fdp)
101 sunaddr.sun_family = AF_UNIX; 101 sunaddr.sun_family = AF_UNIX;
102 strlcpy(sunaddr.sun_path, authsocket, sizeof(sunaddr.sun_path)); 102 strlcpy(sunaddr.sun_path, authsocket, sizeof(sunaddr.sun_path));
103 103
104 if ((sock = socket(AF_UNIX, SOCK_STREAM, 0)) < 0) 104 if ((sock = socket(AF_UNIX, SOCK_STREAM, 0)) == -1)
105 return SSH_ERR_SYSTEM_ERROR; 105 return SSH_ERR_SYSTEM_ERROR;
106 106
107 /* close on exec */ 107 /* close on exec */
108 if (fcntl(sock, F_SETFD, FD_CLOEXEC) == -1 || 108 if (fcntl(sock, F_SETFD, FD_CLOEXEC) == -1 ||
109 connect(sock, (struct sockaddr *)&sunaddr, sizeof(sunaddr)) < 0) { 109 connect(sock, (struct sockaddr *)&sunaddr, sizeof(sunaddr)) == -1) {
110 oerrno = errno; 110 oerrno = errno;
111 close(sock); 111 close(sock);
112 errno = oerrno; 112 errno = oerrno;
diff --git a/authfile.c b/authfile.c
index b1c92f4ad..2166c1689 100644
--- a/authfile.c
+++ b/authfile.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: authfile.c,v 1.131 2018/09/21 12:20:12 djm Exp $ */ 1/* $OpenBSD: authfile.c,v 1.132 2019/06/28 13:35:04 deraadt Exp $ */
2/* 2/*
3 * Copyright (c) 2000, 2013 Markus Friedl. All rights reserved. 3 * Copyright (c) 2000, 2013 Markus Friedl. All rights reserved.
4 * 4 *
@@ -57,7 +57,7 @@ sshkey_save_private_blob(struct sshbuf *keybuf, const char *filename)
57{ 57{
58 int fd, oerrno; 58 int fd, oerrno;
59 59
60 if ((fd = open(filename, O_WRONLY | O_CREAT | O_TRUNC, 0600)) < 0) 60 if ((fd = open(filename, O_WRONLY | O_CREAT | O_TRUNC, 0600)) == -1)
61 return SSH_ERR_SYSTEM_ERROR; 61 return SSH_ERR_SYSTEM_ERROR;
62 if (atomicio(vwrite, fd, sshbuf_mutable_ptr(keybuf), 62 if (atomicio(vwrite, fd, sshbuf_mutable_ptr(keybuf),
63 sshbuf_len(keybuf)) != sshbuf_len(keybuf)) { 63 sshbuf_len(keybuf)) != sshbuf_len(keybuf)) {
@@ -101,7 +101,7 @@ sshkey_load_file(int fd, struct sshbuf *blob)
101 struct stat st; 101 struct stat st;
102 int r; 102 int r;
103 103
104 if (fstat(fd, &st) < 0) 104 if (fstat(fd, &st) == -1)
105 return SSH_ERR_SYSTEM_ERROR; 105 return SSH_ERR_SYSTEM_ERROR;
106 if ((st.st_mode & (S_IFSOCK|S_IFCHR|S_IFIFO)) == 0 && 106 if ((st.st_mode & (S_IFSOCK|S_IFCHR|S_IFIFO)) == 0 &&
107 st.st_size > MAX_KEY_FILE_SIZE) 107 st.st_size > MAX_KEY_FILE_SIZE)
@@ -141,7 +141,7 @@ sshkey_perm_ok(int fd, const char *filename)
141{ 141{
142 struct stat st; 142 struct stat st;
143 143
144 if (fstat(fd, &st) < 0) 144 if (fstat(fd, &st) == -1)
145 return SSH_ERR_SYSTEM_ERROR; 145 return SSH_ERR_SYSTEM_ERROR;
146 /* 146 /*
147 * if a key owned by the user is accessed, then we check the 147 * if a key owned by the user is accessed, then we check the
@@ -176,7 +176,7 @@ sshkey_load_private_type(int type, const char *filename, const char *passphrase,
176 if (commentp != NULL) 176 if (commentp != NULL)
177 *commentp = NULL; 177 *commentp = NULL;
178 178
179 if ((fd = open(filename, O_RDONLY)) < 0) { 179 if ((fd = open(filename, O_RDONLY)) == -1) {
180 if (perm_ok != NULL) 180 if (perm_ok != NULL)
181 *perm_ok = 0; 181 *perm_ok = 0;
182 return SSH_ERR_SYSTEM_ERROR; 182 return SSH_ERR_SYSTEM_ERROR;
@@ -236,7 +236,7 @@ sshkey_load_private(const char *filename, const char *passphrase,
236 if (commentp != NULL) 236 if (commentp != NULL)
237 *commentp = NULL; 237 *commentp = NULL;
238 238
239 if ((fd = open(filename, O_RDONLY)) < 0) 239 if ((fd = open(filename, O_RDONLY)) == -1)
240 return SSH_ERR_SYSTEM_ERROR; 240 return SSH_ERR_SYSTEM_ERROR;
241 if (sshkey_perm_ok(fd, filename) != 0) { 241 if (sshkey_perm_ok(fd, filename) != 0) {
242 r = SSH_ERR_KEY_BAD_PERMISSIONS; 242 r = SSH_ERR_KEY_BAD_PERMISSIONS;
diff --git a/canohost.c b/canohost.c
index f71a08568..abea9c6e6 100644
--- a/canohost.c
+++ b/canohost.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: canohost.c,v 1.73 2016/03/07 19:02:43 djm Exp $ */ 1/* $OpenBSD: canohost.c,v 1.74 2019/06/28 13:35:04 deraadt Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -164,12 +164,12 @@ get_sock_port(int sock, int local)
164 fromlen = sizeof(from); 164 fromlen = sizeof(from);
165 memset(&from, 0, sizeof(from)); 165 memset(&from, 0, sizeof(from));
166 if (local) { 166 if (local) {
167 if (getsockname(sock, (struct sockaddr *)&from, &fromlen) < 0) { 167 if (getsockname(sock, (struct sockaddr *)&from, &fromlen) == -1) {
168 error("getsockname failed: %.100s", strerror(errno)); 168 error("getsockname failed: %.100s", strerror(errno));
169 return 0; 169 return 0;
170 } 170 }
171 } else { 171 } else {
172 if (getpeername(sock, (struct sockaddr *)&from, &fromlen) < 0) { 172 if (getpeername(sock, (struct sockaddr *)&from, &fromlen) == -1) {
173 debug("getpeername failed: %.100s", strerror(errno)); 173 debug("getpeername failed: %.100s", strerror(errno));
174 return -1; 174 return -1;
175 } 175 }
diff --git a/channels.c b/channels.c
index 30691c82f..e1c7be81f 100644
--- a/channels.c
+++ b/channels.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: channels.c,v 1.392 2019/06/07 14:18:48 dtucker Exp $ */ 1/* $OpenBSD: channels.c,v 1.393 2019/06/28 13:35:04 deraadt Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -1671,7 +1671,7 @@ channel_post_x11_listener(struct ssh *ssh, Channel *c,
1671 chan_mark_dead(ssh, c); 1671 chan_mark_dead(ssh, c);
1672 errno = oerrno; 1672 errno = oerrno;
1673 } 1673 }
1674 if (newsock < 0) { 1674 if (newsock == -1) {
1675 if (errno != EINTR && errno != EWOULDBLOCK && 1675 if (errno != EINTR && errno != EWOULDBLOCK &&
1676 errno != ECONNABORTED) 1676 errno != ECONNABORTED)
1677 error("accept: %.100s", strerror(errno)); 1677 error("accept: %.100s", strerror(errno));
@@ -1814,7 +1814,7 @@ channel_post_port_listener(struct ssh *ssh, Channel *c,
1814 1814
1815 addrlen = sizeof(addr); 1815 addrlen = sizeof(addr);
1816 newsock = accept(c->sock, (struct sockaddr *)&addr, &addrlen); 1816 newsock = accept(c->sock, (struct sockaddr *)&addr, &addrlen);
1817 if (newsock < 0) { 1817 if (newsock == -1) {
1818 if (errno != EINTR && errno != EWOULDBLOCK && 1818 if (errno != EINTR && errno != EWOULDBLOCK &&
1819 errno != ECONNABORTED) 1819 errno != ECONNABORTED)
1820 error("accept: %.100s", strerror(errno)); 1820 error("accept: %.100s", strerror(errno));
@@ -1853,7 +1853,7 @@ channel_post_auth_listener(struct ssh *ssh, Channel *c,
1853 1853
1854 addrlen = sizeof(addr); 1854 addrlen = sizeof(addr);
1855 newsock = accept(c->sock, (struct sockaddr *)&addr, &addrlen); 1855 newsock = accept(c->sock, (struct sockaddr *)&addr, &addrlen);
1856 if (newsock < 0) { 1856 if (newsock == -1) {
1857 error("accept from auth socket: %.100s", strerror(errno)); 1857 error("accept from auth socket: %.100s", strerror(errno));
1858 if (errno == EMFILE || errno == ENFILE) 1858 if (errno == EMFILE || errno == ENFILE)
1859 c->notbefore = monotime() + 1; 1859 c->notbefore = monotime() + 1;
@@ -1881,7 +1881,7 @@ channel_post_connecting(struct ssh *ssh, Channel *c,
1881 fatal(":%s: channel %d: no remote id", __func__, c->self); 1881 fatal(":%s: channel %d: no remote id", __func__, c->self);
1882 /* for rdynamic the OPEN_CONFIRMATION has been sent already */ 1882 /* for rdynamic the OPEN_CONFIRMATION has been sent already */
1883 isopen = (c->type == SSH_CHANNEL_RDYNAMIC_FINISH); 1883 isopen = (c->type == SSH_CHANNEL_RDYNAMIC_FINISH);
1884 if (getsockopt(c->sock, SOL_SOCKET, SO_ERROR, &err, &sz) < 0) { 1884 if (getsockopt(c->sock, SOL_SOCKET, SO_ERROR, &err, &sz) == -1) {
1885 err = errno; 1885 err = errno;
1886 error("getsockopt SO_ERROR failed"); 1886 error("getsockopt SO_ERROR failed");
1887 } 1887 }
@@ -1956,7 +1956,7 @@ channel_handle_rfd(struct ssh *ssh, Channel *c,
1956 1956
1957 errno = 0; 1957 errno = 0;
1958 len = read(c->rfd, buf, sizeof(buf)); 1958 len = read(c->rfd, buf, sizeof(buf));
1959 if (len < 0 && (errno == EINTR || 1959 if (len == -1 && (errno == EINTR ||
1960 ((errno == EAGAIN || errno == EWOULDBLOCK) && !force))) 1960 ((errno == EAGAIN || errno == EWOULDBLOCK) && !force)))
1961 return 1; 1961 return 1;
1962#ifndef PTY_ZEROREAD 1962#ifndef PTY_ZEROREAD
@@ -2030,7 +2030,7 @@ channel_handle_wfd(struct ssh *ssh, Channel *c,
2030 /* ignore truncated writes, datagrams might get lost */ 2030 /* ignore truncated writes, datagrams might get lost */
2031 len = write(c->wfd, buf, dlen); 2031 len = write(c->wfd, buf, dlen);
2032 free(data); 2032 free(data);
2033 if (len < 0 && (errno == EINTR || errno == EAGAIN || 2033 if (len == -1 && (errno == EINTR || errno == EAGAIN ||
2034 errno == EWOULDBLOCK)) 2034 errno == EWOULDBLOCK))
2035 return 1; 2035 return 1;
2036 if (len <= 0) 2036 if (len <= 0)
@@ -2045,7 +2045,7 @@ channel_handle_wfd(struct ssh *ssh, Channel *c,
2045#endif 2045#endif
2046 2046
2047 len = write(c->wfd, buf, dlen); 2047 len = write(c->wfd, buf, dlen);
2048 if (len < 0 && 2048 if (len == -1 &&
2049 (errno == EINTR || errno == EAGAIN || errno == EWOULDBLOCK)) 2049 (errno == EINTR || errno == EAGAIN || errno == EWOULDBLOCK))
2050 return 1; 2050 return 1;
2051 if (len <= 0) { 2051 if (len <= 0) {
@@ -2099,7 +2099,7 @@ channel_handle_efd_write(struct ssh *ssh, Channel *c,
2099 len = write(c->efd, sshbuf_ptr(c->extended), 2099 len = write(c->efd, sshbuf_ptr(c->extended),
2100 sshbuf_len(c->extended)); 2100 sshbuf_len(c->extended));
2101 debug2("channel %d: written %zd to efd %d", c->self, len, c->efd); 2101 debug2("channel %d: written %zd to efd %d", c->self, len, c->efd);
2102 if (len < 0 && (errno == EINTR || errno == EAGAIN || 2102 if (len == -1 && (errno == EINTR || errno == EAGAIN ||
2103 errno == EWOULDBLOCK)) 2103 errno == EWOULDBLOCK))
2104 return 1; 2104 return 1;
2105 if (len <= 0) { 2105 if (len <= 0) {
@@ -2130,7 +2130,7 @@ channel_handle_efd_read(struct ssh *ssh, Channel *c,
2130 2130
2131 len = read(c->efd, buf, sizeof(buf)); 2131 len = read(c->efd, buf, sizeof(buf));
2132 debug2("channel %d: read %zd from efd %d", c->self, len, c->efd); 2132 debug2("channel %d: read %zd from efd %d", c->self, len, c->efd);
2133 if (len < 0 && (errno == EINTR || ((errno == EAGAIN || 2133 if (len == -1 && (errno == EINTR || ((errno == EAGAIN ||
2134 errno == EWOULDBLOCK) && !force))) 2134 errno == EWOULDBLOCK) && !force)))
2135 return 1; 2135 return 1;
2136 if (len <= 0) { 2136 if (len <= 0) {
@@ -2219,7 +2219,7 @@ read_mux(struct ssh *ssh, Channel *c, u_int need)
2219 if (sshbuf_len(c->input) < need) { 2219 if (sshbuf_len(c->input) < need) {
2220 rlen = need - sshbuf_len(c->input); 2220 rlen = need - sshbuf_len(c->input);
2221 len = read(c->rfd, buf, MINIMUM(rlen, CHAN_RBUF)); 2221 len = read(c->rfd, buf, MINIMUM(rlen, CHAN_RBUF));
2222 if (len < 0 && (errno == EINTR || errno == EAGAIN)) 2222 if (len == -1 && (errno == EINTR || errno == EAGAIN))
2223 return sshbuf_len(c->input); 2223 return sshbuf_len(c->input);
2224 if (len <= 0) { 2224 if (len <= 0) {
2225 debug2("channel %d: ctl read<=0 rfd %d len %zd", 2225 debug2("channel %d: ctl read<=0 rfd %d len %zd",
@@ -2283,7 +2283,7 @@ channel_post_mux_client_write(struct ssh *ssh, Channel *c,
2283 return; 2283 return;
2284 2284
2285 len = write(c->wfd, sshbuf_ptr(c->output), sshbuf_len(c->output)); 2285 len = write(c->wfd, sshbuf_ptr(c->output), sshbuf_len(c->output));
2286 if (len < 0 && (errno == EINTR || errno == EAGAIN)) 2286 if (len == -1 && (errno == EINTR || errno == EAGAIN))
2287 return; 2287 return;
2288 if (len <= 0) { 2288 if (len <= 0) {
2289 chan_mark_dead(ssh, c); 2289 chan_mark_dead(ssh, c);
@@ -2331,7 +2331,7 @@ channel_post_mux_listener(struct ssh *ssh, Channel *c,
2331 return; 2331 return;
2332 } 2332 }
2333 2333
2334 if (getpeereid(newsock, &euid, &egid) < 0) { 2334 if (getpeereid(newsock, &euid, &egid) == -1) {
2335 error("%s getpeereid failed: %s", __func__, 2335 error("%s getpeereid failed: %s", __func__,
2336 strerror(errno)); 2336 strerror(errno));
2337 close(newsock); 2337 close(newsock);
@@ -3461,7 +3461,7 @@ channel_setup_fwd_listener_tcpip(struct ssh *ssh, int type,
3461 } 3461 }
3462 /* Create a port to listen for the host. */ 3462 /* Create a port to listen for the host. */
3463 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol); 3463 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
3464 if (sock < 0) { 3464 if (sock == -1) {
3465 /* this is no error since kernel may not support ipv6 */ 3465 /* this is no error since kernel may not support ipv6 */
3466 verbose("socket [%s]:%s: %.100s", ntop, strport, 3466 verbose("socket [%s]:%s: %.100s", ntop, strport,
3467 strerror(errno)); 3467 strerror(errno));
@@ -3476,7 +3476,7 @@ channel_setup_fwd_listener_tcpip(struct ssh *ssh, int type,
3476 ntop, strport); 3476 ntop, strport);
3477 3477
3478 /* Bind the socket to the address. */ 3478 /* Bind the socket to the address. */
3479 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) { 3479 if (bind(sock, ai->ai_addr, ai->ai_addrlen) == -1) {
3480 /* 3480 /*
3481 * address can be in if use ipv6 address is 3481 * address can be in if use ipv6 address is
3482 * already bound 3482 * already bound
@@ -3492,7 +3492,7 @@ channel_setup_fwd_listener_tcpip(struct ssh *ssh, int type,
3492 continue; 3492 continue;
3493 } 3493 }
3494 /* Start listening for connections on the socket. */ 3494 /* Start listening for connections on the socket. */
3495 if (listen(sock, SSH_LISTEN_BACKLOG) < 0) { 3495 if (listen(sock, SSH_LISTEN_BACKLOG) == -1) {
3496 error("listen: %.100s", strerror(errno)); 3496 error("listen: %.100s", strerror(errno));
3497 error("listen [%s]:%s: %.100s", ntop, strport, 3497 error("listen [%s]:%s: %.100s", ntop, strport,
3498 strerror(errno)); 3498 strerror(errno));
@@ -4512,7 +4512,7 @@ channel_send_window_changes(struct ssh *ssh)
4512 if (sc->channels[i] == NULL || !sc->channels[i]->client_tty || 4512 if (sc->channels[i] == NULL || !sc->channels[i]->client_tty ||
4513 sc->channels[i]->type != SSH_CHANNEL_OPEN) 4513 sc->channels[i]->type != SSH_CHANNEL_OPEN)
4514 continue; 4514 continue;
4515 if (ioctl(sc->channels[i]->rfd, TIOCGWINSZ, &ws) < 0) 4515 if (ioctl(sc->channels[i]->rfd, TIOCGWINSZ, &ws) == -1)
4516 continue; 4516 continue;
4517 channel_request_start(ssh, i, "window-change", 0); 4517 channel_request_start(ssh, i, "window-change", 0);
4518 if ((r = sshpkt_put_u32(ssh, (u_int)ws.ws_col)) != 0 || 4518 if ((r = sshpkt_put_u32(ssh, (u_int)ws.ws_col)) != 0 ||
@@ -4615,7 +4615,7 @@ x11_create_display_inet(struct ssh *ssh, int x11_display_offset,
4615 continue; 4615 continue;
4616 sock = socket(ai->ai_family, ai->ai_socktype, 4616 sock = socket(ai->ai_family, ai->ai_socktype,
4617 ai->ai_protocol); 4617 ai->ai_protocol);
4618 if (sock < 0) { 4618 if (sock == -1) {
4619 if ((errno != EINVAL) && (errno != EAFNOSUPPORT) 4619 if ((errno != EINVAL) && (errno != EAFNOSUPPORT)
4620#ifdef EPFNOSUPPORT 4620#ifdef EPFNOSUPPORT
4621 && (errno != EPFNOSUPPORT) 4621 && (errno != EPFNOSUPPORT)
@@ -4634,7 +4634,7 @@ x11_create_display_inet(struct ssh *ssh, int x11_display_offset,
4634 sock_set_v6only(sock); 4634 sock_set_v6only(sock);
4635 if (x11_use_localhost) 4635 if (x11_use_localhost)
4636 set_reuseaddr(sock); 4636 set_reuseaddr(sock);
4637 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) { 4637 if (bind(sock, ai->ai_addr, ai->ai_addrlen) == -1) {
4638 debug2("%s: bind port %d: %.100s", __func__, 4638 debug2("%s: bind port %d: %.100s", __func__,
4639 port, strerror(errno)); 4639 port, strerror(errno));
4640 close(sock); 4640 close(sock);
@@ -4658,7 +4658,7 @@ x11_create_display_inet(struct ssh *ssh, int x11_display_offset,
4658 /* Start listening for connections on the socket. */ 4658 /* Start listening for connections on the socket. */
4659 for (n = 0; n < num_socks; n++) { 4659 for (n = 0; n < num_socks; n++) {
4660 sock = socks[n]; 4660 sock = socks[n];
4661 if (listen(sock, SSH_LISTEN_BACKLOG) < 0) { 4661 if (listen(sock, SSH_LISTEN_BACKLOG) == -1) {
4662 error("listen: %.100s", strerror(errno)); 4662 error("listen: %.100s", strerror(errno));
4663 close(sock); 4663 close(sock);
4664 return -1; 4664 return -1;
@@ -4690,7 +4690,7 @@ connect_local_xsocket_path(const char *pathname)
4690 struct sockaddr_un addr; 4690 struct sockaddr_un addr;
4691 4691
4692 sock = socket(AF_UNIX, SOCK_STREAM, 0); 4692 sock = socket(AF_UNIX, SOCK_STREAM, 0);
4693 if (sock < 0) 4693 if (sock == -1)
4694 error("socket: %.100s", strerror(errno)); 4694 error("socket: %.100s", strerror(errno));
4695 memset(&addr, 0, sizeof(addr)); 4695 memset(&addr, 0, sizeof(addr));
4696 addr.sun_family = AF_UNIX; 4696 addr.sun_family = AF_UNIX;
@@ -4831,12 +4831,12 @@ x11_connect_display(struct ssh *ssh)
4831 for (ai = aitop; ai; ai = ai->ai_next) { 4831 for (ai = aitop; ai; ai = ai->ai_next) {
4832 /* Create a socket. */ 4832 /* Create a socket. */
4833 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol); 4833 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
4834 if (sock < 0) { 4834 if (sock == -1) {
4835 debug2("socket: %.100s", strerror(errno)); 4835 debug2("socket: %.100s", strerror(errno));
4836 continue; 4836 continue;
4837 } 4837 }
4838 /* Connect it to the display. */ 4838 /* Connect it to the display. */
4839 if (connect(sock, ai->ai_addr, ai->ai_addrlen) < 0) { 4839 if (connect(sock, ai->ai_addr, ai->ai_addrlen) == -1) {
4840 debug2("connect %.100s port %u: %.100s", buf, 4840 debug2("connect %.100s port %u: %.100s", buf,
4841 6000 + display_number, strerror(errno)); 4841 6000 + display_number, strerror(errno));
4842 close(sock); 4842 close(sock);
diff --git a/clientloop.c b/clientloop.c
index ccf8f4b8c..7f32871f8 100644
--- a/clientloop.c
+++ b/clientloop.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: clientloop.c,v 1.325 2019/06/26 22:29:43 dtucker Exp $ */ 1/* $OpenBSD: clientloop.c,v 1.326 2019/06/28 13:35:04 deraadt Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -561,7 +561,7 @@ client_wait_until_can_do_something(struct ssh *ssh,
561 } 561 }
562 562
563 ret = select((*maxfdp)+1, *readsetp, *writesetp, NULL, tvp); 563 ret = select((*maxfdp)+1, *readsetp, *writesetp, NULL, tvp);
564 if (ret < 0) { 564 if (ret == -1) {
565 /* 565 /*
566 * We have to clear the select masks, because we return. 566 * We have to clear the select masks, because we return.
567 * We have to return, because the mainloop checks for the flags 567 * We have to return, because the mainloop checks for the flags
@@ -644,11 +644,11 @@ client_process_net_input(struct ssh *ssh, fd_set *readset)
644 * There is a kernel bug on Solaris that causes select to 644 * There is a kernel bug on Solaris that causes select to
645 * sometimes wake up even though there is no data available. 645 * sometimes wake up even though there is no data available.
646 */ 646 */
647 if (len < 0 && 647 if (len == -1 &&
648 (errno == EAGAIN || errno == EINTR || errno == EWOULDBLOCK)) 648 (errno == EAGAIN || errno == EINTR || errno == EWOULDBLOCK))
649 len = 0; 649 len = 0;
650 650
651 if (len < 0) { 651 if (len == -1) {
652 /* 652 /*
653 * An error has encountered. Perhaps there is a 653 * An error has encountered. Perhaps there is a
654 * network problem. 654 * network problem.
@@ -1096,7 +1096,7 @@ process_escapes(struct ssh *ssh, Channel *c,
1096 1096
1097 /* Fork into background. */ 1097 /* Fork into background. */
1098 pid = fork(); 1098 pid = fork();
1099 if (pid < 0) { 1099 if (pid == -1) {
1100 error("fork: %.100s", strerror(errno)); 1100 error("fork: %.100s", strerror(errno));
1101 continue; 1101 continue;
1102 } 1102 }
@@ -2248,7 +2248,7 @@ client_session2_setup(struct ssh *ssh, int id, int want_tty, int want_subsystem,
2248 struct winsize ws; 2248 struct winsize ws;
2249 2249
2250 /* Store window size in the packet. */ 2250 /* Store window size in the packet. */
2251 if (ioctl(in_fd, TIOCGWINSZ, &ws) < 0) 2251 if (ioctl(in_fd, TIOCGWINSZ, &ws) == -1)
2252 memset(&ws, 0, sizeof(ws)); 2252 memset(&ws, 0, sizeof(ws));
2253 2253
2254 channel_request_start(ssh, id, "pty-req", 1); 2254 channel_request_start(ssh, id, "pty-req", 1);
diff --git a/misc.c b/misc.c
index 4011ee5f2..b90aac5c0 100644
--- a/misc.c
+++ b/misc.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: misc.c,v 1.138 2019/06/27 18:03:37 deraadt Exp $ */ 1/* $OpenBSD: misc.c,v 1.139 2019/06/28 13:35:04 deraadt Exp $ */
2/* 2/*
3 * Copyright (c) 2000 Markus Friedl. All rights reserved. 3 * Copyright (c) 2000 Markus Friedl. All rights reserved.
4 * Copyright (c) 2005,2006 Damien Miller. All rights reserved. 4 * Copyright (c) 2005,2006 Damien Miller. All rights reserved.
@@ -96,7 +96,7 @@ set_nonblock(int fd)
96 int val; 96 int val;
97 97
98 val = fcntl(fd, F_GETFL); 98 val = fcntl(fd, F_GETFL);
99 if (val < 0) { 99 if (val == -1) {
100 error("fcntl(%d, F_GETFL): %s", fd, strerror(errno)); 100 error("fcntl(%d, F_GETFL): %s", fd, strerror(errno));
101 return (-1); 101 return (-1);
102 } 102 }
@@ -120,7 +120,7 @@ unset_nonblock(int fd)
120 int val; 120 int val;
121 121
122 val = fcntl(fd, F_GETFL); 122 val = fcntl(fd, F_GETFL);
123 if (val < 0) { 123 if (val == -1) {
124 error("fcntl(%d, F_GETFL): %s", fd, strerror(errno)); 124 error("fcntl(%d, F_GETFL): %s", fd, strerror(errno));
125 return (-1); 125 return (-1);
126 } 126 }
@@ -1136,7 +1136,7 @@ tun_open(int tun, int mode, char **ifname)
1136 return -1; 1136 return -1;
1137 } 1137 }
1138 1138
1139 if (fd < 0) { 1139 if (fd == -1) {
1140 debug("%s: %s open: %s", __func__, name, strerror(errno)); 1140 debug("%s: %s open: %s", __func__, name, strerror(errno));
1141 return -1; 1141 return -1;
1142 } 1142 }
@@ -1575,7 +1575,7 @@ unix_listener(const char *path, int backlog, int unlink_first)
1575 } 1575 }
1576 1576
1577 sock = socket(PF_UNIX, SOCK_STREAM, 0); 1577 sock = socket(PF_UNIX, SOCK_STREAM, 0);
1578 if (sock < 0) { 1578 if (sock == -1) {
1579 saved_errno = errno; 1579 saved_errno = errno;
1580 error("%s: socket: %.100s", __func__, strerror(errno)); 1580 error("%s: socket: %.100s", __func__, strerror(errno));
1581 errno = saved_errno; 1581 errno = saved_errno;
@@ -1585,7 +1585,7 @@ unix_listener(const char *path, int backlog, int unlink_first)
1585 if (unlink(path) != 0 && errno != ENOENT) 1585 if (unlink(path) != 0 && errno != ENOENT)
1586 error("unlink(%s): %.100s", path, strerror(errno)); 1586 error("unlink(%s): %.100s", path, strerror(errno));
1587 } 1587 }
1588 if (bind(sock, (struct sockaddr *)&sunaddr, sizeof(sunaddr)) < 0) { 1588 if (bind(sock, (struct sockaddr *)&sunaddr, sizeof(sunaddr)) == -1) {
1589 saved_errno = errno; 1589 saved_errno = errno;
1590 error("%s: cannot bind to path %s: %s", 1590 error("%s: cannot bind to path %s: %s",
1591 __func__, path, strerror(errno)); 1591 __func__, path, strerror(errno));
@@ -1593,7 +1593,7 @@ unix_listener(const char *path, int backlog, int unlink_first)
1593 errno = saved_errno; 1593 errno = saved_errno;
1594 return -1; 1594 return -1;
1595 } 1595 }
1596 if (listen(sock, backlog) < 0) { 1596 if (listen(sock, backlog) == -1) {
1597 saved_errno = errno; 1597 saved_errno = errno;
1598 error("%s: cannot listen on path %s: %s", 1598 error("%s: cannot listen on path %s: %s",
1599 __func__, path, strerror(errno)); 1599 __func__, path, strerror(errno));
@@ -1875,7 +1875,7 @@ safe_path(const char *name, struct stat *stp, const char *pw_dir,
1875 } 1875 }
1876 strlcpy(buf, cp, sizeof(buf)); 1876 strlcpy(buf, cp, sizeof(buf));
1877 1877
1878 if (stat(buf, &st) < 0 || 1878 if (stat(buf, &st) == -1 ||
1879 (!platform_sys_dir_uid(st.st_uid) && st.st_uid != uid) || 1879 (!platform_sys_dir_uid(st.st_uid) && st.st_uid != uid) ||
1880 (st.st_mode & 022) != 0) { 1880 (st.st_mode & 022) != 0) {
1881 snprintf(err, errlen, 1881 snprintf(err, errlen,
@@ -1910,7 +1910,7 @@ safe_path_fd(int fd, const char *file, struct passwd *pw,
1910 struct stat st; 1910 struct stat st;
1911 1911
1912 /* check the open file to avoid races */ 1912 /* check the open file to avoid races */
1913 if (fstat(fd, &st) < 0) { 1913 if (fstat(fd, &st) == -1) {
1914 snprintf(err, errlen, "cannot stat file %s: %s", 1914 snprintf(err, errlen, "cannot stat file %s: %s",
1915 file, strerror(errno)); 1915 file, strerror(errno));
1916 return -1; 1916 return -1;
diff --git a/monitor.c b/monitor.c
index 60e529444..96d10913c 100644
--- a/monitor.c
+++ b/monitor.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: monitor.c,v 1.197 2019/01/21 10:38:54 djm Exp $ */ 1/* $OpenBSD: monitor.c,v 1.198 2019/06/28 13:35:04 deraadt Exp $ */
2/* 2/*
3 * Copyright 2002 Niels Provos <provos@citi.umich.edu> 3 * Copyright 2002 Niels Provos <provos@citi.umich.edu>
4 * Copyright 2002 Markus Friedl <markus@openbsd.org> 4 * Copyright 2002 Markus Friedl <markus@openbsd.org>
@@ -1470,7 +1470,7 @@ mm_record_login(struct ssh *ssh, Session *s, struct passwd *pw)
1470 fromlen = sizeof(from); 1470 fromlen = sizeof(from);
1471 if (ssh_packet_connection_is_on_socket(ssh)) { 1471 if (ssh_packet_connection_is_on_socket(ssh)) {
1472 if (getpeername(ssh_packet_get_connection_in(ssh), 1472 if (getpeername(ssh_packet_get_connection_in(ssh),
1473 (struct sockaddr *)&from, &fromlen) < 0) { 1473 (struct sockaddr *)&from, &fromlen) == -1) {
1474 debug("getpeername: %.100s", strerror(errno)); 1474 debug("getpeername: %.100s", strerror(errno));
1475 cleanup_exit(255); 1475 cleanup_exit(255);
1476 } 1476 }
@@ -1538,7 +1538,7 @@ mm_answer_pty(struct ssh *ssh, int sock, struct sshbuf *m)
1538 fatal("%s: send fds failed", __func__); 1538 fatal("%s: send fds failed", __func__);
1539 1539
1540 /* make sure nothing uses fd 0 */ 1540 /* make sure nothing uses fd 0 */
1541 if ((fd0 = open(_PATH_DEVNULL, O_RDONLY)) < 0) 1541 if ((fd0 = open(_PATH_DEVNULL, O_RDONLY)) == -1)
1542 fatal("%s: open(/dev/null): %s", __func__, strerror(errno)); 1542 fatal("%s: open(/dev/null): %s", __func__, strerror(errno));
1543 if (fd0 != 0) 1543 if (fd0 != 0)
1544 error("%s: fd0 %d != 0", __func__, fd0); 1544 error("%s: fd0 %d != 0", __func__, fd0);
@@ -1730,9 +1730,9 @@ monitor_openfds(struct monitor *mon, int do_logfds)
1730 if (socketpair(AF_UNIX, SOCK_STREAM, 0, pair) == -1) 1730 if (socketpair(AF_UNIX, SOCK_STREAM, 0, pair) == -1)
1731 fatal("%s: socketpair: %s", __func__, strerror(errno)); 1731 fatal("%s: socketpair: %s", __func__, strerror(errno));
1732#ifdef SO_ZEROIZE 1732#ifdef SO_ZEROIZE
1733 if (setsockopt(pair[0], SOL_SOCKET, SO_ZEROIZE, &on, sizeof(on)) < 0) 1733 if (setsockopt(pair[0], SOL_SOCKET, SO_ZEROIZE, &on, sizeof(on)) == -1)
1734 error("setsockopt SO_ZEROIZE(0): %.100s", strerror(errno)); 1734 error("setsockopt SO_ZEROIZE(0): %.100s", strerror(errno));
1735 if (setsockopt(pair[1], SOL_SOCKET, SO_ZEROIZE, &on, sizeof(on)) < 0) 1735 if (setsockopt(pair[1], SOL_SOCKET, SO_ZEROIZE, &on, sizeof(on)) == -1)
1736 error("setsockopt SO_ZEROIZE(1): %.100s", strerror(errno)); 1736 error("setsockopt SO_ZEROIZE(1): %.100s", strerror(errno));
1737#endif 1737#endif
1738 FD_CLOSEONEXEC(pair[0]); 1738 FD_CLOSEONEXEC(pair[0]);
diff --git a/monitor_wrap.c b/monitor_wrap.c
index 186e8f022..4169b7604 100644
--- a/monitor_wrap.c
+++ b/monitor_wrap.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: monitor_wrap.c,v 1.112 2019/01/21 09:54:11 djm Exp $ */ 1/* $OpenBSD: monitor_wrap.c,v 1.113 2019/06/28 13:35:04 deraadt Exp $ */
2/* 2/*
3 * Copyright 2002 Niels Provos <provos@citi.umich.edu> 3 * Copyright 2002 Niels Provos <provos@citi.umich.edu>
4 * Copyright 2002 Markus Friedl <markus@openbsd.org> 4 * Copyright 2002 Markus Friedl <markus@openbsd.org>
@@ -612,7 +612,7 @@ mm_session_pty_cleanup2(Session *s)
612 sshbuf_free(m); 612 sshbuf_free(m);
613 613
614 /* closed dup'ed master */ 614 /* closed dup'ed master */
615 if (s->ptymaster != -1 && close(s->ptymaster) < 0) 615 if (s->ptymaster != -1 && close(s->ptymaster) == -1)
616 error("close(s->ptymaster/%d): %s", 616 error("close(s->ptymaster/%d): %s",
617 s->ptymaster, strerror(errno)); 617 s->ptymaster, strerror(errno));
618 618
diff --git a/mux.c b/mux.c
index e89db193d..f3ea11cdc 100644
--- a/mux.c
+++ b/mux.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: mux.c,v 1.79 2019/01/19 21:35:25 djm Exp $ */ 1/* $OpenBSD: mux.c,v 1.80 2019/06/28 13:35:04 deraadt Exp $ */
2/* 2/*
3 * Copyright (c) 2002-2008 Damien Miller <djm@openbsd.org> 3 * Copyright (c) 2002-2008 Damien Miller <djm@openbsd.org>
4 * 4 *
@@ -1492,7 +1492,7 @@ mux_client_read(int fd, struct sshbuf *b, size_t need)
1492 return -1; 1492 return -1;
1493 } 1493 }
1494 len = read(fd, p + have, need - have); 1494 len = read(fd, p + have, need - have);
1495 if (len < 0) { 1495 if (len == -1) {
1496 switch (errno) { 1496 switch (errno) {
1497#if defined(EWOULDBLOCK) && (EWOULDBLOCK != EAGAIN) 1497#if defined(EWOULDBLOCK) && (EWOULDBLOCK != EAGAIN)
1498 case EWOULDBLOCK: 1498 case EWOULDBLOCK:
@@ -1541,7 +1541,7 @@ mux_client_write_packet(int fd, struct sshbuf *m)
1541 return -1; 1541 return -1;
1542 } 1542 }
1543 len = write(fd, ptr + have, need - have); 1543 len = write(fd, ptr + have, need - have);
1544 if (len < 0) { 1544 if (len == -1) {
1545 switch (errno) { 1545 switch (errno) {
1546#if defined(EWOULDBLOCK) && (EWOULDBLOCK != EAGAIN) 1546#if defined(EWOULDBLOCK) && (EWOULDBLOCK != EAGAIN)
1547 case EWOULDBLOCK: 1547 case EWOULDBLOCK:
@@ -2324,7 +2324,7 @@ muxclient(const char *path)
2324 fatal("ControlPath too long ('%s' >= %u bytes)", path, 2324 fatal("ControlPath too long ('%s' >= %u bytes)", path,
2325 (unsigned int)sizeof(addr.sun_path)); 2325 (unsigned int)sizeof(addr.sun_path));
2326 2326
2327 if ((sock = socket(PF_UNIX, SOCK_STREAM, 0)) < 0) 2327 if ((sock = socket(PF_UNIX, SOCK_STREAM, 0)) == -1)
2328 fatal("%s socket(): %s", __func__, strerror(errno)); 2328 fatal("%s socket(): %s", __func__, strerror(errno));
2329 2329
2330 if (connect(sock, (struct sockaddr *)&addr, sizeof(addr)) == -1) { 2330 if (connect(sock, (struct sockaddr *)&addr, sizeof(addr)) == -1) {
diff --git a/nchan.c b/nchan.c
index 8294d7fca..1e96eb641 100644
--- a/nchan.c
+++ b/nchan.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: nchan.c,v 1.69 2018/10/04 07:47:35 djm Exp $ */ 1/* $OpenBSD: nchan.c,v 1.70 2019/06/28 13:35:04 deraadt Exp $ */
2/* 2/*
3 * Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl. All rights reserved. 3 * Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl. All rights reserved.
4 * 4 *
@@ -380,7 +380,7 @@ chan_shutdown_write(struct ssh *ssh, Channel *c)
380 c->self, __func__, c->istate, c->ostate, c->sock, c->wfd, c->efd, 380 c->self, __func__, c->istate, c->ostate, c->sock, c->wfd, c->efd,
381 channel_format_extended_usage(c)); 381 channel_format_extended_usage(c));
382 if (c->sock != -1) { 382 if (c->sock != -1) {
383 if (shutdown(c->sock, SHUT_WR) < 0) { 383 if (shutdown(c->sock, SHUT_WR) == -1) {
384 debug2("channel %d: %s: shutdown() failed for " 384 debug2("channel %d: %s: shutdown() failed for "
385 "fd %d [i%d o%d]: %.100s", c->self, __func__, 385 "fd %d [i%d o%d]: %.100s", c->self, __func__,
386 c->sock, c->istate, c->ostate, 386 c->sock, c->istate, c->ostate,
@@ -410,7 +410,7 @@ chan_shutdown_read(struct ssh *ssh, Channel *c)
410 * write side has been closed already. (bug on Linux) 410 * write side has been closed already. (bug on Linux)
411 * HP-UX may return ENOTCONN also. 411 * HP-UX may return ENOTCONN also.
412 */ 412 */
413 if (shutdown(c->sock, SHUT_RD) < 0 && errno != ENOTCONN) { 413 if (shutdown(c->sock, SHUT_RD) == -1 && errno != ENOTCONN) {
414 error("channel %d: %s: shutdown() failed for " 414 error("channel %d: %s: shutdown() failed for "
415 "fd %d [i%d o%d]: %.100s", 415 "fd %d [i%d o%d]: %.100s",
416 c->self, __func__, c->sock, c->istate, c->ostate, 416 c->self, __func__, c->sock, c->istate, c->ostate,
diff --git a/packet.c b/packet.c
index 8333c7ca9..817da43b5 100644
--- a/packet.c
+++ b/packet.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: packet.c,v 1.285 2019/06/07 14:18:48 dtucker Exp $ */ 1/* $OpenBSD: packet.c,v 1.286 2019/06/28 13:35:04 deraadt Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -440,12 +440,12 @@ ssh_packet_connection_is_on_socket(struct ssh *ssh)
440 fromlen = sizeof(from); 440 fromlen = sizeof(from);
441 memset(&from, 0, sizeof(from)); 441 memset(&from, 0, sizeof(from));
442 if (getpeername(state->connection_in, (struct sockaddr *)&from, 442 if (getpeername(state->connection_in, (struct sockaddr *)&from,
443 &fromlen) < 0) 443 &fromlen) == -1)
444 return 0; 444 return 0;
445 tolen = sizeof(to); 445 tolen = sizeof(to);
446 memset(&to, 0, sizeof(to)); 446 memset(&to, 0, sizeof(to));
447 if (getpeername(state->connection_out, (struct sockaddr *)&to, 447 if (getpeername(state->connection_out, (struct sockaddr *)&to,
448 &tolen) < 0) 448 &tolen) == -1)
449 return 0; 449 return 0;
450 if (fromlen != tolen || memcmp(&from, &to, fromlen) != 0) 450 if (fromlen != tolen || memcmp(&from, &to, fromlen) != 0)
451 return 0; 451 return 0;
@@ -471,7 +471,7 @@ ssh_packet_connection_af(struct ssh *ssh)
471 471
472 memset(&to, 0, sizeof(to)); 472 memset(&to, 0, sizeof(to));
473 if (getsockname(ssh->state->connection_out, (struct sockaddr *)&to, 473 if (getsockname(ssh->state->connection_out, (struct sockaddr *)&to,
474 &tolen) < 0) 474 &tolen) == -1)
475 return 0; 475 return 0;
476#ifdef IPV4_IN_IPV6 476#ifdef IPV4_IN_IPV6
477 if (to.ss_family == AF_INET6 && 477 if (to.ss_family == AF_INET6 &&
@@ -1359,7 +1359,7 @@ ssh_packet_read_seqnr(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p)
1359 r = SSH_ERR_CONN_CLOSED; 1359 r = SSH_ERR_CONN_CLOSED;
1360 goto out; 1360 goto out;
1361 } 1361 }
1362 if (len < 0) { 1362 if (len == -1) {
1363 r = SSH_ERR_SYSTEM_ERROR; 1363 r = SSH_ERR_SYSTEM_ERROR;
1364 goto out; 1364 goto out;
1365 } 1365 }
@@ -2036,7 +2036,7 @@ ssh_packet_set_tos(struct ssh *ssh, int tos)
2036 case AF_INET: 2036 case AF_INET:
2037 debug3("%s: set IP_TOS 0x%02x", __func__, tos); 2037 debug3("%s: set IP_TOS 0x%02x", __func__, tos);
2038 if (setsockopt(ssh->state->connection_in, 2038 if (setsockopt(ssh->state->connection_in,
2039 IPPROTO_IP, IP_TOS, &tos, sizeof(tos)) < 0) 2039 IPPROTO_IP, IP_TOS, &tos, sizeof(tos)) == -1)
2040 error("setsockopt IP_TOS %d: %.100s:", 2040 error("setsockopt IP_TOS %d: %.100s:",
2041 tos, strerror(errno)); 2041 tos, strerror(errno));
2042 break; 2042 break;
@@ -2045,7 +2045,7 @@ ssh_packet_set_tos(struct ssh *ssh, int tos)
2045 case AF_INET6: 2045 case AF_INET6:
2046 debug3("%s: set IPV6_TCLASS 0x%02x", __func__, tos); 2046 debug3("%s: set IPV6_TCLASS 0x%02x", __func__, tos);
2047 if (setsockopt(ssh->state->connection_in, 2047 if (setsockopt(ssh->state->connection_in,
2048 IPPROTO_IPV6, IPV6_TCLASS, &tos, sizeof(tos)) < 0) 2048 IPPROTO_IPV6, IPV6_TCLASS, &tos, sizeof(tos)) == -1)
2049 error("setsockopt IPV6_TCLASS %d: %.100s:", 2049 error("setsockopt IPV6_TCLASS %d: %.100s:",
2050 tos, strerror(errno)); 2050 tos, strerror(errno));
2051 break; 2051 break;
diff --git a/readconf.c b/readconf.c
index ec30ab30a..27b535e1f 100644
--- a/readconf.c
+++ b/readconf.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: readconf.c,v 1.306 2019/06/12 11:31:50 jmc Exp $ */ 1/* $OpenBSD: readconf.c,v 1.307 2019/06/28 13:35:04 deraadt Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -518,7 +518,7 @@ execute_in_shell(const char *cmd)
518 _exit(1); 518 _exit(1);
519 } 519 }
520 /* Parent. */ 520 /* Parent. */
521 if (pid < 0) 521 if (pid == -1)
522 fatal("%s: fork: %.100s", __func__, strerror(errno)); 522 fatal("%s: fork: %.100s", __func__, strerror(errno));
523 523
524 close(devnull); 524 close(devnull);
diff --git a/readpass.c b/readpass.c
index 44014ef8a..7e52cae9c 100644
--- a/readpass.c
+++ b/readpass.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: readpass.c,v 1.53 2019/01/19 04:15:56 tb Exp $ */ 1/* $OpenBSD: readpass.c,v 1.54 2019/06/28 13:35:04 deraadt Exp $ */
2/* 2/*
3 * Copyright (c) 2001 Markus Friedl. All rights reserved. 3 * Copyright (c) 2001 Markus Friedl. All rights reserved.
4 * 4 *
@@ -61,19 +61,19 @@ ssh_askpass(char *askpass, const char *msg)
61 error("ssh_askpass: fflush: %s", strerror(errno)); 61 error("ssh_askpass: fflush: %s", strerror(errno));
62 if (askpass == NULL) 62 if (askpass == NULL)
63 fatal("internal error: askpass undefined"); 63 fatal("internal error: askpass undefined");
64 if (pipe(p) < 0) { 64 if (pipe(p) == -1) {
65 error("ssh_askpass: pipe: %s", strerror(errno)); 65 error("ssh_askpass: pipe: %s", strerror(errno));
66 return NULL; 66 return NULL;
67 } 67 }
68 osigchld = signal(SIGCHLD, SIG_DFL); 68 osigchld = signal(SIGCHLD, SIG_DFL);
69 if ((pid = fork()) < 0) { 69 if ((pid = fork()) == -1) {
70 error("ssh_askpass: fork: %s", strerror(errno)); 70 error("ssh_askpass: fork: %s", strerror(errno));
71 signal(SIGCHLD, osigchld); 71 signal(SIGCHLD, osigchld);
72 return NULL; 72 return NULL;
73 } 73 }
74 if (pid == 0) { 74 if (pid == 0) {
75 close(p[0]); 75 close(p[0]);
76 if (dup2(p[1], STDOUT_FILENO) < 0) 76 if (dup2(p[1], STDOUT_FILENO) == -1)
77 fatal("ssh_askpass: dup2: %s", strerror(errno)); 77 fatal("ssh_askpass: dup2: %s", strerror(errno));
78 execlp(askpass, askpass, msg, (char *)NULL); 78 execlp(askpass, askpass, msg, (char *)NULL);
79 fatal("ssh_askpass: exec(%s): %s", askpass, strerror(errno)); 79 fatal("ssh_askpass: exec(%s): %s", askpass, strerror(errno));
@@ -93,7 +93,7 @@ ssh_askpass(char *askpass, const char *msg)
93 buf[len] = '\0'; 93 buf[len] = '\0';
94 94
95 close(p[0]); 95 close(p[0]);
96 while ((ret = waitpid(pid, &status, 0)) < 0) 96 while ((ret = waitpid(pid, &status, 0)) == -1)
97 if (errno != EINTR) 97 if (errno != EINTR)
98 break; 98 break;
99 signal(SIGCHLD, osigchld); 99 signal(SIGCHLD, osigchld);
diff --git a/scp.c b/scp.c
index 80bc0e8b1..86204d8f1 100644
--- a/scp.c
+++ b/scp.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: scp.c,v 1.204 2019/02/10 11:15:52 djm Exp $ */ 1/* $OpenBSD: scp.c,v 1.205 2019/06/28 13:35:04 deraadt Exp $ */
2/* 2/*
3 * scp - secure remote copy. This is basically patched BSD rcp which 3 * scp - secure remote copy. This is basically patched BSD rcp which
4 * uses ssh to do the data transfer (instead of using rcmd). 4 * uses ssh to do the data transfer (instead of using rcmd).
@@ -253,13 +253,13 @@ do_cmd(char *host, char *remuser, int port, char *cmd, int *fdin, int *fdout)
253 * Reserve two descriptors so that the real pipes won't get 253 * Reserve two descriptors so that the real pipes won't get
254 * descriptors 0 and 1 because that will screw up dup2 below. 254 * descriptors 0 and 1 because that will screw up dup2 below.
255 */ 255 */
256 if (pipe(reserved) < 0) 256 if (pipe(reserved) == -1)
257 fatal("pipe: %s", strerror(errno)); 257 fatal("pipe: %s", strerror(errno));
258 258
259 /* Create a socket pair for communicating with ssh. */ 259 /* Create a socket pair for communicating with ssh. */
260 if (pipe(pin) < 0) 260 if (pipe(pin) == -1)
261 fatal("pipe: %s", strerror(errno)); 261 fatal("pipe: %s", strerror(errno));
262 if (pipe(pout) < 0) 262 if (pipe(pout) == -1)
263 fatal("pipe: %s", strerror(errno)); 263 fatal("pipe: %s", strerror(errno));
264 264
265 /* Free the reserved descriptors. */ 265 /* Free the reserved descriptors. */
@@ -1075,13 +1075,13 @@ source(int argc, char **argv)
1075 len = strlen(name); 1075 len = strlen(name);
1076 while (len > 1 && name[len-1] == '/') 1076 while (len > 1 && name[len-1] == '/')
1077 name[--len] = '\0'; 1077 name[--len] = '\0';
1078 if ((fd = open(name, O_RDONLY|O_NONBLOCK, 0)) < 0) 1078 if ((fd = open(name, O_RDONLY|O_NONBLOCK, 0)) == -1)
1079 goto syserr; 1079 goto syserr;
1080 if (strchr(name, '\n') != NULL) { 1080 if (strchr(name, '\n') != NULL) {
1081 strnvis(encname, name, sizeof(encname), VIS_NL); 1081 strnvis(encname, name, sizeof(encname), VIS_NL);
1082 name = encname; 1082 name = encname;
1083 } 1083 }
1084 if (fstat(fd, &stb) < 0) { 1084 if (fstat(fd, &stb) == -1) {
1085syserr: run_err("%s: %s", name, strerror(errno)); 1085syserr: run_err("%s: %s", name, strerror(errno));
1086 goto next; 1086 goto next;
1087 } 1087 }
@@ -1155,7 +1155,7 @@ next: if (fd != -1) {
1155 unset_nonblock(remout); 1155 unset_nonblock(remout);
1156 1156
1157 if (fd != -1) { 1157 if (fd != -1) {
1158 if (close(fd) < 0 && !haderr) 1158 if (close(fd) == -1 && !haderr)
1159 haderr = errno; 1159 haderr = errno;
1160 fd = -1; 1160 fd = -1;
1161 } 1161 }
@@ -1419,14 +1419,14 @@ sink(int argc, char **argv, const char *src)
1419 /* Handle copying from a read-only 1419 /* Handle copying from a read-only
1420 directory */ 1420 directory */
1421 mod_flag = 1; 1421 mod_flag = 1;
1422 if (mkdir(np, mode | S_IRWXU) < 0) 1422 if (mkdir(np, mode | S_IRWXU) == -1)
1423 goto bad; 1423 goto bad;
1424 } 1424 }
1425 vect[0] = xstrdup(np); 1425 vect[0] = xstrdup(np);
1426 sink(1, vect, src); 1426 sink(1, vect, src);
1427 if (setimes) { 1427 if (setimes) {
1428 setimes = 0; 1428 setimes = 0;
1429 if (utimes(vect[0], tv) < 0) 1429 if (utimes(vect[0], tv) == -1)
1430 run_err("%s: set times: %s", 1430 run_err("%s: set times: %s",
1431 vect[0], strerror(errno)); 1431 vect[0], strerror(errno));
1432 } 1432 }
@@ -1437,7 +1437,7 @@ sink(int argc, char **argv, const char *src)
1437 } 1437 }
1438 omode = mode; 1438 omode = mode;
1439 mode |= S_IWUSR; 1439 mode |= S_IWUSR;
1440 if ((ofd = open(np, O_WRONLY|O_CREAT, mode)) < 0) { 1440 if ((ofd = open(np, O_WRONLY|O_CREAT, mode)) == -1) {
1441bad: run_err("%s: %s", np, strerror(errno)); 1441bad: run_err("%s: %s", np, strerror(errno));
1442 continue; 1442 continue;
1443 } 1443 }
@@ -1527,7 +1527,7 @@ bad: run_err("%s: %s", np, strerror(errno));
1527 stop_progress_meter(); 1527 stop_progress_meter();
1528 if (setimes && wrerr == NO) { 1528 if (setimes && wrerr == NO) {
1529 setimes = 0; 1529 setimes = 0;
1530 if (utimes(np, tv) < 0) { 1530 if (utimes(np, tv) == -1) {
1531 run_err("%s: set times: %s", 1531 run_err("%s: set times: %s",
1532 np, strerror(errno)); 1532 np, strerror(errno));
1533 wrerr = DISPLAYED; 1533 wrerr = DISPLAYED;
@@ -1681,7 +1681,7 @@ allocbuf(BUF *bp, int fd, int blksize)
1681#ifdef HAVE_STRUCT_STAT_ST_BLKSIZE 1681#ifdef HAVE_STRUCT_STAT_ST_BLKSIZE
1682 struct stat stb; 1682 struct stat stb;
1683 1683
1684 if (fstat(fd, &stb) < 0) { 1684 if (fstat(fd, &stb) == -1) {
1685 run_err("fstat: %s", strerror(errno)); 1685 run_err("fstat: %s", strerror(errno));
1686 return (0); 1686 return (0);
1687 } 1687 }
diff --git a/serverloop.c b/serverloop.c
index d7b04b37c..ea468c954 100644
--- a/serverloop.c
+++ b/serverloop.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: serverloop.c,v 1.215 2019/03/27 09:29:14 djm Exp $ */ 1/* $OpenBSD: serverloop.c,v 1.216 2019/06/28 13:35:04 deraadt Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -123,7 +123,7 @@ static int notify_pipe[2];
123static void 123static void
124notify_setup(void) 124notify_setup(void)
125{ 125{
126 if (pipe(notify_pipe) < 0) { 126 if (pipe(notify_pipe) == -1) {
127 error("pipe(notify_pipe) failed %s", strerror(errno)); 127 error("pipe(notify_pipe) failed %s", strerror(errno));
128 } else if ((fcntl(notify_pipe[0], F_SETFD, FD_CLOEXEC) == -1) || 128 } else if ((fcntl(notify_pipe[0], F_SETFD, FD_CLOEXEC) == -1) ||
129 (fcntl(notify_pipe[1], F_SETFD, FD_CLOEXEC) == -1)) { 129 (fcntl(notify_pipe[1], F_SETFD, FD_CLOEXEC) == -1)) {
@@ -328,7 +328,7 @@ process_input(struct ssh *ssh, fd_set *readset, int connection_in)
328 verbose("Connection closed by %.100s port %d", 328 verbose("Connection closed by %.100s port %d",
329 ssh_remote_ipaddr(ssh), ssh_remote_port(ssh)); 329 ssh_remote_ipaddr(ssh), ssh_remote_port(ssh));
330 return -1; 330 return -1;
331 } else if (len < 0) { 331 } else if (len == -1) {
332 if (errno != EINTR && errno != EAGAIN && 332 if (errno != EINTR && errno != EAGAIN &&
333 errno != EWOULDBLOCK) { 333 errno != EWOULDBLOCK) {
334 verbose("Read error from remote host " 334 verbose("Read error from remote host "
@@ -384,7 +384,7 @@ collect_children(struct ssh *ssh)
384 if (child_terminated) { 384 if (child_terminated) {
385 debug("Received SIGCHLD."); 385 debug("Received SIGCHLD.");
386 while ((pid = waitpid(-1, &status, WNOHANG)) > 0 || 386 while ((pid = waitpid(-1, &status, WNOHANG)) > 0 ||
387 (pid < 0 && errno == EINTR)) 387 (pid == -1 && errno == EINTR))
388 if (pid > 0) 388 if (pid > 0)
389 session_close_by_pid(ssh, pid, status); 389 session_close_by_pid(ssh, pid, status);
390 child_terminated = 0; 390 child_terminated = 0;
diff --git a/session.c b/session.c
index ac06b08e9..8f5d7e0a4 100644
--- a/session.c
+++ b/session.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: session.c,v 1.315 2019/02/22 03:37:11 djm Exp $ */ 1/* $OpenBSD: session.c,v 1.316 2019/06/28 13:35:04 deraadt Exp $ */
2/* 2/*
3 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 3 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
4 * All rights reserved 4 * All rights reserved
@@ -399,17 +399,17 @@ do_exec_no_pty(struct ssh *ssh, Session *s, const char *command)
399 fatal("do_exec_no_pty: no session"); 399 fatal("do_exec_no_pty: no session");
400 400
401 /* Allocate pipes for communicating with the program. */ 401 /* Allocate pipes for communicating with the program. */
402 if (pipe(pin) < 0) { 402 if (pipe(pin) == -1) {
403 error("%s: pipe in: %.100s", __func__, strerror(errno)); 403 error("%s: pipe in: %.100s", __func__, strerror(errno));
404 return -1; 404 return -1;
405 } 405 }
406 if (pipe(pout) < 0) { 406 if (pipe(pout) == -1) {
407 error("%s: pipe out: %.100s", __func__, strerror(errno)); 407 error("%s: pipe out: %.100s", __func__, strerror(errno));
408 close(pin[0]); 408 close(pin[0]);
409 close(pin[1]); 409 close(pin[1]);
410 return -1; 410 return -1;
411 } 411 }
412 if (pipe(perr) < 0) { 412 if (pipe(perr) == -1) {
413 error("%s: pipe err: %.100s", __func__, 413 error("%s: pipe err: %.100s", __func__,
414 strerror(errno)); 414 strerror(errno));
415 close(pin[0]); 415 close(pin[0]);
@@ -425,11 +425,11 @@ do_exec_no_pty(struct ssh *ssh, Session *s, const char *command)
425 fatal("do_exec_no_pty: no session"); 425 fatal("do_exec_no_pty: no session");
426 426
427 /* Uses socket pairs to communicate with the program. */ 427 /* Uses socket pairs to communicate with the program. */
428 if (socketpair(AF_UNIX, SOCK_STREAM, 0, inout) < 0) { 428 if (socketpair(AF_UNIX, SOCK_STREAM, 0, inout) == -1) {
429 error("%s: socketpair #1: %.100s", __func__, strerror(errno)); 429 error("%s: socketpair #1: %.100s", __func__, strerror(errno));
430 return -1; 430 return -1;
431 } 431 }
432 if (socketpair(AF_UNIX, SOCK_STREAM, 0, err) < 0) { 432 if (socketpair(AF_UNIX, SOCK_STREAM, 0, err) == -1) {
433 error("%s: socketpair #2: %.100s", __func__, 433 error("%s: socketpair #2: %.100s", __func__,
434 strerror(errno)); 434 strerror(errno));
435 close(inout[0]); 435 close(inout[0]);
@@ -465,7 +465,7 @@ do_exec_no_pty(struct ssh *ssh, Session *s, const char *command)
465 * Create a new session and process group since the 4.4BSD 465 * Create a new session and process group since the 4.4BSD
466 * setlogin() affects the entire process group. 466 * setlogin() affects the entire process group.
467 */ 467 */
468 if (setsid() < 0) 468 if (setsid() == -1)
469 error("setsid failed: %.100s", strerror(errno)); 469 error("setsid failed: %.100s", strerror(errno));
470 470
471#ifdef USE_PIPES 471#ifdef USE_PIPES
@@ -474,19 +474,19 @@ do_exec_no_pty(struct ssh *ssh, Session *s, const char *command)
474 * pair, and make the child side the standard input. 474 * pair, and make the child side the standard input.
475 */ 475 */
476 close(pin[1]); 476 close(pin[1]);
477 if (dup2(pin[0], 0) < 0) 477 if (dup2(pin[0], 0) == -1)
478 perror("dup2 stdin"); 478 perror("dup2 stdin");
479 close(pin[0]); 479 close(pin[0]);
480 480
481 /* Redirect stdout. */ 481 /* Redirect stdout. */
482 close(pout[0]); 482 close(pout[0]);
483 if (dup2(pout[1], 1) < 0) 483 if (dup2(pout[1], 1) == -1)
484 perror("dup2 stdout"); 484 perror("dup2 stdout");
485 close(pout[1]); 485 close(pout[1]);
486 486
487 /* Redirect stderr. */ 487 /* Redirect stderr. */
488 close(perr[0]); 488 close(perr[0]);
489 if (dup2(perr[1], 2) < 0) 489 if (dup2(perr[1], 2) == -1)
490 perror("dup2 stderr"); 490 perror("dup2 stderr");
491 close(perr[1]); 491 close(perr[1]);
492#else 492#else
@@ -497,12 +497,12 @@ do_exec_no_pty(struct ssh *ssh, Session *s, const char *command)
497 */ 497 */
498 close(inout[1]); 498 close(inout[1]);
499 close(err[1]); 499 close(err[1]);
500 if (dup2(inout[0], 0) < 0) /* stdin */ 500 if (dup2(inout[0], 0) == -1) /* stdin */
501 perror("dup2 stdin"); 501 perror("dup2 stdin");
502 if (dup2(inout[0], 1) < 0) /* stdout (same as stdin) */ 502 if (dup2(inout[0], 1) == -1) /* stdout (same as stdin) */
503 perror("dup2 stdout"); 503 perror("dup2 stdout");
504 close(inout[0]); 504 close(inout[0]);
505 if (dup2(err[0], 2) < 0) /* stderr */ 505 if (dup2(err[0], 2) == -1) /* stderr */
506 perror("dup2 stderr"); 506 perror("dup2 stderr");
507 close(err[0]); 507 close(err[0]);
508#endif 508#endif
@@ -577,14 +577,14 @@ do_exec_pty(struct ssh *ssh, Session *s, const char *command)
577 * Do this before forking (and cleanup in the child) so as to 577 * Do this before forking (and cleanup in the child) so as to
578 * detect and gracefully fail out-of-fd conditions. 578 * detect and gracefully fail out-of-fd conditions.
579 */ 579 */
580 if ((fdout = dup(ptyfd)) < 0) { 580 if ((fdout = dup(ptyfd)) == -1) {
581 error("%s: dup #1: %s", __func__, strerror(errno)); 581 error("%s: dup #1: %s", __func__, strerror(errno));
582 close(ttyfd); 582 close(ttyfd);
583 close(ptyfd); 583 close(ptyfd);
584 return -1; 584 return -1;
585 } 585 }
586 /* we keep a reference to the pty master */ 586 /* we keep a reference to the pty master */
587 if ((ptymaster = dup(ptyfd)) < 0) { 587 if ((ptymaster = dup(ptyfd)) == -1) {
588 error("%s: dup #2: %s", __func__, strerror(errno)); 588 error("%s: dup #2: %s", __func__, strerror(errno));
589 close(ttyfd); 589 close(ttyfd);
590 close(ptyfd); 590 close(ptyfd);
@@ -614,11 +614,11 @@ do_exec_pty(struct ssh *ssh, Session *s, const char *command)
614 pty_make_controlling_tty(&ttyfd, s->tty); 614 pty_make_controlling_tty(&ttyfd, s->tty);
615 615
616 /* Redirect stdin/stdout/stderr from the pseudo tty. */ 616 /* Redirect stdin/stdout/stderr from the pseudo tty. */
617 if (dup2(ttyfd, 0) < 0) 617 if (dup2(ttyfd, 0) == -1)
618 error("dup2 stdin: %s", strerror(errno)); 618 error("dup2 stdin: %s", strerror(errno));
619 if (dup2(ttyfd, 1) < 0) 619 if (dup2(ttyfd, 1) == -1)
620 error("dup2 stdout: %s", strerror(errno)); 620 error("dup2 stdout: %s", strerror(errno));
621 if (dup2(ttyfd, 2) < 0) 621 if (dup2(ttyfd, 2) == -1)
622 error("dup2 stderr: %s", strerror(errno)); 622 error("dup2 stderr: %s", strerror(errno));
623 623
624 /* Close the extra descriptor for the pseudo tty. */ 624 /* Close the extra descriptor for the pseudo tty. */
@@ -755,7 +755,7 @@ do_login(struct ssh *ssh, Session *s, const char *command)
755 fromlen = sizeof(from); 755 fromlen = sizeof(from);
756 if (ssh_packet_connection_is_on_socket(ssh)) { 756 if (ssh_packet_connection_is_on_socket(ssh)) {
757 if (getpeername(ssh_packet_get_connection_in(ssh), 757 if (getpeername(ssh_packet_get_connection_in(ssh),
758 (struct sockaddr *)&from, &fromlen) < 0) { 758 (struct sockaddr *)&from, &fromlen) == -1) {
759 debug("getpeername: %.100s", strerror(errno)); 759 debug("getpeername: %.100s", strerror(errno));
760 cleanup_exit(255); 760 cleanup_exit(255);
761 } 761 }
@@ -1619,7 +1619,7 @@ do_child(struct ssh *ssh, Session *s, const char *command)
1619#endif 1619#endif
1620 1620
1621 /* Change current directory to the user's home directory. */ 1621 /* Change current directory to the user's home directory. */
1622 if (chdir(pw->pw_dir) < 0) { 1622 if (chdir(pw->pw_dir) == -1) {
1623 /* Suppress missing homedir warning for chroot case */ 1623 /* Suppress missing homedir warning for chroot case */
1624#ifdef HAVE_LOGIN_CAP 1624#ifdef HAVE_LOGIN_CAP
1625 r = login_getcapbool(lc, "requirehome", 0); 1625 r = login_getcapbool(lc, "requirehome", 0);
@@ -1973,7 +1973,7 @@ session_subsystem_req(struct ssh *ssh, Session *s)
1973 s->is_subsystem = SUBSYSTEM_INT_SFTP; 1973 s->is_subsystem = SUBSYSTEM_INT_SFTP;
1974 debug("subsystem: %s", prog); 1974 debug("subsystem: %s", prog);
1975 } else { 1975 } else {
1976 if (stat(prog, &st) < 0) 1976 if (stat(prog, &st) == -1)
1977 debug("subsystem: cannot stat %s: %s", 1977 debug("subsystem: cannot stat %s: %s",
1978 prog, strerror(errno)); 1978 prog, strerror(errno));
1979 s->is_subsystem = SUBSYSTEM_EXT; 1979 s->is_subsystem = SUBSYSTEM_EXT;
@@ -2062,7 +2062,7 @@ session_break_req(struct ssh *ssh, Session *s)
2062 (r = sshpkt_get_end(ssh)) != 0) 2062 (r = sshpkt_get_end(ssh)) != 0)
2063 sshpkt_fatal(ssh, r, "%s: parse packet", __func__); 2063 sshpkt_fatal(ssh, r, "%s: parse packet", __func__);
2064 2064
2065 if (s->ptymaster == -1 || tcsendbreak(s->ptymaster, 0) < 0) 2065 if (s->ptymaster == -1 || tcsendbreak(s->ptymaster, 0) == -1)
2066 return 0; 2066 return 0;
2067 return 1; 2067 return 1;
2068} 2068}
@@ -2286,7 +2286,7 @@ session_pty_cleanup2(Session *s)
2286 * the pty cleanup, so that another process doesn't get this pty 2286 * the pty cleanup, so that another process doesn't get this pty
2287 * while we're still cleaning up. 2287 * while we're still cleaning up.
2288 */ 2288 */
2289 if (s->ptymaster != -1 && close(s->ptymaster) < 0) 2289 if (s->ptymaster != -1 && close(s->ptymaster) == -1)
2290 error("close(s->ptymaster/%d): %s", 2290 error("close(s->ptymaster/%d): %s",
2291 s->ptymaster, strerror(errno)); 2291 s->ptymaster, strerror(errno));
2292 2292
@@ -2598,7 +2598,7 @@ session_setup_x11fwd(struct ssh *ssh, Session *s)
2598 } 2598 }
2599 2599
2600 /* Set up a suitable value for the DISPLAY variable. */ 2600 /* Set up a suitable value for the DISPLAY variable. */
2601 if (gethostname(hostname, sizeof(hostname)) < 0) 2601 if (gethostname(hostname, sizeof(hostname)) == -1)
2602 fatal("gethostname: %.100s", strerror(errno)); 2602 fatal("gethostname: %.100s", strerror(errno));
2603 /* 2603 /*
2604 * auth_display must be used as the displayname when the 2604 * auth_display must be used as the displayname when the
diff --git a/sftp-server.c b/sftp-server.c
index ee6013e3f..e7dd33b2f 100644
--- a/sftp-server.c
+++ b/sftp-server.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: sftp-server.c,v 1.115 2019/06/06 05:13:13 otto Exp $ */ 1/* $OpenBSD: sftp-server.c,v 1.116 2019/06/28 13:35:04 deraadt Exp $ */
2/* 2/*
3 * Copyright (c) 2000-2004 Markus Friedl. All rights reserved. 3 * Copyright (c) 2000-2004 Markus Friedl. All rights reserved.
4 * 4 *
@@ -701,7 +701,7 @@ process_open(u_int32_t id)
701 status = SSH2_FX_PERMISSION_DENIED; 701 status = SSH2_FX_PERMISSION_DENIED;
702 } else { 702 } else {
703 fd = open(name, flags, mode); 703 fd = open(name, flags, mode);
704 if (fd < 0) { 704 if (fd == -1) {
705 status = errno_to_portable(errno); 705 status = errno_to_portable(errno);
706 } else { 706 } else {
707 handle = handle_new(HANDLE_FILE, name, fd, flags, NULL); 707 handle = handle_new(HANDLE_FILE, name, fd, flags, NULL);
@@ -754,12 +754,12 @@ process_read(u_int32_t id)
754 } 754 }
755 fd = handle_to_fd(handle); 755 fd = handle_to_fd(handle);
756 if (fd >= 0) { 756 if (fd >= 0) {
757 if (lseek(fd, off, SEEK_SET) < 0) { 757 if (lseek(fd, off, SEEK_SET) == -1) {
758 error("process_read: seek failed"); 758 error("process_read: seek failed");
759 status = errno_to_portable(errno); 759 status = errno_to_portable(errno);
760 } else { 760 } else {
761 ret = read(fd, buf, len); 761 ret = read(fd, buf, len);
762 if (ret < 0) { 762 if (ret == -1) {
763 status = errno_to_portable(errno); 763 status = errno_to_portable(errno);
764 } else if (ret == 0) { 764 } else if (ret == 0) {
765 status = SSH2_FX_EOF; 765 status = SSH2_FX_EOF;
@@ -795,13 +795,13 @@ process_write(u_int32_t id)
795 status = SSH2_FX_FAILURE; 795 status = SSH2_FX_FAILURE;
796 else { 796 else {
797 if (!(handle_to_flags(handle) & O_APPEND) && 797 if (!(handle_to_flags(handle) & O_APPEND) &&
798 lseek(fd, off, SEEK_SET) < 0) { 798 lseek(fd, off, SEEK_SET) == -1) {
799 status = errno_to_portable(errno); 799 status = errno_to_portable(errno);
800 error("process_write: seek failed"); 800 error("process_write: seek failed");
801 } else { 801 } else {
802/* XXX ATOMICIO ? */ 802/* XXX ATOMICIO ? */
803 ret = write(fd, data, len); 803 ret = write(fd, data, len);
804 if (ret < 0) { 804 if (ret == -1) {
805 error("process_write: write failed"); 805 error("process_write: write failed");
806 status = errno_to_portable(errno); 806 status = errno_to_portable(errno);
807 } else if ((size_t)ret == len) { 807 } else if ((size_t)ret == len) {
@@ -831,7 +831,7 @@ process_do_stat(u_int32_t id, int do_lstat)
831 debug3("request %u: %sstat", id, do_lstat ? "l" : ""); 831 debug3("request %u: %sstat", id, do_lstat ? "l" : "");
832 verbose("%sstat name \"%s\"", do_lstat ? "l" : "", name); 832 verbose("%sstat name \"%s\"", do_lstat ? "l" : "", name);
833 r = do_lstat ? lstat(name, &st) : stat(name, &st); 833 r = do_lstat ? lstat(name, &st) : stat(name, &st);
834 if (r < 0) { 834 if (r == -1) {
835 status = errno_to_portable(errno); 835 status = errno_to_portable(errno);
836 } else { 836 } else {
837 stat_to_attrib(&st, &a); 837 stat_to_attrib(&st, &a);
@@ -869,7 +869,7 @@ process_fstat(u_int32_t id)
869 fd = handle_to_fd(handle); 869 fd = handle_to_fd(handle);
870 if (fd >= 0) { 870 if (fd >= 0) {
871 r = fstat(fd, &st); 871 r = fstat(fd, &st);
872 if (r < 0) { 872 if (r == -1) {
873 status = errno_to_portable(errno); 873 status = errno_to_portable(errno);
874 } else { 874 } else {
875 stat_to_attrib(&st, &a); 875 stat_to_attrib(&st, &a);
@@ -1079,7 +1079,7 @@ process_readdir(u_int32_t id)
1079/* XXX OVERFLOW ? */ 1079/* XXX OVERFLOW ? */
1080 snprintf(pathname, sizeof pathname, "%s%s%s", path, 1080 snprintf(pathname, sizeof pathname, "%s%s%s", path,
1081 strcmp(path, "/") ? "/" : "", dp->d_name); 1081 strcmp(path, "/") ? "/" : "", dp->d_name);
1082 if (lstat(pathname, &st) < 0) 1082 if (lstat(pathname, &st) == -1)
1083 continue; 1083 continue;
1084 stat_to_attrib(&st, &(stats[count].attrib)); 1084 stat_to_attrib(&st, &(stats[count].attrib));
1085 stats[count].name = xstrdup(dp->d_name); 1085 stats[count].name = xstrdup(dp->d_name);
@@ -1726,7 +1726,7 @@ sftp_server_main(int argc, char **argv, struct passwd *user_pw)
1726 if (olen > 0) 1726 if (olen > 0)
1727 FD_SET(out, wset); 1727 FD_SET(out, wset);
1728 1728
1729 if (select(max+1, rset, wset, NULL, NULL) < 0) { 1729 if (select(max+1, rset, wset, NULL, NULL) == -1) {
1730 if (errno == EINTR) 1730 if (errno == EINTR)
1731 continue; 1731 continue;
1732 error("select: %s", strerror(errno)); 1732 error("select: %s", strerror(errno));
@@ -1739,7 +1739,7 @@ sftp_server_main(int argc, char **argv, struct passwd *user_pw)
1739 if (len == 0) { 1739 if (len == 0) {
1740 debug("read eof"); 1740 debug("read eof");
1741 sftp_server_cleanup_exit(0); 1741 sftp_server_cleanup_exit(0);
1742 } else if (len < 0) { 1742 } else if (len == -1) {
1743 error("read: %s", strerror(errno)); 1743 error("read: %s", strerror(errno));
1744 sftp_server_cleanup_exit(1); 1744 sftp_server_cleanup_exit(1);
1745 } else if ((r = sshbuf_put(iqueue, buf, len)) != 0) { 1745 } else if ((r = sshbuf_put(iqueue, buf, len)) != 0) {
@@ -1750,7 +1750,7 @@ sftp_server_main(int argc, char **argv, struct passwd *user_pw)
1750 /* send oqueue to stdout */ 1750 /* send oqueue to stdout */
1751 if (FD_ISSET(out, wset)) { 1751 if (FD_ISSET(out, wset)) {
1752 len = write(out, sshbuf_ptr(oqueue), olen); 1752 len = write(out, sshbuf_ptr(oqueue), olen);
1753 if (len < 0) { 1753 if (len == -1) {
1754 error("write: %s", strerror(errno)); 1754 error("write: %s", strerror(errno));
1755 sftp_server_cleanup_exit(1); 1755 sftp_server_cleanup_exit(1);
1756 } else if ((r = sshbuf_consume(oqueue, len)) != 0) { 1756 } else if ((r = sshbuf_consume(oqueue, len)) != 0) {
diff --git a/ssh-add.c b/ssh-add.c
index 9cf298918..bc2360e1e 100644
--- a/ssh-add.c
+++ b/ssh-add.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssh-add.c,v 1.139 2019/06/06 05:13:13 otto Exp $ */ 1/* $OpenBSD: ssh-add.c,v 1.140 2019/06/28 13:35:04 deraadt Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -203,7 +203,7 @@ add_file(int agent_fd, const char *filename, int key_only, int qflag)
203 if (strcmp(filename, "-") == 0) { 203 if (strcmp(filename, "-") == 0) {
204 fd = STDIN_FILENO; 204 fd = STDIN_FILENO;
205 filename = "(stdin)"; 205 filename = "(stdin)";
206 } else if ((fd = open(filename, O_RDONLY)) < 0) { 206 } else if ((fd = open(filename, O_RDONLY)) == -1) {
207 perror(filename); 207 perror(filename);
208 return -1; 208 return -1;
209 } 209 }
@@ -727,7 +727,7 @@ main(int argc, char **argv)
727 for (i = 0; default_files[i]; i++) { 727 for (i = 0; default_files[i]; i++) {
728 snprintf(buf, sizeof(buf), "%s/%s", pw->pw_dir, 728 snprintf(buf, sizeof(buf), "%s/%s", pw->pw_dir,
729 default_files[i]); 729 default_files[i]);
730 if (stat(buf, &st) < 0) 730 if (stat(buf, &st) == -1)
731 continue; 731 continue;
732 if (do_file(agent_fd, deleting, key_only, buf, 732 if (do_file(agent_fd, deleting, key_only, buf,
733 qflag) == -1) 733 qflag) == -1)
diff --git a/ssh-agent.c b/ssh-agent.c
index 4d7ab225f..9c6680a25 100644
--- a/ssh-agent.c
+++ b/ssh-agent.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssh-agent.c,v 1.236 2019/06/21 04:21:04 djm Exp $ */ 1/* $OpenBSD: ssh-agent.c,v 1.237 2019/06/28 13:35:04 deraadt Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -827,11 +827,11 @@ handle_socket_read(u_int socknum)
827 827
828 slen = sizeof(sunaddr); 828 slen = sizeof(sunaddr);
829 fd = accept(sockets[socknum].fd, (struct sockaddr *)&sunaddr, &slen); 829 fd = accept(sockets[socknum].fd, (struct sockaddr *)&sunaddr, &slen);
830 if (fd < 0) { 830 if (fd == -1) {
831 error("accept from AUTH_SOCKET: %s", strerror(errno)); 831 error("accept from AUTH_SOCKET: %s", strerror(errno));
832 return -1; 832 return -1;
833 } 833 }
834 if (getpeereid(fd, &euid, &egid) < 0) { 834 if (getpeereid(fd, &euid, &egid) == -1) {
835 error("getpeereid %d failed: %s", fd, strerror(errno)); 835 error("getpeereid %d failed: %s", fd, strerror(errno));
836 close(fd); 836 close(fd);
837 return -1; 837 return -1;
@@ -1312,7 +1312,7 @@ main(int ac, char **av)
1312#ifdef HAVE_SETRLIMIT 1312#ifdef HAVE_SETRLIMIT
1313 /* deny core dumps, since memory contains unencrypted private keys */ 1313 /* deny core dumps, since memory contains unencrypted private keys */
1314 rlim.rlim_cur = rlim.rlim_max = 0; 1314 rlim.rlim_cur = rlim.rlim_max = 0;
1315 if (setrlimit(RLIMIT_CORE, &rlim) < 0) { 1315 if (setrlimit(RLIMIT_CORE, &rlim) == -1) {
1316 error("setrlimit RLIMIT_CORE: %s", strerror(errno)); 1316 error("setrlimit RLIMIT_CORE: %s", strerror(errno));
1317 cleanup_exit(1); 1317 cleanup_exit(1);
1318 } 1318 }
@@ -1345,7 +1345,7 @@ skip:
1345 if (parent_alive_interval != 0) 1345 if (parent_alive_interval != 0)
1346 check_parent_exists(); 1346 check_parent_exists();
1347 (void) reaper(); /* remove expired keys */ 1347 (void) reaper(); /* remove expired keys */
1348 if (result < 0) { 1348 if (result == -1) {
1349 if (saved_errno == EINTR) 1349 if (saved_errno == EINTR)
1350 continue; 1350 continue;
1351 fatal("poll: %s", strerror(saved_errno)); 1351 fatal("poll: %s", strerror(saved_errno));
diff --git a/ssh-keygen.c b/ssh-keygen.c
index c95bc15cf..3aa4f5125 100644
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssh-keygen.c,v 1.332 2019/06/21 04:21:04 djm Exp $ */ 1/* $OpenBSD: ssh-keygen.c,v 1.333 2019/06/28 13:35:04 deraadt Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -370,7 +370,7 @@ do_convert_to(struct passwd *pw)
370 370
371 if (!have_identity) 371 if (!have_identity)
372 ask_filename(pw, "Enter file in which the key is"); 372 ask_filename(pw, "Enter file in which the key is");
373 if (stat(identity_file, &st) < 0) 373 if (stat(identity_file, &st) == -1)
374 fatal("%s: %s: %s", __progname, identity_file, strerror(errno)); 374 fatal("%s: %s: %s", __progname, identity_file, strerror(errno));
375 if ((r = sshkey_load_public(identity_file, &k, NULL)) != 0) 375 if ((r = sshkey_load_public(identity_file, &k, NULL)) != 0)
376 k = load_identity(identity_file); 376 k = load_identity(identity_file);
@@ -696,7 +696,7 @@ do_convert_from(struct passwd *pw)
696 696
697 if (!have_identity) 697 if (!have_identity)
698 ask_filename(pw, "Enter file in which the key is"); 698 ask_filename(pw, "Enter file in which the key is");
699 if (stat(identity_file, &st) < 0) 699 if (stat(identity_file, &st) == -1)
700 fatal("%s: %s: %s", __progname, identity_file, strerror(errno)); 700 fatal("%s: %s: %s", __progname, identity_file, strerror(errno));
701 701
702 switch (convert_format) { 702 switch (convert_format) {
@@ -756,7 +756,7 @@ do_print_public(struct passwd *pw)
756 756
757 if (!have_identity) 757 if (!have_identity)
758 ask_filename(pw, "Enter file in which the key is"); 758 ask_filename(pw, "Enter file in which the key is");
759 if (stat(identity_file, &st) < 0) 759 if (stat(identity_file, &st) == -1)
760 fatal("%s: %s", identity_file, strerror(errno)); 760 fatal("%s: %s", identity_file, strerror(errno));
761 prv = load_identity(identity_file); 761 prv = load_identity(identity_file);
762 if ((r = sshkey_write(prv, stdout)) != 0) 762 if ((r = sshkey_write(prv, stdout)) != 0)
@@ -854,7 +854,7 @@ fingerprint_private(const char *path)
854 struct sshkey *public = NULL; 854 struct sshkey *public = NULL;
855 int r; 855 int r;
856 856
857 if (stat(identity_file, &st) < 0) 857 if (stat(identity_file, &st) == -1)
858 fatal("%s: %s", path, strerror(errno)); 858 fatal("%s: %s", path, strerror(errno));
859 if ((r = sshkey_load_public(path, &public, &comment)) != 0) { 859 if ((r = sshkey_load_public(path, &public, &comment)) != 0) {
860 debug("load public \"%s\": %s", path, ssh_err(r)); 860 debug("load public \"%s\": %s", path, ssh_err(r));
@@ -1340,7 +1340,7 @@ do_change_passphrase(struct passwd *pw)
1340 1340
1341 if (!have_identity) 1341 if (!have_identity)
1342 ask_filename(pw, "Enter file in which the key is"); 1342 ask_filename(pw, "Enter file in which the key is");
1343 if (stat(identity_file, &st) < 0) 1343 if (stat(identity_file, &st) == -1)
1344 fatal("%s: %s", identity_file, strerror(errno)); 1344 fatal("%s: %s", identity_file, strerror(errno));
1345 /* Try to load the file with empty passphrase. */ 1345 /* Try to load the file with empty passphrase. */
1346 r = sshkey_load_private(identity_file, "", &private, &comment); 1346 r = sshkey_load_private(identity_file, "", &private, &comment);
@@ -1424,7 +1424,7 @@ do_print_resource_record(struct passwd *pw, char *fname, char *hname,
1424 1424
1425 if (fname == NULL) 1425 if (fname == NULL)
1426 fatal("%s: no filename", __func__); 1426 fatal("%s: no filename", __func__);
1427 if (stat(fname, &st) < 0) { 1427 if (stat(fname, &st) == -1) {
1428 if (errno == ENOENT) 1428 if (errno == ENOENT)
1429 return 0; 1429 return 0;
1430 fatal("%s: %s", fname, strerror(errno)); 1430 fatal("%s: %s", fname, strerror(errno));
@@ -1453,7 +1453,7 @@ do_change_comment(struct passwd *pw, const char *identity_comment)
1453 1453
1454 if (!have_identity) 1454 if (!have_identity)
1455 ask_filename(pw, "Enter file in which the key is"); 1455 ask_filename(pw, "Enter file in which the key is");
1456 if (stat(identity_file, &st) < 0) 1456 if (stat(identity_file, &st) == -1)
1457 fatal("%s: %s", identity_file, strerror(errno)); 1457 fatal("%s: %s", identity_file, strerror(errno));
1458 if ((r = sshkey_load_private(identity_file, "", 1458 if ((r = sshkey_load_private(identity_file, "",
1459 &private, &comment)) == 0) 1459 &private, &comment)) == 0)
@@ -2045,7 +2045,7 @@ do_show_cert(struct passwd *pw)
2045 2045
2046 if (!have_identity) 2046 if (!have_identity)
2047 ask_filename(pw, "Enter file in which the key is"); 2047 ask_filename(pw, "Enter file in which the key is");
2048 if (strcmp(identity_file, "-") != 0 && stat(identity_file, &st) < 0) 2048 if (strcmp(identity_file, "-") != 0 && stat(identity_file, &st) == -1)
2049 fatal("%s: %s: %s", __progname, identity_file, strerror(errno)); 2049 fatal("%s: %s: %s", __progname, identity_file, strerror(errno));
2050 2050
2051 path = identity_file; 2051 path = identity_file;
@@ -2472,7 +2472,7 @@ main(int argc, char **argv)
2472 pw = getpwuid(getuid()); 2472 pw = getpwuid(getuid());
2473 if (!pw) 2473 if (!pw)
2474 fatal("No user exists for uid %lu", (u_long)getuid()); 2474 fatal("No user exists for uid %lu", (u_long)getuid());
2475 if (gethostname(hostname, sizeof(hostname)) < 0) 2475 if (gethostname(hostname, sizeof(hostname)) == -1)
2476 fatal("gethostname: %s", strerror(errno)); 2476 fatal("gethostname: %s", strerror(errno));
2477 2477
2478 /* Remaining characters: Ydw */ 2478 /* Remaining characters: Ydw */
@@ -2852,11 +2852,11 @@ main(int argc, char **argv)
2852 snprintf(dotsshdir, sizeof dotsshdir, "%s/%s", 2852 snprintf(dotsshdir, sizeof dotsshdir, "%s/%s",
2853 pw->pw_dir, _PATH_SSH_USER_DIR); 2853 pw->pw_dir, _PATH_SSH_USER_DIR);
2854 if (strstr(identity_file, dotsshdir) != NULL) { 2854 if (strstr(identity_file, dotsshdir) != NULL) {
2855 if (stat(dotsshdir, &st) < 0) { 2855 if (stat(dotsshdir, &st) == -1) {
2856 if (errno != ENOENT) { 2856 if (errno != ENOENT) {
2857 error("Could not stat %s: %s", dotsshdir, 2857 error("Could not stat %s: %s", dotsshdir,
2858 strerror(errno)); 2858 strerror(errno));
2859 } else if (mkdir(dotsshdir, 0700) < 0) { 2859 } else if (mkdir(dotsshdir, 0700) == -1) {
2860 error("Could not create directory '%s': %s", 2860 error("Could not create directory '%s': %s",
2861 dotsshdir, strerror(errno)); 2861 dotsshdir, strerror(errno));
2862 } else if (!quiet) 2862 } else if (!quiet)
diff --git a/ssh-keyscan.c b/ssh-keyscan.c
index 7b7c0f320..d95ba1b37 100644
--- a/ssh-keyscan.c
+++ b/ssh-keyscan.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssh-keyscan.c,v 1.127 2019/06/06 05:13:13 otto Exp $ */ 1/* $OpenBSD: ssh-keyscan.c,v 1.128 2019/06/28 13:35:04 deraadt Exp $ */
2/* 2/*
3 * Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>. 3 * Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>.
4 * 4 *
@@ -122,7 +122,7 @@ fdlim_get(int hard)
122#if defined(HAVE_GETRLIMIT) && defined(RLIMIT_NOFILE) 122#if defined(HAVE_GETRLIMIT) && defined(RLIMIT_NOFILE)
123 struct rlimit rlfd; 123 struct rlimit rlfd;
124 124
125 if (getrlimit(RLIMIT_NOFILE, &rlfd) < 0) 125 if (getrlimit(RLIMIT_NOFILE, &rlfd) == -1)
126 return (-1); 126 return (-1);
127 if ((hard ? rlfd.rlim_max : rlfd.rlim_cur) == RLIM_INFINITY) 127 if ((hard ? rlfd.rlim_max : rlfd.rlim_cur) == RLIM_INFINITY)
128 return SSH_SYSFDMAX; 128 return SSH_SYSFDMAX;
@@ -143,10 +143,10 @@ fdlim_set(int lim)
143 if (lim <= 0) 143 if (lim <= 0)
144 return (-1); 144 return (-1);
145#if defined(HAVE_SETRLIMIT) && defined(RLIMIT_NOFILE) 145#if defined(HAVE_SETRLIMIT) && defined(RLIMIT_NOFILE)
146 if (getrlimit(RLIMIT_NOFILE, &rlfd) < 0) 146 if (getrlimit(RLIMIT_NOFILE, &rlfd) == -1)
147 return (-1); 147 return (-1);
148 rlfd.rlim_cur = lim; 148 rlfd.rlim_cur = lim;
149 if (setrlimit(RLIMIT_NOFILE, &rlfd) < 0) 149 if (setrlimit(RLIMIT_NOFILE, &rlfd) == -1)
150 return (-1); 150 return (-1);
151#elif defined (HAVE_SETDTABLESIZE) 151#elif defined (HAVE_SETDTABLESIZE)
152 setdtablesize(lim); 152 setdtablesize(lim);
@@ -343,13 +343,13 @@ tcpconnect(char *host)
343 } 343 }
344 for (ai = aitop; ai; ai = ai->ai_next) { 344 for (ai = aitop; ai; ai = ai->ai_next) {
345 s = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol); 345 s = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
346 if (s < 0) { 346 if (s == -1) {
347 error("socket: %s", strerror(errno)); 347 error("socket: %s", strerror(errno));
348 continue; 348 continue;
349 } 349 }
350 if (set_nonblock(s) == -1) 350 if (set_nonblock(s) == -1)
351 fatal("%s: set_nonblock(%d)", __func__, s); 351 fatal("%s: set_nonblock(%d)", __func__, s);
352 if (connect(s, ai->ai_addr, ai->ai_addrlen) < 0 && 352 if (connect(s, ai->ai_addr, ai->ai_addrlen) == -1 &&
353 errno != EINPROGRESS) 353 errno != EINPROGRESS)
354 error("connect (`%s'): %s", host, strerror(errno)); 354 error("connect (`%s'): %s", host, strerror(errno));
355 else 355 else
diff --git a/ssh.c b/ssh.c
index d9a9d1136..654376981 100644
--- a/ssh.c
+++ b/ssh.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssh.c,v 1.504 2019/06/14 04:13:58 djm Exp $ */ 1/* $OpenBSD: ssh.c,v 1.505 2019/06/28 13:35:04 deraadt Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -773,7 +773,7 @@ main(int ac, char **av)
773 break; 773 break;
774 case 'i': 774 case 'i':
775 p = tilde_expand_filename(optarg, getuid()); 775 p = tilde_expand_filename(optarg, getuid());
776 if (stat(p, &st) < 0) 776 if (stat(p, &st) == -1)
777 fprintf(stderr, "Warning: Identity file %s " 777 fprintf(stderr, "Warning: Identity file %s "
778 "not accessible: %s.\n", p, 778 "not accessible: %s.\n", p,
779 strerror(errno)); 779 strerror(errno));
@@ -1426,7 +1426,7 @@ main(int ac, char **av)
1426 if (config == NULL) { 1426 if (config == NULL) {
1427 r = snprintf(buf, sizeof buf, "%s%s%s", pw->pw_dir, 1427 r = snprintf(buf, sizeof buf, "%s%s%s", pw->pw_dir,
1428 strcmp(pw->pw_dir, "/") ? "/" : "", _PATH_SSH_USER_DIR); 1428 strcmp(pw->pw_dir, "/") ? "/" : "", _PATH_SSH_USER_DIR);
1429 if (r > 0 && (size_t)r < sizeof(buf) && stat(buf, &st) < 0) { 1429 if (r > 0 && (size_t)r < sizeof(buf) && stat(buf, &st) == -1) {
1430#ifdef WITH_SELINUX 1430#ifdef WITH_SELINUX
1431 ssh_selinux_setfscreatecon(buf); 1431 ssh_selinux_setfscreatecon(buf);
1432#endif 1432#endif
@@ -1593,7 +1593,7 @@ fork_postauth(void)
1593 control_persist_detach(); 1593 control_persist_detach();
1594 debug("forking to background"); 1594 debug("forking to background");
1595 fork_after_authentication_flag = 0; 1595 fork_after_authentication_flag = 0;
1596 if (daemon(1, 1) < 0) 1596 if (daemon(1, 1) == -1)
1597 fatal("daemon() failed: %.200s", strerror(errno)); 1597 fatal("daemon() failed: %.200s", strerror(errno));
1598} 1598}
1599 1599
@@ -1689,8 +1689,8 @@ ssh_init_stdio_forwarding(struct ssh *ssh)
1689 debug3("%s: %s:%d", __func__, options.stdio_forward_host, 1689 debug3("%s: %s:%d", __func__, options.stdio_forward_host,
1690 options.stdio_forward_port); 1690 options.stdio_forward_port);
1691 1691
1692 if ((in = dup(STDIN_FILENO)) < 0 || 1692 if ((in = dup(STDIN_FILENO)) == -1 ||
1693 (out = dup(STDOUT_FILENO)) < 0) 1693 (out = dup(STDOUT_FILENO)) == -1)
1694 fatal("channel_connect_stdio_fwd: dup() in/out failed"); 1694 fatal("channel_connect_stdio_fwd: dup() in/out failed");
1695 if ((c = channel_connect_stdio_fwd(ssh, options.stdio_forward_host, 1695 if ((c = channel_connect_stdio_fwd(ssh, options.stdio_forward_host,
1696 options.stdio_forward_port, in, out)) == NULL) 1696 options.stdio_forward_port, in, out)) == NULL)
@@ -1843,7 +1843,7 @@ ssh_session2_open(struct ssh *ssh)
1843 out = dup(STDOUT_FILENO); 1843 out = dup(STDOUT_FILENO);
1844 err = dup(STDERR_FILENO); 1844 err = dup(STDERR_FILENO);
1845 1845
1846 if (in < 0 || out < 0 || err < 0) 1846 if (in == -1 || out == -1 || err == -1)
1847 fatal("dup() in/out/err failed"); 1847 fatal("dup() in/out/err failed");
1848 1848
1849 /* enable nonblocking unless tty */ 1849 /* enable nonblocking unless tty */
@@ -1974,7 +1974,7 @@ ssh_session2(struct ssh *ssh, struct passwd *pw)
1974 if ((devnull = open(_PATH_DEVNULL, O_WRONLY)) == -1) 1974 if ((devnull = open(_PATH_DEVNULL, O_WRONLY)) == -1)
1975 error("%s: open %s: %s", __func__, 1975 error("%s: open %s: %s", __func__,
1976 _PATH_DEVNULL, strerror(errno)); 1976 _PATH_DEVNULL, strerror(errno));
1977 if (dup2(devnull, STDOUT_FILENO) < 0) 1977 if (dup2(devnull, STDOUT_FILENO) == -1)
1978 fatal("%s: dup2() stdout failed", __func__); 1978 fatal("%s: dup2() stdout failed", __func__);
1979 if (devnull > STDERR_FILENO) 1979 if (devnull > STDERR_FILENO)
1980 close(devnull); 1980 close(devnull);
@@ -2161,7 +2161,7 @@ main_sigchld_handler(int sig)
2161 int status; 2161 int status;
2162 2162
2163 while ((pid = waitpid(-1, &status, WNOHANG)) > 0 || 2163 while ((pid = waitpid(-1, &status, WNOHANG)) > 0 ||
2164 (pid < 0 && errno == EINTR)) 2164 (pid == -1 && errno == EINTR))
2165 ; 2165 ;
2166 errno = save_errno; 2166 errno = save_errno;
2167} 2167}
diff --git a/sshconnect.c b/sshconnect.c
index 2dc500b47..ed44fccb8 100644
--- a/sshconnect.c
+++ b/sshconnect.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: sshconnect.c,v 1.316 2019/06/21 04:21:04 djm Exp $ */ 1/* $OpenBSD: sshconnect.c,v 1.317 2019/06/28 13:35:04 deraadt Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -133,7 +133,7 @@ ssh_proxy_fdpass_connect(struct ssh *ssh, const char *host, u_short port,
133 if ((shell = getenv("SHELL")) == NULL) 133 if ((shell = getenv("SHELL")) == NULL)
134 shell = _PATH_BSHELL; 134 shell = _PATH_BSHELL;
135 135
136 if (socketpair(AF_UNIX, SOCK_STREAM, 0, sp) < 0) 136 if (socketpair(AF_UNIX, SOCK_STREAM, 0, sp) == -1)
137 fatal("Could not create socketpair to communicate with " 137 fatal("Could not create socketpair to communicate with "
138 "proxy dialer: %.100s", strerror(errno)); 138 "proxy dialer: %.100s", strerror(errno));
139 139
@@ -148,11 +148,11 @@ ssh_proxy_fdpass_connect(struct ssh *ssh, const char *host, u_short port,
148 close(sp[1]); 148 close(sp[1]);
149 /* Redirect stdin and stdout. */ 149 /* Redirect stdin and stdout. */
150 if (sp[0] != 0) { 150 if (sp[0] != 0) {
151 if (dup2(sp[0], 0) < 0) 151 if (dup2(sp[0], 0) == -1)
152 perror("dup2 stdin"); 152 perror("dup2 stdin");
153 } 153 }
154 if (sp[0] != 1) { 154 if (sp[0] != 1) {
155 if (dup2(sp[0], 1) < 0) 155 if (dup2(sp[0], 1) == -1)
156 perror("dup2 stdout"); 156 perror("dup2 stdout");
157 } 157 }
158 if (sp[0] >= 2) 158 if (sp[0] >= 2)
@@ -180,7 +180,7 @@ ssh_proxy_fdpass_connect(struct ssh *ssh, const char *host, u_short port,
180 exit(1); 180 exit(1);
181 } 181 }
182 /* Parent. */ 182 /* Parent. */
183 if (pid < 0) 183 if (pid == -1)
184 fatal("fork failed: %.100s", strerror(errno)); 184 fatal("fork failed: %.100s", strerror(errno));
185 close(sp[0]); 185 close(sp[0]);
186 free(command_string); 186 free(command_string);
@@ -216,7 +216,7 @@ ssh_proxy_connect(struct ssh *ssh, const char *host, u_short port,
216 shell = _PATH_BSHELL; 216 shell = _PATH_BSHELL;
217 217
218 /* Create pipes for communicating with the proxy. */ 218 /* Create pipes for communicating with the proxy. */
219 if (pipe(pin) < 0 || pipe(pout) < 0) 219 if (pipe(pin) == -1 || pipe(pout) == -1)
220 fatal("Could not create pipes to communicate with the proxy: %.100s", 220 fatal("Could not create pipes to communicate with the proxy: %.100s",
221 strerror(errno)); 221 strerror(errno));
222 222
@@ -231,12 +231,12 @@ ssh_proxy_connect(struct ssh *ssh, const char *host, u_short port,
231 /* Redirect stdin and stdout. */ 231 /* Redirect stdin and stdout. */
232 close(pin[1]); 232 close(pin[1]);
233 if (pin[0] != 0) { 233 if (pin[0] != 0) {
234 if (dup2(pin[0], 0) < 0) 234 if (dup2(pin[0], 0) == -1)
235 perror("dup2 stdin"); 235 perror("dup2 stdin");
236 close(pin[0]); 236 close(pin[0]);
237 } 237 }
238 close(pout[0]); 238 close(pout[0]);
239 if (dup2(pout[1], 1) < 0) 239 if (dup2(pout[1], 1) == -1)
240 perror("dup2 stdout"); 240 perror("dup2 stdout");
241 /* Cannot be 1 because pin allocated two descriptors. */ 241 /* Cannot be 1 because pin allocated two descriptors. */
242 close(pout[1]); 242 close(pout[1]);
@@ -262,7 +262,7 @@ ssh_proxy_connect(struct ssh *ssh, const char *host, u_short port,
262 exit(1); 262 exit(1);
263 } 263 }
264 /* Parent. */ 264 /* Parent. */
265 if (pid < 0) 265 if (pid == -1)
266 fatal("fork failed: %.100s", strerror(errno)); 266 fatal("fork failed: %.100s", strerror(errno));
267 else 267 else
268 proxy_command_pid = pid; /* save pid to clean up later */ 268 proxy_command_pid = pid; /* save pid to clean up later */
@@ -371,7 +371,7 @@ ssh_create_socket(struct addrinfo *ai)
371 char ntop[NI_MAXHOST]; 371 char ntop[NI_MAXHOST];
372 372
373 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol); 373 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
374 if (sock < 0) { 374 if (sock == -1) {
375 error("socket: %s", strerror(errno)); 375 error("socket: %s", strerror(errno));
376 return -1; 376 return -1;
377 } 377 }
@@ -532,7 +532,7 @@ ssh_connect_direct(struct ssh *ssh, const char *host, struct addrinfo *aitop,
532 /* Set SO_KEEPALIVE if requested. */ 532 /* Set SO_KEEPALIVE if requested. */
533 if (want_keepalive && 533 if (want_keepalive &&
534 setsockopt(sock, SOL_SOCKET, SO_KEEPALIVE, (void *)&on, 534 setsockopt(sock, SOL_SOCKET, SO_KEEPALIVE, (void *)&on,
535 sizeof(on)) < 0) 535 sizeof(on)) == -1)
536 error("setsockopt SO_KEEPALIVE: %.100s", strerror(errno)); 536 error("setsockopt SO_KEEPALIVE: %.100s", strerror(errno));
537 537
538 /* Set the connection. */ 538 /* Set the connection. */
@@ -553,8 +553,8 @@ ssh_connect(struct ssh *ssh, const char *host, struct addrinfo *addrs,
553 return ssh_connect_direct(ssh, host, addrs, hostaddr, port, 553 return ssh_connect_direct(ssh, host, addrs, hostaddr, port,
554 family, connection_attempts, timeout_ms, want_keepalive); 554 family, connection_attempts, timeout_ms, want_keepalive);
555 } else if (strcmp(options.proxy_command, "-") == 0) { 555 } else if (strcmp(options.proxy_command, "-") == 0) {
556 if ((in = dup(STDIN_FILENO)) < 0 || 556 if ((in = dup(STDIN_FILENO)) == -1 ||
557 (out = dup(STDOUT_FILENO)) < 0) { 557 (out = dup(STDOUT_FILENO)) == -1) {
558 if (in >= 0) 558 if (in >= 0)
559 close(in); 559 close(in);
560 error("%s: dup() in/out failed", __func__); 560 error("%s: dup() in/out failed", __func__);
diff --git a/sshconnect2.c b/sshconnect2.c
index 0d2523ca1..0ad44ce19 100644
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: sshconnect2.c,v 1.305 2019/05/31 03:20:07 djm Exp $ */ 1/* $OpenBSD: sshconnect2.c,v 1.306 2019/06/28 13:35:04 deraadt Exp $ */
2/* 2/*
3 * Copyright (c) 2000 Markus Friedl. All rights reserved. 3 * Copyright (c) 2000 Markus Friedl. All rights reserved.
4 * Copyright (c) 2008 Damien Miller. All rights reserved. 4 * Copyright (c) 2008 Damien Miller. All rights reserved.
@@ -1408,7 +1408,7 @@ load_identity_file(Identity *id)
1408 int r, perm_ok = 0, quit = 0, i; 1408 int r, perm_ok = 0, quit = 0, i;
1409 struct stat st; 1409 struct stat st;
1410 1410
1411 if (stat(id->filename, &st) < 0) { 1411 if (stat(id->filename, &st) == -1) {
1412 (id->userprovided ? logit : debug3)("no such identity: %s: %s", 1412 (id->userprovided ? logit : debug3)("no such identity: %s: %s",
1413 id->filename, strerror(errno)); 1413 id->filename, strerror(errno));
1414 return NULL; 1414 return NULL;
@@ -1841,7 +1841,7 @@ ssh_keysign(struct ssh *ssh, struct sshkey *key, u_char **sigp, size_t *lenp,
1841 *sigp = NULL; 1841 *sigp = NULL;
1842 *lenp = 0; 1842 *lenp = 0;
1843 1843
1844 if (stat(_PATH_SSH_KEY_SIGN, &st) < 0) { 1844 if (stat(_PATH_SSH_KEY_SIGN, &st) == -1) {
1845 error("%s: not installed: %s", __func__, strerror(errno)); 1845 error("%s: not installed: %s", __func__, strerror(errno));
1846 return -1; 1846 return -1;
1847 } 1847 }
@@ -1849,30 +1849,30 @@ ssh_keysign(struct ssh *ssh, struct sshkey *key, u_char **sigp, size_t *lenp,
1849 error("%s: fflush: %s", __func__, strerror(errno)); 1849 error("%s: fflush: %s", __func__, strerror(errno));
1850 return -1; 1850 return -1;
1851 } 1851 }
1852 if (pipe(to) < 0) { 1852 if (pipe(to) == -1) {
1853 error("%s: pipe: %s", __func__, strerror(errno)); 1853 error("%s: pipe: %s", __func__, strerror(errno));
1854 return -1; 1854 return -1;
1855 } 1855 }
1856 if (pipe(from) < 0) { 1856 if (pipe(from) == -1) {
1857 error("%s: pipe: %s", __func__, strerror(errno)); 1857 error("%s: pipe: %s", __func__, strerror(errno));
1858 return -1; 1858 return -1;
1859 } 1859 }
1860 if ((pid = fork()) < 0) { 1860 if ((pid = fork()) == -1) {
1861 error("%s: fork: %s", __func__, strerror(errno)); 1861 error("%s: fork: %s", __func__, strerror(errno));
1862 return -1; 1862 return -1;
1863 } 1863 }
1864 osigchld = signal(SIGCHLD, SIG_DFL); 1864 osigchld = signal(SIGCHLD, SIG_DFL);
1865 if (pid == 0) { 1865 if (pid == 0) {
1866 close(from[0]); 1866 close(from[0]);
1867 if (dup2(from[1], STDOUT_FILENO) < 0) 1867 if (dup2(from[1], STDOUT_FILENO) == -1)
1868 fatal("%s: dup2: %s", __func__, strerror(errno)); 1868 fatal("%s: dup2: %s", __func__, strerror(errno));
1869 close(to[1]); 1869 close(to[1]);
1870 if (dup2(to[0], STDIN_FILENO) < 0) 1870 if (dup2(to[0], STDIN_FILENO) == -1)
1871 fatal("%s: dup2: %s", __func__, strerror(errno)); 1871 fatal("%s: dup2: %s", __func__, strerror(errno));
1872 close(from[1]); 1872 close(from[1]);
1873 close(to[0]); 1873 close(to[0]);
1874 1874
1875 if (dup2(sock, STDERR_FILENO + 1) < 0) 1875 if (dup2(sock, STDERR_FILENO + 1) == -1)
1876 fatal("%s: dup2: %s", __func__, strerror(errno)); 1876 fatal("%s: dup2: %s", __func__, strerror(errno));
1877 sock = STDERR_FILENO + 1; 1877 sock = STDERR_FILENO + 1;
1878 fcntl(sock, F_SETFD, 0); /* keep the socket on exec */ 1878 fcntl(sock, F_SETFD, 0); /* keep the socket on exec */
@@ -1906,7 +1906,7 @@ ssh_keysign(struct ssh *ssh, struct sshkey *key, u_char **sigp, size_t *lenp,
1906 } 1906 }
1907 1907
1908 errno = 0; 1908 errno = 0;
1909 while (waitpid(pid, &status, 0) < 0) { 1909 while (waitpid(pid, &status, 0) == -1) {
1910 if (errno != EINTR) { 1910 if (errno != EINTR) {
1911 error("%s: waitpid %ld: %s", 1911 error("%s: waitpid %ld: %s",
1912 __func__, (long)pid, strerror(errno)); 1912 __func__, (long)pid, strerror(errno));
diff --git a/sshd.c b/sshd.c
index 735a11060..11571c010 100644
--- a/sshd.c
+++ b/sshd.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: sshd.c,v 1.536 2019/06/21 04:21:05 djm Exp $ */ 1/* $OpenBSD: sshd.c,v 1.537 2019/06/28 13:35:04 deraadt Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -345,7 +345,7 @@ main_sigchld_handler(int sig)
345 int status; 345 int status;
346 346
347 while ((pid = waitpid(-1, &status, WNOHANG)) > 0 || 347 while ((pid = waitpid(-1, &status, WNOHANG)) > 0 ||
348 (pid < 0 && errno == EINTR)) 348 (pid == -1 && errno == EINTR))
349 ; 349 ;
350 errno = save_errno; 350 errno = save_errno;
351} 351}
@@ -468,7 +468,7 @@ privsep_preauth_child(void)
468 debug3("privsep user:group %u:%u", (u_int)privsep_pw->pw_uid, 468 debug3("privsep user:group %u:%u", (u_int)privsep_pw->pw_uid,
469 (u_int)privsep_pw->pw_gid); 469 (u_int)privsep_pw->pw_gid);
470 gidset[0] = privsep_pw->pw_gid; 470 gidset[0] = privsep_pw->pw_gid;
471 if (setgroups(1, gidset) < 0) 471 if (setgroups(1, gidset) == -1)
472 fatal("setgroups: %.100s", strerror(errno)); 472 fatal("setgroups: %.100s", strerror(errno));
473 permanently_set_uid(privsep_pw); 473 permanently_set_uid(privsep_pw);
474 } 474 }
@@ -508,7 +508,7 @@ privsep_preauth(struct ssh *ssh)
508 monitor_child_preauth(ssh, pmonitor); 508 monitor_child_preauth(ssh, pmonitor);
509 509
510 /* Wait for the child's exit status */ 510 /* Wait for the child's exit status */
511 while (waitpid(pid, &status, 0) < 0) { 511 while (waitpid(pid, &status, 0) == -1) {
512 if (errno == EINTR) 512 if (errno == EINTR)
513 continue; 513 continue;
514 pmonitor->m_pid = -1; 514 pmonitor->m_pid = -1;
@@ -967,7 +967,7 @@ listen_on_addrs(struct listenaddr *la)
967 /* Create socket for listening. */ 967 /* Create socket for listening. */
968 listen_sock = socket(ai->ai_family, ai->ai_socktype, 968 listen_sock = socket(ai->ai_family, ai->ai_socktype,
969 ai->ai_protocol); 969 ai->ai_protocol);
970 if (listen_sock < 0) { 970 if (listen_sock == -1) {
971 /* kernel may not support ipv6 */ 971 /* kernel may not support ipv6 */
972 verbose("socket: %.100s", strerror(errno)); 972 verbose("socket: %.100s", strerror(errno));
973 continue; 973 continue;
@@ -996,7 +996,7 @@ listen_on_addrs(struct listenaddr *la)
996 debug("Bind to port %s on %s.", strport, ntop); 996 debug("Bind to port %s on %s.", strport, ntop);
997 997
998 /* Bind the socket to the desired port. */ 998 /* Bind the socket to the desired port. */
999 if (bind(listen_sock, ai->ai_addr, ai->ai_addrlen) < 0) { 999 if (bind(listen_sock, ai->ai_addr, ai->ai_addrlen) == -1) {
1000 error("Bind to port %s on %s failed: %.200s.", 1000 error("Bind to port %s on %s failed: %.200s.",
1001 strport, ntop, strerror(errno)); 1001 strport, ntop, strerror(errno));
1002 close(listen_sock); 1002 close(listen_sock);
@@ -1006,7 +1006,7 @@ listen_on_addrs(struct listenaddr *la)
1006 num_listen_socks++; 1006 num_listen_socks++;
1007 1007
1008 /* Start listening on the port. */ 1008 /* Start listening on the port. */
1009 if (listen(listen_sock, SSH_LISTEN_BACKLOG) < 0) 1009 if (listen(listen_sock, SSH_LISTEN_BACKLOG) == -1)
1010 fatal("listen on [%s]:%s: %.100s", 1010 fatal("listen on [%s]:%s: %.100s",
1011 ntop, strport, strerror(errno)); 1011 ntop, strport, strerror(errno));
1012 logit("Server listening on %s port %s%s%s.", 1012 logit("Server listening on %s port %s%s%s.",
@@ -1091,7 +1091,7 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s)
1091 1091
1092 /* Wait in select until there is a connection. */ 1092 /* Wait in select until there is a connection. */
1093 ret = select(maxfd+1, fdset, NULL, NULL, NULL); 1093 ret = select(maxfd+1, fdset, NULL, NULL, NULL);
1094 if (ret < 0 && errno != EINTR) 1094 if (ret == -1 && errno != EINTR)
1095 error("select: %.100s", strerror(errno)); 1095 error("select: %.100s", strerror(errno));
1096 if (received_sigterm) { 1096 if (received_sigterm) {
1097 logit("Received signal %d; terminating.", 1097 logit("Received signal %d; terminating.",
@@ -1101,7 +1101,7 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s)
1101 unlink(options.pid_file); 1101 unlink(options.pid_file);
1102 exit(received_sigterm == SIGTERM ? 0 : 255); 1102 exit(received_sigterm == SIGTERM ? 0 : 255);
1103 } 1103 }
1104 if (ret < 0) 1104 if (ret == -1)
1105 continue; 1105 continue;
1106 1106
1107 for (i = 0; i < options.max_startups; i++) { 1107 for (i = 0; i < options.max_startups; i++) {
@@ -1141,7 +1141,7 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s)
1141 fromlen = sizeof(from); 1141 fromlen = sizeof(from);
1142 *newsock = accept(listen_socks[i], 1142 *newsock = accept(listen_socks[i],
1143 (struct sockaddr *)&from, &fromlen); 1143 (struct sockaddr *)&from, &fromlen);
1144 if (*newsock < 0) { 1144 if (*newsock == -1) {
1145 if (errno != EINTR && errno != EWOULDBLOCK && 1145 if (errno != EINTR && errno != EWOULDBLOCK &&
1146 errno != ECONNABORTED && errno != EAGAIN) 1146 errno != ECONNABORTED && errno != EAGAIN)
1147 error("accept: %.100s", 1147 error("accept: %.100s",
@@ -1261,7 +1261,7 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s)
1261 1261
1262 /* Parent. Stay in the loop. */ 1262 /* Parent. Stay in the loop. */
1263 platform_post_fork_parent(pid); 1263 platform_post_fork_parent(pid);
1264 if (pid < 0) 1264 if (pid == -1)
1265 error("fork: %.100s", strerror(errno)); 1265 error("fork: %.100s", strerror(errno));
1266 else 1266 else
1267 debug("Forked child %ld.", (long)pid); 1267 debug("Forked child %ld.", (long)pid);
@@ -1314,7 +1314,7 @@ check_ip_options(struct ssh *ssh)
1314 1314
1315 memset(&from, 0, sizeof(from)); 1315 memset(&from, 0, sizeof(from));
1316 if (getpeername(sock_in, (struct sockaddr *)&from, 1316 if (getpeername(sock_in, (struct sockaddr *)&from,
1317 &fromlen) < 0) 1317 &fromlen) == -1)
1318 return; 1318 return;
1319 if (from.ss_family != AF_INET) 1319 if (from.ss_family != AF_INET)
1320 return; 1320 return;
@@ -1895,7 +1895,7 @@ main(int ac, char **av)
1895 already_daemon = daemonized(); 1895 already_daemon = daemonized();
1896 if (!(debug_flag || inetd_flag || no_daemon_flag || already_daemon)) { 1896 if (!(debug_flag || inetd_flag || no_daemon_flag || already_daemon)) {
1897 1897
1898 if (daemon(0, 0) < 0) 1898 if (daemon(0, 0) == -1)
1899 fatal("daemon() failed: %.200s", strerror(errno)); 1899 fatal("daemon() failed: %.200s", strerror(errno));
1900 1900
1901 disconnect_controlling_tty(); 1901 disconnect_controlling_tty();
@@ -1958,7 +1958,7 @@ main(int ac, char **av)
1958 * controlling terminal which will result in "could not set 1958 * controlling terminal which will result in "could not set
1959 * controlling tty" errors. 1959 * controlling tty" errors.
1960 */ 1960 */
1961 if (!debug_flag && !inetd_flag && setsid() < 0) 1961 if (!debug_flag && !inetd_flag && setsid() == -1)
1962 error("setsid: %.100s", strerror(errno)); 1962 error("setsid: %.100s", strerror(errno));
1963#endif 1963#endif
1964 1964
@@ -2036,7 +2036,7 @@ main(int ac, char **av)
2036 2036
2037 /* Set SO_KEEPALIVE if requested. */ 2037 /* Set SO_KEEPALIVE if requested. */
2038 if (options.tcp_keep_alive && ssh_packet_connection_is_on_socket(ssh) && 2038 if (options.tcp_keep_alive && ssh_packet_connection_is_on_socket(ssh) &&
2039 setsockopt(sock_in, SOL_SOCKET, SO_KEEPALIVE, &on, sizeof(on)) < 0) 2039 setsockopt(sock_in, SOL_SOCKET, SO_KEEPALIVE, &on, sizeof(on)) == -1)
2040 error("setsockopt SO_KEEPALIVE: %.100s", strerror(errno)); 2040 error("setsockopt SO_KEEPALIVE: %.100s", strerror(errno));
2041 2041
2042 if ((remote_port = ssh_remote_port(ssh)) < 0) { 2042 if ((remote_port = ssh_remote_port(ssh)) < 0) {
diff --git a/sshkey-xmss.c b/sshkey-xmss.c
index ef39831c6..a29e33f39 100644
--- a/sshkey-xmss.c
+++ b/sshkey-xmss.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: sshkey-xmss.c,v 1.4 2019/06/27 18:03:37 deraadt Exp $ */ 1/* $OpenBSD: sshkey-xmss.c,v 1.5 2019/06/28 13:35:04 deraadt Exp $ */
2/* 2/*
3 * Copyright (c) 2017 Markus Friedl. All rights reserved. 3 * Copyright (c) 2017 Markus Friedl. All rights reserved.
4 * 4 *
@@ -473,12 +473,12 @@ sshkey_xmss_get_state(const struct sshkey *k, sshkey_printfn *pr)
473 ret = SSH_ERR_ALLOC_FAIL; 473 ret = SSH_ERR_ALLOC_FAIL;
474 goto done; 474 goto done;
475 } 475 }
476 if ((lockfd = open(lockfile, O_CREAT|O_RDONLY, 0600)) < 0) { 476 if ((lockfd = open(lockfile, O_CREAT|O_RDONLY, 0600)) == -1) {
477 ret = SSH_ERR_SYSTEM_ERROR; 477 ret = SSH_ERR_SYSTEM_ERROR;
478 PRINT("%s: cannot open/create: %s", __func__, lockfile); 478 PRINT("%s: cannot open/create: %s", __func__, lockfile);
479 goto done; 479 goto done;
480 } 480 }
481 while (flock(lockfd, LOCK_EX|LOCK_NB) < 0) { 481 while (flock(lockfd, LOCK_EX|LOCK_NB) == -1) {
482 if (errno != EWOULDBLOCK) { 482 if (errno != EWOULDBLOCK) {
483 ret = SSH_ERR_SYSTEM_ERROR; 483 ret = SSH_ERR_SYSTEM_ERROR;
484 PRINT("%s: cannot lock: %s", __func__, lockfile); 484 PRINT("%s: cannot lock: %s", __func__, lockfile);
@@ -613,7 +613,7 @@ sshkey_xmss_update_state(const struct sshkey *k, sshkey_printfn *pr)
613 PRINT("%s: ENCRYPT FAILED: %d", __func__, ret); 613 PRINT("%s: ENCRYPT FAILED: %d", __func__, ret);
614 goto done; 614 goto done;
615 } 615 }
616 if ((fd = open(nstatefile, O_CREAT|O_WRONLY|O_EXCL, 0600)) < 0) { 616 if ((fd = open(nstatefile, O_CREAT|O_WRONLY|O_EXCL, 0600)) == -1) {
617 ret = SSH_ERR_SYSTEM_ERROR; 617 ret = SSH_ERR_SYSTEM_ERROR;
618 PRINT("%s: open new state file: %s", __func__, nstatefile); 618 PRINT("%s: open new state file: %s", __func__, nstatefile);
619 goto done; 619 goto done;
@@ -632,13 +632,13 @@ sshkey_xmss_update_state(const struct sshkey *k, sshkey_printfn *pr)
632 close(fd); 632 close(fd);
633 goto done; 633 goto done;
634 } 634 }
635 if (fsync(fd) < 0) { 635 if (fsync(fd) == -1) {
636 ret = SSH_ERR_SYSTEM_ERROR; 636 ret = SSH_ERR_SYSTEM_ERROR;
637 PRINT("%s: sync new state file: %s", __func__, nstatefile); 637 PRINT("%s: sync new state file: %s", __func__, nstatefile);
638 close(fd); 638 close(fd);
639 goto done; 639 goto done;
640 } 640 }
641 if (close(fd) < 0) { 641 if (close(fd) == -1) {
642 ret = SSH_ERR_SYSTEM_ERROR; 642 ret = SSH_ERR_SYSTEM_ERROR;
643 PRINT("%s: close new state file: %s", __func__, nstatefile); 643 PRINT("%s: close new state file: %s", __func__, nstatefile);
644 goto done; 644 goto done;
@@ -652,7 +652,7 @@ sshkey_xmss_update_state(const struct sshkey *k, sshkey_printfn *pr)
652 goto done; 652 goto done;
653 } 653 }
654 } 654 }
655 if (rename(nstatefile, statefile) < 0) { 655 if (rename(nstatefile, statefile) == -1) {
656 ret = SSH_ERR_SYSTEM_ERROR; 656 ret = SSH_ERR_SYSTEM_ERROR;
657 PRINT("%s: rename %s to %s", __func__, nstatefile, statefile); 657 PRINT("%s: rename %s to %s", __func__, nstatefile, statefile);
658 goto done; 658 goto done;
diff --git a/sshlogin.c b/sshlogin.c
index 1b2ee5f85..4ed419494 100644
--- a/sshlogin.c
+++ b/sshlogin.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: sshlogin.c,v 1.33 2018/07/09 21:26:02 markus Exp $ */ 1/* $OpenBSD: sshlogin.c,v 1.34 2019/06/28 13:35:04 deraadt Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
diff --git a/sshpty.c b/sshpty.c
index 4da84d05f..715035257 100644
--- a/sshpty.c
+++ b/sshpty.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: sshpty.c,v 1.31 2016/11/29 03:54:50 dtucker Exp $ */ 1/* $OpenBSD: sshpty.c,v 1.32 2019/06/28 13:35:04 deraadt Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -68,7 +68,7 @@ pty_allocate(int *ptyfd, int *ttyfd, char *namebuf, size_t namebuflen)
68 int i; 68 int i;
69 69
70 i = openpty(ptyfd, ttyfd, NULL, NULL, NULL); 70 i = openpty(ptyfd, ttyfd, NULL, NULL, NULL);
71 if (i < 0) { 71 if (i == -1) {
72 error("openpty: %.100s", strerror(errno)); 72 error("openpty: %.100s", strerror(errno));
73 return 0; 73 return 0;
74 } 74 }
@@ -86,9 +86,9 @@ void
86pty_release(const char *tty) 86pty_release(const char *tty)
87{ 87{
88#if !defined(__APPLE_PRIVPTY__) && !defined(HAVE_OPENPTY) 88#if !defined(__APPLE_PRIVPTY__) && !defined(HAVE_OPENPTY)
89 if (chown(tty, (uid_t) 0, (gid_t) 0) < 0) 89 if (chown(tty, (uid_t) 0, (gid_t) 0) == -1)
90 error("chown %.100s 0 0 failed: %.100s", tty, strerror(errno)); 90 error("chown %.100s 0 0 failed: %.100s", tty, strerror(errno));
91 if (chmod(tty, (mode_t) 0666) < 0) 91 if (chmod(tty, (mode_t) 0666) == -1)
92 error("chmod %.100s 0666 failed: %.100s", tty, strerror(errno)); 92 error("chmod %.100s 0666 failed: %.100s", tty, strerror(errno));
93#endif /* !__APPLE_PRIVPTY__ && !HAVE_OPENPTY */ 93#endif /* !__APPLE_PRIVPTY__ && !HAVE_OPENPTY */
94} 94}
@@ -108,7 +108,7 @@ pty_make_controlling_tty(int *ttyfd, const char *tty)
108 close(fd); 108 close(fd);
109 } 109 }
110#endif /* TIOCNOTTY */ 110#endif /* TIOCNOTTY */
111 if (setsid() < 0) 111 if (setsid() == -1)
112 error("setsid: %.100s", strerror(errno)); 112 error("setsid: %.100s", strerror(errno));
113 113
114 /* 114 /*
@@ -131,14 +131,14 @@ pty_make_controlling_tty(int *ttyfd, const char *tty)
131 error("SETPGRP %s",strerror(errno)); 131 error("SETPGRP %s",strerror(errno));
132#endif /* NEED_SETPGRP */ 132#endif /* NEED_SETPGRP */
133 fd = open(tty, O_RDWR); 133 fd = open(tty, O_RDWR);
134 if (fd < 0) 134 if (fd == -1)
135 error("%.100s: %.100s", tty, strerror(errno)); 135 error("%.100s: %.100s", tty, strerror(errno));
136 else 136 else
137 close(fd); 137 close(fd);
138 138
139 /* Verify that we now have a controlling tty. */ 139 /* Verify that we now have a controlling tty. */
140 fd = open(_PATH_TTY, O_WRONLY); 140 fd = open(_PATH_TTY, O_WRONLY);
141 if (fd < 0) 141 if (fd == -1)
142 error("open /dev/tty failed - could not set controlling tty: %.100s", 142 error("open /dev/tty failed - could not set controlling tty: %.100s",
143 strerror(errno)); 143 strerror(errno));
144 else 144 else
@@ -188,7 +188,7 @@ pty_setowner(struct passwd *pw, const char *tty)
188#endif 188#endif
189 189
190 if (st.st_uid != pw->pw_uid || st.st_gid != gid) { 190 if (st.st_uid != pw->pw_uid || st.st_gid != gid) {
191 if (chown(tty, pw->pw_uid, gid) < 0) { 191 if (chown(tty, pw->pw_uid, gid) == -1) {
192 if (errno == EROFS && 192 if (errno == EROFS &&
193 (st.st_uid == pw->pw_uid || st.st_uid == 0)) 193 (st.st_uid == pw->pw_uid || st.st_uid == 0))
194 debug("chown(%.100s, %u, %u) failed: %.100s", 194 debug("chown(%.100s, %u, %u) failed: %.100s",
@@ -202,7 +202,7 @@ pty_setowner(struct passwd *pw, const char *tty)
202 } 202 }
203 203
204 if ((st.st_mode & (S_IRWXU|S_IRWXG|S_IRWXO)) != mode) { 204 if ((st.st_mode & (S_IRWXU|S_IRWXG|S_IRWXO)) != mode) {
205 if (chmod(tty, mode) < 0) { 205 if (chmod(tty, mode) == -1) {
206 if (errno == EROFS && 206 if (errno == EROFS &&
207 (st.st_mode & (S_IRGRP | S_IROTH)) == 0) 207 (st.st_mode & (S_IRGRP | S_IROTH)) == 0)
208 debug("chmod(%.100s, 0%o) failed: %.100s", 208 debug("chmod(%.100s, 0%o) failed: %.100s",
diff --git a/uidswap.c b/uidswap.c
index 49f76d818..1d78c607a 100644
--- a/uidswap.c
+++ b/uidswap.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: uidswap.c,v 1.41 2018/07/18 11:34:04 dtucker Exp $ */ 1/* $OpenBSD: uidswap.c,v 1.42 2019/06/28 13:35:04 deraadt Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -84,12 +84,12 @@ temporarily_use_uid(struct passwd *pw)
84 temporarily_use_uid_effective = 1; 84 temporarily_use_uid_effective = 1;
85 85
86 saved_egroupslen = getgroups(0, NULL); 86 saved_egroupslen = getgroups(0, NULL);
87 if (saved_egroupslen < 0) 87 if (saved_egroupslen == -1)
88 fatal("getgroups: %.100s", strerror(errno)); 88 fatal("getgroups: %.100s", strerror(errno));
89 if (saved_egroupslen > 0) { 89 if (saved_egroupslen > 0) {
90 saved_egroups = xreallocarray(saved_egroups, 90 saved_egroups = xreallocarray(saved_egroups,
91 saved_egroupslen, sizeof(gid_t)); 91 saved_egroupslen, sizeof(gid_t));
92 if (getgroups(saved_egroupslen, saved_egroups) < 0) 92 if (getgroups(saved_egroupslen, saved_egroups) == -1)
93 fatal("getgroups: %.100s", strerror(errno)); 93 fatal("getgroups: %.100s", strerror(errno));
94 } else { /* saved_egroupslen == 0 */ 94 } else { /* saved_egroupslen == 0 */
95 free(saved_egroups); 95 free(saved_egroups);
@@ -98,17 +98,17 @@ temporarily_use_uid(struct passwd *pw)
98 98
99 /* set and save the user's groups */ 99 /* set and save the user's groups */
100 if (user_groupslen == -1 || user_groups_uid != pw->pw_uid) { 100 if (user_groupslen == -1 || user_groups_uid != pw->pw_uid) {
101 if (initgroups(pw->pw_name, pw->pw_gid) < 0) 101 if (initgroups(pw->pw_name, pw->pw_gid) == -1)
102 fatal("initgroups: %s: %.100s", pw->pw_name, 102 fatal("initgroups: %s: %.100s", pw->pw_name,
103 strerror(errno)); 103 strerror(errno));
104 104
105 user_groupslen = getgroups(0, NULL); 105 user_groupslen = getgroups(0, NULL);
106 if (user_groupslen < 0) 106 if (user_groupslen == -1)
107 fatal("getgroups: %.100s", strerror(errno)); 107 fatal("getgroups: %.100s", strerror(errno));
108 if (user_groupslen > 0) { 108 if (user_groupslen > 0) {
109 user_groups = xreallocarray(user_groups, 109 user_groups = xreallocarray(user_groups,
110 user_groupslen, sizeof(gid_t)); 110 user_groupslen, sizeof(gid_t));
111 if (getgroups(user_groupslen, user_groups) < 0) 111 if (getgroups(user_groupslen, user_groups) == -1)
112 fatal("getgroups: %.100s", strerror(errno)); 112 fatal("getgroups: %.100s", strerror(errno));
113 } else { /* user_groupslen == 0 */ 113 } else { /* user_groupslen == 0 */
114 free(user_groups); 114 free(user_groups);
@@ -117,17 +117,17 @@ temporarily_use_uid(struct passwd *pw)
117 user_groups_uid = pw->pw_uid; 117 user_groups_uid = pw->pw_uid;
118 } 118 }
119 /* Set the effective uid to the given (unprivileged) uid. */ 119 /* Set the effective uid to the given (unprivileged) uid. */
120 if (setgroups(user_groupslen, user_groups) < 0) 120 if (setgroups(user_groupslen, user_groups) == -1)
121 fatal("setgroups: %.100s", strerror(errno)); 121 fatal("setgroups: %.100s", strerror(errno));
122#ifndef SAVED_IDS_WORK_WITH_SETEUID 122#ifndef SAVED_IDS_WORK_WITH_SETEUID
123 /* Propagate the privileged gid to all of our gids. */ 123 /* Propagate the privileged gid to all of our gids. */
124 if (setgid(getegid()) < 0) 124 if (setgid(getegid()) == -1)
125 debug("setgid %u: %.100s", (u_int) getegid(), strerror(errno)); 125 debug("setgid %u: %.100s", (u_int) getegid(), strerror(errno));
126 /* Propagate the privileged uid to all of our uids. */ 126 /* Propagate the privileged uid to all of our uids. */
127 if (setuid(geteuid()) < 0) 127 if (setuid(geteuid()) == -1)
128 debug("setuid %u: %.100s", (u_int) geteuid(), strerror(errno)); 128 debug("setuid %u: %.100s", (u_int) geteuid(), strerror(errno));
129#endif /* SAVED_IDS_WORK_WITH_SETEUID */ 129#endif /* SAVED_IDS_WORK_WITH_SETEUID */
130 if (setegid(pw->pw_gid) < 0) 130 if (setegid(pw->pw_gid) == -1)
131 fatal("setegid %u: %.100s", (u_int)pw->pw_gid, 131 fatal("setegid %u: %.100s", (u_int)pw->pw_gid,
132 strerror(errno)); 132 strerror(errno));
133 if (seteuid(pw->pw_uid) == -1) 133 if (seteuid(pw->pw_uid) == -1)
@@ -152,9 +152,9 @@ restore_uid(void)
152#ifdef SAVED_IDS_WORK_WITH_SETEUID 152#ifdef SAVED_IDS_WORK_WITH_SETEUID
153 debug("restore_uid: %u/%u", (u_int)saved_euid, (u_int)saved_egid); 153 debug("restore_uid: %u/%u", (u_int)saved_euid, (u_int)saved_egid);
154 /* Set the effective uid back to the saved privileged uid. */ 154 /* Set the effective uid back to the saved privileged uid. */
155 if (seteuid(saved_euid) < 0) 155 if (seteuid(saved_euid) == -1)
156 fatal("seteuid %u: %.100s", (u_int)saved_euid, strerror(errno)); 156 fatal("seteuid %u: %.100s", (u_int)saved_euid, strerror(errno));
157 if (setegid(saved_egid) < 0) 157 if (setegid(saved_egid) == -1)
158 fatal("setegid %u: %.100s", (u_int)saved_egid, strerror(errno)); 158 fatal("setegid %u: %.100s", (u_int)saved_egid, strerror(errno));
159#else /* SAVED_IDS_WORK_WITH_SETEUID */ 159#else /* SAVED_IDS_WORK_WITH_SETEUID */
160 /* 160 /*
@@ -166,7 +166,7 @@ restore_uid(void)
166 setgid(getgid()); 166 setgid(getgid());
167#endif /* SAVED_IDS_WORK_WITH_SETEUID */ 167#endif /* SAVED_IDS_WORK_WITH_SETEUID */
168 168
169 if (setgroups(saved_egroupslen, saved_egroups) < 0) 169 if (setgroups(saved_egroupslen, saved_egroups) == -1)
170 fatal("setgroups: %.100s", strerror(errno)); 170 fatal("setgroups: %.100s", strerror(errno));
171 temporarily_use_uid_effective = 0; 171 temporarily_use_uid_effective = 0;
172} 172}
@@ -190,7 +190,7 @@ permanently_set_uid(struct passwd *pw)
190 debug("permanently_set_uid: %u/%u", (u_int)pw->pw_uid, 190 debug("permanently_set_uid: %u/%u", (u_int)pw->pw_uid,
191 (u_int)pw->pw_gid); 191 (u_int)pw->pw_gid);
192 192
193 if (setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) < 0) 193 if (setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) == -1)
194 fatal("setresgid %u: %.100s", (u_int)pw->pw_gid, strerror(errno)); 194 fatal("setresgid %u: %.100s", (u_int)pw->pw_gid, strerror(errno));
195 195
196#ifdef __APPLE__ 196#ifdef __APPLE__
@@ -198,12 +198,12 @@ permanently_set_uid(struct passwd *pw)
198 * OS X requires initgroups after setgid to opt back into 198 * OS X requires initgroups after setgid to opt back into
199 * memberd support for >16 supplemental groups. 199 * memberd support for >16 supplemental groups.
200 */ 200 */
201 if (initgroups(pw->pw_name, pw->pw_gid) < 0) 201 if (initgroups(pw->pw_name, pw->pw_gid) == -1)
202 fatal("initgroups %.100s %u: %.100s", 202 fatal("initgroups %.100s %u: %.100s",
203 pw->pw_name, (u_int)pw->pw_gid, strerror(errno)); 203 pw->pw_name, (u_int)pw->pw_gid, strerror(errno));
204#endif 204#endif
205 205
206 if (setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid) < 0) 206 if (setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid) == -1)
207 fatal("setresuid %u: %.100s", (u_int)pw->pw_uid, strerror(errno)); 207 fatal("setresuid %u: %.100s", (u_int)pw->pw_uid, strerror(errno));
208 208
209#ifndef NO_UID_RESTORATION_TEST 209#ifndef NO_UID_RESTORATION_TEST
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-18 12:34:58 +0000