diff options
author | Luke Shumaker <lukeshu@sbcglobal.net> | 2014-12-15 04:35:09 -0500 |
---|---|---|
committer | Luke Shumaker <lukeshu@sbcglobal.net> | 2014-12-15 04:35:09 -0500 |
commit | 2a86df94e9441527456e0d24648039882031a9a2 (patch) | |
tree | ae1769334a4efd35ba7524b294ac186942df5d97 /nslcd | |
parent | 24a303bc75ce02d3242dc76869e5ec91f81a29f3 (diff) |
be stricter everywhere (-D_FORTIFY_SOURCE=2)
Diffstat (limited to 'nslcd')
-rw-r--r-- | nslcd/Makefile.am | 2 | ||||
-rw-r--r-- | nslcd/hackers_parse.c | 6 | ||||
-rw-r--r-- | nslcd/hackers_watch.c | 9 | ||||
-rw-r--r-- | nslcd/hackers_watch.h | 2 | ||||
-rw-r--r-- | nslcd/invalidator.c | 6 |
5 files changed, 17 insertions, 8 deletions
diff --git a/nslcd/Makefile.am b/nslcd/Makefile.am index cda2716..8afc690 100644 --- a/nslcd/Makefile.am +++ b/nslcd/Makefile.am @@ -20,7 +20,7 @@ sbin_PROGRAMS = nslcd -AM_CPPFLAGS=-I$(top_srcdir) -D_XOPEN_SOURCE=500 # for pthread_rwlock +AM_CPPFLAGS=-I$(top_srcdir) -D_FORTIFY_SOURCE=2 -D_XOPEN_SOURCE=500 AM_CFLAGS = -std=c99 $(PTHREAD_CFLAGS) -Wall -Werror -Wextra -Wno-unused-parameter nslcd_SOURCES = nslcd.c ../nslcd.h ../common/nslcd-prot.h \ diff --git a/nslcd/hackers_parse.c b/nslcd/hackers_parse.c index 7d63995..2a98fc1 100644 --- a/nslcd/hackers_parse.c +++ b/nslcd/hackers_parse.c @@ -126,7 +126,8 @@ load_user_password(struct passwd *user) { ssize_t line_len; size_t line_cap = 0; - asprintf(&filename, "%s/.password", user->pw_dir); + if (asprintf(&filename, "%s/.password", user->pw_dir) < 0) + goto nopassword; if ((file = fopen(filename, "r")) == NULL) goto nopassword; // TODO: check permissions on 'file' @@ -175,7 +176,8 @@ load_user_yaml(const char *filename, struct passwd *user) { yaml_node_t *val = NODE(pair->value); if (strcmp("username", STR_VALUE(key))==0) { user->pw_name = strdup(STR_VALUE(val)); - asprintf(&(user->pw_dir), "/home/%s", user->pw_name); + if (asprintf(&(user->pw_dir), "/home/%s", user->pw_name) < 0) + goto error; flags |= PW_NAME | PW_DIR; } if (strcmp("fullname", STR_VALUE(key))==0) { diff --git a/nslcd/hackers_watch.c b/nslcd/hackers_watch.c index 31e7e3b..1516593 100644 --- a/nslcd/hackers_watch.c +++ b/nslcd/hackers_watch.c @@ -50,7 +50,8 @@ hackers_init(const char *yamldir, struct session *sess) { sess->in_wd_yaml = inotify_add_watch(sess->in_fd, yamldir, EVENT_CHILD_ANY); sess->in_wd_home = inotify_add_watch(sess->in_fd, "/home" , EVENT_CHILD_ADD); - asprintf(&glob_pattern, "%s/*.yml", yamldir); + if (asprintf(&glob_pattern, "%s/*.yml", yamldir) < 0) + return -1; glob(glob_pattern, 0, NULL, &glob_results); free(glob_pattern); @@ -136,9 +137,10 @@ worker_handle_del_yaml(struct session *sess, uid_t uid) { pthread_rwlock_unlock(&(sess->lock)); } -void +int hackers_worker(struct session *sess) { - chdir(sess->yamldir); + if (chdir(sess->yamldir) < 0) + return -1; for (INOTIFY_ITERATOR(sess->in_fd, event)) { if (event->wd == sess->in_wd_yaml) { /* handle updates to yaml files */ @@ -183,4 +185,5 @@ hackers_worker(struct session *sess) { } } } + return -1; } diff --git a/nslcd/hackers_watch.h b/nslcd/hackers_watch.h index dd2f372..91e6319 100644 --- a/nslcd/hackers_watch.h +++ b/nslcd/hackers_watch.h @@ -4,6 +4,6 @@ #include "hackers.h" int hackers_init(const char *yamldir, struct session *session); -void hackers_worker(struct session *session); +int hackers_worker(struct session *session); #endif diff --git a/nslcd/invalidator.c b/nslcd/invalidator.c index 11ffa5c..550ca8b 100644 --- a/nslcd/invalidator.c +++ b/nslcd/invalidator.c @@ -159,7 +159,11 @@ static void handle_requests(int fd) const char *db; log_log(LOG_DEBUG, "invalidator: starting"); /* set up environment */ - (void)chdir("/"); + if (chdir("/") < 0) + { + log_log(LOG_ERR, "invalidator: could not chdir to root"); + _exit(EXIT_SUCCESS); + } putenv("PATH=/usr/sbin:/usr/bin:/sbin:/bin"); /* handle incoming requests */ while (1) |