From 5cdbaa78fcb718c39af4522d98016ad89d065427 Mon Sep 17 00:00:00 2001 From: "deraadt@openbsd.org" Date: Thu, 27 Jun 2019 18:03:37 +0000 Subject: upstream: Some asprintf() calls were checked < 0, rather than the precise == -1. ok millert nicm tb, etc OpenBSD-Commit-ID: caecf8f57938685c04f125515b9f2806ad408d53 --- sshkey-xmss.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) (limited to 'sshkey-xmss.c') diff --git a/sshkey-xmss.c b/sshkey-xmss.c index aaae70289..ef39831c6 100644 --- a/sshkey-xmss.c +++ b/sshkey-xmss.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshkey-xmss.c,v 1.3 2018/07/09 21:59:10 markus Exp $ */ +/* $OpenBSD: sshkey-xmss.c,v 1.4 2019/06/27 18:03:37 deraadt Exp $ */ /* * Copyright (c) 2017 Markus Friedl. All rights reserved. * @@ -467,9 +467,9 @@ sshkey_xmss_get_state(const struct sshkey *k, sshkey_printfn *pr) } if ((filename = k->xmss_filename) == NULL) goto done; - if (asprintf(&lockfile, "%s.lock", filename) < 0 || - asprintf(&statefile, "%s.state", filename) < 0 || - asprintf(&ostatefile, "%s.ostate", filename) < 0) { + if (asprintf(&lockfile, "%s.lock", filename) == -1 || + asprintf(&statefile, "%s.state", filename) == -1 || + asprintf(&ostatefile, "%s.ostate", filename) == -1) { ret = SSH_ERR_ALLOC_FAIL; goto done; } @@ -594,9 +594,9 @@ sshkey_xmss_update_state(const struct sshkey *k, sshkey_printfn *pr) state->idx = idx; if ((filename = k->xmss_filename) == NULL) goto done; - if (asprintf(&statefile, "%s.state", filename) < 0 || - asprintf(&ostatefile, "%s.ostate", filename) < 0 || - asprintf(&nstatefile, "%s.nstate", filename) < 0) { + if (asprintf(&statefile, "%s.state", filename) == -1 || + asprintf(&ostatefile, "%s.ostate", filename) == -1 || + asprintf(&nstatefile, "%s.nstate", filename) == -1) { ret = SSH_ERR_ALLOC_FAIL; goto done; } -- cgit v1.2.3 From 4d28fa78abce2890e136281950633fae2066cc29 Mon Sep 17 00:00:00 2001 From: "deraadt@openbsd.org" Date: Fri, 28 Jun 2019 13:35:04 +0000 Subject: upstream: When system calls indicate an error they return -1, not some arbitrary value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if this strictness helps us in the future. OpenBSD-Commit-ID: 48081f00db7518e3b712a49dca06efc2a5428075 --- auth-rhosts.c | 10 +++++----- auth.c | 16 ++++++++-------- authfd.c | 6 +++--- authfile.c | 12 ++++++------ canohost.c | 6 +++--- channels.c | 46 +++++++++++++++++++++++----------------------- clientloop.c | 12 ++++++------ misc.c | 18 +++++++++--------- monitor.c | 10 +++++----- monitor_wrap.c | 4 ++-- mux.c | 8 ++++---- nchan.c | 6 +++--- packet.c | 14 +++++++------- readconf.c | 4 ++-- readpass.c | 10 +++++----- scp.c | 24 ++++++++++++------------ serverloop.c | 8 ++++---- session.c | 48 ++++++++++++++++++++++++------------------------ sftp-server.c | 24 ++++++++++++------------ ssh-add.c | 6 +++--- ssh-agent.c | 10 +++++----- ssh-keygen.c | 24 ++++++++++++------------ ssh-keyscan.c | 12 ++++++------ ssh.c | 18 +++++++++--------- sshconnect.c | 26 +++++++++++++------------- sshconnect2.c | 20 ++++++++++---------- sshd.c | 30 +++++++++++++++--------------- sshkey-xmss.c | 14 +++++++------- sshlogin.c | 2 +- sshpty.c | 18 +++++++++--------- uidswap.c | 32 ++++++++++++++++---------------- 31 files changed, 249 insertions(+), 249 deletions(-) (limited to 'sshkey-xmss.c') diff --git a/auth-rhosts.c b/auth-rhosts.c index 57296e1f6..63c1c8acb 100644 --- a/auth-rhosts.c +++ b/auth-rhosts.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth-rhosts.c,v 1.49 2018/07/09 21:35:50 markus Exp $ */ +/* $OpenBSD: auth-rhosts.c,v 1.50 2019/06/28 13:35:04 deraadt Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -222,8 +222,8 @@ auth_rhosts2(struct passwd *pw, const char *client_user, const char *hostname, * are no system-wide files. */ if (!rhosts_files[rhosts_file_index] && - stat(_PATH_RHOSTS_EQUIV, &st) < 0 && - stat(_PATH_SSH_HOSTS_EQUIV, &st) < 0) { + stat(_PATH_RHOSTS_EQUIV, &st) == -1 && + stat(_PATH_SSH_HOSTS_EQUIV, &st) == -1) { debug3("%s: no hosts access files exist", __func__); return 0; } @@ -253,7 +253,7 @@ auth_rhosts2(struct passwd *pw, const char *client_user, const char *hostname, * Check that the home directory is owned by root or the user, and is * not group or world writable. */ - if (stat(pw->pw_dir, &st) < 0) { + if (stat(pw->pw_dir, &st) == -1) { logit("Rhosts authentication refused for %.100s: " "no home directory %.200s", pw->pw_name, pw->pw_dir); auth_debug_add("Rhosts authentication refused for %.100s: " @@ -278,7 +278,7 @@ auth_rhosts2(struct passwd *pw, const char *client_user, const char *hostname, /* Check users .rhosts or .shosts. */ snprintf(buf, sizeof buf, "%.500s/%.100s", pw->pw_dir, rhosts_files[rhosts_file_index]); - if (stat(buf, &st) < 0) + if (stat(buf, &st) == -1) continue; /* diff --git a/auth.c b/auth.c index 8696f258e..b41d39cdc 100644 --- a/auth.c +++ b/auth.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth.c,v 1.138 2019/01/19 21:41:18 djm Exp $ */ +/* $OpenBSD: auth.c,v 1.139 2019/06/28 13:35:04 deraadt Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -167,7 +167,7 @@ allowed_user(struct ssh *ssh, struct passwd * pw) char *shell = xstrdup((pw->pw_shell[0] == '\0') ? _PATH_BSHELL : pw->pw_shell); /* empty = /bin/sh */ - if (stat(shell, &st) != 0) { + if (stat(shell, &st) == -1) { logit("User %.100s not allowed because shell %.100s " "does not exist", pw->pw_name, shell); free(shell); @@ -517,7 +517,7 @@ auth_openfile(const char *file, struct passwd *pw, int strict_modes, return NULL; } - if (fstat(fd, &st) < 0) { + if (fstat(fd, &st) == -1) { close(fd); return NULL; } @@ -746,7 +746,7 @@ remote_hostname(struct ssh *ssh) fromlen = sizeof(from); memset(&from, 0, sizeof(from)); if (getpeername(ssh_packet_get_connection_in(ssh), - (struct sockaddr *)&from, &fromlen) < 0) { + (struct sockaddr *)&from, &fromlen) == -1) { debug("getpeername failed: %.100s", strerror(errno)); return strdup(ntop); } @@ -884,7 +884,7 @@ subprocess(const char *tag, struct passwd *pw, const char *command, return 0; } temporarily_use_uid(pw); - if (stat(av[0], &st) < 0) { + if (stat(av[0], &st) == -1) { error("Could not stat %s \"%s\": %s", tag, av[0], strerror(errno)); restore_uid(); @@ -896,7 +896,7 @@ subprocess(const char *tag, struct passwd *pw, const char *command, return 0; } /* Prepare to keep the child's stdout if requested */ - if (pipe(p) != 0) { + if (pipe(p) == -1) { error("%s: pipe: %s", tag, strerror(errno)); restore_uid(); return 0; @@ -946,12 +946,12 @@ subprocess(const char *tag, struct passwd *pw, const char *command, closefrom(STDERR_FILENO + 1); /* Don't use permanently_set_uid() here to avoid fatal() */ - if (setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) != 0) { + if (setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) == -1) { error("%s: setresgid %u: %s", tag, (u_int)pw->pw_gid, strerror(errno)); _exit(1); } - if (setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid) != 0) { + if (setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid) == -1) { error("%s: setresuid %u: %s", tag, (u_int)pw->pw_uid, strerror(errno)); _exit(1); diff --git a/authfd.c b/authfd.c index 327a333d2..fd8f336fc 100644 --- a/authfd.c +++ b/authfd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: authfd.c,v 1.114 2019/06/21 04:21:04 djm Exp $ */ +/* $OpenBSD: authfd.c,v 1.115 2019/06/28 13:35:04 deraadt Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -101,12 +101,12 @@ ssh_get_authentication_socket(int *fdp) sunaddr.sun_family = AF_UNIX; strlcpy(sunaddr.sun_path, authsocket, sizeof(sunaddr.sun_path)); - if ((sock = socket(AF_UNIX, SOCK_STREAM, 0)) < 0) + if ((sock = socket(AF_UNIX, SOCK_STREAM, 0)) == -1) return SSH_ERR_SYSTEM_ERROR; /* close on exec */ if (fcntl(sock, F_SETFD, FD_CLOEXEC) == -1 || - connect(sock, (struct sockaddr *)&sunaddr, sizeof(sunaddr)) < 0) { + connect(sock, (struct sockaddr *)&sunaddr, sizeof(sunaddr)) == -1) { oerrno = errno; close(sock); errno = oerrno; diff --git a/authfile.c b/authfile.c index b1c92f4ad..2166c1689 100644 --- a/authfile.c +++ b/authfile.c @@ -1,4 +1,4 @@ -/* $OpenBSD: authfile.c,v 1.131 2018/09/21 12:20:12 djm Exp $ */ +/* $OpenBSD: authfile.c,v 1.132 2019/06/28 13:35:04 deraadt Exp $ */ /* * Copyright (c) 2000, 2013 Markus Friedl. All rights reserved. * @@ -57,7 +57,7 @@ sshkey_save_private_blob(struct sshbuf *keybuf, const char *filename) { int fd, oerrno; - if ((fd = open(filename, O_WRONLY | O_CREAT | O_TRUNC, 0600)) < 0) + if ((fd = open(filename, O_WRONLY | O_CREAT | O_TRUNC, 0600)) == -1) return SSH_ERR_SYSTEM_ERROR; if (atomicio(vwrite, fd, sshbuf_mutable_ptr(keybuf), sshbuf_len(keybuf)) != sshbuf_len(keybuf)) { @@ -101,7 +101,7 @@ sshkey_load_file(int fd, struct sshbuf *blob) struct stat st; int r; - if (fstat(fd, &st) < 0) + if (fstat(fd, &st) == -1) return SSH_ERR_SYSTEM_ERROR; if ((st.st_mode & (S_IFSOCK|S_IFCHR|S_IFIFO)) == 0 && st.st_size > MAX_KEY_FILE_SIZE) @@ -141,7 +141,7 @@ sshkey_perm_ok(int fd, const char *filename) { struct stat st; - if (fstat(fd, &st) < 0) + if (fstat(fd, &st) == -1) return SSH_ERR_SYSTEM_ERROR; /* * if a key owned by the user is accessed, then we check the @@ -176,7 +176,7 @@ sshkey_load_private_type(int type, const char *filename, const char *passphrase, if (commentp != NULL) *commentp = NULL; - if ((fd = open(filename, O_RDONLY)) < 0) { + if ((fd = open(filename, O_RDONLY)) == -1) { if (perm_ok != NULL) *perm_ok = 0; return SSH_ERR_SYSTEM_ERROR; @@ -236,7 +236,7 @@ sshkey_load_private(const char *filename, const char *passphrase, if (commentp != NULL) *commentp = NULL; - if ((fd = open(filename, O_RDONLY)) < 0) + if ((fd = open(filename, O_RDONLY)) == -1) return SSH_ERR_SYSTEM_ERROR; if (sshkey_perm_ok(fd, filename) != 0) { r = SSH_ERR_KEY_BAD_PERMISSIONS; diff --git a/canohost.c b/canohost.c index f71a08568..abea9c6e6 100644 --- a/canohost.c +++ b/canohost.c @@ -1,4 +1,4 @@ -/* $OpenBSD: canohost.c,v 1.73 2016/03/07 19:02:43 djm Exp $ */ +/* $OpenBSD: canohost.c,v 1.74 2019/06/28 13:35:04 deraadt Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -164,12 +164,12 @@ get_sock_port(int sock, int local) fromlen = sizeof(from); memset(&from, 0, sizeof(from)); if (local) { - if (getsockname(sock, (struct sockaddr *)&from, &fromlen) < 0) { + if (getsockname(sock, (struct sockaddr *)&from, &fromlen) == -1) { error("getsockname failed: %.100s", strerror(errno)); return 0; } } else { - if (getpeername(sock, (struct sockaddr *)&from, &fromlen) < 0) { + if (getpeername(sock, (struct sockaddr *)&from, &fromlen) == -1) { debug("getpeername failed: %.100s", strerror(errno)); return -1; } diff --git a/channels.c b/channels.c index 30691c82f..e1c7be81f 100644 --- a/channels.c +++ b/channels.c @@ -1,4 +1,4 @@ -/* $OpenBSD: channels.c,v 1.392 2019/06/07 14:18:48 dtucker Exp $ */ +/* $OpenBSD: channels.c,v 1.393 2019/06/28 13:35:04 deraadt Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -1671,7 +1671,7 @@ channel_post_x11_listener(struct ssh *ssh, Channel *c, chan_mark_dead(ssh, c); errno = oerrno; } - if (newsock < 0) { + if (newsock == -1) { if (errno != EINTR && errno != EWOULDBLOCK && errno != ECONNABORTED) error("accept: %.100s", strerror(errno)); @@ -1814,7 +1814,7 @@ channel_post_port_listener(struct ssh *ssh, Channel *c, addrlen = sizeof(addr); newsock = accept(c->sock, (struct sockaddr *)&addr, &addrlen); - if (newsock < 0) { + if (newsock == -1) { if (errno != EINTR && errno != EWOULDBLOCK && errno != ECONNABORTED) error("accept: %.100s", strerror(errno)); @@ -1853,7 +1853,7 @@ channel_post_auth_listener(struct ssh *ssh, Channel *c, addrlen = sizeof(addr); newsock = accept(c->sock, (struct sockaddr *)&addr, &addrlen); - if (newsock < 0) { + if (newsock == -1) { error("accept from auth socket: %.100s", strerror(errno)); if (errno == EMFILE || errno == ENFILE) c->notbefore = monotime() + 1; @@ -1881,7 +1881,7 @@ channel_post_connecting(struct ssh *ssh, Channel *c, fatal(":%s: channel %d: no remote id", __func__, c->self); /* for rdynamic the OPEN_CONFIRMATION has been sent already */ isopen = (c->type == SSH_CHANNEL_RDYNAMIC_FINISH); - if (getsockopt(c->sock, SOL_SOCKET, SO_ERROR, &err, &sz) < 0) { + if (getsockopt(c->sock, SOL_SOCKET, SO_ERROR, &err, &sz) == -1) { err = errno; error("getsockopt SO_ERROR failed"); } @@ -1956,7 +1956,7 @@ channel_handle_rfd(struct ssh *ssh, Channel *c, errno = 0; len = read(c->rfd, buf, sizeof(buf)); - if (len < 0 && (errno == EINTR || + if (len == -1 && (errno == EINTR || ((errno == EAGAIN || errno == EWOULDBLOCK) && !force))) return 1; #ifndef PTY_ZEROREAD @@ -2030,7 +2030,7 @@ channel_handle_wfd(struct ssh *ssh, Channel *c, /* ignore truncated writes, datagrams might get lost */ len = write(c->wfd, buf, dlen); free(data); - if (len < 0 && (errno == EINTR || errno == EAGAIN || + if (len == -1 && (errno == EINTR || errno == EAGAIN || errno == EWOULDBLOCK)) return 1; if (len <= 0) @@ -2045,7 +2045,7 @@ channel_handle_wfd(struct ssh *ssh, Channel *c, #endif len = write(c->wfd, buf, dlen); - if (len < 0 && + if (len == -1 && (errno == EINTR || errno == EAGAIN || errno == EWOULDBLOCK)) return 1; if (len <= 0) { @@ -2099,7 +2099,7 @@ channel_handle_efd_write(struct ssh *ssh, Channel *c, len = write(c->efd, sshbuf_ptr(c->extended), sshbuf_len(c->extended)); debug2("channel %d: written %zd to efd %d", c->self, len, c->efd); - if (len < 0 && (errno == EINTR || errno == EAGAIN || + if (len == -1 && (errno == EINTR || errno == EAGAIN || errno == EWOULDBLOCK)) return 1; if (len <= 0) { @@ -2130,7 +2130,7 @@ channel_handle_efd_read(struct ssh *ssh, Channel *c, len = read(c->efd, buf, sizeof(buf)); debug2("channel %d: read %zd from efd %d", c->self, len, c->efd); - if (len < 0 && (errno == EINTR || ((errno == EAGAIN || + if (len == -1 && (errno == EINTR || ((errno == EAGAIN || errno == EWOULDBLOCK) && !force))) return 1; if (len <= 0) { @@ -2219,7 +2219,7 @@ read_mux(struct ssh *ssh, Channel *c, u_int need) if (sshbuf_len(c->input) < need) { rlen = need - sshbuf_len(c->input); len = read(c->rfd, buf, MINIMUM(rlen, CHAN_RBUF)); - if (len < 0 && (errno == EINTR || errno == EAGAIN)) + if (len == -1 && (errno == EINTR || errno == EAGAIN)) return sshbuf_len(c->input); if (len <= 0) { debug2("channel %d: ctl read<=0 rfd %d len %zd", @@ -2283,7 +2283,7 @@ channel_post_mux_client_write(struct ssh *ssh, Channel *c, return; len = write(c->wfd, sshbuf_ptr(c->output), sshbuf_len(c->output)); - if (len < 0 && (errno == EINTR || errno == EAGAIN)) + if (len == -1 && (errno == EINTR || errno == EAGAIN)) return; if (len <= 0) { chan_mark_dead(ssh, c); @@ -2331,7 +2331,7 @@ channel_post_mux_listener(struct ssh *ssh, Channel *c, return; } - if (getpeereid(newsock, &euid, &egid) < 0) { + if (getpeereid(newsock, &euid, &egid) == -1) { error("%s getpeereid failed: %s", __func__, strerror(errno)); close(newsock); @@ -3461,7 +3461,7 @@ channel_setup_fwd_listener_tcpip(struct ssh *ssh, int type, } /* Create a port to listen for the host. */ sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol); - if (sock < 0) { + if (sock == -1) { /* this is no error since kernel may not support ipv6 */ verbose("socket [%s]:%s: %.100s", ntop, strport, strerror(errno)); @@ -3476,7 +3476,7 @@ channel_setup_fwd_listener_tcpip(struct ssh *ssh, int type, ntop, strport); /* Bind the socket to the address. */ - if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) { + if (bind(sock, ai->ai_addr, ai->ai_addrlen) == -1) { /* * address can be in if use ipv6 address is * already bound @@ -3492,7 +3492,7 @@ channel_setup_fwd_listener_tcpip(struct ssh *ssh, int type, continue; } /* Start listening for connections on the socket. */ - if (listen(sock, SSH_LISTEN_BACKLOG) < 0) { + if (listen(sock, SSH_LISTEN_BACKLOG) == -1) { error("listen: %.100s", strerror(errno)); error("listen [%s]:%s: %.100s", ntop, strport, strerror(errno)); @@ -4512,7 +4512,7 @@ channel_send_window_changes(struct ssh *ssh) if (sc->channels[i] == NULL || !sc->channels[i]->client_tty || sc->channels[i]->type != SSH_CHANNEL_OPEN) continue; - if (ioctl(sc->channels[i]->rfd, TIOCGWINSZ, &ws) < 0) + if (ioctl(sc->channels[i]->rfd, TIOCGWINSZ, &ws) == -1) continue; channel_request_start(ssh, i, "window-change", 0); if ((r = sshpkt_put_u32(ssh, (u_int)ws.ws_col)) != 0 || @@ -4615,7 +4615,7 @@ x11_create_display_inet(struct ssh *ssh, int x11_display_offset, continue; sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol); - if (sock < 0) { + if (sock == -1) { if ((errno != EINVAL) && (errno != EAFNOSUPPORT) #ifdef EPFNOSUPPORT && (errno != EPFNOSUPPORT) @@ -4634,7 +4634,7 @@ x11_create_display_inet(struct ssh *ssh, int x11_display_offset, sock_set_v6only(sock); if (x11_use_localhost) set_reuseaddr(sock); - if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) { + if (bind(sock, ai->ai_addr, ai->ai_addrlen) == -1) { debug2("%s: bind port %d: %.100s", __func__, port, strerror(errno)); close(sock); @@ -4658,7 +4658,7 @@ x11_create_display_inet(struct ssh *ssh, int x11_display_offset, /* Start listening for connections on the socket. */ for (n = 0; n < num_socks; n++) { sock = socks[n]; - if (listen(sock, SSH_LISTEN_BACKLOG) < 0) { + if (listen(sock, SSH_LISTEN_BACKLOG) == -1) { error("listen: %.100s", strerror(errno)); close(sock); return -1; @@ -4690,7 +4690,7 @@ connect_local_xsocket_path(const char *pathname) struct sockaddr_un addr; sock = socket(AF_UNIX, SOCK_STREAM, 0); - if (sock < 0) + if (sock == -1) error("socket: %.100s", strerror(errno)); memset(&addr, 0, sizeof(addr)); addr.sun_family = AF_UNIX; @@ -4831,12 +4831,12 @@ x11_connect_display(struct ssh *ssh) for (ai = aitop; ai; ai = ai->ai_next) { /* Create a socket. */ sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol); - if (sock < 0) { + if (sock == -1) { debug2("socket: %.100s", strerror(errno)); continue; } /* Connect it to the display. */ - if (connect(sock, ai->ai_addr, ai->ai_addrlen) < 0) { + if (connect(sock, ai->ai_addr, ai->ai_addrlen) == -1) { debug2("connect %.100s port %u: %.100s", buf, 6000 + display_number, strerror(errno)); close(sock); diff --git a/clientloop.c b/clientloop.c index ccf8f4b8c..7f32871f8 100644 --- a/clientloop.c +++ b/clientloop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: clientloop.c,v 1.325 2019/06/26 22:29:43 dtucker Exp $ */ +/* $OpenBSD: clientloop.c,v 1.326 2019/06/28 13:35:04 deraadt Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -561,7 +561,7 @@ client_wait_until_can_do_something(struct ssh *ssh, } ret = select((*maxfdp)+1, *readsetp, *writesetp, NULL, tvp); - if (ret < 0) { + if (ret == -1) { /* * We have to clear the select masks, because we return. * We have to return, because the mainloop checks for the flags @@ -644,11 +644,11 @@ client_process_net_input(struct ssh *ssh, fd_set *readset) * There is a kernel bug on Solaris that causes select to * sometimes wake up even though there is no data available. */ - if (len < 0 && + if (len == -1 && (errno == EAGAIN || errno == EINTR || errno == EWOULDBLOCK)) len = 0; - if (len < 0) { + if (len == -1) { /* * An error has encountered. Perhaps there is a * network problem. @@ -1096,7 +1096,7 @@ process_escapes(struct ssh *ssh, Channel *c, /* Fork into background. */ pid = fork(); - if (pid < 0) { + if (pid == -1) { error("fork: %.100s", strerror(errno)); continue; } @@ -2248,7 +2248,7 @@ client_session2_setup(struct ssh *ssh, int id, int want_tty, int want_subsystem, struct winsize ws; /* Store window size in the packet. */ - if (ioctl(in_fd, TIOCGWINSZ, &ws) < 0) + if (ioctl(in_fd, TIOCGWINSZ, &ws) == -1) memset(&ws, 0, sizeof(ws)); channel_request_start(ssh, id, "pty-req", 1); diff --git a/misc.c b/misc.c index 4011ee5f2..b90aac5c0 100644 --- a/misc.c +++ b/misc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: misc.c,v 1.138 2019/06/27 18:03:37 deraadt Exp $ */ +/* $OpenBSD: misc.c,v 1.139 2019/06/28 13:35:04 deraadt Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2005,2006 Damien Miller. All rights reserved. @@ -96,7 +96,7 @@ set_nonblock(int fd) int val; val = fcntl(fd, F_GETFL); - if (val < 0) { + if (val == -1) { error("fcntl(%d, F_GETFL): %s", fd, strerror(errno)); return (-1); } @@ -120,7 +120,7 @@ unset_nonblock(int fd) int val; val = fcntl(fd, F_GETFL); - if (val < 0) { + if (val == -1) { error("fcntl(%d, F_GETFL): %s", fd, strerror(errno)); return (-1); } @@ -1136,7 +1136,7 @@ tun_open(int tun, int mode, char **ifname) return -1; } - if (fd < 0) { + if (fd == -1) { debug("%s: %s open: %s", __func__, name, strerror(errno)); return -1; } @@ -1575,7 +1575,7 @@ unix_listener(const char *path, int backlog, int unlink_first) } sock = socket(PF_UNIX, SOCK_STREAM, 0); - if (sock < 0) { + if (sock == -1) { saved_errno = errno; error("%s: socket: %.100s", __func__, strerror(errno)); errno = saved_errno; @@ -1585,7 +1585,7 @@ unix_listener(const char *path, int backlog, int unlink_first) if (unlink(path) != 0 && errno != ENOENT) error("unlink(%s): %.100s", path, strerror(errno)); } - if (bind(sock, (struct sockaddr *)&sunaddr, sizeof(sunaddr)) < 0) { + if (bind(sock, (struct sockaddr *)&sunaddr, sizeof(sunaddr)) == -1) { saved_errno = errno; error("%s: cannot bind to path %s: %s", __func__, path, strerror(errno)); @@ -1593,7 +1593,7 @@ unix_listener(const char *path, int backlog, int unlink_first) errno = saved_errno; return -1; } - if (listen(sock, backlog) < 0) { + if (listen(sock, backlog) == -1) { saved_errno = errno; error("%s: cannot listen on path %s: %s", __func__, path, strerror(errno)); @@ -1875,7 +1875,7 @@ safe_path(const char *name, struct stat *stp, const char *pw_dir, } strlcpy(buf, cp, sizeof(buf)); - if (stat(buf, &st) < 0 || + if (stat(buf, &st) == -1 || (!platform_sys_dir_uid(st.st_uid) && st.st_uid != uid) || (st.st_mode & 022) != 0) { snprintf(err, errlen, @@ -1910,7 +1910,7 @@ safe_path_fd(int fd, const char *file, struct passwd *pw, struct stat st; /* check the open file to avoid races */ - if (fstat(fd, &st) < 0) { + if (fstat(fd, &st) == -1) { snprintf(err, errlen, "cannot stat file %s: %s", file, strerror(errno)); return -1; diff --git a/monitor.c b/monitor.c index 60e529444..96d10913c 100644 --- a/monitor.c +++ b/monitor.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor.c,v 1.197 2019/01/21 10:38:54 djm Exp $ */ +/* $OpenBSD: monitor.c,v 1.198 2019/06/28 13:35:04 deraadt Exp $ */ /* * Copyright 2002 Niels Provos * Copyright 2002 Markus Friedl @@ -1470,7 +1470,7 @@ mm_record_login(struct ssh *ssh, Session *s, struct passwd *pw) fromlen = sizeof(from); if (ssh_packet_connection_is_on_socket(ssh)) { if (getpeername(ssh_packet_get_connection_in(ssh), - (struct sockaddr *)&from, &fromlen) < 0) { + (struct sockaddr *)&from, &fromlen) == -1) { debug("getpeername: %.100s", strerror(errno)); cleanup_exit(255); } @@ -1538,7 +1538,7 @@ mm_answer_pty(struct ssh *ssh, int sock, struct sshbuf *m) fatal("%s: send fds failed", __func__); /* make sure nothing uses fd 0 */ - if ((fd0 = open(_PATH_DEVNULL, O_RDONLY)) < 0) + if ((fd0 = open(_PATH_DEVNULL, O_RDONLY)) == -1) fatal("%s: open(/dev/null): %s", __func__, strerror(errno)); if (fd0 != 0) error("%s: fd0 %d != 0", __func__, fd0); @@ -1730,9 +1730,9 @@ monitor_openfds(struct monitor *mon, int do_logfds) if (socketpair(AF_UNIX, SOCK_STREAM, 0, pair) == -1) fatal("%s: socketpair: %s", __func__, strerror(errno)); #ifdef SO_ZEROIZE - if (setsockopt(pair[0], SOL_SOCKET, SO_ZEROIZE, &on, sizeof(on)) < 0) + if (setsockopt(pair[0], SOL_SOCKET, SO_ZEROIZE, &on, sizeof(on)) == -1) error("setsockopt SO_ZEROIZE(0): %.100s", strerror(errno)); - if (setsockopt(pair[1], SOL_SOCKET, SO_ZEROIZE, &on, sizeof(on)) < 0) + if (setsockopt(pair[1], SOL_SOCKET, SO_ZEROIZE, &on, sizeof(on)) == -1) error("setsockopt SO_ZEROIZE(1): %.100s", strerror(errno)); #endif FD_CLOSEONEXEC(pair[0]); diff --git a/monitor_wrap.c b/monitor_wrap.c index 186e8f022..4169b7604 100644 --- a/monitor_wrap.c +++ b/monitor_wrap.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor_wrap.c,v 1.112 2019/01/21 09:54:11 djm Exp $ */ +/* $OpenBSD: monitor_wrap.c,v 1.113 2019/06/28 13:35:04 deraadt Exp $ */ /* * Copyright 2002 Niels Provos * Copyright 2002 Markus Friedl @@ -612,7 +612,7 @@ mm_session_pty_cleanup2(Session *s) sshbuf_free(m); /* closed dup'ed master */ - if (s->ptymaster != -1 && close(s->ptymaster) < 0) + if (s->ptymaster != -1 && close(s->ptymaster) == -1) error("close(s->ptymaster/%d): %s", s->ptymaster, strerror(errno)); diff --git a/mux.c b/mux.c index e89db193d..f3ea11cdc 100644 --- a/mux.c +++ b/mux.c @@ -1,4 +1,4 @@ -/* $OpenBSD: mux.c,v 1.79 2019/01/19 21:35:25 djm Exp $ */ +/* $OpenBSD: mux.c,v 1.80 2019/06/28 13:35:04 deraadt Exp $ */ /* * Copyright (c) 2002-2008 Damien Miller * @@ -1492,7 +1492,7 @@ mux_client_read(int fd, struct sshbuf *b, size_t need) return -1; } len = read(fd, p + have, need - have); - if (len < 0) { + if (len == -1) { switch (errno) { #if defined(EWOULDBLOCK) && (EWOULDBLOCK != EAGAIN) case EWOULDBLOCK: @@ -1541,7 +1541,7 @@ mux_client_write_packet(int fd, struct sshbuf *m) return -1; } len = write(fd, ptr + have, need - have); - if (len < 0) { + if (len == -1) { switch (errno) { #if defined(EWOULDBLOCK) && (EWOULDBLOCK != EAGAIN) case EWOULDBLOCK: @@ -2324,7 +2324,7 @@ muxclient(const char *path) fatal("ControlPath too long ('%s' >= %u bytes)", path, (unsigned int)sizeof(addr.sun_path)); - if ((sock = socket(PF_UNIX, SOCK_STREAM, 0)) < 0) + if ((sock = socket(PF_UNIX, SOCK_STREAM, 0)) == -1) fatal("%s socket(): %s", __func__, strerror(errno)); if (connect(sock, (struct sockaddr *)&addr, sizeof(addr)) == -1) { diff --git a/nchan.c b/nchan.c index 8294d7fca..1e96eb641 100644 --- a/nchan.c +++ b/nchan.c @@ -1,4 +1,4 @@ -/* $OpenBSD: nchan.c,v 1.69 2018/10/04 07:47:35 djm Exp $ */ +/* $OpenBSD: nchan.c,v 1.70 2019/06/28 13:35:04 deraadt Exp $ */ /* * Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl. All rights reserved. * @@ -380,7 +380,7 @@ chan_shutdown_write(struct ssh *ssh, Channel *c) c->self, __func__, c->istate, c->ostate, c->sock, c->wfd, c->efd, channel_format_extended_usage(c)); if (c->sock != -1) { - if (shutdown(c->sock, SHUT_WR) < 0) { + if (shutdown(c->sock, SHUT_WR) == -1) { debug2("channel %d: %s: shutdown() failed for " "fd %d [i%d o%d]: %.100s", c->self, __func__, c->sock, c->istate, c->ostate, @@ -410,7 +410,7 @@ chan_shutdown_read(struct ssh *ssh, Channel *c) * write side has been closed already. (bug on Linux) * HP-UX may return ENOTCONN also. */ - if (shutdown(c->sock, SHUT_RD) < 0 && errno != ENOTCONN) { + if (shutdown(c->sock, SHUT_RD) == -1 && errno != ENOTCONN) { error("channel %d: %s: shutdown() failed for " "fd %d [i%d o%d]: %.100s", c->self, __func__, c->sock, c->istate, c->ostate, diff --git a/packet.c b/packet.c index 8333c7ca9..817da43b5 100644 --- a/packet.c +++ b/packet.c @@ -1,4 +1,4 @@ -/* $OpenBSD: packet.c,v 1.285 2019/06/07 14:18:48 dtucker Exp $ */ +/* $OpenBSD: packet.c,v 1.286 2019/06/28 13:35:04 deraadt Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -440,12 +440,12 @@ ssh_packet_connection_is_on_socket(struct ssh *ssh) fromlen = sizeof(from); memset(&from, 0, sizeof(from)); if (getpeername(state->connection_in, (struct sockaddr *)&from, - &fromlen) < 0) + &fromlen) == -1) return 0; tolen = sizeof(to); memset(&to, 0, sizeof(to)); if (getpeername(state->connection_out, (struct sockaddr *)&to, - &tolen) < 0) + &tolen) == -1) return 0; if (fromlen != tolen || memcmp(&from, &to, fromlen) != 0) return 0; @@ -471,7 +471,7 @@ ssh_packet_connection_af(struct ssh *ssh) memset(&to, 0, sizeof(to)); if (getsockname(ssh->state->connection_out, (struct sockaddr *)&to, - &tolen) < 0) + &tolen) == -1) return 0; #ifdef IPV4_IN_IPV6 if (to.ss_family == AF_INET6 && @@ -1359,7 +1359,7 @@ ssh_packet_read_seqnr(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p) r = SSH_ERR_CONN_CLOSED; goto out; } - if (len < 0) { + if (len == -1) { r = SSH_ERR_SYSTEM_ERROR; goto out; } @@ -2036,7 +2036,7 @@ ssh_packet_set_tos(struct ssh *ssh, int tos) case AF_INET: debug3("%s: set IP_TOS 0x%02x", __func__, tos); if (setsockopt(ssh->state->connection_in, - IPPROTO_IP, IP_TOS, &tos, sizeof(tos)) < 0) + IPPROTO_IP, IP_TOS, &tos, sizeof(tos)) == -1) error("setsockopt IP_TOS %d: %.100s:", tos, strerror(errno)); break; @@ -2045,7 +2045,7 @@ ssh_packet_set_tos(struct ssh *ssh, int tos) case AF_INET6: debug3("%s: set IPV6_TCLASS 0x%02x", __func__, tos); if (setsockopt(ssh->state->connection_in, - IPPROTO_IPV6, IPV6_TCLASS, &tos, sizeof(tos)) < 0) + IPPROTO_IPV6, IPV6_TCLASS, &tos, sizeof(tos)) == -1) error("setsockopt IPV6_TCLASS %d: %.100s:", tos, strerror(errno)); break; diff --git a/readconf.c b/readconf.c index ec30ab30a..27b535e1f 100644 --- a/readconf.c +++ b/readconf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.c,v 1.306 2019/06/12 11:31:50 jmc Exp $ */ +/* $OpenBSD: readconf.c,v 1.307 2019/06/28 13:35:04 deraadt Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -518,7 +518,7 @@ execute_in_shell(const char *cmd) _exit(1); } /* Parent. */ - if (pid < 0) + if (pid == -1) fatal("%s: fork: %.100s", __func__, strerror(errno)); close(devnull); diff --git a/readpass.c b/readpass.c index 44014ef8a..7e52cae9c 100644 --- a/readpass.c +++ b/readpass.c @@ -1,4 +1,4 @@ -/* $OpenBSD: readpass.c,v 1.53 2019/01/19 04:15:56 tb Exp $ */ +/* $OpenBSD: readpass.c,v 1.54 2019/06/28 13:35:04 deraadt Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * @@ -61,19 +61,19 @@ ssh_askpass(char *askpass, const char *msg) error("ssh_askpass: fflush: %s", strerror(errno)); if (askpass == NULL) fatal("internal error: askpass undefined"); - if (pipe(p) < 0) { + if (pipe(p) == -1) { error("ssh_askpass: pipe: %s", strerror(errno)); return NULL; } osigchld = signal(SIGCHLD, SIG_DFL); - if ((pid = fork()) < 0) { + if ((pid = fork()) == -1) { error("ssh_askpass: fork: %s", strerror(errno)); signal(SIGCHLD, osigchld); return NULL; } if (pid == 0) { close(p[0]); - if (dup2(p[1], STDOUT_FILENO) < 0) + if (dup2(p[1], STDOUT_FILENO) == -1) fatal("ssh_askpass: dup2: %s", strerror(errno)); execlp(askpass, askpass, msg, (char *)NULL); fatal("ssh_askpass: exec(%s): %s", askpass, strerror(errno)); @@ -93,7 +93,7 @@ ssh_askpass(char *askpass, const char *msg) buf[len] = '\0'; close(p[0]); - while ((ret = waitpid(pid, &status, 0)) < 0) + while ((ret = waitpid(pid, &status, 0)) == -1) if (errno != EINTR) break; signal(SIGCHLD, osigchld); diff --git a/scp.c b/scp.c index 80bc0e8b1..86204d8f1 100644 --- a/scp.c +++ b/scp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: scp.c,v 1.204 2019/02/10 11:15:52 djm Exp $ */ +/* $OpenBSD: scp.c,v 1.205 2019/06/28 13:35:04 deraadt Exp $ */ /* * scp - secure remote copy. This is basically patched BSD rcp which * uses ssh to do the data transfer (instead of using rcmd). @@ -253,13 +253,13 @@ do_cmd(char *host, char *remuser, int port, char *cmd, int *fdin, int *fdout) * Reserve two descriptors so that the real pipes won't get * descriptors 0 and 1 because that will screw up dup2 below. */ - if (pipe(reserved) < 0) + if (pipe(reserved) == -1) fatal("pipe: %s", strerror(errno)); /* Create a socket pair for communicating with ssh. */ - if (pipe(pin) < 0) + if (pipe(pin) == -1) fatal("pipe: %s", strerror(errno)); - if (pipe(pout) < 0) + if (pipe(pout) == -1) fatal("pipe: %s", strerror(errno)); /* Free the reserved descriptors. */ @@ -1075,13 +1075,13 @@ source(int argc, char **argv) len = strlen(name); while (len > 1 && name[len-1] == '/') name[--len] = '\0'; - if ((fd = open(name, O_RDONLY|O_NONBLOCK, 0)) < 0) + if ((fd = open(name, O_RDONLY|O_NONBLOCK, 0)) == -1) goto syserr; if (strchr(name, '\n') != NULL) { strnvis(encname, name, sizeof(encname), VIS_NL); name = encname; } - if (fstat(fd, &stb) < 0) { + if (fstat(fd, &stb) == -1) { syserr: run_err("%s: %s", name, strerror(errno)); goto next; } @@ -1155,7 +1155,7 @@ next: if (fd != -1) { unset_nonblock(remout); if (fd != -1) { - if (close(fd) < 0 && !haderr) + if (close(fd) == -1 && !haderr) haderr = errno; fd = -1; } @@ -1419,14 +1419,14 @@ sink(int argc, char **argv, const char *src) /* Handle copying from a read-only directory */ mod_flag = 1; - if (mkdir(np, mode | S_IRWXU) < 0) + if (mkdir(np, mode | S_IRWXU) == -1) goto bad; } vect[0] = xstrdup(np); sink(1, vect, src); if (setimes) { setimes = 0; - if (utimes(vect[0], tv) < 0) + if (utimes(vect[0], tv) == -1) run_err("%s: set times: %s", vect[0], strerror(errno)); } @@ -1437,7 +1437,7 @@ sink(int argc, char **argv, const char *src) } omode = mode; mode |= S_IWUSR; - if ((ofd = open(np, O_WRONLY|O_CREAT, mode)) < 0) { + if ((ofd = open(np, O_WRONLY|O_CREAT, mode)) == -1) { bad: run_err("%s: %s", np, strerror(errno)); continue; } @@ -1527,7 +1527,7 @@ bad: run_err("%s: %s", np, strerror(errno)); stop_progress_meter(); if (setimes && wrerr == NO) { setimes = 0; - if (utimes(np, tv) < 0) { + if (utimes(np, tv) == -1) { run_err("%s: set times: %s", np, strerror(errno)); wrerr = DISPLAYED; @@ -1681,7 +1681,7 @@ allocbuf(BUF *bp, int fd, int blksize) #ifdef HAVE_STRUCT_STAT_ST_BLKSIZE struct stat stb; - if (fstat(fd, &stb) < 0) { + if (fstat(fd, &stb) == -1) { run_err("fstat: %s", strerror(errno)); return (0); } diff --git a/serverloop.c b/serverloop.c index d7b04b37c..ea468c954 100644 --- a/serverloop.c +++ b/serverloop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: serverloop.c,v 1.215 2019/03/27 09:29:14 djm Exp $ */ +/* $OpenBSD: serverloop.c,v 1.216 2019/06/28 13:35:04 deraadt Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -123,7 +123,7 @@ static int notify_pipe[2]; static void notify_setup(void) { - if (pipe(notify_pipe) < 0) { + if (pipe(notify_pipe) == -1) { error("pipe(notify_pipe) failed %s", strerror(errno)); } else if ((fcntl(notify_pipe[0], F_SETFD, FD_CLOEXEC) == -1) || (fcntl(notify_pipe[1], F_SETFD, FD_CLOEXEC) == -1)) { @@ -328,7 +328,7 @@ process_input(struct ssh *ssh, fd_set *readset, int connection_in) verbose("Connection closed by %.100s port %d", ssh_remote_ipaddr(ssh), ssh_remote_port(ssh)); return -1; - } else if (len < 0) { + } else if (len == -1) { if (errno != EINTR && errno != EAGAIN && errno != EWOULDBLOCK) { verbose("Read error from remote host " @@ -384,7 +384,7 @@ collect_children(struct ssh *ssh) if (child_terminated) { debug("Received SIGCHLD."); while ((pid = waitpid(-1, &status, WNOHANG)) > 0 || - (pid < 0 && errno == EINTR)) + (pid == -1 && errno == EINTR)) if (pid > 0) session_close_by_pid(ssh, pid, status); child_terminated = 0; diff --git a/session.c b/session.c index ac06b08e9..8f5d7e0a4 100644 --- a/session.c +++ b/session.c @@ -1,4 +1,4 @@ -/* $OpenBSD: session.c,v 1.315 2019/02/22 03:37:11 djm Exp $ */ +/* $OpenBSD: session.c,v 1.316 2019/06/28 13:35:04 deraadt Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland * All rights reserved @@ -399,17 +399,17 @@ do_exec_no_pty(struct ssh *ssh, Session *s, const char *command) fatal("do_exec_no_pty: no session"); /* Allocate pipes for communicating with the program. */ - if (pipe(pin) < 0) { + if (pipe(pin) == -1) { error("%s: pipe in: %.100s", __func__, strerror(errno)); return -1; } - if (pipe(pout) < 0) { + if (pipe(pout) == -1) { error("%s: pipe out: %.100s", __func__, strerror(errno)); close(pin[0]); close(pin[1]); return -1; } - if (pipe(perr) < 0) { + if (pipe(perr) == -1) { error("%s: pipe err: %.100s", __func__, strerror(errno)); close(pin[0]); @@ -425,11 +425,11 @@ do_exec_no_pty(struct ssh *ssh, Session *s, const char *command) fatal("do_exec_no_pty: no session"); /* Uses socket pairs to communicate with the program. */ - if (socketpair(AF_UNIX, SOCK_STREAM, 0, inout) < 0) { + if (socketpair(AF_UNIX, SOCK_STREAM, 0, inout) == -1) { error("%s: socketpair #1: %.100s", __func__, strerror(errno)); return -1; } - if (socketpair(AF_UNIX, SOCK_STREAM, 0, err) < 0) { + if (socketpair(AF_UNIX, SOCK_STREAM, 0, err) == -1) { error("%s: socketpair #2: %.100s", __func__, strerror(errno)); close(inout[0]); @@ -465,7 +465,7 @@ do_exec_no_pty(struct ssh *ssh, Session *s, const char *command) * Create a new session and process group since the 4.4BSD * setlogin() affects the entire process group. */ - if (setsid() < 0) + if (setsid() == -1) error("setsid failed: %.100s", strerror(errno)); #ifdef USE_PIPES @@ -474,19 +474,19 @@ do_exec_no_pty(struct ssh *ssh, Session *s, const char *command) * pair, and make the child side the standard input. */ close(pin[1]); - if (dup2(pin[0], 0) < 0) + if (dup2(pin[0], 0) == -1) perror("dup2 stdin"); close(pin[0]); /* Redirect stdout. */ close(pout[0]); - if (dup2(pout[1], 1) < 0) + if (dup2(pout[1], 1) == -1) perror("dup2 stdout"); close(pout[1]); /* Redirect stderr. */ close(perr[0]); - if (dup2(perr[1], 2) < 0) + if (dup2(perr[1], 2) == -1) perror("dup2 stderr"); close(perr[1]); #else @@ -497,12 +497,12 @@ do_exec_no_pty(struct ssh *ssh, Session *s, const char *command) */ close(inout[1]); close(err[1]); - if (dup2(inout[0], 0) < 0) /* stdin */ + if (dup2(inout[0], 0) == -1) /* stdin */ perror("dup2 stdin"); - if (dup2(inout[0], 1) < 0) /* stdout (same as stdin) */ + if (dup2(inout[0], 1) == -1) /* stdout (same as stdin) */ perror("dup2 stdout"); close(inout[0]); - if (dup2(err[0], 2) < 0) /* stderr */ + if (dup2(err[0], 2) == -1) /* stderr */ perror("dup2 stderr"); close(err[0]); #endif @@ -577,14 +577,14 @@ do_exec_pty(struct ssh *ssh, Session *s, const char *command) * Do this before forking (and cleanup in the child) so as to * detect and gracefully fail out-of-fd conditions. */ - if ((fdout = dup(ptyfd)) < 0) { + if ((fdout = dup(ptyfd)) == -1) { error("%s: dup #1: %s", __func__, strerror(errno)); close(ttyfd); close(ptyfd); return -1; } /* we keep a reference to the pty master */ - if ((ptymaster = dup(ptyfd)) < 0) { + if ((ptymaster = dup(ptyfd)) == -1) { error("%s: dup #2: %s", __func__, strerror(errno)); close(ttyfd); close(ptyfd); @@ -614,11 +614,11 @@ do_exec_pty(struct ssh *ssh, Session *s, const char *command) pty_make_controlling_tty(&ttyfd, s->tty); /* Redirect stdin/stdout/stderr from the pseudo tty. */ - if (dup2(ttyfd, 0) < 0) + if (dup2(ttyfd, 0) == -1) error("dup2 stdin: %s", strerror(errno)); - if (dup2(ttyfd, 1) < 0) + if (dup2(ttyfd, 1) == -1) error("dup2 stdout: %s", strerror(errno)); - if (dup2(ttyfd, 2) < 0) + if (dup2(ttyfd, 2) == -1) error("dup2 stderr: %s", strerror(errno)); /* Close the extra descriptor for the pseudo tty. */ @@ -755,7 +755,7 @@ do_login(struct ssh *ssh, Session *s, const char *command) fromlen = sizeof(from); if (ssh_packet_connection_is_on_socket(ssh)) { if (getpeername(ssh_packet_get_connection_in(ssh), - (struct sockaddr *)&from, &fromlen) < 0) { + (struct sockaddr *)&from, &fromlen) == -1) { debug("getpeername: %.100s", strerror(errno)); cleanup_exit(255); } @@ -1619,7 +1619,7 @@ do_child(struct ssh *ssh, Session *s, const char *command) #endif /* Change current directory to the user's home directory. */ - if (chdir(pw->pw_dir) < 0) { + if (chdir(pw->pw_dir) == -1) { /* Suppress missing homedir warning for chroot case */ #ifdef HAVE_LOGIN_CAP r = login_getcapbool(lc, "requirehome", 0); @@ -1973,7 +1973,7 @@ session_subsystem_req(struct ssh *ssh, Session *s) s->is_subsystem = SUBSYSTEM_INT_SFTP; debug("subsystem: %s", prog); } else { - if (stat(prog, &st) < 0) + if (stat(prog, &st) == -1) debug("subsystem: cannot stat %s: %s", prog, strerror(errno)); s->is_subsystem = SUBSYSTEM_EXT; @@ -2062,7 +2062,7 @@ session_break_req(struct ssh *ssh, Session *s) (r = sshpkt_get_end(ssh)) != 0) sshpkt_fatal(ssh, r, "%s: parse packet", __func__); - if (s->ptymaster == -1 || tcsendbreak(s->ptymaster, 0) < 0) + if (s->ptymaster == -1 || tcsendbreak(s->ptymaster, 0) == -1) return 0; return 1; } @@ -2286,7 +2286,7 @@ session_pty_cleanup2(Session *s) * the pty cleanup, so that another process doesn't get this pty * while we're still cleaning up. */ - if (s->ptymaster != -1 && close(s->ptymaster) < 0) + if (s->ptymaster != -1 && close(s->ptymaster) == -1) error("close(s->ptymaster/%d): %s", s->ptymaster, strerror(errno)); @@ -2598,7 +2598,7 @@ session_setup_x11fwd(struct ssh *ssh, Session *s) } /* Set up a suitable value for the DISPLAY variable. */ - if (gethostname(hostname, sizeof(hostname)) < 0) + if (gethostname(hostname, sizeof(hostname)) == -1) fatal("gethostname: %.100s", strerror(errno)); /* * auth_display must be used as the displayname when the diff --git a/sftp-server.c b/sftp-server.c index ee6013e3f..e7dd33b2f 100644 --- a/sftp-server.c +++ b/sftp-server.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp-server.c,v 1.115 2019/06/06 05:13:13 otto Exp $ */ +/* $OpenBSD: sftp-server.c,v 1.116 2019/06/28 13:35:04 deraadt Exp $ */ /* * Copyright (c) 2000-2004 Markus Friedl. All rights reserved. * @@ -701,7 +701,7 @@ process_open(u_int32_t id) status = SSH2_FX_PERMISSION_DENIED; } else { fd = open(name, flags, mode); - if (fd < 0) { + if (fd == -1) { status = errno_to_portable(errno); } else { handle = handle_new(HANDLE_FILE, name, fd, flags, NULL); @@ -754,12 +754,12 @@ process_read(u_int32_t id) } fd = handle_to_fd(handle); if (fd >= 0) { - if (lseek(fd, off, SEEK_SET) < 0) { + if (lseek(fd, off, SEEK_SET) == -1) { error("process_read: seek failed"); status = errno_to_portable(errno); } else { ret = read(fd, buf, len); - if (ret < 0) { + if (ret == -1) { status = errno_to_portable(errno); } else if (ret == 0) { status = SSH2_FX_EOF; @@ -795,13 +795,13 @@ process_write(u_int32_t id) status = SSH2_FX_FAILURE; else { if (!(handle_to_flags(handle) & O_APPEND) && - lseek(fd, off, SEEK_SET) < 0) { + lseek(fd, off, SEEK_SET) == -1) { status = errno_to_portable(errno); error("process_write: seek failed"); } else { /* XXX ATOMICIO ? */ ret = write(fd, data, len); - if (ret < 0) { + if (ret == -1) { error("process_write: write failed"); status = errno_to_portable(errno); } else if ((size_t)ret == len) { @@ -831,7 +831,7 @@ process_do_stat(u_int32_t id, int do_lstat) debug3("request %u: %sstat", id, do_lstat ? "l" : ""); verbose("%sstat name \"%s\"", do_lstat ? "l" : "", name); r = do_lstat ? lstat(name, &st) : stat(name, &st); - if (r < 0) { + if (r == -1) { status = errno_to_portable(errno); } else { stat_to_attrib(&st, &a); @@ -869,7 +869,7 @@ process_fstat(u_int32_t id) fd = handle_to_fd(handle); if (fd >= 0) { r = fstat(fd, &st); - if (r < 0) { + if (r == -1) { status = errno_to_portable(errno); } else { stat_to_attrib(&st, &a); @@ -1079,7 +1079,7 @@ process_readdir(u_int32_t id) /* XXX OVERFLOW ? */ snprintf(pathname, sizeof pathname, "%s%s%s", path, strcmp(path, "/") ? "/" : "", dp->d_name); - if (lstat(pathname, &st) < 0) + if (lstat(pathname, &st) == -1) continue; stat_to_attrib(&st, &(stats[count].attrib)); stats[count].name = xstrdup(dp->d_name); @@ -1726,7 +1726,7 @@ sftp_server_main(int argc, char **argv, struct passwd *user_pw) if (olen > 0) FD_SET(out, wset); - if (select(max+1, rset, wset, NULL, NULL) < 0) { + if (select(max+1, rset, wset, NULL, NULL) == -1) { if (errno == EINTR) continue; error("select: %s", strerror(errno)); @@ -1739,7 +1739,7 @@ sftp_server_main(int argc, char **argv, struct passwd *user_pw) if (len == 0) { debug("read eof"); sftp_server_cleanup_exit(0); - } else if (len < 0) { + } else if (len == -1) { error("read: %s", strerror(errno)); sftp_server_cleanup_exit(1); } else if ((r = sshbuf_put(iqueue, buf, len)) != 0) { @@ -1750,7 +1750,7 @@ sftp_server_main(int argc, char **argv, struct passwd *user_pw) /* send oqueue to stdout */ if (FD_ISSET(out, wset)) { len = write(out, sshbuf_ptr(oqueue), olen); - if (len < 0) { + if (len == -1) { error("write: %s", strerror(errno)); sftp_server_cleanup_exit(1); } else if ((r = sshbuf_consume(oqueue, len)) != 0) { diff --git a/ssh-add.c b/ssh-add.c index 9cf298918..bc2360e1e 100644 --- a/ssh-add.c +++ b/ssh-add.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-add.c,v 1.139 2019/06/06 05:13:13 otto Exp $ */ +/* $OpenBSD: ssh-add.c,v 1.140 2019/06/28 13:35:04 deraadt Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -203,7 +203,7 @@ add_file(int agent_fd, const char *filename, int key_only, int qflag) if (strcmp(filename, "-") == 0) { fd = STDIN_FILENO; filename = "(stdin)"; - } else if ((fd = open(filename, O_RDONLY)) < 0) { + } else if ((fd = open(filename, O_RDONLY)) == -1) { perror(filename); return -1; } @@ -727,7 +727,7 @@ main(int argc, char **argv) for (i = 0; default_files[i]; i++) { snprintf(buf, sizeof(buf), "%s/%s", pw->pw_dir, default_files[i]); - if (stat(buf, &st) < 0) + if (stat(buf, &st) == -1) continue; if (do_file(agent_fd, deleting, key_only, buf, qflag) == -1) diff --git a/ssh-agent.c b/ssh-agent.c index 4d7ab225f..9c6680a25 100644 --- a/ssh-agent.c +++ b/ssh-agent.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-agent.c,v 1.236 2019/06/21 04:21:04 djm Exp $ */ +/* $OpenBSD: ssh-agent.c,v 1.237 2019/06/28 13:35:04 deraadt Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -827,11 +827,11 @@ handle_socket_read(u_int socknum) slen = sizeof(sunaddr); fd = accept(sockets[socknum].fd, (struct sockaddr *)&sunaddr, &slen); - if (fd < 0) { + if (fd == -1) { error("accept from AUTH_SOCKET: %s", strerror(errno)); return -1; } - if (getpeereid(fd, &euid, &egid) < 0) { + if (getpeereid(fd, &euid, &egid) == -1) { error("getpeereid %d failed: %s", fd, strerror(errno)); close(fd); return -1; @@ -1312,7 +1312,7 @@ main(int ac, char **av) #ifdef HAVE_SETRLIMIT /* deny core dumps, since memory contains unencrypted private keys */ rlim.rlim_cur = rlim.rlim_max = 0; - if (setrlimit(RLIMIT_CORE, &rlim) < 0) { + if (setrlimit(RLIMIT_CORE, &rlim) == -1) { error("setrlimit RLIMIT_CORE: %s", strerror(errno)); cleanup_exit(1); } @@ -1345,7 +1345,7 @@ skip: if (parent_alive_interval != 0) check_parent_exists(); (void) reaper(); /* remove expired keys */ - if (result < 0) { + if (result == -1) { if (saved_errno == EINTR) continue; fatal("poll: %s", strerror(saved_errno)); diff --git a/ssh-keygen.c b/ssh-keygen.c index c95bc15cf..3aa4f5125 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keygen.c,v 1.332 2019/06/21 04:21:04 djm Exp $ */ +/* $OpenBSD: ssh-keygen.c,v 1.333 2019/06/28 13:35:04 deraadt Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1994 Tatu Ylonen , Espoo, Finland @@ -370,7 +370,7 @@ do_convert_to(struct passwd *pw) if (!have_identity) ask_filename(pw, "Enter file in which the key is"); - if (stat(identity_file, &st) < 0) + if (stat(identity_file, &st) == -1) fatal("%s: %s: %s", __progname, identity_file, strerror(errno)); if ((r = sshkey_load_public(identity_file, &k, NULL)) != 0) k = load_identity(identity_file); @@ -696,7 +696,7 @@ do_convert_from(struct passwd *pw) if (!have_identity) ask_filename(pw, "Enter file in which the key is"); - if (stat(identity_file, &st) < 0) + if (stat(identity_file, &st) == -1) fatal("%s: %s: %s", __progname, identity_file, strerror(errno)); switch (convert_format) { @@ -756,7 +756,7 @@ do_print_public(struct passwd *pw) if (!have_identity) ask_filename(pw, "Enter file in which the key is"); - if (stat(identity_file, &st) < 0) + if (stat(identity_file, &st) == -1) fatal("%s: %s", identity_file, strerror(errno)); prv = load_identity(identity_file); if ((r = sshkey_write(prv, stdout)) != 0) @@ -854,7 +854,7 @@ fingerprint_private(const char *path) struct sshkey *public = NULL; int r; - if (stat(identity_file, &st) < 0) + if (stat(identity_file, &st) == -1) fatal("%s: %s", path, strerror(errno)); if ((r = sshkey_load_public(path, &public, &comment)) != 0) { debug("load public \"%s\": %s", path, ssh_err(r)); @@ -1340,7 +1340,7 @@ do_change_passphrase(struct passwd *pw) if (!have_identity) ask_filename(pw, "Enter file in which the key is"); - if (stat(identity_file, &st) < 0) + if (stat(identity_file, &st) == -1) fatal("%s: %s", identity_file, strerror(errno)); /* Try to load the file with empty passphrase. */ r = sshkey_load_private(identity_file, "", &private, &comment); @@ -1424,7 +1424,7 @@ do_print_resource_record(struct passwd *pw, char *fname, char *hname, if (fname == NULL) fatal("%s: no filename", __func__); - if (stat(fname, &st) < 0) { + if (stat(fname, &st) == -1) { if (errno == ENOENT) return 0; fatal("%s: %s", fname, strerror(errno)); @@ -1453,7 +1453,7 @@ do_change_comment(struct passwd *pw, const char *identity_comment) if (!have_identity) ask_filename(pw, "Enter file in which the key is"); - if (stat(identity_file, &st) < 0) + if (stat(identity_file, &st) == -1) fatal("%s: %s", identity_file, strerror(errno)); if ((r = sshkey_load_private(identity_file, "", &private, &comment)) == 0) @@ -2045,7 +2045,7 @@ do_show_cert(struct passwd *pw) if (!have_identity) ask_filename(pw, "Enter file in which the key is"); - if (strcmp(identity_file, "-") != 0 && stat(identity_file, &st) < 0) + if (strcmp(identity_file, "-") != 0 && stat(identity_file, &st) == -1) fatal("%s: %s: %s", __progname, identity_file, strerror(errno)); path = identity_file; @@ -2472,7 +2472,7 @@ main(int argc, char **argv) pw = getpwuid(getuid()); if (!pw) fatal("No user exists for uid %lu", (u_long)getuid()); - if (gethostname(hostname, sizeof(hostname)) < 0) + if (gethostname(hostname, sizeof(hostname)) == -1) fatal("gethostname: %s", strerror(errno)); /* Remaining characters: Ydw */ @@ -2852,11 +2852,11 @@ main(int argc, char **argv) snprintf(dotsshdir, sizeof dotsshdir, "%s/%s", pw->pw_dir, _PATH_SSH_USER_DIR); if (strstr(identity_file, dotsshdir) != NULL) { - if (stat(dotsshdir, &st) < 0) { + if (stat(dotsshdir, &st) == -1) { if (errno != ENOENT) { error("Could not stat %s: %s", dotsshdir, strerror(errno)); - } else if (mkdir(dotsshdir, 0700) < 0) { + } else if (mkdir(dotsshdir, 0700) == -1) { error("Could not create directory '%s': %s", dotsshdir, strerror(errno)); } else if (!quiet) diff --git a/ssh-keyscan.c b/ssh-keyscan.c index 7b7c0f320..d95ba1b37 100644 --- a/ssh-keyscan.c +++ b/ssh-keyscan.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keyscan.c,v 1.127 2019/06/06 05:13:13 otto Exp $ */ +/* $OpenBSD: ssh-keyscan.c,v 1.128 2019/06/28 13:35:04 deraadt Exp $ */ /* * Copyright 1995, 1996 by David Mazieres . * @@ -122,7 +122,7 @@ fdlim_get(int hard) #if defined(HAVE_GETRLIMIT) && defined(RLIMIT_NOFILE) struct rlimit rlfd; - if (getrlimit(RLIMIT_NOFILE, &rlfd) < 0) + if (getrlimit(RLIMIT_NOFILE, &rlfd) == -1) return (-1); if ((hard ? rlfd.rlim_max : rlfd.rlim_cur) == RLIM_INFINITY) return SSH_SYSFDMAX; @@ -143,10 +143,10 @@ fdlim_set(int lim) if (lim <= 0) return (-1); #if defined(HAVE_SETRLIMIT) && defined(RLIMIT_NOFILE) - if (getrlimit(RLIMIT_NOFILE, &rlfd) < 0) + if (getrlimit(RLIMIT_NOFILE, &rlfd) == -1) return (-1); rlfd.rlim_cur = lim; - if (setrlimit(RLIMIT_NOFILE, &rlfd) < 0) + if (setrlimit(RLIMIT_NOFILE, &rlfd) == -1) return (-1); #elif defined (HAVE_SETDTABLESIZE) setdtablesize(lim); @@ -343,13 +343,13 @@ tcpconnect(char *host) } for (ai = aitop; ai; ai = ai->ai_next) { s = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol); - if (s < 0) { + if (s == -1) { error("socket: %s", strerror(errno)); continue; } if (set_nonblock(s) == -1) fatal("%s: set_nonblock(%d)", __func__, s); - if (connect(s, ai->ai_addr, ai->ai_addrlen) < 0 && + if (connect(s, ai->ai_addr, ai->ai_addrlen) == -1 && errno != EINPROGRESS) error("connect (`%s'): %s", host, strerror(errno)); else diff --git a/ssh.c b/ssh.c index d9a9d1136..654376981 100644 --- a/ssh.c +++ b/ssh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh.c,v 1.504 2019/06/14 04:13:58 djm Exp $ */ +/* $OpenBSD: ssh.c,v 1.505 2019/06/28 13:35:04 deraadt Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -773,7 +773,7 @@ main(int ac, char **av) break; case 'i': p = tilde_expand_filename(optarg, getuid()); - if (stat(p, &st) < 0) + if (stat(p, &st) == -1) fprintf(stderr, "Warning: Identity file %s " "not accessible: %s.\n", p, strerror(errno)); @@ -1426,7 +1426,7 @@ main(int ac, char **av) if (config == NULL) { r = snprintf(buf, sizeof buf, "%s%s%s", pw->pw_dir, strcmp(pw->pw_dir, "/") ? "/" : "", _PATH_SSH_USER_DIR); - if (r > 0 && (size_t)r < sizeof(buf) && stat(buf, &st) < 0) { + if (r > 0 && (size_t)r < sizeof(buf) && stat(buf, &st) == -1) { #ifdef WITH_SELINUX ssh_selinux_setfscreatecon(buf); #endif @@ -1593,7 +1593,7 @@ fork_postauth(void) control_persist_detach(); debug("forking to background"); fork_after_authentication_flag = 0; - if (daemon(1, 1) < 0) + if (daemon(1, 1) == -1) fatal("daemon() failed: %.200s", strerror(errno)); } @@ -1689,8 +1689,8 @@ ssh_init_stdio_forwarding(struct ssh *ssh) debug3("%s: %s:%d", __func__, options.stdio_forward_host, options.stdio_forward_port); - if ((in = dup(STDIN_FILENO)) < 0 || - (out = dup(STDOUT_FILENO)) < 0) + if ((in = dup(STDIN_FILENO)) == -1 || + (out = dup(STDOUT_FILENO)) == -1) fatal("channel_connect_stdio_fwd: dup() in/out failed"); if ((c = channel_connect_stdio_fwd(ssh, options.stdio_forward_host, options.stdio_forward_port, in, out)) == NULL) @@ -1843,7 +1843,7 @@ ssh_session2_open(struct ssh *ssh) out = dup(STDOUT_FILENO); err = dup(STDERR_FILENO); - if (in < 0 || out < 0 || err < 0) + if (in == -1 || out == -1 || err == -1) fatal("dup() in/out/err failed"); /* enable nonblocking unless tty */ @@ -1974,7 +1974,7 @@ ssh_session2(struct ssh *ssh, struct passwd *pw) if ((devnull = open(_PATH_DEVNULL, O_WRONLY)) == -1) error("%s: open %s: %s", __func__, _PATH_DEVNULL, strerror(errno)); - if (dup2(devnull, STDOUT_FILENO) < 0) + if (dup2(devnull, STDOUT_FILENO) == -1) fatal("%s: dup2() stdout failed", __func__); if (devnull > STDERR_FILENO) close(devnull); @@ -2161,7 +2161,7 @@ main_sigchld_handler(int sig) int status; while ((pid = waitpid(-1, &status, WNOHANG)) > 0 || - (pid < 0 && errno == EINTR)) + (pid == -1 && errno == EINTR)) ; errno = save_errno; } diff --git a/sshconnect.c b/sshconnect.c index 2dc500b47..ed44fccb8 100644 --- a/sshconnect.c +++ b/sshconnect.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect.c,v 1.316 2019/06/21 04:21:04 djm Exp $ */ +/* $OpenBSD: sshconnect.c,v 1.317 2019/06/28 13:35:04 deraadt Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -133,7 +133,7 @@ ssh_proxy_fdpass_connect(struct ssh *ssh, const char *host, u_short port, if ((shell = getenv("SHELL")) == NULL) shell = _PATH_BSHELL; - if (socketpair(AF_UNIX, SOCK_STREAM, 0, sp) < 0) + if (socketpair(AF_UNIX, SOCK_STREAM, 0, sp) == -1) fatal("Could not create socketpair to communicate with " "proxy dialer: %.100s", strerror(errno)); @@ -148,11 +148,11 @@ ssh_proxy_fdpass_connect(struct ssh *ssh, const char *host, u_short port, close(sp[1]); /* Redirect stdin and stdout. */ if (sp[0] != 0) { - if (dup2(sp[0], 0) < 0) + if (dup2(sp[0], 0) == -1) perror("dup2 stdin"); } if (sp[0] != 1) { - if (dup2(sp[0], 1) < 0) + if (dup2(sp[0], 1) == -1) perror("dup2 stdout"); } if (sp[0] >= 2) @@ -180,7 +180,7 @@ ssh_proxy_fdpass_connect(struct ssh *ssh, const char *host, u_short port, exit(1); } /* Parent. */ - if (pid < 0) + if (pid == -1) fatal("fork failed: %.100s", strerror(errno)); close(sp[0]); free(command_string); @@ -216,7 +216,7 @@ ssh_proxy_connect(struct ssh *ssh, const char *host, u_short port, shell = _PATH_BSHELL; /* Create pipes for communicating with the proxy. */ - if (pipe(pin) < 0 || pipe(pout) < 0) + if (pipe(pin) == -1 || pipe(pout) == -1) fatal("Could not create pipes to communicate with the proxy: %.100s", strerror(errno)); @@ -231,12 +231,12 @@ ssh_proxy_connect(struct ssh *ssh, const char *host, u_short port, /* Redirect stdin and stdout. */ close(pin[1]); if (pin[0] != 0) { - if (dup2(pin[0], 0) < 0) + if (dup2(pin[0], 0) == -1) perror("dup2 stdin"); close(pin[0]); } close(pout[0]); - if (dup2(pout[1], 1) < 0) + if (dup2(pout[1], 1) == -1) perror("dup2 stdout"); /* Cannot be 1 because pin allocated two descriptors. */ close(pout[1]); @@ -262,7 +262,7 @@ ssh_proxy_connect(struct ssh *ssh, const char *host, u_short port, exit(1); } /* Parent. */ - if (pid < 0) + if (pid == -1) fatal("fork failed: %.100s", strerror(errno)); else proxy_command_pid = pid; /* save pid to clean up later */ @@ -371,7 +371,7 @@ ssh_create_socket(struct addrinfo *ai) char ntop[NI_MAXHOST]; sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol); - if (sock < 0) { + if (sock == -1) { error("socket: %s", strerror(errno)); return -1; } @@ -532,7 +532,7 @@ ssh_connect_direct(struct ssh *ssh, const char *host, struct addrinfo *aitop, /* Set SO_KEEPALIVE if requested. */ if (want_keepalive && setsockopt(sock, SOL_SOCKET, SO_KEEPALIVE, (void *)&on, - sizeof(on)) < 0) + sizeof(on)) == -1) error("setsockopt SO_KEEPALIVE: %.100s", strerror(errno)); /* Set the connection. */ @@ -553,8 +553,8 @@ ssh_connect(struct ssh *ssh, const char *host, struct addrinfo *addrs, return ssh_connect_direct(ssh, host, addrs, hostaddr, port, family, connection_attempts, timeout_ms, want_keepalive); } else if (strcmp(options.proxy_command, "-") == 0) { - if ((in = dup(STDIN_FILENO)) < 0 || - (out = dup(STDOUT_FILENO)) < 0) { + if ((in = dup(STDIN_FILENO)) == -1 || + (out = dup(STDOUT_FILENO)) == -1) { if (in >= 0) close(in); error("%s: dup() in/out failed", __func__); diff --git a/sshconnect2.c b/sshconnect2.c index 0d2523ca1..0ad44ce19 100644 --- a/sshconnect2.c +++ b/sshconnect2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect2.c,v 1.305 2019/05/31 03:20:07 djm Exp $ */ +/* $OpenBSD: sshconnect2.c,v 1.306 2019/06/28 13:35:04 deraadt Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2008 Damien Miller. All rights reserved. @@ -1408,7 +1408,7 @@ load_identity_file(Identity *id) int r, perm_ok = 0, quit = 0, i; struct stat st; - if (stat(id->filename, &st) < 0) { + if (stat(id->filename, &st) == -1) { (id->userprovided ? logit : debug3)("no such identity: %s: %s", id->filename, strerror(errno)); return NULL; @@ -1841,7 +1841,7 @@ ssh_keysign(struct ssh *ssh, struct sshkey *key, u_char **sigp, size_t *lenp, *sigp = NULL; *lenp = 0; - if (stat(_PATH_SSH_KEY_SIGN, &st) < 0) { + if (stat(_PATH_SSH_KEY_SIGN, &st) == -1) { error("%s: not installed: %s", __func__, strerror(errno)); return -1; } @@ -1849,30 +1849,30 @@ ssh_keysign(struct ssh *ssh, struct sshkey *key, u_char **sigp, size_t *lenp, error("%s: fflush: %s", __func__, strerror(errno)); return -1; } - if (pipe(to) < 0) { + if (pipe(to) == -1) { error("%s: pipe: %s", __func__, strerror(errno)); return -1; } - if (pipe(from) < 0) { + if (pipe(from) == -1) { error("%s: pipe: %s", __func__, strerror(errno)); return -1; } - if ((pid = fork()) < 0) { + if ((pid = fork()) == -1) { error("%s: fork: %s", __func__, strerror(errno)); return -1; } osigchld = signal(SIGCHLD, SIG_DFL); if (pid == 0) { close(from[0]); - if (dup2(from[1], STDOUT_FILENO) < 0) + if (dup2(from[1], STDOUT_FILENO) == -1) fatal("%s: dup2: %s", __func__, strerror(errno)); close(to[1]); - if (dup2(to[0], STDIN_FILENO) < 0) + if (dup2(to[0], STDIN_FILENO) == -1) fatal("%s: dup2: %s", __func__, strerror(errno)); close(from[1]); close(to[0]); - if (dup2(sock, STDERR_FILENO + 1) < 0) + if (dup2(sock, STDERR_FILENO + 1) == -1) fatal("%s: dup2: %s", __func__, strerror(errno)); sock = STDERR_FILENO + 1; fcntl(sock, F_SETFD, 0); /* keep the socket on exec */ @@ -1906,7 +1906,7 @@ ssh_keysign(struct ssh *ssh, struct sshkey *key, u_char **sigp, size_t *lenp, } errno = 0; - while (waitpid(pid, &status, 0) < 0) { + while (waitpid(pid, &status, 0) == -1) { if (errno != EINTR) { error("%s: waitpid %ld: %s", __func__, (long)pid, strerror(errno)); diff --git a/sshd.c b/sshd.c index 735a11060..11571c010 100644 --- a/sshd.c +++ b/sshd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshd.c,v 1.536 2019/06/21 04:21:05 djm Exp $ */ +/* $OpenBSD: sshd.c,v 1.537 2019/06/28 13:35:04 deraadt Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -345,7 +345,7 @@ main_sigchld_handler(int sig) int status; while ((pid = waitpid(-1, &status, WNOHANG)) > 0 || - (pid < 0 && errno == EINTR)) + (pid == -1 && errno == EINTR)) ; errno = save_errno; } @@ -468,7 +468,7 @@ privsep_preauth_child(void) debug3("privsep user:group %u:%u", (u_int)privsep_pw->pw_uid, (u_int)privsep_pw->pw_gid); gidset[0] = privsep_pw->pw_gid; - if (setgroups(1, gidset) < 0) + if (setgroups(1, gidset) == -1) fatal("setgroups: %.100s", strerror(errno)); permanently_set_uid(privsep_pw); } @@ -508,7 +508,7 @@ privsep_preauth(struct ssh *ssh) monitor_child_preauth(ssh, pmonitor); /* Wait for the child's exit status */ - while (waitpid(pid, &status, 0) < 0) { + while (waitpid(pid, &status, 0) == -1) { if (errno == EINTR) continue; pmonitor->m_pid = -1; @@ -967,7 +967,7 @@ listen_on_addrs(struct listenaddr *la) /* Create socket for listening. */ listen_sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol); - if (listen_sock < 0) { + if (listen_sock == -1) { /* kernel may not support ipv6 */ verbose("socket: %.100s", strerror(errno)); continue; @@ -996,7 +996,7 @@ listen_on_addrs(struct listenaddr *la) debug("Bind to port %s on %s.", strport, ntop); /* Bind the socket to the desired port. */ - if (bind(listen_sock, ai->ai_addr, ai->ai_addrlen) < 0) { + if (bind(listen_sock, ai->ai_addr, ai->ai_addrlen) == -1) { error("Bind to port %s on %s failed: %.200s.", strport, ntop, strerror(errno)); close(listen_sock); @@ -1006,7 +1006,7 @@ listen_on_addrs(struct listenaddr *la) num_listen_socks++; /* Start listening on the port. */ - if (listen(listen_sock, SSH_LISTEN_BACKLOG) < 0) + if (listen(listen_sock, SSH_LISTEN_BACKLOG) == -1) fatal("listen on [%s]:%s: %.100s", ntop, strport, strerror(errno)); logit("Server listening on %s port %s%s%s.", @@ -1091,7 +1091,7 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s) /* Wait in select until there is a connection. */ ret = select(maxfd+1, fdset, NULL, NULL, NULL); - if (ret < 0 && errno != EINTR) + if (ret == -1 && errno != EINTR) error("select: %.100s", strerror(errno)); if (received_sigterm) { logit("Received signal %d; terminating.", @@ -1101,7 +1101,7 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s) unlink(options.pid_file); exit(received_sigterm == SIGTERM ? 0 : 255); } - if (ret < 0) + if (ret == -1) continue; for (i = 0; i < options.max_startups; i++) { @@ -1141,7 +1141,7 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s) fromlen = sizeof(from); *newsock = accept(listen_socks[i], (struct sockaddr *)&from, &fromlen); - if (*newsock < 0) { + if (*newsock == -1) { if (errno != EINTR && errno != EWOULDBLOCK && errno != ECONNABORTED && errno != EAGAIN) error("accept: %.100s", @@ -1261,7 +1261,7 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s) /* Parent. Stay in the loop. */ platform_post_fork_parent(pid); - if (pid < 0) + if (pid == -1) error("fork: %.100s", strerror(errno)); else debug("Forked child %ld.", (long)pid); @@ -1314,7 +1314,7 @@ check_ip_options(struct ssh *ssh) memset(&from, 0, sizeof(from)); if (getpeername(sock_in, (struct sockaddr *)&from, - &fromlen) < 0) + &fromlen) == -1) return; if (from.ss_family != AF_INET) return; @@ -1895,7 +1895,7 @@ main(int ac, char **av) already_daemon = daemonized(); if (!(debug_flag || inetd_flag || no_daemon_flag || already_daemon)) { - if (daemon(0, 0) < 0) + if (daemon(0, 0) == -1) fatal("daemon() failed: %.200s", strerror(errno)); disconnect_controlling_tty(); @@ -1958,7 +1958,7 @@ main(int ac, char **av) * controlling terminal which will result in "could not set * controlling tty" errors. */ - if (!debug_flag && !inetd_flag && setsid() < 0) + if (!debug_flag && !inetd_flag && setsid() == -1) error("setsid: %.100s", strerror(errno)); #endif @@ -2036,7 +2036,7 @@ main(int ac, char **av) /* Set SO_KEEPALIVE if requested. */ if (options.tcp_keep_alive && ssh_packet_connection_is_on_socket(ssh) && - setsockopt(sock_in, SOL_SOCKET, SO_KEEPALIVE, &on, sizeof(on)) < 0) + setsockopt(sock_in, SOL_SOCKET, SO_KEEPALIVE, &on, sizeof(on)) == -1) error("setsockopt SO_KEEPALIVE: %.100s", strerror(errno)); if ((remote_port = ssh_remote_port(ssh)) < 0) { diff --git a/sshkey-xmss.c b/sshkey-xmss.c index ef39831c6..a29e33f39 100644 --- a/sshkey-xmss.c +++ b/sshkey-xmss.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshkey-xmss.c,v 1.4 2019/06/27 18:03:37 deraadt Exp $ */ +/* $OpenBSD: sshkey-xmss.c,v 1.5 2019/06/28 13:35:04 deraadt Exp $ */ /* * Copyright (c) 2017 Markus Friedl. All rights reserved. * @@ -473,12 +473,12 @@ sshkey_xmss_get_state(const struct sshkey *k, sshkey_printfn *pr) ret = SSH_ERR_ALLOC_FAIL; goto done; } - if ((lockfd = open(lockfile, O_CREAT|O_RDONLY, 0600)) < 0) { + if ((lockfd = open(lockfile, O_CREAT|O_RDONLY, 0600)) == -1) { ret = SSH_ERR_SYSTEM_ERROR; PRINT("%s: cannot open/create: %s", __func__, lockfile); goto done; } - while (flock(lockfd, LOCK_EX|LOCK_NB) < 0) { + while (flock(lockfd, LOCK_EX|LOCK_NB) == -1) { if (errno != EWOULDBLOCK) { ret = SSH_ERR_SYSTEM_ERROR; PRINT("%s: cannot lock: %s", __func__, lockfile); @@ -613,7 +613,7 @@ sshkey_xmss_update_state(const struct sshkey *k, sshkey_printfn *pr) PRINT("%s: ENCRYPT FAILED: %d", __func__, ret); goto done; } - if ((fd = open(nstatefile, O_CREAT|O_WRONLY|O_EXCL, 0600)) < 0) { + if ((fd = open(nstatefile, O_CREAT|O_WRONLY|O_EXCL, 0600)) == -1) { ret = SSH_ERR_SYSTEM_ERROR; PRINT("%s: open new state file: %s", __func__, nstatefile); goto done; @@ -632,13 +632,13 @@ sshkey_xmss_update_state(const struct sshkey *k, sshkey_printfn *pr) close(fd); goto done; } - if (fsync(fd) < 0) { + if (fsync(fd) == -1) { ret = SSH_ERR_SYSTEM_ERROR; PRINT("%s: sync new state file: %s", __func__, nstatefile); close(fd); goto done; } - if (close(fd) < 0) { + if (close(fd) == -1) { ret = SSH_ERR_SYSTEM_ERROR; PRINT("%s: close new state file: %s", __func__, nstatefile); goto done; @@ -652,7 +652,7 @@ sshkey_xmss_update_state(const struct sshkey *k, sshkey_printfn *pr) goto done; } } - if (rename(nstatefile, statefile) < 0) { + if (rename(nstatefile, statefile) == -1) { ret = SSH_ERR_SYSTEM_ERROR; PRINT("%s: rename %s to %s", __func__, nstatefile, statefile); goto done; diff --git a/sshlogin.c b/sshlogin.c index 1b2ee5f85..4ed419494 100644 --- a/sshlogin.c +++ b/sshlogin.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshlogin.c,v 1.33 2018/07/09 21:26:02 markus Exp $ */ +/* $OpenBSD: sshlogin.c,v 1.34 2019/06/28 13:35:04 deraadt Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland diff --git a/sshpty.c b/sshpty.c index 4da84d05f..715035257 100644 --- a/sshpty.c +++ b/sshpty.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshpty.c,v 1.31 2016/11/29 03:54:50 dtucker Exp $ */ +/* $OpenBSD: sshpty.c,v 1.32 2019/06/28 13:35:04 deraadt Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -68,7 +68,7 @@ pty_allocate(int *ptyfd, int *ttyfd, char *namebuf, size_t namebuflen) int i; i = openpty(ptyfd, ttyfd, NULL, NULL, NULL); - if (i < 0) { + if (i == -1) { error("openpty: %.100s", strerror(errno)); return 0; } @@ -86,9 +86,9 @@ void pty_release(const char *tty) { #if !defined(__APPLE_PRIVPTY__) && !defined(HAVE_OPENPTY) - if (chown(tty, (uid_t) 0, (gid_t) 0) < 0) + if (chown(tty, (uid_t) 0, (gid_t) 0) == -1) error("chown %.100s 0 0 failed: %.100s", tty, strerror(errno)); - if (chmod(tty, (mode_t) 0666) < 0) + if (chmod(tty, (mode_t) 0666) == -1) error("chmod %.100s 0666 failed: %.100s", tty, strerror(errno)); #endif /* !__APPLE_PRIVPTY__ && !HAVE_OPENPTY */ } @@ -108,7 +108,7 @@ pty_make_controlling_tty(int *ttyfd, const char *tty) close(fd); } #endif /* TIOCNOTTY */ - if (setsid() < 0) + if (setsid() == -1) error("setsid: %.100s", strerror(errno)); /* @@ -131,14 +131,14 @@ pty_make_controlling_tty(int *ttyfd, const char *tty) error("SETPGRP %s",strerror(errno)); #endif /* NEED_SETPGRP */ fd = open(tty, O_RDWR); - if (fd < 0) + if (fd == -1) error("%.100s: %.100s", tty, strerror(errno)); else close(fd); /* Verify that we now have a controlling tty. */ fd = open(_PATH_TTY, O_WRONLY); - if (fd < 0) + if (fd == -1) error("open /dev/tty failed - could not set controlling tty: %.100s", strerror(errno)); else @@ -188,7 +188,7 @@ pty_setowner(struct passwd *pw, const char *tty) #endif if (st.st_uid != pw->pw_uid || st.st_gid != gid) { - if (chown(tty, pw->pw_uid, gid) < 0) { + if (chown(tty, pw->pw_uid, gid) == -1) { if (errno == EROFS && (st.st_uid == pw->pw_uid || st.st_uid == 0)) debug("chown(%.100s, %u, %u) failed: %.100s", @@ -202,7 +202,7 @@ pty_setowner(struct passwd *pw, const char *tty) } if ((st.st_mode & (S_IRWXU|S_IRWXG|S_IRWXO)) != mode) { - if (chmod(tty, mode) < 0) { + if (chmod(tty, mode) == -1) { if (errno == EROFS && (st.st_mode & (S_IRGRP | S_IROTH)) == 0) debug("chmod(%.100s, 0%o) failed: %.100s", diff --git a/uidswap.c b/uidswap.c index 49f76d818..1d78c607a 100644 --- a/uidswap.c +++ b/uidswap.c @@ -1,4 +1,4 @@ -/* $OpenBSD: uidswap.c,v 1.41 2018/07/18 11:34:04 dtucker Exp $ */ +/* $OpenBSD: uidswap.c,v 1.42 2019/06/28 13:35:04 deraadt Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -84,12 +84,12 @@ temporarily_use_uid(struct passwd *pw) temporarily_use_uid_effective = 1; saved_egroupslen = getgroups(0, NULL); - if (saved_egroupslen < 0) + if (saved_egroupslen == -1) fatal("getgroups: %.100s", strerror(errno)); if (saved_egroupslen > 0) { saved_egroups = xreallocarray(saved_egroups, saved_egroupslen, sizeof(gid_t)); - if (getgroups(saved_egroupslen, saved_egroups) < 0) + if (getgroups(saved_egroupslen, saved_egroups) == -1) fatal("getgroups: %.100s", strerror(errno)); } else { /* saved_egroupslen == 0 */ free(saved_egroups); @@ -98,17 +98,17 @@ temporarily_use_uid(struct passwd *pw) /* set and save the user's groups */ if (user_groupslen == -1 || user_groups_uid != pw->pw_uid) { - if (initgroups(pw->pw_name, pw->pw_gid) < 0) + if (initgroups(pw->pw_name, pw->pw_gid) == -1) fatal("initgroups: %s: %.100s", pw->pw_name, strerror(errno)); user_groupslen = getgroups(0, NULL); - if (user_groupslen < 0) + if (user_groupslen == -1) fatal("getgroups: %.100s", strerror(errno)); if (user_groupslen > 0) { user_groups = xreallocarray(user_groups, user_groupslen, sizeof(gid_t)); - if (getgroups(user_groupslen, user_groups) < 0) + if (getgroups(user_groupslen, user_groups) == -1) fatal("getgroups: %.100s", strerror(errno)); } else { /* user_groupslen == 0 */ free(user_groups); @@ -117,17 +117,17 @@ temporarily_use_uid(struct passwd *pw) user_groups_uid = pw->pw_uid; } /* Set the effective uid to the given (unprivileged) uid. */ - if (setgroups(user_groupslen, user_groups) < 0) + if (setgroups(user_groupslen, user_groups) == -1) fatal("setgroups: %.100s", strerror(errno)); #ifndef SAVED_IDS_WORK_WITH_SETEUID /* Propagate the privileged gid to all of our gids. */ - if (setgid(getegid()) < 0) + if (setgid(getegid()) == -1) debug("setgid %u: %.100s", (u_int) getegid(), strerror(errno)); /* Propagate the privileged uid to all of our uids. */ - if (setuid(geteuid()) < 0) + if (setuid(geteuid()) == -1) debug("setuid %u: %.100s", (u_int) geteuid(), strerror(errno)); #endif /* SAVED_IDS_WORK_WITH_SETEUID */ - if (setegid(pw->pw_gid) < 0) + if (setegid(pw->pw_gid) == -1) fatal("setegid %u: %.100s", (u_int)pw->pw_gid, strerror(errno)); if (seteuid(pw->pw_uid) == -1) @@ -152,9 +152,9 @@ restore_uid(void) #ifdef SAVED_IDS_WORK_WITH_SETEUID debug("restore_uid: %u/%u", (u_int)saved_euid, (u_int)saved_egid); /* Set the effective uid back to the saved privileged uid. */ - if (seteuid(saved_euid) < 0) + if (seteuid(saved_euid) == -1) fatal("seteuid %u: %.100s", (u_int)saved_euid, strerror(errno)); - if (setegid(saved_egid) < 0) + if (setegid(saved_egid) == -1) fatal("setegid %u: %.100s", (u_int)saved_egid, strerror(errno)); #else /* SAVED_IDS_WORK_WITH_SETEUID */ /* @@ -166,7 +166,7 @@ restore_uid(void) setgid(getgid()); #endif /* SAVED_IDS_WORK_WITH_SETEUID */ - if (setgroups(saved_egroupslen, saved_egroups) < 0) + if (setgroups(saved_egroupslen, saved_egroups) == -1) fatal("setgroups: %.100s", strerror(errno)); temporarily_use_uid_effective = 0; } @@ -190,7 +190,7 @@ permanently_set_uid(struct passwd *pw) debug("permanently_set_uid: %u/%u", (u_int)pw->pw_uid, (u_int)pw->pw_gid); - if (setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) < 0) + if (setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) == -1) fatal("setresgid %u: %.100s", (u_int)pw->pw_gid, strerror(errno)); #ifdef __APPLE__ @@ -198,12 +198,12 @@ permanently_set_uid(struct passwd *pw) * OS X requires initgroups after setgid to opt back into * memberd support for >16 supplemental groups. */ - if (initgroups(pw->pw_name, pw->pw_gid) < 0) + if (initgroups(pw->pw_name, pw->pw_gid) == -1) fatal("initgroups %.100s %u: %.100s", pw->pw_name, (u_int)pw->pw_gid, strerror(errno)); #endif - if (setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid) < 0) + if (setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid) == -1) fatal("setresuid %u: %.100s", (u_int)pw->pw_uid, strerror(errno)); #ifndef NO_UID_RESTORATION_TEST -- cgit v1.2.3 From a546b17bbaeb12beac4c9aeed56f74a42b18a93a Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Wed, 9 Oct 2019 00:02:57 +0000 Subject: upstream: fix integer overflow in XMSS private key parsing. Reported by Adam Zabrocki via SecuriTeam's SSH program. Note that this code is experimental and not compiled by default. ok markus@ OpenBSD-Commit-ID: cd0361896d15e8a1bac495ac583ff065ffca2be1 --- sshkey-xmss.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'sshkey-xmss.c') diff --git a/sshkey-xmss.c b/sshkey-xmss.c index a29e33f39..9e5f5e475 100644 --- a/sshkey-xmss.c +++ b/sshkey-xmss.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshkey-xmss.c,v 1.5 2019/06/28 13:35:04 deraadt Exp $ */ +/* $OpenBSD: sshkey-xmss.c,v 1.6 2019/10/09 00:02:57 djm Exp $ */ /* * Copyright (c) 2017 Markus Friedl. All rights reserved. * @@ -977,7 +977,8 @@ sshkey_xmss_decrypt_state(const struct sshkey *k, struct sshbuf *encoded, goto out; } /* check that an appropriate amount of auth data is present */ - if (sshbuf_len(encoded) < encrypted_len + authlen) { + if (sshbuf_len(encoded) < authlen || + sshbuf_len(encoded) - authlen < encrypted_len) { r = SSH_ERR_INVALID_FORMAT; goto out; } -- cgit v1.2.3