upstream: When system calls indicate an error they return -1, not

some arbitrary value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if this strictness helps us in the future. OpenBSD-Commit-ID: 48081f00db7518e3b712a49dca06efc2a5428075
author: deraadt@openbsd.org <deraadt@openbsd.org> 2019-06-28 13:35:04 +0000
committer: Damien Miller <djm@mindrot.org> 2019-07-05 11:10:39 +1000
commit: 4d28fa78abce2890e136281950633fae2066cc29 (patch)
tree: 33226ec64ced661bb7e40005e30744b68fa59a80 /auth.c
parent: e8c974043c1648eab0ad67a7ba6a3e444fe79d2d (diff)
1 files changed, 8 insertions, 8 deletions
diff --git a/auth.c b/auth.c
index 8696f258e..b41d39cdc 100644
--- a/auth.c
+++ b/auth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth.c,v 1.138 2019/01/19 21:41:18 djm Exp $ */
+/* $OpenBSD: auth.c,v 1.139 2019/06/28 13:35:04 deraadt Exp $ */
 /*
 * Copyright (c) 2000 Markus Friedl.  All rights reserved.
 *
@@ -167,7 +167,7 @@ allowed_user(struct ssh *ssh, struct passwd * pw)
                char *shell = xstrdup((pw->pw_shell[0] == '\0') ?
                    _PATH_BSHELL : pw->pw_shell); /* empty = /bin/sh */
-                if (stat(shell, &st) != 0) {
+                if (stat(shell, &st) == -1) {
                        logit("User %.100s not allowed because shell %.100s "
                            "does not exist", pw->pw_name, shell);
                        free(shell);
@@ -517,7 +517,7 @@ auth_openfile(const char *file, struct passwd *pw, int strict_modes,
                return NULL;
        }
-        if (fstat(fd, &st) < 0) {
+        if (fstat(fd, &st) == -1) {
                close(fd);
                return NULL;
        }
@@ -746,7 +746,7 @@ remote_hostname(struct ssh *ssh)
        fromlen = sizeof(from);
        memset(&from, 0, sizeof(from));
        if (getpeername(ssh_packet_get_connection_in(ssh),
-            (struct sockaddr *)&from, &fromlen) < 0) {
+            (struct sockaddr *)&from, &fromlen) == -1) {
                debug("getpeername failed: %.100s", strerror(errno));
                return strdup(ntop);
        }
@@ -884,7 +884,7 @@ subprocess(const char *tag, struct passwd *pw, const char *command,
                return 0;
        }
        temporarily_use_uid(pw);
-        if (stat(av[0], &st) < 0) {
+        if (stat(av[0], &st) == -1) {
                error("Could not stat %s \"%s\": %s", tag,
                    av[0], strerror(errno));
                restore_uid();
@@ -896,7 +896,7 @@ subprocess(const char *tag, struct passwd *pw, const char *command,
                return 0;
        }
        /* Prepare to keep the child's stdout if requested */
-        if (pipe(p) != 0) {
+        if (pipe(p) == -1) {
                error("%s: pipe: %s", tag, strerror(errno));
                restore_uid();
                return 0;
@@ -946,12 +946,12 @@ subprocess(const char *tag, struct passwd *pw, const char *command,
                closefrom(STDERR_FILENO + 1);
                /* Don't use permanently_set_uid() here to avoid fatal() */
-                if (setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) != 0) {
+                if (setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) == -1) {
                        error("%s: setresgid %u: %s", tag, (u_int)pw->pw_gid,
                            strerror(errno));
                        _exit(1);
                }
-                if (setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid) != 0) {
+                if (setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid) == -1) {
                        error("%s: setresuid %u: %s", tag, (u_int)pw->pw_uid,
                            strerror(errno));
                        _exit(1);
author	deraadt@openbsd.org <deraadt@openbsd.org>	2019-06-28 13:35:04 +0000
committer	Damien Miller <djm@mindrot.org>	2019-07-05 11:10:39 +1000
commit	4d28fa78abce2890e136281950633fae2066cc29 (patch)
tree	33226ec64ced661bb7e40005e30744b68fa59a80 /auth.c
parent	e8c974043c1648eab0ad67a7ba6a3e444fe79d2d (diff)

diff --git a/auth.c b/auth.c index 8696f258e..b41d39cdc 100644 --- a/auth.c +++ b/auth.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: auth.c,v 1.138 2019/01/19 21:41:18 djm Exp $ */	1	/* $OpenBSD: auth.c,v 1.139 2019/06/28 13:35:04 deraadt Exp $ */
2	/*	2	/*
3	* Copyright (c) 2000 Markus Friedl. All rights reserved.	3	* Copyright (c) 2000 Markus Friedl. All rights reserved.
4	*	4	*
@@ -167,7 +167,7 @@ allowed_user(struct ssh ssh, struct passwd pw)
167	char *shell = xstrdup((pw->pw_shell[0] == '\0') ?	167	char *shell = xstrdup((pw->pw_shell[0] == '\0') ?
168	_PATH_BSHELL : pw->pw_shell); /* empty = /bin/sh */	168	_PATH_BSHELL : pw->pw_shell); /* empty = /bin/sh */
169		169
170	if (stat(shell, &st) != 0) {	170	if (stat(shell, &st) == -1) {
171	logit("User %.100s not allowed because shell %.100s "	171	logit("User %.100s not allowed because shell %.100s "
172	"does not exist", pw->pw_name, shell);	172	"does not exist", pw->pw_name, shell);
173	free(shell);	173	free(shell);
@@ -517,7 +517,7 @@ auth_openfile(const char file, struct passwd pw, int strict_modes,
517	return NULL;	517	return NULL;
518	}	518	}
519		519
520	if (fstat(fd, &st) < 0) {	520	if (fstat(fd, &st) == -1) {
521	close(fd);	521	close(fd);
522	return NULL;	522	return NULL;
523	}	523	}
@@ -746,7 +746,7 @@ remote_hostname(struct ssh *ssh)
746	fromlen = sizeof(from);	746	fromlen = sizeof(from);
747	memset(&from, 0, sizeof(from));	747	memset(&from, 0, sizeof(from));
748	if (getpeername(ssh_packet_get_connection_in(ssh),	748	if (getpeername(ssh_packet_get_connection_in(ssh),
749	(struct sockaddr *)&from, &fromlen) < 0) {	749	(struct sockaddr *)&from, &fromlen) == -1) {
750	debug("getpeername failed: %.100s", strerror(errno));	750	debug("getpeername failed: %.100s", strerror(errno));
751	return strdup(ntop);	751	return strdup(ntop);
752	}	752	}
@@ -884,7 +884,7 @@ subprocess(const char tag, struct passwd pw, const char *command,
884	return 0;	884	return 0;
885	}	885	}
886	temporarily_use_uid(pw);	886	temporarily_use_uid(pw);
887	if (stat(av[0], &st) < 0) {	887	if (stat(av[0], &st) == -1) {
888	error("Could not stat %s \"%s\": %s", tag,	888	error("Could not stat %s \"%s\": %s", tag,
889	av[0], strerror(errno));	889	av[0], strerror(errno));
890	restore_uid();	890	restore_uid();
@@ -896,7 +896,7 @@ subprocess(const char tag, struct passwd pw, const char *command,
896	return 0;	896	return 0;
897	}	897	}
898	/* Prepare to keep the child's stdout if requested */	898	/* Prepare to keep the child's stdout if requested */
899	if (pipe(p) != 0) {	899	if (pipe(p) == -1) {
900	error("%s: pipe: %s", tag, strerror(errno));	900	error("%s: pipe: %s", tag, strerror(errno));
901	restore_uid();	901	restore_uid();
902	return 0;	902	return 0;
@@ -946,12 +946,12 @@ subprocess(const char tag, struct passwd pw, const char *command,
946	closefrom(STDERR_FILENO + 1);	946	closefrom(STDERR_FILENO + 1);
947		947
948	/* Don't use permanently_set_uid() here to avoid fatal() */	948	/* Don't use permanently_set_uid() here to avoid fatal() */
949	if (setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) != 0) {	949	if (setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) == -1) {
950	error("%s: setresgid %u: %s", tag, (u_int)pw->pw_gid,	950	error("%s: setresgid %u: %s", tag, (u_int)pw->pw_gid,
951	strerror(errno));	951	strerror(errno));
952	_exit(1);	952	_exit(1);
953	}	953	}
954	if (setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid) != 0) {	954	if (setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid) == -1) {
955	error("%s: setresuid %u: %s", tag, (u_int)pw->pw_uid,	955	error("%s: setresuid %u: %s", tag, (u_int)pw->pw_uid,
956	strerror(errno));	956	strerror(errno));
957	_exit(1);	957	_exit(1);