diff options
author | deraadt@openbsd.org <deraadt@openbsd.org> | 2019-06-28 13:35:04 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2019-07-05 11:10:39 +1000 |
commit | 4d28fa78abce2890e136281950633fae2066cc29 (patch) | |
tree | 33226ec64ced661bb7e40005e30744b68fa59a80 /auth.c | |
parent | e8c974043c1648eab0ad67a7ba6a3e444fe79d2d (diff) |
upstream: When system calls indicate an error they return -1, not
some arbitrary value < 0. errno is only updated in this case. Change all
(most?) callers of syscalls to follow this better, and let's see if this
strictness helps us in the future.
OpenBSD-Commit-ID: 48081f00db7518e3b712a49dca06efc2a5428075
Diffstat (limited to 'auth.c')
-rw-r--r-- | auth.c | 16 |
1 files changed, 8 insertions, 8 deletions
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: auth.c,v 1.138 2019/01/19 21:41:18 djm Exp $ */ | 1 | /* $OpenBSD: auth.c,v 1.139 2019/06/28 13:35:04 deraadt Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. |
4 | * | 4 | * |
@@ -167,7 +167,7 @@ allowed_user(struct ssh *ssh, struct passwd * pw) | |||
167 | char *shell = xstrdup((pw->pw_shell[0] == '\0') ? | 167 | char *shell = xstrdup((pw->pw_shell[0] == '\0') ? |
168 | _PATH_BSHELL : pw->pw_shell); /* empty = /bin/sh */ | 168 | _PATH_BSHELL : pw->pw_shell); /* empty = /bin/sh */ |
169 | 169 | ||
170 | if (stat(shell, &st) != 0) { | 170 | if (stat(shell, &st) == -1) { |
171 | logit("User %.100s not allowed because shell %.100s " | 171 | logit("User %.100s not allowed because shell %.100s " |
172 | "does not exist", pw->pw_name, shell); | 172 | "does not exist", pw->pw_name, shell); |
173 | free(shell); | 173 | free(shell); |
@@ -517,7 +517,7 @@ auth_openfile(const char *file, struct passwd *pw, int strict_modes, | |||
517 | return NULL; | 517 | return NULL; |
518 | } | 518 | } |
519 | 519 | ||
520 | if (fstat(fd, &st) < 0) { | 520 | if (fstat(fd, &st) == -1) { |
521 | close(fd); | 521 | close(fd); |
522 | return NULL; | 522 | return NULL; |
523 | } | 523 | } |
@@ -746,7 +746,7 @@ remote_hostname(struct ssh *ssh) | |||
746 | fromlen = sizeof(from); | 746 | fromlen = sizeof(from); |
747 | memset(&from, 0, sizeof(from)); | 747 | memset(&from, 0, sizeof(from)); |
748 | if (getpeername(ssh_packet_get_connection_in(ssh), | 748 | if (getpeername(ssh_packet_get_connection_in(ssh), |
749 | (struct sockaddr *)&from, &fromlen) < 0) { | 749 | (struct sockaddr *)&from, &fromlen) == -1) { |
750 | debug("getpeername failed: %.100s", strerror(errno)); | 750 | debug("getpeername failed: %.100s", strerror(errno)); |
751 | return strdup(ntop); | 751 | return strdup(ntop); |
752 | } | 752 | } |
@@ -884,7 +884,7 @@ subprocess(const char *tag, struct passwd *pw, const char *command, | |||
884 | return 0; | 884 | return 0; |
885 | } | 885 | } |
886 | temporarily_use_uid(pw); | 886 | temporarily_use_uid(pw); |
887 | if (stat(av[0], &st) < 0) { | 887 | if (stat(av[0], &st) == -1) { |
888 | error("Could not stat %s \"%s\": %s", tag, | 888 | error("Could not stat %s \"%s\": %s", tag, |
889 | av[0], strerror(errno)); | 889 | av[0], strerror(errno)); |
890 | restore_uid(); | 890 | restore_uid(); |
@@ -896,7 +896,7 @@ subprocess(const char *tag, struct passwd *pw, const char *command, | |||
896 | return 0; | 896 | return 0; |
897 | } | 897 | } |
898 | /* Prepare to keep the child's stdout if requested */ | 898 | /* Prepare to keep the child's stdout if requested */ |
899 | if (pipe(p) != 0) { | 899 | if (pipe(p) == -1) { |
900 | error("%s: pipe: %s", tag, strerror(errno)); | 900 | error("%s: pipe: %s", tag, strerror(errno)); |
901 | restore_uid(); | 901 | restore_uid(); |
902 | return 0; | 902 | return 0; |
@@ -946,12 +946,12 @@ subprocess(const char *tag, struct passwd *pw, const char *command, | |||
946 | closefrom(STDERR_FILENO + 1); | 946 | closefrom(STDERR_FILENO + 1); |
947 | 947 | ||
948 | /* Don't use permanently_set_uid() here to avoid fatal() */ | 948 | /* Don't use permanently_set_uid() here to avoid fatal() */ |
949 | if (setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) != 0) { | 949 | if (setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) == -1) { |
950 | error("%s: setresgid %u: %s", tag, (u_int)pw->pw_gid, | 950 | error("%s: setresgid %u: %s", tag, (u_int)pw->pw_gid, |
951 | strerror(errno)); | 951 | strerror(errno)); |
952 | _exit(1); | 952 | _exit(1); |
953 | } | 953 | } |
954 | if (setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid) != 0) { | 954 | if (setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid) == -1) { |
955 | error("%s: setresuid %u: %s", tag, (u_int)pw->pw_uid, | 955 | error("%s: setresuid %u: %s", tag, (u_int)pw->pw_uid, |
956 | strerror(errno)); | 956 | strerror(errno)); |
957 | _exit(1); | 957 | _exit(1); |