Changeset 22
- Timestamp:
- Feb 23, 2006, 12:03:58 AM (19 years ago)
- Location:
- trunk
- Files:
-
- 64 edited
-
depend.dep (modified) (1 diff)
-
depend.sum (modified) (1 diff)
-
docs/Changelog (modified) (1 diff)
-
include/samhain.h (modified) (1 diff)
-
include/sh_calls.h (modified) (1 diff)
-
include/sh_database.h (modified) (1 diff)
-
include/sh_error.h (modified) (7 diffs)
-
include/sh_extern.h (modified) (4 diffs)
-
include/sh_files.h (modified) (5 diffs)
-
include/sh_forward.h (modified) (5 diffs)
-
include/sh_hash.h (modified) (1 diff)
-
include/sh_ignore.h (modified) (1 diff)
-
include/sh_mail.h (modified) (3 diffs)
-
include/sh_prelink.h (modified) (1 diff)
-
include/sh_prelude.h (modified) (2 diffs)
-
include/sh_tiger.h (modified) (1 diff)
-
include/sh_unix.h (modified) (4 diffs)
-
include/sh_utils.h (modified) (2 diffs)
-
src/cutest_sh_utils.c (modified) (1 diff)
-
src/samhain.c (modified) (13 diffs)
-
src/samhain_setpwd.c (modified) (7 diffs)
-
src/sh_calls.c (modified) (1 diff)
-
src/sh_database.c (modified) (6 diffs)
-
src/sh_entropy.c (modified) (4 diffs)
-
src/sh_err_console.c (modified) (2 diffs)
-
src/sh_err_log.c (modified) (11 diffs)
-
src/sh_err_syslog.c (modified) (1 diff)
-
src/sh_error.c (modified) (11 diffs)
-
src/sh_extern.c (modified) (26 diffs)
-
src/sh_fifo.c (modified) (3 diffs)
-
src/sh_files.c (modified) (26 diffs)
-
src/sh_forward.c (modified) (21 diffs)
-
src/sh_getopt.c (modified) (3 diffs)
-
src/sh_gpg.c (modified) (3 diffs)
-
src/sh_hash.c (modified) (1 diff)
-
src/sh_html.c (modified) (3 diffs)
-
src/sh_ignore.c (modified) (3 diffs)
-
src/sh_kern.c (modified) (1 diff)
-
src/sh_mail.c (modified) (20 diffs)
-
src/sh_mem.c (modified) (4 diffs)
-
src/sh_prelink.c (modified) (3 diffs)
-
src/sh_prelude.c (modified) (15 diffs)
-
src/sh_readconf.c (modified) (17 diffs)
-
src/sh_schedule.c (modified) (2 diffs)
-
src/sh_socket.c (modified) (7 diffs)
-
src/sh_srp.c (modified) (1 diff)
-
src/sh_static.c (modified) (3 diffs)
-
src/sh_suidchk.c (modified) (12 diffs)
-
src/sh_tiger0.c (modified) (3 diffs)
-
src/sh_tools.c (modified) (4 diffs)
-
src/sh_unix.c (modified) (30 diffs)
-
src/sh_utils.c (modified) (14 diffs)
-
src/slib.c (modified) (12 diffs)
-
src/yulectl.c (modified) (5 diffs)
-
test/test.sh (modified) (10 diffs)
-
test/testcompile.sh (modified) (34 diffs)
-
test/testext.sh (modified) (1 diff)
-
test/testrc_2.in (modified) (1 diff)
-
test/testrun_1.sh (modified) (6 diffs)
-
test/testrun_1b.sh (modified) (2 diffs)
-
test/testrun_2.sh (modified) (14 diffs)
-
test/testrun_2a.sh (modified) (3 diffs)
-
test/testrun_2b.sh (modified) (2 diffs)
-
test/testrun_2d.sh (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
-
trunk/depend.dep
r18 r22 34 34 sh_err_console.o: $(srcsrc)/sh_err_console.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_error.h $(srcinc)/sh_utils.h 35 35 sh_err_syslog.o: $(srcsrc)/sh_err_syslog.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_error.h 36 sh_schedule.o: $(srcsrc)/sh_schedule.c Makefile config_xor.h $(srcinc)/s h_mem.h $(srcinc)/sh_schedule.h36 sh_schedule.o: $(srcsrc)/sh_schedule.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_mem.h $(srcinc)/sh_schedule.h 37 37 bignum.o: $(srcsrc)/bignum.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/bignum.h 38 38 mkhdr.o: $(srcsrc)/mkhdr.c Makefile config.h -
trunk/depend.sum
r18 r22 1 3476546078 1 2018699483 -
trunk/docs/Changelog
r18 r22 1 1 2.2.0: 2 * allow --longopt arg as well as --longopt=arg 3 * fix minor problem with dead clienbt detection (problem reported 4 by M. Kustosik) 5 * verify checksum of growing log files 6 * rewrite of the test suite 2 7 * added a bit of unit testing 3 8 * improved the windows howto according to suggestions by -
trunk/include/samhain.h
r20 r22 290 290 /*@null@*/ extern sh_key_t *skey; 291 291 292 /************************************************** 293 * 294 * macros 295 * 296 **************************************************/ 297 298 /* signal-safe log function 299 */ 300 int safe_logger (int signal, int method, char * details); 301 int safe_fatal (int signal, int method, char * details, char *f, int l); 302 303 #define SH_VAL_EQ(a,b) \ 304 do { \ 305 if ((a) != (b)) safe_fatal(0, 0, #a " != " #b, FIL__, __LINE__);\ 306 } while (0) 307 292 308 293 309 #if defined(HAVE_MLOCK) && !defined(HAVE_BROKEN_MLOCK) -
trunk/include/sh_calls.h
r20 r22 33 33 /* Set aud functions 34 34 */ 35 int sh_aud_set_functions(c har * str_s);35 int sh_aud_set_functions(const char * str_s); 36 36 37 37 -
trunk/include/sh_database.h
r1 r22 5 5 int sh_database_insert (char * message); 6 6 7 int sh_database_use_persistent (c har * str);7 int sh_database_use_persistent (const char * str); 8 8 9 int sh_database_set_database (c har * str);10 int sh_database_set_table (c har * str);11 int sh_database_set_host (c har * str);12 int sh_database_set_user (c har * str);13 int sh_database_set_password (c har * str);14 int sh_database_add_to_hash (c har * str);15 int set_enter_wrapper (c har * str);9 int sh_database_set_database (const char * str); 10 int sh_database_set_table (const char * str); 11 int sh_database_set_host (const char * str); 12 int sh_database_set_user (const char * str); 13 int sh_database_set_password (const char * str); 14 int sh_database_add_to_hash (const char * str); 15 int set_enter_wrapper (const char * str); 16 16 #endif -
trunk/include/sh_error.h
r20 r22 81 81 /* set mask for message class 82 82 */ 83 int sh_error_log_mask (c har * c);84 int sh_error_print_mask (c har * c);85 int sh_error_mail_mask (c har * c);86 int sh_error_export_mask (c har * c);87 int sh_error_syslog_mask (c har * c);88 int sh_error_external_mask (c har * c);89 int sh_error_database_mask (c har * c);90 int sh_error_prelude_mask (c har * c);83 int sh_error_log_mask (const char * c); 84 int sh_error_print_mask (const char * c); 85 int sh_error_mail_mask (const char * c); 86 int sh_error_export_mask (const char * c); 87 int sh_error_syslog_mask (const char * c); 88 int sh_error_external_mask (const char * c); 89 int sh_error_database_mask (const char * c); 90 int sh_error_prelude_mask (const char * c); 91 91 92 92 … … 99 99 #ifdef SH_WITH_SERVER 100 100 void sh_error_set_peer(const char * str); 101 int set_flag_sep_log (c har * str);101 int set_flag_sep_log (const char * str); 102 102 #endif 103 103 … … 108 108 /* convert a string to a numeric priority 109 109 */ 110 int sh_error_convert_level (c har * str_s);110 int sh_error_convert_level (const char * str_s); 111 111 112 112 /* only to stderr (GOOD/BAD) … … 116 116 /* set syslog facility 117 117 */ 118 int sh_log_set_facility (c har * c);118 int sh_log_set_facility (const char * c); 119 119 120 120 /* define message header 121 121 */ 122 int sh_error_ehead (/*@null@*/c har * s);122 int sh_error_ehead (/*@null@*/const char * s); 123 123 124 124 /* set level for error logging … … 128 128 /* set severity levels 129 129 */ 130 int sh_error_set_iv (int iv, c har * severity_s);130 int sh_error_set_iv (int iv, const char * severity_s); 131 131 132 132 /* set priorities … … 178 178 /* (re)set the console device(s) 179 179 */ 180 int sh_log_set_console (c har * address);180 int sh_log_set_console (const char * address); 181 181 void reset_count_dev_console(void); 182 182 … … 188 188 /* enable message queue 189 189 */ 190 int enable_msgq(c har * foo);190 int enable_msgq(const char * foo); 191 191 #endif 192 192 -
trunk/include/sh_extern.h
r1 r22 43 43 * -- add CL argument, return # of arguments 44 44 */ 45 int sh_ext_tas_add_argv(sh_tas_t * tas, c har * val);45 int sh_ext_tas_add_argv(sh_tas_t * tas, const char * val); 46 46 /* 47 47 * -- remove last CL argument … … 51 51 * -- add environment variable, return # of variables 52 52 */ 53 int sh_ext_tas_add_envv(sh_tas_t * tas, c har * key,char * val);53 int sh_ext_tas_add_envv(sh_tas_t * tas, const char * key, const char * val); 54 54 /* 55 55 * -- set command 56 56 */ 57 void sh_ext_tas_command(sh_tas_t * tas, c har * command);57 void sh_ext_tas_command(sh_tas_t * tas, const char * command); 58 58 /* 59 59 * -- initialize task structure … … 71 71 * -- start a new external command, and add it to the list 72 72 */ 73 int sh_ext_setcommand(c har * cmd);73 int sh_ext_setcommand(const char * cmd); 74 74 75 75 /* … … 81 81 * -- set deadtime 82 82 */ 83 int sh_ext_deadtime (c har * str);83 int sh_ext_deadtime (const char * str); 84 84 85 85 /* 86 86 * -- add keywords to the OR filter 87 87 */ 88 int sh_ext_add_or (c har * str);88 int sh_ext_add_or (const char * str); 89 89 90 90 /* 91 91 * -- add keywords to the AND filter 92 92 */ 93 int sh_ext_add_and (c har * str);93 int sh_ext_add_and (const char * str); 94 94 95 95 /* 96 96 * -- add keywords to the NOT filter 97 97 */ 98 int sh_ext_add_not (c har * str);98 int sh_ext_add_not (const char * str); 99 99 100 100 /* 101 101 * -- add keywords to the CL argument list 102 102 */ 103 int sh_ext_add_argv (c har * str);103 int sh_ext_add_argv (const char * str); 104 104 105 105 /* 106 106 * -- add a path to the environment 107 107 */ 108 int sh_ext_add_default (c har * str);108 int sh_ext_add_default (const char * str); 109 109 110 110 /* 111 111 * -- add an environment variable 112 112 */ 113 int sh_ext_add_environ (c har * str);113 int sh_ext_add_environ (const char * str); 114 114 115 115 /* 116 116 * -- define type 117 117 */ 118 int sh_ext_type (c har * str);118 int sh_ext_type (const char * str); 119 119 120 120 /* 121 121 * -- define checksum 122 122 */ 123 int sh_ext_checksum (c har * str);123 int sh_ext_checksum (const char * str); 124 124 125 125 /* 126 126 * -- choose privileges 127 127 */ 128 int sh_ext_priv (c har * c);128 int sh_ext_priv (const char * c); 129 129 130 130 /* -
trunk/include/sh_files.h
r20 r22 23 23 /* register exceptions to hardlink check 24 24 */ 25 int sh_files_hle_reg (c har * str);25 int sh_files_hle_reg (const char * str); 26 26 27 27 /* check the setup … … 35 35 /* activate hardlink check 36 36 */ 37 int sh_files_check_hardlinks (c har * opt);37 int sh_files_check_hardlinks (const char * opt); 38 38 39 39 /* set recursion depth … … 43 43 /* report only once 44 44 */ 45 int sh_files_reportonce(c har * c);45 int sh_files_reportonce(const char * c); 46 46 47 47 /* report full details 48 48 */ 49 int sh_files_fulldetail(c har * c);49 int sh_files_fulldetail(const char * c); 50 50 51 51 /* reset the 'checked' flag … … 67 67 /* push a directory on the stack USER0 68 68 */ 69 int sh_files_pushdir_user0 (c har * dirName);69 int sh_files_pushdir_user0 (const char * dirName); 70 70 71 71 /* push a directory on the stack USER1 72 72 */ 73 int sh_files_pushdir_user1 (c har * dirName);73 int sh_files_pushdir_user1 (const char * dirName); 74 74 75 75 /* push a directory on the stack PRELINK 76 76 */ 77 int sh_files_pushdir_prelink (c har * dirName);77 int sh_files_pushdir_prelink (const char * dirName); 78 78 79 79 /* push a directory on the stack ATTR 80 80 */ 81 int sh_files_pushdir_attr (c har * dirName);81 int sh_files_pushdir_attr (const char * dirName); 82 82 83 83 /* push a directory on the stack READONLY 84 84 */ 85 int sh_files_pushdir_ro (c har * dirName);85 int sh_files_pushdir_ro (const char * dirName); 86 86 87 87 /* push a directory on the stack LOGFILE 88 88 */ 89 int sh_files_pushdir_log (c har * dirName);89 int sh_files_pushdir_log (const char * dirName); 90 90 91 91 /* push a directory on the stack GROWING LOGFILE 92 92 */ 93 int sh_files_pushdir_glog (c har * dirName);93 int sh_files_pushdir_glog (const char * dirName); 94 94 95 95 /* push a directory on the stack IGNORE NONE 96 96 */ 97 int sh_files_pushdir_noig (c har * dirName);97 int sh_files_pushdir_noig (const char * dirName); 98 98 99 99 /* push a directory on the stack IGNORE ALL 100 100 */ 101 int sh_files_pushdir_allig (c har * dirName);101 int sh_files_pushdir_allig (const char * dirName); 102 102 103 103 104 104 /* push a file on the stack USER0 105 105 */ 106 int sh_files_pushfile_user0 (c har * dirName);106 int sh_files_pushfile_user0 (const char * dirName); 107 107 108 108 /* push a file on the stack USER1 109 109 */ 110 int sh_files_pushfile_user1 (c har * dirName);110 int sh_files_pushfile_user1 (const char * dirName); 111 111 112 112 /* push a file on the stack PRELINK 113 113 */ 114 int sh_files_pushfile_prelink (c har * dirName);114 int sh_files_pushfile_prelink (const char * dirName); 115 115 116 116 /* push a file on the stack ATTR 117 117 */ 118 int sh_files_pushfile_attr (c har * dirName);118 int sh_files_pushfile_attr (const char * dirName); 119 119 120 120 /* push a file on the stack READONLY 121 121 */ 122 int sh_files_pushfile_ro (c har * dirName);122 int sh_files_pushfile_ro (const char * dirName); 123 123 124 124 /* push a file on the stack LOGFILE 125 125 */ 126 int sh_files_pushfile_log (c har * dirName);126 int sh_files_pushfile_log (const char * dirName); 127 127 128 128 /* push a file on the stack GROWING LOGFILE 129 129 */ 130 int sh_files_pushfile_glog (c har * dirName);130 int sh_files_pushfile_glog (const char * dirName); 131 131 132 132 /* push a file on the stack IGNORE NONE 133 133 */ 134 int sh_files_pushfile_noig (c har * dirName);134 int sh_files_pushfile_noig (const char * dirName); 135 135 136 136 /* push a file on the stack IGNORE ALL 137 137 */ 138 int sh_files_pushfile_allig (c har * dirName);138 int sh_files_pushfile_allig (const char * dirName); 139 139 140 140 … … 153 153 /* redefine policies 154 154 */ 155 int sh_files_redef_user0(c har * str);156 int sh_files_redef_user1(c har * str);157 int sh_files_redef_prelink(c har * str);158 int sh_files_redef_readonly(c har * str);159 int sh_files_redef_loggrow(c har * str);160 int sh_files_redef_logfiles(c har * str);161 int sh_files_redef_attributes(c har * str);162 int sh_files_redef_noignore(c har * str);163 int sh_files_redef_allignore(c har * str);155 int sh_files_redef_user0(const char * str); 156 int sh_files_redef_user1(const char * str); 157 int sh_files_redef_prelink(const char * str); 158 int sh_files_redef_readonly(const char * str); 159 int sh_files_redef_loggrow(const char * str); 160 int sh_files_redef_logfiles(const char * str); 161 int sh_files_redef_attributes(const char * str); 162 int sh_files_redef_noignore(const char * str); 163 int sh_files_redef_allignore(const char * str); 164 164 165 165 -
trunk/include/sh_forward.h
r20 r22 32 32 /* set time limit 33 33 */ 34 int sh_forward_set_time_limit(c har * str);34 int sh_forward_set_time_limit(const char * str); 35 35 36 36 /* error level for lookup failure 37 37 */ 38 int sh_forward_lookup_level (c har * c);38 int sh_forward_lookup_level (const char * c); 39 39 40 40 /* create client entry for given password … … 45 45 46 46 #ifdef INET_SYSLOG 47 int set_syslog_active(c har * c);47 int set_syslog_active(const char * c); 48 48 #endif 49 49 … … 55 55 * and set by accept() 56 56 */ 57 int set_socket_peer (c har * c);57 int set_socket_peer (const char * c); 58 58 59 59 /* whether to use client severity 60 60 */ 61 int sh_forward_use_clt_sev (c har * c);61 int sh_forward_use_clt_sev (const char * c); 62 62 63 63 /* whether to use client class 64 64 */ 65 int sh_forward_use_clt_class (c har * c);65 int sh_forward_use_clt_class (const char * c); 66 66 67 67 /* server port 68 68 */ 69 int sh_forward_set_port(c har * c);69 int sh_forward_set_port(const char * c); 70 70 71 71 /* server interface 72 72 */ 73 int sh_forward_set_interface(c har * c);73 int sh_forward_set_interface(const char * c); 74 74 75 75 /* a wrapper function … … 79 79 /* register a client 80 80 */ 81 int sh_forward_register_client (c har * str);81 int sh_forward_register_client (const char * str); 82 82 83 83 /* start server … … 103 103 /* set log server 104 104 */ 105 int sh_forward_setlogserver (c har * address);105 int sh_forward_setlogserver (const char * address); 106 106 void reset_count_dev_server(void); 107 107 -
trunk/include/sh_hash.h
r20 r22 42 42 /* version string for database 43 43 */ 44 int sh_hash_version_string(c har * str);44 int sh_hash_version_string(const char * str); 45 45 46 46 /* List database content -
trunk/include/sh_ignore.h
r1 r22 2 2 #define SH_IGNORE_H 3 3 4 int sh_ignore_add_del (c har * addpath);5 int sh_ignore_add_new (c har * addpath);4 int sh_ignore_add_del (const char * addpath); 5 int sh_ignore_add_new (const char * addpath); 6 6 7 7 int sh_ignore_chk_del (const char * chkpath); -
trunk/include/sh_mail.h
r20 r22 26 26 /* set a relay server 27 27 */ 28 int sh_mail_set_relay (c har * str_s);28 int sh_mail_set_relay (const char * str_s); 29 29 30 30 /* send to all recpts. in one mail 31 31 */ 32 int sh_mail_setFlag (c har * str);32 int sh_mail_setFlag (const char * str); 33 33 34 34 /* set the subject string 35 35 */ 36 int set_mail_subject (c har * str);36 int set_mail_subject (const char * str); 37 37 38 38 /* test mailbox … … 44 44 #define SH_MAX_FAIL 48 45 45 46 int sh_mail_setNum (c har * str);46 int sh_mail_setNum (const char * str); 47 47 48 int sh_mail_setaddress (c har * address);48 int sh_mail_setaddress (const char * address); 49 49 void reset_count_dev_mail(void); 50 int sh_mail_setaddress_int (c har * address);50 int sh_mail_setaddress_int (const char * address); 51 51 52 52 /* call if not urgent … … 60 60 /* set sender of mail 61 61 */ 62 int sh_mail_set_sender (c har *str);62 int sh_mail_set_sender (const char *str); 63 63 64 int sh_mail_add_or (c har * str);65 int sh_mail_add_and (c har * str);66 int sh_mail_add_not (c har * str);64 int sh_mail_add_or (const char * str); 65 int sh_mail_add_and (const char * str); 66 int sh_mail_add_not (const char * str); 67 67 68 68 #endif -
trunk/include/sh_prelink.h
r1 r22 14 14 /* configuration 15 15 */ 16 int sh_prelink_set_path (c har * str);17 int sh_prelink_set_hash (c har * str);16 int sh_prelink_set_path (const char * str); 17 int sh_prelink_set_hash (const char * str); 18 18 #endif -
trunk/include/sh_prelude.h
r1 r22 6 6 int sh_prelude_init(); 7 7 8 int sh_prelude_set_profile(c har *arg);8 int sh_prelude_set_profile(const char *arg); 9 9 10 10 int sh_prelude_alert (int priority, int class, char * message, … … 13 13 /* map severity levels 14 14 */ 15 int sh_prelude_map_info (c har * str);16 int sh_prelude_map_low (c har * str);17 int sh_prelude_map_medium (c har * str);18 int sh_prelude_map_high (c har * str);15 int sh_prelude_map_info (const char * str); 16 int sh_prelude_map_low (const char * str); 17 int sh_prelude_map_medium (const char * str); 18 int sh_prelude_map_high (const char * str); 19 19 20 20 #endif -
trunk/include/sh_tiger.h
r20 r22 22 22 /* NEW Thu Oct 18 19:59:08 CEST 2001 23 23 */ 24 int sh_tiger_hashtype (c har * c);24 int sh_tiger_hashtype (const char * c); 25 25 char * sh_tiger_generic_hash (char * filename, TigerType what, 26 26 UINT64 Length, int timeout); -
trunk/include/sh_unix.h
r20 r22 148 148 /* whether to use localtime for file timesatams in logs 149 149 */ 150 int sh_unix_uselocaltime (c har * c);150 int sh_unix_uselocaltime (const char * c); 151 151 152 152 /* set I/O limit 153 153 */ 154 int sh_unix_set_io_limit (c har * c);154 int sh_unix_set_io_limit (const char * c); 155 155 void sh_unix_io_pause (); 156 156 … … 199 199 /* checksum of own binary 200 200 */ 201 int sh_unix_self_hash (c har * c);201 int sh_unix_self_hash (const char * c); 202 202 203 203 /* return BAD on failure … … 207 207 /* add a trusted user to the list 208 208 */ 209 int tf_add_trusted_user(c har *);209 int tf_add_trusted_user(const char *); 210 210 211 211 /* check a file … … 224 224 /* set the timeserver address 225 225 */ 226 int sh_unix_settimeserver (c har * address);226 int sh_unix_settimeserver (const char * address); 227 227 void reset_count_dev_time(void); 228 228 -
trunk/include/sh_utils.h
r20 r22 65 65 /* set signature type HASH-TIGER/HMAC-TIGER 66 66 */ 67 int sh_util_sigtype (c har * c);67 int sh_util_sigtype (const char * c); 68 68 69 69 /* compute a signature … … 83 83 /* don't log output files 84 84 */ 85 int sh_util_hidesetup(c har * c);85 int sh_util_hidesetup(const char * c); 86 86 87 87 /* exceptions to obscure name check 88 88 */ 89 int sh_util_obscure_ok (c har * str);89 int sh_util_obscure_ok (const char * str); 90 90 91 91 /* read a hexchar -
trunk/src/cutest_sh_utils.c
r21 r22 10 10 11 11 int ret = 0; 12 #if defined(SH_WITH_CLIENT) || defined(SH_STANDALONE) 12 13 char input[16] = "foobar"; 13 #if defined(SH_WITH_CLIENT) || defined(SH_STANDALONE)14 14 15 15 ret = sh_util_obscure_ok ("0xA1,0xA2,0xA3"); -
trunk/src/samhain.c
r20 r22 382 382 */ 383 383 (void) sl_strlcpy (sh.host.name, _("localhost"), SH_MINIBUF); 384 sh.host.system[0] = '\0'; 384 sh.host.system[0] = '\0'; /* flawfinder: ignore *//* ff bug */ 385 385 sh.host.release[0] = '\0'; 386 386 sh.host.machine[0] = '\0'; … … 582 582 skey->mailkey_old[0] = '\0'; 583 583 skey->mailkey_new[0] = '\0'; 584 skey->crypt[0] = '\0'; 584 skey->crypt[0] = '\0'; /* flawfinder: ignore *//* ff bug */ 585 585 skey->session[0] = '\0'; 586 586 skey->vernam[0] = '\0'; … … 725 725 char exef[128]; 726 726 727 if (!pidlist) 728 return NULL; 729 727 730 for (i = 0; i < 65535; ++i) pidlist[i] = 0; 728 731 i = 0; 729 732 730 733 if (0 != stat(SH_INSTALL_PATH, &buf)) 731 return NULL; 734 { 735 free(pidlist); 736 return NULL; 737 } 732 738 733 739 ino = (long) buf.st_ino; 734 740 735 741 if (NULL == (dp = opendir("/proc"))) 736 return NULL; 742 { 743 free(pidlist); 744 return NULL; 745 } 737 746 while (NULL != (d = readdir(dp)) && i < 65535) 738 747 { … … 860 869 861 870 862 fullpath = malloc(strlen(SH_INSTALL_PATH)+1);871 fullpath = strdup (SH_INSTALL_PATH); 863 872 if (fullpath == NULL) 864 { perror(_("malloc")); exit (1); } 865 else 866 strcpy(fullpath, SH_INSTALL_PATH); /* known to fit */ 867 868 argp[0] = malloc(strlen(SH_INSTALL_PATH)+1); 873 { perror(_("strdup")); exit (1); } 874 875 argp[0] = strdup (SH_INSTALL_PATH); 869 876 if (argp[0] == NULL) 870 { perror(_("malloc")); exit (1); } 871 else 872 strcpy(argp[0], SH_INSTALL_PATH); /* known to fit */ 873 877 { perror(_("strdup")); exit (1); } 874 878 875 879 for (times = 1; times < 32; ++times) argp[times] = NULL; … … 879 883 for (times = 2; times < res; ++times) 880 884 { 881 argp[times-1] = malloc(strlen(argv[times])+1);885 argp[times-1] = strdup (argv[times]); 882 886 if (argp[times-1] == NULL) 883 { perror(_("malloc")); exit (1); } 884 else 885 strcpy(argp[times-1], argv[times]); /* known to fit */ 887 { perror(_("strdup")); exit (1); } 886 888 } 887 889 … … 903 905 _exit(4); 904 906 } 905 (void) execv(fullpath, argp); 907 (void) execv(fullpath, argp); /* flawfinder: ignore *//* wtf? */ 906 908 if (errno == EPERM) 907 909 _exit(4); … … 941 943 pidlist = procdirSamhain (); 942 944 if (pid == 0 && NULL == pidlist) /* pid file not found */ 943 return (0); 945 { 946 free(fullpath); 947 return (0); 948 } 944 949 945 950 status = 0; … … 956 961 } 957 962 } 963 free(fullpath); 958 964 if (status == 7) 959 965 return 0; … … 992 998 } 993 999 } 994 1000 free(fullpath); /* silence smatch false positive */ 995 1001 exit (1); /* no exit handler installed yet */ 996 1002 /*@notreached@*/ … … 1022 1028 /* Add a new schedule to the linked list of schedules 1023 1029 */ 1024 static sh_schedule_t * sh_set_schedule_int (c har * str,1030 static sh_schedule_t * sh_set_schedule_int (const char * str, 1025 1031 sh_schedule_t * FileSchedIn, 1026 1032 /*@out@*/ int * status) … … 1052 1058 /* Add a new schedule to the linked list FileSchedOne 1053 1059 */ 1054 int sh_set_schedule_one (c har * str)1060 int sh_set_schedule_one (const char * str) 1055 1061 { 1056 1062 int status; … … 1061 1067 /* Add a new schedule to the linked list FileSchedTwo 1062 1068 */ 1063 int sh_set_schedule_two (c har * str)1069 int sh_set_schedule_two (const char * str) 1064 1070 { 1065 1071 int status; … … 1214 1220 /* Save the timezone. 1215 1221 */ 1216 if ( (tzptr = getenv("TZ")) != NULL)1222 if (NULL != (tzptr = getenv("TZ"))) /* flawfinder: ignore */ 1217 1223 { 1218 1224 tzlen = strlen(tzptr); 1219 sh.timezone = malloc (tzlen + 1); 1220 if (sh.timezone != NULL) 1221 (void) sl_strlcpy (sh.timezone, tzptr, tzlen + 1); 1225 if (tzlen < 1024) 1226 { 1227 sh.timezone = malloc (tzlen + 1); 1228 if (sh.timezone != NULL) 1229 (void) sl_strlcpy (sh.timezone, tzptr, tzlen + 1); 1230 } 1231 else 1232 sh.timezone = NULL; 1222 1233 } 1223 1234 else -
trunk/src/samhain_setpwd.c
r1 r22 1 1 #include "config_xor.h" 2 3 #ifdef HAVE_BROKEN_INCLUDES4 #define _ANSI_C_SOURCE5 #define _POSIX_SOURCE6 #endif7 2 8 3 #include <stdio.h> … … 13 8 #include <unistd.h> 14 9 #include <sys/types.h> 10 #include <sys/wait.h> 15 11 #include <sys/stat.h> 16 12 #include <fcntl.h> 13 #include <errno.h> 14 #include <sys/time.h> 17 15 #include <time.h> 18 16 17 #if defined(HAVE_SCHED_H) && defined(HAVE_SCHED_YIELD) 18 #include <sched.h> 19 #endif 20 21 #if defined(HAVE_INT_32) 22 typedef unsigned int UINT32; 23 #elif defined(HAVE_LONG_32) 24 typedef unsigned long UINT32; 25 #elif defined(HAVE_SHORT_32) 26 typedef unsigned short UINT32; 27 #endif 28 29 #define TAUS_MAX 4294967295UL 30 31 static UINT32 taus_state[3]; 32 33 static UINT32 taus_get () 34 { 35 36 #define TAUSWORTHE(s,a,b,c,d) ((s &c) <<d) ^ (((s <<a) ^s) >>b) 37 taus_state[0] = TAUSWORTHE (taus_state[0], 13, 19, 4294967294UL, 12); 38 taus_state[1] = TAUSWORTHE (taus_state[1], 2, 25, 4294967288UL, 4); 39 taus_state[2] = TAUSWORTHE (taus_state[2], 3, 11, 4294967280UL, 17); 40 return (taus_state[0] ^ taus_state[1] ^ taus_state[2]); 41 } 42 43 static void taus_seed () 44 { 45 unsigned char buf[12]; 46 unsigned char buf2[12]; 47 unsigned char buf3[12]; 48 ssize_t count; 49 size_t nbytes = sizeof(buf); 50 size_t where = 0; 51 52 struct timeval t1, t2; 53 UINT32 delta, k[3]; 54 int i, j; 55 56 int fd = open ("/dev/urandom", O_RDONLY); 57 58 if (fd == -1) 59 { 60 gettimeofday(&t1, NULL); 61 delta = t1.tv_usec; 62 memcpy(&buf[0], &delta, 4); 63 gettimeofday(&t1, NULL); 64 delta = t1.tv_usec; 65 memcpy(&buf[4], &delta, 4); 66 gettimeofday(&t1, NULL); 67 delta = t1.tv_usec; 68 memcpy(&buf[8], &delta, 4); 69 goto second; 70 } 71 72 while (nbytes) { 73 count = read(fd, &buf[where], nbytes); 74 if (count == -1 && errno == EINTR) 75 continue; 76 where += count; 77 nbytes -= count; 78 } while (count == -1 && errno == EINTR); 79 80 close(fd); 81 82 second: 83 for (i = 0; i < 12; ++i) 84 { 85 gettimeofday(&t1, NULL); 86 if (0 == fork()) 87 _exit(EXIT_SUCCESS); 88 wait(NULL); 89 gettimeofday(&t2, NULL); 90 delta = t2.tv_usec - t1.tv_usec; 91 buf2[i] = (unsigned char) delta; 92 } 93 94 for (i = 0; i < 12; ++i) 95 { 96 gettimeofday(&t1, NULL); 97 for (j = 0; j < 32768; ++j) 98 { 99 if (0 == kill (j,0)) 100 k[i % 3] ^= j; 101 } 102 gettimeofday(&t2, NULL); 103 delta = t2.tv_usec - t1.tv_usec; 104 buf3[i] ^= (unsigned char) delta; 105 } 106 107 memcpy(&taus_state[0], &buf3[0], 4); 108 memcpy(&taus_state[1], &buf3[4], 4); 109 memcpy(&taus_state[2], &buf3[8], 4); 110 111 taus_state[0] ^= k[0]; 112 taus_state[1] ^= k[1]; 113 taus_state[2] ^= k[2]; 114 115 memcpy(&k[0], &buf2[0], 4); 116 memcpy(&k[1], &buf2[4], 4); 117 memcpy(&k[2], &buf2[8], 4); 118 119 taus_state[0] ^= k[0]; 120 taus_state[1] ^= k[1]; 121 taus_state[2] ^= k[2]; 122 123 memcpy(&k[0], &buf[0], 4); 124 memcpy(&k[1], &buf[4], 4); 125 memcpy(&k[2], &buf[8], 4); 126 127 taus_state[0] ^= k[0]; 128 taus_state[1] ^= k[1]; 129 taus_state[2] ^= k[2]; 130 131 taus_state[0] |= (UINT32) 0x03; 132 taus_state[1] |= (UINT32) 0x09; 133 taus_state[2] |= (UINT32) 0x17; 134 } 19 135 20 136 #ifdef SH_STEALTH … … 112 228 113 229 char * newn; 230 size_t nlen; 114 231 int oldf; 115 232 int newf; … … 196 313 (void) umask (0); 197 314 198 srand(time(NULL) ^ getpid());315 taus_seed(); 199 316 200 317 bytecount = 0; … … 206 323 oldf = open(argv[1], O_RDONLY); 207 324 208 newn = (char *) malloc (strlen(argv[1])+strlen(argv[2])+2); 209 strcpy(newn, argv[1]); 210 strcat(newn, "."); 211 strcat(newn, argv[2]); 325 nlen = strlen(argv[1])+strlen(argv[2])+2; 326 newn = (char *) malloc (nlen); 327 strncpy(newn, argv[1], nlen); newn[nlen-1] = '\0'; 328 strncat(newn, ".", nlen); newn[nlen-1] = '\0'; 329 strncat(newn, argv[2], nlen); newn[nlen-1] = '\0'; 212 330 newf = open(newn, O_WRONLY|O_CREAT|O_TRUNC, S_IRWXU); 213 331 … … 265 383 (unsigned char) *found_it); 266 384 267 ccd = (unsigned char) (256.0 * rand()/(RAND_MAX+1.0));385 ccd = (unsigned char) (256.0 * (taus_get()/(TAUS_MAX+1.0))); 268 386 sprintf(&newpwd[i*2], _("%02x"), 269 387 (unsigned char) ccd); … … 340 458 (unsigned char) *found_it); 341 459 342 ccd = (unsigned char) (256.0 * rand()/(RAND_MAX+1.0));460 ccd = (unsigned char) (256.0 * taus_get()/(TAUS_MAX+1.0)); 343 461 sprintf(&newpwd[i*2], _("%02x"), 344 462 (unsigned char) ccd); -
trunk/src/sh_calls.c
r20 r22 82 82 /* Set aud functions 83 83 */ 84 int sh_aud_set_functions(c har * str_s)84 int sh_aud_set_functions(const char * str_s) 85 85 { 86 86 int i = 0; -
trunk/src/sh_database.c
r18 r22 40 40 #include "sh_error.h" 41 41 #include "sh_utils.h" 42 43 extern int safe_logger (int signal, int method, pid_t thepid);44 42 45 43 #undef FIL__ … … 253 251 static int sh_persistent_dbconn = S_TRUE; 254 252 255 int sh_database_use_persistent (c har * str)253 int sh_database_use_persistent (const char * str) 256 254 { 257 255 return sh_util_flagval (str, &sh_persistent_dbconn); 258 256 } 259 257 260 static int insert_value (char * ptr, c har * str)258 static int insert_value (char * ptr, const char * str) 261 259 { 262 260 if (!ptr || !str) … … 276 274 277 275 278 int sh_database_set_database (c har * str)276 int sh_database_set_database (const char * str) 279 277 { 280 278 return insert_value (db_name, str); 281 279 } 282 int sh_database_set_table (c har * str)280 int sh_database_set_table (const char * str) 283 281 { 284 282 return insert_value (db_table, str); 285 283 } 286 int sh_database_set_host (c har * str)284 int sh_database_set_host (const char * str) 287 285 { 288 286 return insert_value (db_host, str); 289 287 } 290 int sh_database_set_user (c har * str)288 int sh_database_set_user (const char * str) 291 289 { 292 290 return insert_value (db_user, str); 293 291 } 294 int sh_database_set_password (c har * str)292 int sh_database_set_password (const char * str) 295 293 { 296 294 return insert_value (db_password, str); … … 568 566 oracle_doconnect: 569 567 570 if (!getenv("ORACLE_HOME")) 568 if (!getenv("ORACLE_HOME")) /* flawfinder: ignore */ 571 569 { 572 570 sh_error_handle((-1), FIL__, __LINE__, 0, MSG_E_SUBGEN, … … 1482 1480 } 1483 1481 1484 int sh_database_add_to_hash (c har * str)1482 int sh_database_add_to_hash (const char * str) 1485 1483 { 1486 1484 int i; … … 1692 1690 static int enter_wrapper = 1; 1693 1691 1694 int set_enter_wrapper (c har * str)1692 int set_enter_wrapper (const char * str) 1695 1693 { 1696 1694 return sh_util_flagval(str, &enter_wrapper); -
trunk/src/sh_entropy.c
r1 r22 170 170 memset( &addr, 0, sizeof(addr) ); 171 171 addr.sun_family = AF_UNIX; 172 s trcpy( addr.sun_path, name ); /* known to fit */172 sl_strlcpy( addr.sun_path, name, sizeof(addr.sun_path) ); 173 173 addr_len = offsetof( struct sockaddr_un, sun_path ) 174 174 + strlen( addr.sun_path ); … … 570 570 char * arg[4]; 571 571 char * envp[2]; 572 size_t len; 572 573 573 574 SL_ENTER(_("sh_popen")); … … 580 581 if (sh.timezone != NULL) 581 582 { 582 envp[0] = malloc (sl_strlen(sh.timezone) + 4); /* free() ok */ 583 len = sl_strlen(sh.timezone) + 4; 584 envp[0] = malloc (len); /* free() ok */ 583 585 if (envp[0] != NULL) 584 s printf (envp[0], "TZ=%s", sh.timezone); /* known to fit */586 sl_snprintf (envp[0], len, "TZ=%s", sh.timezone); 585 587 else 586 588 envp[0] = NULL; … … 778 780 sl_strlcat(combuf, _(source[i].command), 80); 779 781 782 /* flawfinder: ignore */ 780 783 if ( access (combuf, X_OK) == 0) 781 784 { -
trunk/src/sh_err_console.c
r1 r22 112 112 /* Enable the message queue 113 113 */ 114 int enable_msgq(c har * foo)114 int enable_msgq(const char * foo) 115 115 { 116 116 int i; … … 234 234 /* ---- Set the console device. ---- 235 235 */ 236 int sh_log_set_console (c har * address)236 int sh_log_set_console (const char * address) 237 237 { 238 238 SL_ENTER(_("sh_log_set_console")); -
trunk/src/sh_err_log.c
r20 r22 604 604 char sigkey_old[KEY_LEN+1]; 605 605 char sigkey_new[KEY_LEN+1]; 606 char crypt [KEY_LEN+1];606 char crypto[KEY_LEN+1]; 607 607 struct lfstc * next; 608 608 } open_logfile; … … 613 613 614 614 #ifdef SH_WITH_SERVER 615 int set_flag_sep_log (c har * str)615 int set_flag_sep_log (const char * str) 616 616 { 617 617 return sh_util_flagval(str, &flag_sep_log); … … 642 642 char * sigkey_new; 643 643 char * sigkey_old; 644 char * crypt ;644 char * crypto; 645 645 646 646 SL_ENTER(_("sh_log_file")); … … 734 734 memset(current->sigkey_old, (int)'\0', KEY_LEN+1); 735 735 memset(current->sigkey_new, (int)'\0', KEY_LEN+1); 736 memset(current->crypt ,(int)'\0', KEY_LEN+1);736 memset(current->crypto, (int)'\0', KEY_LEN+1); 737 737 current->next = logfile_list; 738 738 logfile_list = current; … … 841 841 sigkey_old = current->sigkey_old; 842 842 sigkey_new = current->sigkey_new; 843 crypt = current->crypt;843 crypto = current->crypto; 844 844 } 845 845 else … … 847 847 sigkey_old = skey->sigkey_old; 848 848 sigkey_new = skey->sigkey_new; 849 crypt = skey->crypt;849 crypto = skey->crypt; /* flawfinder: ignore */ 850 850 } 851 851 … … 869 869 /* Copy it to 'crypt' for encryption. 870 870 */ 871 (void) sl_strlcpy(crypt , sigkey_new, KEY_LEN+1);871 (void) sl_strlcpy(crypto, sigkey_new, KEY_LEN+1); 872 872 873 873 /* Use message and compiled-in key to encrypt. 874 874 */ 875 875 BREAKEXIT(sh_util_encode); 876 sh_util_encode(crypt , log_msg.msg, 0, 'B');876 sh_util_encode(crypto, log_msg.msg, 0, 'B'); 877 877 878 878 /* Send out the key. … … 900 900 901 901 sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_START_KEY_MAIL, 902 sh.prg_name, crypt ,903 crypt , log_msg.timestamp);902 sh.prg_name, crypto, 903 crypto, log_msg.timestamp); 904 904 905 905 /* send to other allowed channels … … 913 913 914 914 sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_START_KEY, 915 sh.prg_name, crypt );915 sh.prg_name, crypto); 916 916 917 917 /* Cleanup. … … 926 926 927 927 928 memset (crypt , (int) '\0', KEY_LEN);928 memset (crypto, (int) '\0', KEY_LEN); 929 929 sh.flag.log_start = S_FALSE; 930 930 current->log_start = S_FALSE; … … 949 949 (void) sl_strlcpy (sigkey_old, sigkey_new, KEY_LEN+1); 950 950 951 /*@- bufferoverflowhigh -usedef@*/951 /*@-usedef@*/ 952 952 #ifdef SH_USE_XML 953 953 if (log_msg.timestamp[0] != '\0') 954 s printf(log_msg.sig, /* known to fit */954 sl_snprintf(log_msg.sig, sizeof(log_msg.sig), 955 955 #ifdef FIX_XML 956 957 #else 958 959 #endif 960 956 _("\n<sig>%s%s</sig></log>\n"), /* <sig> FIX XML */ 957 #else 958 _("\nsig>%s%s</sig></log>\n"), /* <sig> FIX XML */ 959 #endif 960 log_msg.signature, log_msg.timestamp); 961 961 else 962 s printf(log_msg.sig, /* known to fit */962 sl_snprintf(log_msg.sig, sizeof(log_msg.sig), 963 963 #ifdef FIX_XML 964 965 #else 966 967 #endif 968 969 /*@+ bufferoverflowhigh +usedef@*/964 _("\n<sig>%s</sig></log>\n"), /* <sig> FIX XML */ 965 #else 966 _("\nsig>%s</sig></log>\n"), /* <sig> FIX XML */ 967 #endif 968 log_msg.signature); 969 /*@+usedef@*/ 970 970 971 971 #ifdef SH_STEALTH -
trunk/src/sh_err_syslog.c
r1 r22 110 110 /* set syslog facility 111 111 */ 112 int sh_log_set_facility (c har * c)112 int sh_log_set_facility (const char * c) 113 113 { 114 114 int loop = 0; -
trunk/src/sh_error.c
r20 r22 102 102 /* convert a string to a numeric priority 103 103 */ 104 int sh_error_convert_level (c har * str_s);104 int sh_error_convert_level (const char * str_s); 105 105 106 106 static int IsInitialized = BAD; … … 219 219 } 220 220 221 static int sh_error_set_classmask ( /*@notnull@*/char * c, int * facility_mask)221 static int sh_error_set_classmask (const char * str, int * facility_mask) 222 222 { 223 223 char * p; … … 225 225 unsigned int i; 226 226 size_t len; 227 char * c; 227 228 228 229 SL_ENTER(_("sh_error_set_classmask")); 229 230 230 if ( c== NULL)231 if (str == NULL) 231 232 SL_RETURN( -1, _("sh_error_set_classmask")); 232 233 … … 234 235 (void) sh_error_init(); 235 236 236 if (c[0] == (char) 34) 237 ++c; 238 len = strlen(c); 237 if (str[0] == (char) 34) 238 ++str; 239 len = strlen(str); 240 241 c = SH_ALLOC(len+1); 242 sl_strlcpy(c, str, len+1); 243 239 244 if (c[len-1] == (char) 34) 240 245 c[len-1] = '\0'; … … 273 278 } while (p); 274 279 280 SH_FREE(c); 275 281 SL_RETURN( 0, _("sh_error_set_classmask")); 276 282 } 277 283 278 int sh_error_log_mask (c har * c)284 int sh_error_log_mask (const char * c) 279 285 { 280 286 return (sh_error_set_classmask(c, &(errFlags.log_class))); 281 287 } 282 int sh_error_mail_mask (c har * c)288 int sh_error_mail_mask (const char * c) 283 289 { 284 290 return (sh_error_set_classmask(c, &(errFlags.mail_class))); 285 291 } 286 int sh_error_print_mask (c har * c)292 int sh_error_print_mask (const char * c) 287 293 { 288 294 return (sh_error_set_classmask(c, &(errFlags.print_class))); 289 295 } 290 int sh_error_export_mask (c har * c)296 int sh_error_export_mask (const char * c) 291 297 { 292 298 return (sh_error_set_classmask(c, &(errFlags.export_class))); 293 299 } 294 int sh_error_syslog_mask (c har * c)300 int sh_error_syslog_mask (const char * c) 295 301 { 296 302 return (sh_error_set_classmask(c, &(errFlags.syslog_class))); 297 303 } 298 int sh_error_external_mask (c har * c)304 int sh_error_external_mask (const char * c) 299 305 { 300 306 return (sh_error_set_classmask(c, &(errFlags.external_class))); 301 307 } 302 int sh_error_database_mask (c har * c)308 int sh_error_database_mask (const char * c) 303 309 { 304 310 return (sh_error_set_classmask(c, &(errFlags.database_class))); 305 311 } 306 int sh_error_prelude_mask (c har * c)312 int sh_error_prelude_mask (const char * c) 307 313 { 308 314 return (sh_error_set_classmask(c, &(errFlags.prelude_class))); … … 446 452 }; 447 453 448 int sh_error_convert_level (c har * str_s)454 int sh_error_convert_level (const char * str_s) 449 455 { 450 456 int i; … … 472 478 /* --- Set severity levels. --- 473 479 */ 474 int sh_error_set_iv (int iv, c har * str_s)480 int sh_error_set_iv (int iv, const char * str_s) 475 481 { 476 482 int level = (-1); … … 1126 1132 { 1127 1133 int retval; 1134 size_t ex_len; 1128 1135 1129 1136 /* will truncate to 65280 bytes 1130 1137 */ 1131 1138 export_block = 1; 1132 ex_msg = SH_ALLOC (64 + sl_strlen(lmsg->msg) + 1); 1133 /*@-bufferoverflowhigh@*/ 1134 sprintf(ex_msg, _("%d?%u?%s"), /* known to fit */ 1135 severity, class, lmsg->msg); 1136 /*@-bufferoverflowhigh@*/ 1139 ex_len = 64 + sl_strlen(lmsg->msg) + 1; 1140 ex_msg = SH_ALLOC (ex_len); 1141 1142 sl_snprintf(ex_msg, ex_len, _("%d?%u?%s"), 1143 severity, class, lmsg->msg); 1144 1137 1145 retval = sh_forward (ex_msg); 1138 1146 SH_FREE(ex_msg); … … 1306 1314 /* allocate space for user-defined message header 1307 1315 */ 1308 int sh_error_ehead (/*@null@*/c har * str_s)1316 int sh_error_ehead (/*@null@*/const char * str_s) 1309 1317 { 1310 1318 size_t size; 1311 c har * s;1319 const char * s; 1312 1320 1313 1321 SL_ENTER(_("sh_error_ehead")); … … 1324 1332 1325 1333 size = /*@i@*/strlen(s); 1326 if (/*@i@*/s[size-1] == (char) 34) --size; 1334 if (/*@i@*/s[size-1] == (char) 34) --size; /* truncate */ 1327 1335 1328 1336 if (ehead_format != NULL) … … 1482 1490 len = sl_strlen(lmsg->msg); 1483 1491 /*@i@*/required = sl_vsnprintf(&(lmsg->msg[len]), 1484 1492 (lmsg->msg_len - len), lmsg->format, vl); 1485 1493 if ( (required + len) > (lmsg->msg_len - 4) ) 1486 1494 { -
trunk/src/sh_extern.c
r1 r22 364 364 365 365 PDBGC(5); 366 sprintf(pname, _("/proc/self/fd/%d"), /* known to fit */ 367 pfd); 368 if (access(pname, R_OK|X_OK) == 0) 366 sl_snprintf(pname, sizeof(pname), _("/proc/self/fd/%d"), pfd); 367 if (access(pname, R_OK|X_OK) == 0) /* flawfinder: ignore */ 369 368 { 370 369 PDBGC(6); … … 402 401 * -- execute path if executable 403 402 */ 404 if (0 == access(task->command, R_OK|X_OK)) 403 if (0 == access(task->command, R_OK|X_OK)) /* flawfinder: ignore */ 405 404 { 406 405 PDBGC(5); … … 544 543 task->exit_status = WEXITSTATUS(task->exit_status); 545 544 if ((flag_err_debug == SL_TRUE) || (task->exit_status != 0)) 546 s printf(infomsg, /* known to fit */547 _("Subprocess exited normally with status %d"),548 task->exit_status);545 sl_snprintf(infomsg, sizeof(infomsg), 546 _("Subprocess exited normally with status %d"), 547 task->exit_status); 549 548 } 550 549 else if (WIFSIGNALED(task->exit_status) != 0) 551 550 { 552 s printf(infomsg, /* known to fit */553 554 551 sl_snprintf(infomsg, sizeof(infomsg), 552 _("Subprocess terminated by signal %d"), 553 WTERMSIG(task->exit_status)); 555 554 task->exit_status = EXIT_FAILURE; 556 555 } 557 556 else if (WIFSTOPPED(task->exit_status) != 0) 558 557 { 559 s printf(infomsg, /* known to fit */560 561 558 sl_snprintf(infomsg, sizeof(infomsg), 559 _("Subprocess stopped by signal %d, killing"), 560 WSTOPSIG(task->exit_status)); 562 561 task->exit_status = EXIT_FAILURE; 563 562 (void) aud_kill (FIL__, __LINE__, task->pid, 9); … … 567 566 else 568 567 { 569 s printf(infomsg, /* known to fit */570 568 sl_snprintf(infomsg, sizeof(infomsg), 569 _("Subprocess exit status unknown")); 571 570 task->exit_status = EXIT_FAILURE; 572 571 } … … 581 580 } 582 581 (void) aud_kill (FIL__, __LINE__, task->pid, 9); 583 s printf(infomsg, /* known to fit */584 _("Subprocess not yet exited, killing"));582 sl_snprintf(infomsg, sizeof(infomsg), 583 _("Subprocess not yet exited, killing")); 585 584 task->exit_status = EXIT_FAILURE; 586 585 (void) waitpid (task->pid, NULL, 0); … … 588 587 else 589 588 { 590 s printf(infomsg, /* known to fit */591 _("Waitpid returned error %d\n"), errno);589 sl_snprintf(infomsg, sizeof(infomsg), 590 _("Waitpid returned error %d\n"), errno); 592 591 task->exit_status = EXIT_FAILURE; 593 592 } … … 646 645 647 646 648 int sh_ext_tas_add_envv(sh_tas_t * tas, c har * key,char * val)647 int sh_ext_tas_add_envv(sh_tas_t * tas, const char * key, const char * val) 649 648 { 650 649 size_t sk = 0, sv = 0; … … 697 696 } 698 697 699 int sh_ext_tas_add_argv(sh_tas_t * tas, c har * val)698 int sh_ext_tas_add_argv(sh_tas_t * tas, const char * val) 700 699 { 701 700 size_t sv = 0; … … 722 721 } 723 722 724 void sh_ext_tas_command(sh_tas_t * tas, c har * command)723 void sh_ext_tas_command(sh_tas_t * tas, const char * command) 725 724 { 726 725 size_t len = sl_strlen(command); … … 842 841 843 842 static 844 int sh_ext_add_envv(c har * key,char * val)843 int sh_ext_add_envv(const char * key, const char * val) 845 844 { 846 845 SL_ENTER(_("sh_ext_add_envv")); … … 861 860 862 861 static 863 int sh_ext_init(c har * command)862 int sh_ext_init(const char * command) 864 863 { 865 864 sh_com_t * retval; … … 896 895 897 896 static 898 int sh_ext_uid (c har * user, /*@out@*/uid_t * uid, /*@out@*/gid_t * gid)897 int sh_ext_uid (const char * user, /*@out@*/uid_t * uid, /*@out@*/gid_t * gid) 899 898 { 900 899 struct passwd * tempres; … … 922 921 923 922 static 924 int sh_ext_add (c har * argstring, int * ntok, char * stok[])923 int sh_ext_add (const char * argstring, int * ntok, char * stok[]) 925 924 { 926 925 int i = 0; 927 926 size_t s; 928 927 char * p; 928 char * new; 929 size_t len; 929 930 930 931 SL_ENTER(_("sh_ext_add")); … … 935 936 } 936 937 938 len = strlen(argstring) + 1; 939 new = SH_ALLOC(len); 940 sl_strlcpy(new, argstring, len); 941 937 942 do 938 943 { 939 944 if (i == 0) 940 p = strtok ( argstring, ", \t");945 p = strtok (new, ", \t"); 941 946 else 942 947 p = strtok (NULL, ", \t"); … … 957 962 958 963 *ntok = i; 964 SH_FREE(new); 959 965 960 966 SL_RETURN (0, _("sh_ext_add")); … … 971 977 * -- start a new external command, and add it to the list 972 978 */ 973 int sh_ext_setcommand(c har * cmd)979 int sh_ext_setcommand(const char * cmd) 974 980 { 975 981 int i; … … 1018 1024 * -- add keywords to the OR filter 1019 1025 */ 1020 int sh_ext_add_or (c har * str)1026 int sh_ext_add_or (const char * str) 1021 1027 { 1022 1028 if (ext_coms == NULL || ext_failed == (-1)) … … 1028 1034 * -- add keywords to the AND filter 1029 1035 */ 1030 int sh_ext_add_and (c har * str)1036 int sh_ext_add_and (const char * str) 1031 1037 { 1032 1038 if (ext_coms == NULL || ext_failed == (-1)) … … 1038 1044 * -- add keywords to the NOT filter 1039 1045 */ 1040 int sh_ext_add_not (c har * str)1046 int sh_ext_add_not (const char * str) 1041 1047 { 1042 1048 if (ext_coms == NULL || ext_failed == (-1)) … … 1048 1054 * -- add keywords to the CL argument list 1049 1055 */ 1050 int sh_ext_add_argv (c har * str)1056 int sh_ext_add_argv (const char * str) 1051 1057 { 1052 1058 if (ext_coms == NULL || ext_failed == (-1)) … … 1058 1064 * -- add a path to the environment 1059 1065 */ 1060 int sh_ext_add_default (char * dummy) 1061 { 1062 /* while this assignment looks ridiculous, it is here to avoid 1063 * an 'unused parameter' warning 1064 */ 1065 char * p = (dummy == NULL ? dummy : NULL); 1066 int sh_ext_add_default (const char * dummy) 1067 { 1068 (void) dummy; 1069 char * p = NULL; 1066 1070 int i; 1067 1071 … … 1084 1088 * -- add an environment variable 1085 1089 */ 1086 int sh_ext_add_environ (c har * str)1090 int sh_ext_add_environ (const char * str) 1087 1091 { 1088 1092 int i; … … 1095 1099 * -- set deadtime 1096 1100 */ 1097 int sh_ext_deadtime (c har * str)1101 int sh_ext_deadtime (const char * str) 1098 1102 { 1099 1103 long deadtime = 0; … … 1119 1123 * -- define type 1120 1124 */ 1121 int sh_ext_type (c har * str)1125 int sh_ext_type (const char * str) 1122 1126 { 1123 1127 SL_ENTER(_("sh_ext_type")); … … 1154 1158 * -- define checksum 1155 1159 */ 1156 int sh_ext_checksum (c har * str)1160 int sh_ext_checksum (const char * str) 1157 1161 { 1158 1162 SL_ENTER(_("sh_ext_checksum")); … … 1175 1179 * -- choose privileges 1176 1180 */ 1177 int sh_ext_priv (c har * c)1181 int sh_ext_priv (const char * c) 1178 1182 { 1179 1183 -
trunk/src/sh_fifo.c
r1 r22 87 87 } 88 88 89 s trcpy (item->data, indat); /* known to fit */89 sl_strlcpy (item->data, indat, len+1); 90 90 item->data[len] = '\0'; 91 91 … … 143 143 } 144 144 145 s trcpy (item->data, indat); /* known to fit */145 sl_strlcpy (item->data, indat, len+1); 146 146 item->data[len] = '\0'; 147 147 … … 195 195 len = sl_strlen(getit->data); 196 196 retval = SH_ALLOC(len+1); 197 strcpy (retval, getit->data); /* known to fit */ 198 retval[len] = '\0'; 197 sl_strlcpy (retval, getit->data, len+1); 199 198 200 199 memset(getit->data, 0, len); -
trunk/src/sh_files.c
r20 r22 72 72 #define FIL__ _("sh_files.c") 73 73 74 extern int safe_logger (int signal, int method, pid_t thepid);75 76 74 extern int flag_err_debug; 77 75 extern int flag_err_info; 78 76 79 int sh_files_reportonce(c har * c)77 int sh_files_reportonce(const char * c) 80 78 { 81 79 int i; … … 86 84 } 87 85 88 int sh_files_fulldetail(c har * c)86 int sh_files_fulldetail(const char * c) 89 87 { 90 88 int i; … … 156 154 static int sh_files_fullpath (char * testdir, char * d_name, 157 155 char * statpath); 158 static int sh_files_pushdir (int class, c har * str_s);159 static int sh_files_pushfile (int class, c har * str_s);156 static int sh_files_pushdir (int class, const char * str_s); 157 static int sh_files_pushfile (int class, const char * str_s); 160 158 static int sh_files_checkdir (int class, int rdepth, char * dirName, 161 159 char * relativeName); … … 446 444 447 445 448 int sh_files_pushfile_prelink (c har * str_s)446 int sh_files_pushfile_prelink (const char * str_s) 449 447 { 450 448 return (sh_files_pushfile (SH_LEVEL_PRELINK, str_s)); 451 449 } 452 450 453 int sh_files_pushfile_user0 (c har * str_s)451 int sh_files_pushfile_user0 (const char * str_s) 454 452 { 455 453 return (sh_files_pushfile (SH_LEVEL_USER0, str_s)); … … 457 455 458 456 459 int sh_files_pushfile_user1 (c har * str_s)457 int sh_files_pushfile_user1 (const char * str_s) 460 458 { 461 459 return (sh_files_pushfile (SH_LEVEL_USER1, str_s)); … … 463 461 464 462 465 int sh_files_pushfile_ro (c har * str_s)463 int sh_files_pushfile_ro (const char * str_s) 466 464 { 467 465 return (sh_files_pushfile (SH_LEVEL_READONLY, str_s)); 468 466 } 469 467 470 int sh_files_pushfile_attr (c har * str_s)468 int sh_files_pushfile_attr (const char * str_s) 471 469 { 472 470 return (sh_files_pushfile (SH_LEVEL_ATTRIBUTES, str_s)); 473 471 } 474 472 475 int sh_files_pushfile_log (c har * str_s)473 int sh_files_pushfile_log (const char * str_s) 476 474 { 477 475 return (sh_files_pushfile (SH_LEVEL_LOGFILES, str_s)); 478 476 } 479 477 480 int sh_files_pushfile_glog (c har * str_s)478 int sh_files_pushfile_glog (const char * str_s) 481 479 { 482 480 return (sh_files_pushfile (SH_LEVEL_LOGGROW, str_s)); 483 481 } 484 482 485 int sh_files_pushfile_noig (c har * str_s)483 int sh_files_pushfile_noig (const char * str_s) 486 484 { 487 485 return (sh_files_pushfile (SH_LEVEL_NOIGNORE, str_s)); 488 486 } 489 487 490 int sh_files_pushfile_allig (c har * str_s)488 int sh_files_pushfile_allig (const char * str_s) 491 489 { 492 490 return (sh_files_pushfile (SH_LEVEL_ALLIGNORE, str_s)); … … 511 509 /* set mask(class) 512 510 */ 513 static int sh_files_parse_mask (unsigned long * mask, c har * str)511 static int sh_files_parse_mask (unsigned long * mask, const char * str) 514 512 { 515 513 int l, i = 0, act = 0, k = 0; … … 602 600 } 603 601 604 int sh_files_redef_prelink(c har * str)602 int sh_files_redef_prelink(const char * str) 605 603 { 606 604 return (sh_files_parse_mask(&mask_PRELINK, str)); 607 605 } 608 int sh_files_redef_user0(c har * str)606 int sh_files_redef_user0(const char * str) 609 607 { 610 608 return (sh_files_parse_mask(&mask_USER0, str)); 611 609 } 612 int sh_files_redef_user1(c har * str)610 int sh_files_redef_user1(const char * str) 613 611 { 614 612 return (sh_files_parse_mask(&mask_USER1, str)); 615 613 } 616 int sh_files_redef_readonly(c har * str)614 int sh_files_redef_readonly(const char * str) 617 615 { 618 616 return (sh_files_parse_mask(&mask_READONLY, str)); 619 617 } 620 int sh_files_redef_loggrow(c har * str)618 int sh_files_redef_loggrow(const char * str) 621 619 { 622 620 return (sh_files_parse_mask(&mask_LOGGROW, str)); 623 621 } 624 int sh_files_redef_logfiles(c har * str)622 int sh_files_redef_logfiles(const char * str) 625 623 { 626 624 return (sh_files_parse_mask(&mask_LOGFILES, str)); 627 625 } 628 int sh_files_redef_attributes(c har * str)626 int sh_files_redef_attributes(const char * str) 629 627 { 630 628 return (sh_files_parse_mask(&mask_ATTRIBUTES, str)); 631 629 } 632 int sh_files_redef_noignore(c har * str)630 int sh_files_redef_noignore(const char * str) 633 631 { 634 632 return (sh_files_parse_mask(&mask_NOIGNORE, str)); 635 633 } 636 int sh_files_redef_allignore(c har * str)634 int sh_files_redef_allignore(const char * str) 637 635 { 638 636 return (sh_files_parse_mask(&mask_ALLIGNORE, str)); … … 725 723 if (zfileList == NULL) 726 724 { 727 (void) safe_logger (0, 0, getpid());725 (void) safe_logger (0, 0, NULL); 728 726 aud__exit(FIL__, __LINE__, EXIT_FAILURE); 729 727 } … … 734 732 if (-1 == ret) 735 733 { 736 (void) safe_logger (0, 0, getpid());734 (void) safe_logger (0, 0, NULL); 737 735 aud__exit(FIL__, __LINE__, EXIT_FAILURE); 738 736 } … … 745 743 746 744 747 static int sh_files_pushfile (int class, char * str_s) 748 { 745 static int sh_files_pushfile (int class, const char * str_s) 746 { 747 int len; 749 748 char * tmp; 750 int len;749 char * p; 751 750 #ifdef HAVE_GLOB_H 752 glob_t pglob;753 751 int globstatus = -1; 754 752 unsigned int gloop; 753 glob_t pglob; 755 754 #endif 756 755 … … 808 807 * special case of the root directory. 809 808 */ 810 if (str_s[len-1] == '/' && len > 1) 809 p = sh_util_strdup (str_s); 810 if (p[len-1] == '/' && len > 1) 811 811 { 812 str_s[len-1] = '\0';812 p[len-1] = '\0'; 813 813 --len; 814 814 } … … 817 817 818 818 #ifdef HAVE_GLOB_H 819 if (0 == sh_files_has_metachar( str_s))820 { 821 sh_files_push_file_int (class, str_s, len);819 if (0 == sh_files_has_metachar(p)) 820 { 821 sh_files_push_file_int (class, p, len); 822 822 } 823 823 else 824 824 { 825 825 pglob.gl_offs = 0; 826 globstatus = glob ( str_s, 0, sh_files_globerr, &pglob);826 globstatus = glob (p, 0, sh_files_globerr, &pglob); 827 827 828 828 if (globstatus == 0 && pglob.gl_pathc > 0) … … 834 834 else 835 835 { 836 tmp = sh_util_safe_name ( str_s);836 tmp = sh_util_safe_name (p); 837 837 838 838 if (pglob.gl_pathc == 0 … … 869 869 870 870 #else 871 sh_files_push_file_int (class, str_s, len); 872 #endif 873 871 sh_files_push_file_int (class, p, len); 872 #endif 873 874 SH_FREE(p); 874 875 SL_RETURN((0),_("sh_files_pushfile")); 875 876 } … … 1028 1029 } 1029 1030 1030 int sh_files_pushdir_prelink (c har * str_s)1031 int sh_files_pushdir_prelink (const char * str_s) 1031 1032 { 1032 1033 return (sh_files_pushdir (SH_LEVEL_PRELINK, str_s)); 1033 1034 } 1034 1035 1035 int sh_files_pushdir_user0 (c har * str_s)1036 int sh_files_pushdir_user0 (const char * str_s) 1036 1037 { 1037 1038 return (sh_files_pushdir (SH_LEVEL_USER0, str_s)); 1038 1039 } 1039 1040 1040 int sh_files_pushdir_user1 (c har * str_s)1041 int sh_files_pushdir_user1 (const char * str_s) 1041 1042 { 1042 1043 return (sh_files_pushdir (SH_LEVEL_USER1, str_s)); 1043 1044 } 1044 1045 1045 int sh_files_pushdir_attr (c har * str_s)1046 int sh_files_pushdir_attr (const char * str_s) 1046 1047 { 1047 1048 return (sh_files_pushdir (SH_LEVEL_ATTRIBUTES, str_s)); 1048 1049 } 1049 1050 1050 int sh_files_pushdir_ro (c har * str_s)1051 int sh_files_pushdir_ro (const char * str_s) 1051 1052 { 1052 1053 return (sh_files_pushdir (SH_LEVEL_READONLY, str_s)); 1053 1054 } 1054 1055 1055 int sh_files_pushdir_log (c har * str_s)1056 int sh_files_pushdir_log (const char * str_s) 1056 1057 { 1057 1058 return (sh_files_pushdir (SH_LEVEL_LOGFILES, str_s)); 1058 1059 } 1059 1060 1060 int sh_files_pushdir_glog (c har * str_s)1061 int sh_files_pushdir_glog (const char * str_s) 1061 1062 { 1062 1063 return (sh_files_pushdir (SH_LEVEL_LOGGROW, str_s)); 1063 1064 } 1064 1065 1065 int sh_files_pushdir_noig (c har * str_s)1066 int sh_files_pushdir_noig (const char * str_s) 1066 1067 { 1067 1068 return (sh_files_pushdir (SH_LEVEL_NOIGNORE, str_s)); 1068 1069 } 1069 1070 1070 int sh_files_pushdir_allig (c har * str_s)1071 int sh_files_pushdir_allig (const char * str_s) 1071 1072 { 1072 1073 return (sh_files_pushdir (SH_LEVEL_ALLIGNORE, str_s)); … … 1120 1121 if (tree == NULL) 1121 1122 { 1122 (void) safe_logger (0, 0, getpid());1123 (void) safe_logger (0, 0, NULL); 1123 1124 aud__exit(FIL__, __LINE__, EXIT_FAILURE); 1124 1125 } … … 1133 1134 if (-1 == ret) 1134 1135 { 1135 (void) safe_logger (0, 0, getpid());1136 (void) safe_logger (0, 0, NULL); 1136 1137 aud__exit(FIL__, __LINE__, EXIT_FAILURE); 1137 1138 } … … 1143 1144 } 1144 1145 1145 static int sh_files_pushdir (int class, c har * str_s)1146 static int sh_files_pushdir (int class, const char * str_s) 1146 1147 { 1147 1148 char * tmp; … … 1149 1150 int rdepth = 0; 1150 1151 char * tail = NULL; 1152 char * p; 1151 1153 1152 1154 #ifdef HAVE_GLOB_H … … 1166 1168 SL_RETURN((-1), _("sh_files_pushdir")); 1167 1169 1168 1169 if (str_s[0] != '/') 1170 { 1171 rdepth = strtol(str_s, &tail, 10); 1172 if (tail == str_s) 1173 SL_RETURN((-1), _("sh_files_pushdir")); 1170 p = sh_util_strdup (str_s); 1171 1172 if (p[0] != '/') 1173 { 1174 rdepth = strtol(p, &tail, 10); 1175 if (tail == p) 1176 { 1177 SH_FREE(p); 1178 SL_RETURN((-1), _("sh_files_pushdir")); 1179 } 1174 1180 } 1175 1181 else 1176 tail = str_s;1182 tail = p; 1177 1183 1178 1184 1179 if (rdepth < (-1) || tail == str_s|| rdepth > 99)1185 if (rdepth < (-1) || tail == p || rdepth > 99) 1180 1186 rdepth = (-2); 1181 1187 … … 1188 1194 tmp); 1189 1195 SH_FREE(tmp); 1196 SH_FREE(p); 1190 1197 SL_RETURN((-1), _("sh_files_pushdir")); 1191 1198 } 1192 1199 else if (len < 1) 1193 1200 { 1201 SH_FREE(p); 1194 1202 SL_RETURN((-1), _("sh_files_pushdir")); 1195 1203 } … … 1200 1208 tmp); 1201 1209 SH_FREE(tmp); 1210 SH_FREE(p); 1202 1211 SL_RETURN((-1), _("sh_files_pushdir")); 1203 1212 } … … 1268 1277 #endif 1269 1278 1279 SH_FREE(p); 1270 1280 SL_RETURN((0), _("sh_files_pushdir")); 1271 1281 } … … 1322 1332 /* Simply sets our boolean as to whether this check is active 1323 1333 */ 1324 int sh_files_check_hardlinks (c har * opt)1334 int sh_files_check_hardlinks (const char * opt) 1325 1335 { 1326 1336 int i; … … 1338 1348 static struct sh_hle_struct * sh_hl_exc = NULL; 1339 1349 1340 int sh_files_hle_reg (c har * str)1350 int sh_files_hle_reg (const char * str) 1341 1351 { 1342 1352 long offset; -
trunk/src/sh_forward.c
r20 r22 345 345 } 346 346 347 int sh_forward_setlogserver (c har * address)347 int sh_forward_setlogserver (const char * address) 348 348 { 349 349 SL_ENTER(_("sh_forward_setlogserver")); … … 1911 1911 1912 1912 1913 int sh_forward_use_clt_class (c har * c)1913 int sh_forward_use_clt_class (const char * c) 1914 1914 { 1915 1915 int i; … … 1919 1919 } 1920 1920 1921 int sh_forward_use_clt_sev (c har * c)1921 int sh_forward_use_clt_sev (const char * c) 1922 1922 { 1923 1923 int i; … … 1950 1950 } 1951 1951 1952 extern int safe_logger (int signal, int method, pid_t thepid); 1953 1954 int sh_forward_register_client (char * str) 1952 1953 int sh_forward_register_client (const char * str) 1955 1954 { 1956 1955 client_t * newclt; 1957 1956 client_t * testclt; 1958 1957 1959 c har* ptr;1958 const char * ptr; 1960 1959 int sepnum = 0; 1961 1960 int sep[2]; … … 1980 1979 if (all_clients == NULL) 1981 1980 { 1982 (void) safe_logger (0, 0, getpid());1981 (void) safe_logger (0, 0, NULL); 1983 1982 aud__exit(FIL__, __LINE__, EXIT_FAILURE); 1984 1983 } … … 2012 2011 newclt->status_arr[i] = CLT_INACTIVE; 2013 2012 sl_strlcpy(newclt->timestamp[CLT_INACTIVE], sh_unix_time(0), TIM_MAX); 2013 /* truncate */ 2014 2014 sl_strlcpy(newclt->hostname, &str[0], sep[0]+1); 2015 /* truncate */ 2015 2016 sl_strlcpy(newclt->salt, &str[sep[0]+1], sep[1]-sep[0]); 2016 2017 sl_strlcpy(newclt->verifier, &str[sep[1]+1], sl_strlen(str)-sep[1]+1); … … 2386 2387 2387 2388 #if defined(WITH_EXTERNAL) 2388 sprintf(msg, _("%s %s %s"), /* known to fit */ 2389 conn->hostname, 2390 conn->timestamp[status], 2391 _(clt_stat[status])); 2389 sl_snprintf(msg, sizeof(msg), _("%s %s %s"), 2390 conn->hostname, conn->timestamp[status], _(clt_stat[status])); 2392 2391 sh_ext_execute('s', 'r', 'v', msg, 0); 2393 2392 #endif … … 2398 2397 static time_t time_client_limit = 86400; 2399 2398 2400 int sh_forward_set_time_limit (c har * c)2399 int sh_forward_set_time_limit (const char * c) 2401 2400 { 2402 2401 long val; … … 2448 2447 static int lookup_err = SH_ERR_SEVERE; 2449 2448 2450 int sh_forward_lookup_level (c har * c)2449 int sh_forward_lookup_level (const char * c) 2451 2450 { 2452 2451 int ci = sh_error_convert_level (c); … … 2603 2602 static int UseSocketPeer = S_FALSE; 2604 2603 2605 int set_socket_peer (c har * c)2604 int set_socket_peer (const char * c) 2606 2605 { 2607 2606 return sh_util_flagval(c, &UseSocketPeer); … … 2731 2730 char hash[SH_MAXMSGLEN + KEY_LEN + KEY_LEN + 1]; 2732 2731 char * buffer; 2733 long len;2734 2732 2735 2733 int clt_sev; … … 2737 2735 2738 2736 UINT32 ticks; 2737 size_t len; 2739 2738 int i; 2740 2739 char * test; … … 2821 2820 sh_error_handle((-1), FIL__, __LINE__, 0, MSG_TCP_FAUTH, 2822 2821 &(conn->buf[KEY_LEN])); 2823 strcpy(conn->buf, /* known to fit */ 2824 &(conn->buf[KEY_LEN])); 2822 len = sl_strlen(&(conn->buf[KEY_LEN])) + 1; 2823 /* &(conn->buf[KEY_LEN]) is hostname */ 2824 /* may overlap, thus only memmove is correct */ 2825 memmove(conn->buf, &(conn->buf[KEY_LEN]), len); 2825 2826 this_client->session_key[0] = '\0'; 2826 2827 this_client->session_key_timer = (time_t) 1; … … 2835 2836 conn->K = NULL; 2836 2837 } 2837 i= sl_strlen(&(conn->buf[KEY_LEN])) + KEY_LEN + 1;2838 conn->K = SH_ALLOC( i);2838 len = sl_strlen(&(conn->buf[KEY_LEN])) + KEY_LEN + 1; 2839 conn->K = SH_ALLOC(len); 2839 2840 2840 2841 sl_strlcpy (conn->K, … … 2914 2915 conn->A = SH_ALLOC(3*KEY_LEN+1); 2915 2916 sl_strlcpy (conn->A, conn->K, KEY_LEN+1); 2916 sl_strlcat(conn->A, conn->buf, /* ignore remainder*/2917 sl_strlcat(conn->A, conn->buf, /* truncate */ 2917 2918 2*KEY_LEN+1); 2918 2919 sl_strlcat(conn->A, conn->client_entry->session_key, … … 3278 3279 sh_error_handle((-1), FIL__, __LINE__, 0, MSG_TCP_FAUTH, 3279 3280 &(conn->buf[KEY_LEN])); 3280 strcpy(conn->buf, /* known to fit */ 3281 &(conn->buf[KEY_LEN])); 3281 len = sl_strlen(&(conn->buf[KEY_LEN])) + 1; 3282 /* &(conn->buf[KEY_LEN]) is hostname */ 3283 /* may overlap, thus only memmove is correct */ 3284 memmove(conn->buf, &(conn->buf[KEY_LEN]), len); 3282 3285 this_client->session_key[0] = '\0'; 3283 3286 this_client->session_key_timer = (time_t) 1; … … 3293 3296 conn->K = NULL; 3294 3297 } 3295 i= sl_strlen(&(conn->buf[KEY_LEN])) + KEY_LEN + 1;3296 conn->K = SH_ALLOC( i);3298 len = sl_strlen(&(conn->buf[KEY_LEN])) + KEY_LEN + 1; 3299 conn->K = SH_ALLOC(len); 3297 3300 3298 3301 sl_strlcpy (conn->K, … … 4600 4603 static unsigned int server_port = SH_DEFAULT_PORT; 4601 4604 4602 int sh_forward_set_port (c har * str)4605 int sh_forward_set_port (const char * str) 4603 4606 { 4604 4607 int retval = 0; 4605 4608 unsigned long i; 4606 char * endptr = str;4609 char * endptr; 4607 4610 4608 4611 SL_ENTER(_("sh_forward_set_port")); … … 4621 4624 static int use_server_interface = 0; 4622 4625 4623 int sh_forward_set_interface (c har * str)4626 int sh_forward_set_interface (const char * str) 4624 4627 { 4625 4628 if (0 == strcmp(str, _("INADDR_ANY"))) … … 4814 4817 */ 4815 4818 new_act.sa_handler = SIG_IGN; 4819 sigemptyset( &new_act.sa_mask ); /* set an empty mask */ 4820 new_act.sa_flags = 0; /* init sa_flags */ 4816 4821 retry_sigaction (FIL__, __LINE__, SIGPIPE, &new_act, &old_act); 4817 4822 … … 5571 5576 } 5572 5577 5573 int set_syslog_active(c har * c)5578 int set_syslog_active(const char * c) 5574 5579 { 5575 5580 return sh_util_flagval(c, &enable_syslog_socket); -
trunk/src/sh_getopt.c
r20 r22 391 391 if (op_table[i].hasArg == HAS_ARG_NO) { 392 392 if (sl_strlen(op_table[i].longopt) < 10) 393 s trcpy(fmt,_("%c%c%c --%-s,\t\t\t %s\n"));/* known to fit */393 sl_strlcpy(fmt,_("%c%c%c --%-s,\t\t\t %s\n"), sizeof(fmt)); 394 394 else if (sl_strlen(op_table[i].longopt) < 17) 395 s trcpy(fmt, _("%c%c%c --%-s,\t\t %s\n")); /* known to fit */395 sl_strlcpy(fmt, _("%c%c%c --%-s,\t\t %s\n"), sizeof(fmt)); 396 396 else 397 strcpy(fmt, _("%c%c%c --%-s,\t %s\n")); /* known to fit */ 398 /*@-formatconst@*/ 399 fprintf (stdout, 400 fmt, 397 sl_strlcpy(fmt, _("%c%c%c --%-s,\t %s\n"), sizeof(fmt)); 398 /* flawfinder: ignore */ 399 fprintf (stdout, fmt, 401 400 (op_table[i].shortopt == '-') ? ' ' : '-', 402 401 (op_table[i].shortopt == '-') ? ' ' : op_table[i].shortopt, … … 404 403 _(op_table[i].longopt), 405 404 _(op_table[i].usage)); 406 /*@+formatconst@*/407 405 } else { 408 406 if (sl_strlen(op_table[i].longopt) < 12) 409 strcpy(fmt, /* known to fit */ 410 _("%c%c %s --%-s=<arg>,\t\t %s\n")); 407 sl_strlcpy(fmt, _("%c%c %s --%-s=<arg>,\t\t %s\n"), sizeof(fmt)); 411 408 else 412 strcpy(fmt, /* known to fit */ 413 _("%c%c %s --%-s=<arg>,\t %s\n")); 414 /*@-formatconst@*/ 415 fprintf (stdout, 416 fmt, 409 sl_strlcpy(fmt, _("%c%c %s --%-s=<arg>,\t %s\n"), sizeof(fmt)); 410 /* flawfinder: ignore */ 411 fprintf (stdout, fmt, 417 412 (op_table[i].shortopt == '-') ? ' ' : '-', 418 413 (op_table[i].shortopt == '-') ? ' ' : op_table[i].shortopt, … … 420 415 _(op_table[i].longopt), 421 416 _(op_table[i].usage)); 422 /*@+formatconst@*/423 417 } 424 418 } -
trunk/src/sh_gpg.c
r1 r22 209 209 FILE * outf = NULL; 210 210 char * envp[2]; 211 size_t len; 211 212 char path[256]; 212 213 char cc1[32]; … … 370 371 if (sh.effective.home != NULL) 371 372 { 372 envp[0] = malloc (sl_strlen(sh.effective.home) + 6); /* free() ok */ 373 len = sl_strlen(sh.effective.home) + 6; 374 envp[0] = malloc (len); /* free() ok */ 373 375 if (envp[0] != NULL) 374 sprintf (envp[0], "HOME=%s", /* known to fit */ 375 sh.effective.home); 376 sl_snprintf (envp[0], len, "HOME=%s", sh.effective.home); 376 377 envp[1] = NULL; 377 378 } … … 486 487 487 488 pfd = get_the_fd(checkfd); 488 s printf(pname, _("/proc/self/fd/%d"), /* known to fit */489 pfd); 490 if (0 == access(pname, R_OK|X_OK)) 489 sl_snprintf(pname, sizeof(pname), _("/proc/self/fd/%d"), pfd); 490 if (0 == access(pname, R_OK|X_OK)) /* flawfinder: ignore */ 491 491 492 { 492 493 fcntl (pfd, F_SETFD, FD_CLOEXEC); -
trunk/src/sh_hash.c
r20 r22 1268 1268 } 1269 1269 1270 int sh_hash_version_string(c har * str)1270 int sh_hash_version_string(const char * str) 1271 1271 { 1272 1272 int i; -
trunk/src/sh_html.c
r1 r22 296 296 { 297 297 entry_orig = realloc(entry_orig, /* free() ok */ 298 entry_size + line_size );298 entry_size + line_size + 1); 299 299 if (entry_orig) { add_size = line_size; } 300 300 } … … 302 302 { 303 303 entry_orig = malloc(line_size + 1); /* free() ok */ 304 if (entry_orig) { entry_orig[0] = '\0'; add_size = line_size + 1; }304 if (entry_orig) { entry_orig[0] = '\0'; add_size = line_size; } 305 305 } 306 306 if (!entry_orig) … … 311 311 } 312 312 313 s trcat(&entry_orig[entry_size], line); /* known to fit */313 sl_strlcat(&entry_orig[entry_size], line, line_size + 1); 314 314 entry_size += add_size; 315 SH_VAL_EQ(entry_orig[entry_size], '\0'); 315 316 } 316 317 sl_close(fd); -
trunk/src/sh_ignore.c
r1 r22 53 53 54 54 static struct sh_ignore_list * sh_ignore_add_int(struct sh_ignore_list * list, 55 c har * addpath)55 const char * addpath) 56 56 { 57 57 struct sh_ignore_list * new; … … 96 96 } 97 97 98 int sh_ignore_add_del (c har * addpath)98 int sh_ignore_add_del (const char * addpath) 99 99 { 100 100 if ((addpath == NULL) || (addpath[0] != '/')) … … 106 106 } 107 107 108 int sh_ignore_add_new (c har * addpath)108 int sh_ignore_add_new (const char * addpath) 109 109 { 110 110 if ((addpath == NULL) || (addpath[0] != '/')) -
trunk/src/sh_kern.c
r3 r22 431 431 int (*rename) (int *, int *, 432 432 int *, int *); 433 /* flawfinder: ignore */ 433 434 int (*readlink) (int *, char *,int); 434 435 int (*follow_link) (int *, int *); -
trunk/src/sh_mail.c
r20 r22 271 271 272 272 static 273 int sh_filter_filteradd (char * argstring, sh_filter_type * filter, int ftype) 273 int sh_filter_filteradd (const char * argstring, 274 sh_filter_type * filter, int ftype) 274 275 { 275 276 int i = 0; … … 372 373 */ 373 374 static 374 int sh_filter_filter (c har * message, sh_filter_type * filter)375 int sh_filter_filter (const char * message, sh_filter_type * filter) 375 376 { 376 377 int i; … … 432 433 * -- add keywords to the OR filter 433 434 */ 434 int sh_mail_add_or (c har * str)435 int sh_mail_add_or (const char * str) 435 436 { 436 437 return (sh_filter_filteradd (str, &(mail_filter), SH_FILT_OR)); … … 440 441 * -- add keywords to the AND filter 441 442 */ 442 int sh_mail_add_and (c har * str)443 int sh_mail_add_and (const char * str) 443 444 { 444 445 return (sh_filter_filteradd (str, &(mail_filter), SH_FILT_AND)); … … 448 449 * -- add keywords to the NOT filter 449 450 */ 450 int sh_mail_add_not (c har * str)451 int sh_mail_add_not (const char * str) 451 452 { 452 453 return (sh_filter_filteradd (str, &(mail_filter), SH_FILT_NOT)); … … 473 474 } 474 475 475 int sh_mail_setaddress (c har * address)476 int sh_mail_setaddress (const char * address) 476 477 { 477 478 char * p; … … 523 524 } 524 525 525 int sh_mail_setaddress_int (c har * address)526 int sh_mail_setaddress_int (const char * address) 526 527 { 527 528 int i; … … 533 534 } 534 535 535 int sh_mail_setNum (c har * str)536 int sh_mail_setNum (const char * str) 536 537 { 537 538 int i = atoi (str); … … 549 550 static int all_in_one = S_FALSE; 550 551 551 int sh_mail_setFlag (c har * str)552 int sh_mail_setFlag (const char * str) 552 553 { 553 554 int i; … … 559 560 static char * mail_subject = NULL; 560 561 561 int set_mail_subject (c har * str)562 int set_mail_subject (const char * str) 562 563 { 563 564 SL_ENTER(_("set_mail_subject")); … … 1006 1007 /* reveal first signature key 1007 1008 */ 1008 (void) sl_strlcpy(skey->crypt, skey->mailkey_new, KEY_LEN+1); 1009 /* flawfinder: ignore */ 1010 (void) sl_strlcpy(skey->crypt, skey->mailkey_new, KEY_LEN+1); 1009 1011 1010 1012 BREAKEXIT(sh_util_encode); 1013 /* flawfinder: ignore */ 1011 1014 sh_util_encode(skey->crypt, bufcompress, 0, 'A'); 1012 1015 1016 /* flawfinder: ignore */ 1013 1017 (void) sl_strlcat (mailMsg, skey->crypt, msgbufsize); 1018 /* flawfinder: ignore */ 1014 1019 memset (skey->crypt, 0, KEY_LEN); 1015 1020 isfirst = 0; … … 1021 1026 (void) sl_strlcpy (skey->mailkey_old, skey->mailkey_new, KEY_LEN+1); 1022 1027 1023 /*@-bufferoverflowhigh@*/ 1024 sprintf(subject, _("%06d %010ld::%s\r\n"), /* known to fit */ 1025 mailcount, (long) id_audit, sh.host.name); 1026 /*@+bufferoverflowhigh@*/ 1028 sl_snprintf(subject, sizeof(subject), _("%06d %010ld::%s\r\n"), 1029 mailcount, (long) id_audit, sh.host.name); 1027 1030 1028 1031 (void) sl_strlcat (mailMsg, subject, msgbufsize); … … 1222 1225 static char * relay_host = NULL; 1223 1226 1224 int sh_mail_set_relay (c har * str_s)1227 int sh_mail_set_relay (const char * str_s) 1225 1228 { 1226 1229 size_t i = 0; … … 1251 1254 static char * mail_sender = NULL; 1252 1255 1253 int sh_mail_set_sender (c har *str)1256 int sh_mail_set_sender (const char *str) 1254 1257 { 1255 1258 if (mail_sender != NULL) … … 1735 1738 if (g != 1) 1736 1739 { 1737 /*@-bufferoverflowhigh@*/ 1738 sprintf(errmsg, /* known to fit */ 1739 _("Bad response (%d), expected %d"), rcode, code); 1740 /*@+bufferoverflowhigh@*/ 1740 sl_snprintf(errmsg, sizeof(errmsg), 1741 _("Bad response (%d), expected %d"), rcode, code); 1742 1741 1743 sh_error_handle((-1), FIL__, __LINE__, 0, MSG_E_NET, 1742 1744 errmsg, _("sh_mail_wait"), … … 1883 1885 int ret, length, status; 1884 1886 mx * result; 1887 size_t len; 1885 1888 1886 1889 typedef union … … 2065 2068 */ 2066 2069 result[count].pref = pref; 2067 result[count].address = SH_ALLOC (strlen (expanded) + 1); 2068 strcpy (result[count].address, expanded); /* known to fit */ 2070 len = strlen (expanded) + 1; 2071 result[count].address = SH_ALLOC (len); 2072 sl_strlcpy (result[count].address, expanded, len); 2069 2073 } 2070 2074 while (ret > 0 && comp_dn < eom && count); … … 2101 2105 mx * result; 2102 2106 dnsrep * retval; 2103 char errmsg[128]; 2107 char errmsg[128]; 2108 size_t len; 2104 2109 2105 2110 SL_ENTER(_("return_mx")); … … 2128 2133 _("get_mx")); 2129 2134 #else 2135 /* flawfinder: ignore *//* test code only */ 2130 2136 strcpy (errmsg, /* known to fit */ 2131 2137 _("No MX record for domain ")); … … 2155 2161 result->pref = 0; 2156 2162 /*@-type@*/ 2157 result->address = SH_ALLOC (strlen (host->h_name) + 1); 2158 strcpy (result->address, host->h_name); /* known to fit */ 2163 len = strlen (host->h_name) + 1; 2164 result->address = SH_ALLOC (len); 2165 sl_strlcpy (result->address, host->h_name, len); 2159 2166 /*@+type@*/ 2160 2167 SL_RETURN (retval, _("return_mx")); -
trunk/src/sh_mem.c
r11 r22 39 39 #include "sh_mem.h" 40 40 41 extern int safe_logger (int signal, int method, pid_t thepid);41 extern int safe_logger (int signal, int method, char * details); 42 42 43 43 #undef FIL__ … … 228 228 { 229 229 eblock = 1; 230 (void) safe_logger (0, 0, getpid());230 (void) safe_logger (0, 0, NULL); 231 231 /* 232 232 sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_E_MMEM, … … 320 320 { 321 321 eblock = 1; 322 (void) safe_logger(0, 0, getpid());322 (void) safe_logger(0, 0, NULL); 323 323 /* 324 324 sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_E_MMEM, … … 456 456 { 457 457 eblock = 1; 458 (void) safe_logger(0, 0, getpid());458 (void) safe_logger(0, 0, NULL); 459 459 /* 460 460 sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_E_MMEM); -
trunk/src/sh_prelink.c
r8 r22 38 38 static char * prelink_hash = NULL; 39 39 40 int sh_prelink_set_path (c har * str)40 int sh_prelink_set_path (const char * str) 41 41 { 42 42 size_t len; … … 55 55 } 56 56 57 int sh_prelink_set_hash (c har * str)57 int sh_prelink_set_hash (const char * str) 58 58 { 59 59 size_t len; … … 245 245 sl_read_timeout_prep (task.pipeTI); 246 246 247 strcpy(file_hash, /* known to fit */ 248 sh_tiger_generic_hash (path, TIGER_FD, 0, alert_timeout)); 247 sl_strlcpy(file_hash, 248 sh_tiger_generic_hash (path, TIGER_FD, 0, alert_timeout), 249 KEY_LEN+1); 249 250 250 251 /* restore old signal handler -
trunk/src/sh_prelude.c
r20 r22 133 133 } 134 134 135 static int set_prelude_severity_int (char * str, int prelude_sev) 136 { 137 char * p = strtok (str, ", \t"); 135 static int set_prelude_severity_int (const char * str, int prelude_sev) 136 { 137 char * p; 138 char * dup = strdup (str); 139 140 p = strtok (dup, ", \t"); 138 141 139 142 if (p) { … … 160 163 } while (p); 161 164 } 165 free(dup); 162 166 return 0; 163 167 } 164 168 165 int sh_prelude_map_info (c har * str)169 int sh_prelude_map_info (const char * str) 166 170 { 167 171 return (set_prelude_severity_int(str,(int)IDMEF_IMPACT_SEVERITY_INFO)); 168 172 } 169 int sh_prelude_map_low (c har * str)173 int sh_prelude_map_low (const char * str) 170 174 { 171 175 return (set_prelude_severity_int(str,(int)IDMEF_IMPACT_SEVERITY_LOW)); 172 176 } 173 int sh_prelude_map_medium (c har * str)177 int sh_prelude_map_medium (const char * str) 174 178 { 175 179 return (set_prelude_severity_int(str,(int)IDMEF_IMPACT_SEVERITY_MEDIUM)); 176 180 } 177 int sh_prelude_map_high (c har * str)181 int sh_prelude_map_high (const char * str) 178 182 { 179 183 return (set_prelude_severity_int(str,(int)IDMEF_IMPACT_SEVERITY_HIGH)); … … 300 304 } 301 305 306 /* flawfinder: ignore *//* is part of name, not access() */ 302 307 static void get_access_info(idmef_file_access_t *access, char * mode, int pos, int mpos) 303 308 { … … 308 313 do { 309 314 if ( mode[pos] == 'r' ) { 315 /* flawfinder: ignore *//* is part of name, not access() */ 310 316 ret = idmef_file_access_new_permission(access, &str, -1); 311 317 if ( ret < 0 ) … … 315 321 } 316 322 else if ( mode[pos] == 'w' ) { 323 /* flawfinder: ignore *//* is part of name, not access() */ 317 324 ret = idmef_file_access_new_permission(access, &str, -1); 318 325 if ( ret < 0 ) … … 322 329 } 323 330 else if ( mode[pos] == 'x' || mode[pos] == 's' || mode[pos] == 't') { 331 /* flawfinder: ignore *//* is part of name, not access() */ 324 332 ret = idmef_file_access_new_permission(access, &str, -1); 325 333 if ( ret < 0 ) … … 340 348 341 349 if ( got == 0 ) { 350 /* flawfinder: ignore *//* is part of name, not access() */ 342 351 ret = idmef_file_access_new_permission(access, &str, -1); 343 352 if ( ret < 0 ) … … 360 369 prelude_string_t *str; 361 370 idmef_checksum_t *checksum; 362 idmef_file_access_t *access; 371 idmef_file_access_t *access; /* flawfinder: ignore */ 363 372 idmef_user_id_t *userid; 364 373 const char *suffix = (category == IDMEF_FILE_CATEGORY_CURRENT) ? "_new" : "_old"; … … 459 468 mode = get_value(msg, _("mode"), suffix); 460 469 if ( mode ) { 470 /* flawfinder: ignore *//* is part of name, not access() */ 461 471 ret = idmef_file_new_file_access(file, &access, -1); 462 472 if ( ret < 0 ) 463 473 return; 464 474 475 /* flawfinder: ignore *//* is part of name, not access() */ 465 476 ret = idmef_file_access_new_user_id(access, &userid); 466 477 if ( ret < 0 ) … … 468 479 idmef_user_id_set_type(userid, IDMEF_USER_ID_TYPE_OTHER_PRIVS); 469 480 481 /* flawfinder: ignore *//* is part of name, not access() */ 470 482 get_access_info ( access, mode, 7, 9 ); 471 483 } … … 475 487 struct passwd *pw; 476 488 489 /* flawfinder: ignore *//* is part of name, not access() */ 477 490 ret = idmef_file_new_file_access(file, &access, 0); 478 491 if ( ret < 0 ) 479 492 return; 480 493 494 /* flawfinder: ignore *//* is part of name, not access() */ 481 495 ret = idmef_file_access_new_user_id(access, &userid); 482 496 if ( ret < 0 ) … … 497 511 498 512 if ( mode ) { 513 /* flawfinder: ignore *//* is part of name, not access() */ 499 514 get_access_info ( access, mode, 1, 3 ); 500 515 } … … 505 520 struct group *gr; 506 521 522 /* flawfinder: ignore *//* is part of name, not access() */ 507 523 ret = idmef_file_new_file_access(file, &access, -1); 508 524 if ( ret < 0 ) 509 525 return; 510 526 527 /* flawfinder: ignore *//* is part of name, not access() */ 511 528 ret = idmef_file_access_new_user_id(access, &userid); 512 529 if ( ret < 0 ) … … 527 544 528 545 if ( mode ) { 529 get_access_info ( access, mode, 4, 6 ); 546 get_access_info ( access, mode, 4, 6 ); /* flawfinder: ignore */ 530 547 } 531 548 } … … 890 907 891 908 892 int sh_prelude_set_profile(c har *arg)909 int sh_prelude_set_profile(const char *arg) 893 910 { 894 911 if ( profile ) { -
trunk/src/sh_readconf.c
r20 r22 52 52 #endif 53 53 54 extern int set_reverse_lookup (c har * c);54 extern int set_reverse_lookup (const char * c); 55 55 56 56 #undef FIL__ … … 282 282 /* The system type, release, and machine. 283 283 */ 284 sprintf(myident, _("%s:%s:%s"), /* known to fit */ 285 sh.host.system, sh.host.release, sh.host.machine); 284 sl_snprintf(myident, sizeof(myident), _("%s:%s:%s"), 285 sh.host.system, /* flawfinder: ignore */ 286 sh.host.release, sh.host.machine); 286 287 287 288 … … 580 581 } 581 582 582 int sh_readconf_set_path (char * which, c har * what)583 int sh_readconf_set_path (char * which, const char * what) 583 584 { 584 585 int len; … … 621 622 } 622 623 623 int sh_readconf_set_database_path (c har * what)624 int sh_readconf_set_database_path (const char * what) 624 625 { 625 626 return (sh_readconf_set_path(sh.data.path, what)); 626 627 } 627 628 628 int sh_readconf_set_logfile_path (c har * what)629 int sh_readconf_set_logfile_path (const char * what) 629 630 { 630 631 return (sh_readconf_set_path(sh.srvlog.name, what)); 631 632 } 632 633 633 int sh_readconf_set_lockfile_path (c har * what)634 int sh_readconf_set_lockfile_path (const char * what) 634 635 { 635 636 return( sh_readconf_set_path(sh.srvlog.alt, what)); … … 645 646 646 647 647 int sh_readconf_setTime (c har * str, ShTimerItem what)648 int sh_readconf_setTime (const char * str, ShTimerItem what) 648 649 { 649 650 unsigned long i = atoi (str); … … 674 675 } 675 676 676 int sh_readconf_setMailtime (c har * c)677 int sh_readconf_setMailtime (const char * c) 677 678 { 678 679 return sh_readconf_setTime (c, SET_MAILTIME); 679 680 } 680 681 681 int sh_readconf_setFiletime (c har * c)682 int sh_readconf_setFiletime (const char * c) 682 683 { 683 684 return sh_readconf_setTime (c, SET_FILETIME); 684 685 } 685 686 686 int sh_readconf_set_nice (c har * c)687 int sh_readconf_set_nice (const char * c) 687 688 { 688 689 long val; … … 704 705 705 706 #ifdef FANCY_LIBCAP 706 int sh_readconf_setCaps(c har * c)707 int sh_readconf_setCaps(const char * c) 707 708 { 708 709 int i; … … 718 719 ShSectionType section; 719 720 ShSectionType alt_section; 720 int (*func)(c har * opt);721 int (*func)(const char * opt); 721 722 } cfg_options; 722 723 723 724 #if defined (SH_WITH_CLIENT) || defined (SH_STANDALONE) 724 extern int sh_set_schedule_one(c har * str);725 extern int sh_set_schedule_two(c har * str);725 extern int sh_set_schedule_one(const char * str); 726 extern int sh_set_schedule_two(const char * str); 726 727 #endif 727 728 #if defined (SH_WITH_SERVER) 728 extern int sh_socket_use (char * c); 729 extern int sh_socket_uid (char * c); 730 extern int sh_socket_password (char * c); 731 #endif 732 733 /* Yes, this isn't very elegant ;) 734 */ 735 #if defined(WITH_EXTERNAL) 736 int sh_error_set_external_wrap (char * str) { 737 return sh_error_set_external ((const char *) str); 738 } 739 #endif 740 #if defined (SH_WITH_CLIENT) || defined (SH_STANDALONE) 741 int sh_files_setrecursion_wrap (char * str) { 742 return sh_files_setrecursion ((const char *) str); 743 } 744 int sh_util_setchecksum_wrap (char * str) { 745 return sh_util_setchecksum ((const char *) str); 746 } 747 #endif 748 int sh_util_setlooptime_wrap (char * str) { 749 return sh_util_setlooptime ((const char *) str); 750 } 751 #ifdef SH_WITH_MAIL 752 int sh_error_setseverity_wrap (char * str) { 753 return sh_error_setseverity ((const char *) str); 754 } 755 #endif 756 int sh_calls_set_bind_addr_wrap (char * str) { 757 return sh_calls_set_bind_addr ((const char *) str); 758 } 759 int sh_unix_setdeamon_wrap (char * str) { 760 return sh_unix_setdeamon ((const char *) str); 761 } 762 int sh_error_setprint_wrap (char * str) { 763 return sh_error_setprint ((const char *) str); 764 } 765 int sh_error_setlog_wrap (char * str) { 766 return sh_error_setlog ((const char *) str); 767 } 768 int sh_error_set_syslog_wrap (char * str) { 769 return sh_error_set_syslog ((const char *) str); 770 } 771 #ifdef HAVE_LIBPRELUDE 772 int sh_error_set_prelude_wrap (char * str) { 773 return sh_error_set_prelude ((const char *) str); 774 } 775 #endif 776 #ifdef SH_WITH_CLIENT 777 int sh_error_setexport_wrap (char * str) { 778 return sh_error_setexport ((const char *) str); 779 } 780 #endif 781 #ifdef SH_WITH_SERVER 782 int sh_forward_set_strip_wrap (char * str) { 783 return sh_forward_set_strip ((const char *) str); 784 } 785 int sh_unix_set_chroot_wrap (char * str) { 786 return sh_unix_set_chroot ((const char *) str); 787 } 788 #endif 789 #if defined(WITH_DATABASE) 790 int sh_error_set_database_wrap (char * str) { 791 return sh_error_set_database ((const char *) str); 792 } 793 #endif 794 729 extern int sh_socket_use (const char * c); 730 extern int sh_socket_uid (const char * c); 731 extern int sh_socket_password (const char * c); 732 #endif 733 795 734 cfg_options ext_table[] = { 796 735 #if defined(WITH_EXTERNAL) … … 818 757 sh_ext_add_or }, 819 758 { N_("externalseverity"),SH_SECTION_LOG, SH_SECTION_EXTERNAL, 820 sh_error_set_external _wrap},759 sh_error_set_external }, 821 760 { N_("externalclass"), SH_SECTION_LOG, SH_SECTION_EXTERNAL, 822 761 sh_error_external_mask }, … … 845 784 set_enter_wrapper }, 846 785 #endif 786 847 787 848 788 #if defined (SH_WITH_CLIENT) || defined (SH_STANDALONE) … … 902 842 sh_util_obscure_ok }, 903 843 { N_("setrecursionlevel"), SH_SECTION_MISC, SH_SECTION_NONE, 904 sh_files_setrecursion _wrap},844 sh_files_setrecursion }, 905 845 { N_("checksumtest"), SH_SECTION_MISC, SH_SECTION_NONE, 906 sh_util_setchecksum _wrap},846 sh_util_setchecksum }, 907 847 { N_("reportonlyonce"), SH_SECTION_MISC, SH_SECTION_NONE, 908 848 sh_files_reportonce }, … … 961 901 { N_("setprelinkchecksum"), SH_SECTION_MISC, SH_SECTION_NONE, 962 902 sh_prelink_set_hash }, 903 963 904 /* client or standalone 964 905 */ … … 977 918 sh_socket_password }, 978 919 { N_("setstripdomain"), SH_SECTION_SRV, SH_SECTION_MISC, 979 sh_forward_set_strip _wrap},920 sh_forward_set_strip }, 980 921 { N_("useseparatelogs"), SH_SECTION_SRV, SH_SECTION_MISC, 981 922 set_flag_sep_log }, 982 923 { N_("setchrootdir"), SH_SECTION_SRV, SH_SECTION_MISC, 983 sh_unix_set_chroot _wrap},924 sh_unix_set_chroot }, 984 925 { N_("setclienttimelimit"), SH_SECTION_SRV, SH_SECTION_MISC, 985 926 sh_forward_set_time_limit }, … … 1002 943 #ifdef SH_WITH_CLIENT 1003 944 { N_("exportseverity"), SH_SECTION_LOG, SH_SECTION_NONE, 1004 sh_error_setexport _wrap},945 sh_error_setexport }, 1005 946 { N_("exportclass"), SH_SECTION_LOG, SH_SECTION_NONE, 1006 947 sh_error_export_mask }, … … 1011 952 sh_readconf_setFiletime }, 1012 953 { N_("setlooptime"), SH_SECTION_MISC, SH_SECTION_NONE, 1013 sh_util_setlooptime _wrap},954 sh_util_setlooptime }, 1014 955 1015 956 #ifdef SH_WITH_MAIL 1016 957 { N_("mailseverity"), SH_SECTION_LOG, SH_SECTION_NONE, 1017 sh_error_setseverity _wrap},958 sh_error_setseverity }, 1018 959 { N_("mailclass"), SH_SECTION_LOG, SH_SECTION_NONE, 1019 960 sh_error_mail_mask }, … … 1040 981 #endif 1041 982 { N_("setbindaddress"), SH_SECTION_MISC, SH_SECTION_NONE, 1042 sh_calls_set_bind_addr _wrap},983 sh_calls_set_bind_addr }, 1043 984 { N_("daemon"), SH_SECTION_MISC, SH_SECTION_NONE, 1044 sh_unix_setdeamon _wrap},985 sh_unix_setdeamon }, 1045 986 { N_("samhainpath"), SH_SECTION_MISC, SH_SECTION_NONE, 1046 987 sh_unix_self_hash }, … … 1051 992 1052 993 { N_("printseverity"), SH_SECTION_LOG, SH_SECTION_NONE, 1053 sh_error_setprint _wrap},994 sh_error_setprint }, 1054 995 { N_("printclass"), SH_SECTION_LOG, SH_SECTION_NONE, 1055 996 sh_error_print_mask }, 1056 997 1057 998 { N_("logseverity"), SH_SECTION_LOG, SH_SECTION_NONE, 1058 sh_error_setlog _wrap},999 sh_error_setlog }, 1059 1000 { N_("logclass"), SH_SECTION_LOG, SH_SECTION_NONE, 1060 1001 sh_error_log_mask }, 1061 1002 1062 1003 { N_("syslogseverity"), SH_SECTION_LOG, SH_SECTION_NONE, 1063 sh_error_set_syslog _wrap},1004 sh_error_set_syslog }, 1064 1005 { N_("syslogclass"), SH_SECTION_LOG, SH_SECTION_NONE, 1065 1006 sh_error_syslog_mask }, 1066 1007 #ifdef HAVE_LIBPRELUDE 1067 1008 { N_("preludeseverity"), SH_SECTION_LOG, SH_SECTION_NONE, 1068 sh_error_set_prelude _wrap},1009 sh_error_set_prelude }, 1069 1010 { N_("preludeclass"), SH_SECTION_LOG, SH_SECTION_NONE, 1070 1011 sh_error_prelude_mask }, -
trunk/src/sh_schedule.c
r1 r22 53 53 #endif 54 54 55 #include "samhain.h" 55 56 #include "sh_mem.h" 56 57 … … 318 319 char * copy; 319 320 int i = 0; 321 size_t len; 320 322 321 323 if (!ssched || !isched) 322 324 return -1; 323 325 326 len = strlen(ssched)+1; 324 327 #ifdef TESTONLY 325 copy = malloc( strlen(ssched)+1); /* testonly code */326 #else 327 copy = SH_ALLOC( strlen(ssched)+1);328 #endif 329 s trcpy(copy, ssched); /* known to fit */328 copy = malloc(len); /* testonly code */ 329 #else 330 copy = SH_ALLOC(len); 331 #endif 332 sl_strlcpy(copy, ssched, len); 330 333 331 334 p = strtok(copy, " \t"); /* parse crontab-style schedule */ -
trunk/src/sh_socket.c
r1 r22 244 244 } 245 245 246 int sh_socket_use (c har * c)246 int sh_socket_use (const char * c) 247 247 { 248 248 return sh_util_flagval(c, &sh_socket_flaguse); … … 289 289 #endif 290 290 291 int sh_socket_uid (c har * c)291 int sh_socket_uid (const char * c) 292 292 { 293 293 uid_t val = (uid_t) strtol (c, (char **)NULL, 10); … … 301 301 } 302 302 303 int sh_socket_password (c har * c)303 int sh_socket_password (const char * c) 304 304 { 305 305 #if defined(NEED_PASSWORD_AUTH) … … 378 378 379 379 name.sun_family = AF_FILE; 380 s trcpy (name.sun_path, sh_sockname);380 sl_strlcpy (name.sun_path, sh_sockname, sizeof(name.sun_path)); 381 381 382 382 size = (offsetof (struct sockaddr_un, sun_path) … … 878 878 879 879 new = SH_ALLOC(sizeof(struct socket_cmd)); 880 s trcpy (new->cmd, in->cmd);881 s trcpy (new->clt, in->clt);882 s trcpy (new->cti, sh_unix_time(0));880 sl_strlcpy (new->cmd, in->cmd, sizeof(new->cmd)); 881 sl_strlcpy (new->clt, in->clt, sizeof(new->clt)); 882 sl_strlcpy (new->cti, sh_unix_time(0), sizeof(new->cti)); 883 883 new->next = cmdlist; 884 884 cmdlist = new; … … 896 896 if (0 == sl_strcmp(new->clt, client_name)) 897 897 { 898 s trcpy (new->cmd, in->cmd);899 s trcpy (new->clt, in->clt);900 s trcpy (new->cti, sh_unix_time(0));898 sl_strlcpy (new->cmd, in->cmd, sizeof(new->cmd)); 899 sl_strlcpy (new->clt, in->clt, sizeof(new->clt)); 900 sl_strlcpy (new->cti, sh_unix_time(0), sizeof(new->cti)); 901 901 return; 902 902 } … … 905 905 906 906 new = SH_ALLOC(sizeof(struct socket_cmd)); 907 s trcpy (new->cmd, in->cmd);908 s trcpy (new->clt, in->clt);909 s trcpy (new->cti, sh_unix_time(0));907 sl_strlcpy (new->cmd, in->cmd, sizeof(new->cmd)); 908 sl_strlcpy (new->clt, in->clt, sizeof(new->clt)); 909 sl_strlcpy (new->cti, sh_unix_time(0), sizeof(new->cti)); 910 910 new->next = runlist; 911 911 runlist = new; -
trunk/src/sh_srp.c
r1 r22 121 121 } 122 122 siz_str_internal = size; 123 s trcpy (get_str_internal, str); /* known to fit */123 sl_strlcpy (get_str_internal, str, siz_str_internal); 124 124 for (i = 0; i < (size-1); ++i) 125 125 if (get_str_internal[i] >= 'a' && get_str_internal[i] <= 'f' ) -
trunk/src/sh_static.c
r1 r22 59 59 #endif 60 60 61 extern int sl_strlcpy(char * dst, /*@null@*/const char * src, size_t siz); 62 extern int sl_strlcat(char * dst, /*@null@*/const char * src, size_t siz); 61 63 62 64 … … 884 886 885 887 #ifdef DEBUG 888 /* flawfinder: ignore *//* definition of debug macro */ 886 889 #define DPRINTF(X,args...) fprintf(stderr, X, ##args) 887 890 #else … … 1194 1197 goto fail; 1195 1198 1196 s trncpy(lookup,name,MAXDNAME);1199 sl_strlcpy(lookup,name,MAXDNAME); 1197 1200 BIGLOCK; 1198 1201 if (variant < __searchdomains && strchr(lookup, '.') == NULL) 1199 1202 { 1200 s trncat(lookup,".", MAXDNAME);1201 s trncat(lookup,__searchdomain[variant], MAXDNAME);1203 sl_strlcat(lookup,".", MAXDNAME); 1204 sl_strlcat(lookup,__searchdomain[variant], MAXDNAME); 1202 1205 } 1203 1206 BIGUNLOCK; -
trunk/src/sh_suidchk.c
r19 r22 415 415 long sl_status = SL_ENONE; 416 416 struct stat fileInfo; 417 struct stat fileInfo_F; 418 int file_d; 417 419 418 420 file_type theFile; 419 421 char fileHash[2*(KEY_LEN + 1)]; 422 423 mode_t umask_old; 424 int cperm_status; 420 425 421 426 SL_ENTER(_("sh_suidchk_check_internal")); … … 666 671 break; 667 672 case SH_Q_CHANGEPERM: 673 cperm_status = 0; 674 file_d = -1; 668 675 if (retry_lstat(FIL__, __LINE__, tmpcat, &fileInfo) == -1) 669 676 { … … 677 684 tmp ); 678 685 SH_FREE(msg); 686 cperm_status = -1; 679 687 } 680 else 688 689 if (cperm_status == 0) 681 690 { 682 691 if (0 != (caperr = sl_get_cap_qdel())) … … 686 695 sh_error_message (caperr), 687 696 _("sl_get_cap_qdel")); 697 cperm_status = -1; 688 698 } 689 690 if ((fileInfo.st_mode & S_ISUID) > 0) 691 fileInfo.st_mode -= S_ISUID; 692 if ((fileInfo.st_mode & S_ISGID) > 0) 693 fileInfo.st_mode -= S_ISGID; 694 if (chmod(tmpcat, fileInfo.st_mode) == -1) 699 } 700 701 if (cperm_status == 0) 702 { 703 file_d = aud_open (FIL__, __LINE__, SL_YESPRIV, 704 tmpcat, O_RDONLY, 0); 705 if (-1 == file_d) 706 { 707 status = errno; 708 msg = SH_ALLOC(SH_BUFSIZE); 709 (void) sl_snprintf(msg, SH_BUFSIZE, _("I/O error. errno = %ld"), status); 710 sh_error_handle (ShSuidchkSeverity, 711 FIL__, __LINE__, 712 status, 713 MSG_SUID_QREPORT, msg, 714 tmp ); 715 SH_FREE(msg); 716 cperm_status = -1; 717 } 718 } 719 720 if (cperm_status == 0) 721 { 722 if (retry_fstat(FIL__, __LINE__, file_d, &fileInfo_F) == -1) 723 { 724 status = errno; 725 msg = SH_ALLOC(SH_BUFSIZE); 726 (void) sl_snprintf(msg, SH_BUFSIZE, 727 _("I/O error. errno = %ld"), status); 728 sh_error_handle (ShSuidchkSeverity, 729 FIL__, __LINE__, 730 status, 731 MSG_SUID_QREPORT, msg, 732 tmp ); 733 SH_FREE(msg); 734 cperm_status = -1; 735 } 736 } 737 738 if (cperm_status == 0) 739 { 740 if (fileInfo_F.st_ino != fileInfo.st_ino || 741 fileInfo_F.st_dev != fileInfo.st_dev || 742 fileInfo_F.st_mode != fileInfo.st_mode) 743 { 744 status = errno; 745 msg = SH_ALLOC(SH_BUFSIZE); 746 (void) sl_snprintf(msg, SH_BUFSIZE, 747 _("Race detected. errno = %ld"), status); 748 sh_error_handle (ShSuidchkSeverity, 749 FIL__, __LINE__, 750 status, 751 MSG_SUID_QREPORT, msg, 752 tmp ); 753 SH_FREE(msg); 754 cperm_status = -1; 755 } 756 } 757 758 if ((fileInfo.st_mode & S_ISUID) > 0) 759 fileInfo.st_mode -= S_ISUID; 760 if ((fileInfo.st_mode & S_ISGID) > 0) 761 fileInfo.st_mode -= S_ISGID; 762 763 if (cperm_status == 0) 764 { 765 if (fchmod(file_d, fileInfo.st_mode) == -1) 695 766 { 696 767 status = errno; … … 713 784 tmp ); 714 785 } 715 if (0 != (caperr = sl_drop_cap_qdel())) 786 } 787 788 if (0 != (caperr = sl_drop_cap_qdel())) 789 { 790 sh_error_handle((-1), FIL__, __LINE__, 791 caperr, MSG_E_SUBGEN, 792 sh_error_message (caperr), 793 _("sl_drop_cap_qdel")); 794 } 795 796 if (file_d != -1) 797 { 798 do { 799 status = close (file_d); 800 } while (status == -1 && errno == EINTR); 801 802 if (-1 == status) 716 803 { 717 sh_error_handle((-1), FIL__, __LINE__, 718 caperr, MSG_E_SUBGEN, 719 sh_error_message (caperr), 720 _("sl_drop_cap_qdel")); 804 status = errno; 805 msg = SH_ALLOC(SH_BUFSIZE); 806 (void) sl_snprintf(msg, SH_BUFSIZE, 807 _("I/O error. errno = %ld"), status); 808 sh_error_handle (ShSuidchkSeverity, 809 FIL__, __LINE__, 810 status, 811 MSG_SUID_QREPORT, msg, 812 tmp ); 813 SH_FREE(msg); 814 cperm_status = -1; 721 815 } 722 816 } … … 725 819 dir = SH_ALLOC(PATH_MAX+1); 726 820 (void) sl_strlcpy (dir, DEFAULT_QDIR, PATH_MAX+1); 727 if ( access (dir, F_OK) != 0)821 if (retry_stat (FIL__, __LINE__, dir, &fileInfo) != 0) 728 822 { 729 823 status = errno; 730 824 msg = SH_ALLOC(SH_BUFSIZE); 731 (void) sl_snprintf(msg, SH_BUFSIZE, _("Problem quarantining file. File NOT quarantined. errno = %ld ( access)"), status);825 (void) sl_snprintf(msg, SH_BUFSIZE, _("Problem quarantining file. File NOT quarantined. errno = %ld (stat)"), status); 732 826 sh_error_handle (ShSuidchkSeverity, 733 827 FIL__, __LINE__, … … 815 909 DEFAULT_QDIR, 816 910 basename(theFile.fullpath)); 911 /* 912 * avoid chmod by setting umask 913 */ 914 umask_old = umask (0077); 817 915 filePtr = fopen (filetmp, "w+"); 818 916 /*@-usedef@*/ … … 828 926 } 829 927 /*@+usedef@*/ 928 umask (umask_old); 830 929 831 930 sh_error_handle (ShSuidchkSeverity, … … 834 933 _("Quarantine method applied"), 835 934 tmp ); 836 if (chmod(filetmp, S_IRUSR | S_IWUSR) == -1)837 {838 status = errno;839 msg = SH_ALLOC(SH_BUFSIZE);840 (void) sl_snprintf(msg, SH_BUFSIZE, _("Problem setting permissions on quarantined file. errno = %ld"), status);841 sh_error_handle (ShSuidchkSeverity,842 FIL__,__LINE__,843 status, MSG_SUID_QREPORT,844 msg, tmp );845 SH_FREE(msg);846 }847 935 } 848 936 SH_FREE(filetmp); … … 976 1064 FileLimTotal = 0; 977 1065 1066 #ifdef SH_SUIDTESTDIR 1067 status = sh_suidchk_check_internal (SH_SUIDTESTDIR); 1068 #else 978 1069 status = sh_suidchk_check_internal ("/"); 1070 #endif 979 1071 980 1072 sh_error_handle ((-1), FIL__, __LINE__, EINVAL, MSG_SUID_SUMMARY, … … 1169 1261 long val; 1170 1262 int ret = 0; 1263 struct stat buf; 1171 1264 1172 1265 SL_ENTER(_("sh_suidchk_set_qmethod")); … … 1190 1283 break; 1191 1284 case SH_Q_MOVE: 1192 if ( access (DEFAULT_QDIR, F_OK) != 0)1285 if (retry_stat (FIL__, __LINE__, DEFAULT_QDIR, &buf) != 0) 1193 1286 { 1194 1287 if (mkdir (DEFAULT_QDIR, 0750) == -1) -
trunk/src/sh_tiger0.c
r20 r22 1392 1392 } 1393 1393 1394 int sh_tiger_hashtype (c har * c)1394 int sh_tiger_hashtype (const char * c) 1395 1395 { 1396 1396 SL_ENTER( _("sh_tiger_hashtype")); … … 1460 1460 if (res != NULL) 1461 1461 { 1462 /*@-bufferoverflowhigh -formatconst@*/1463 1462 #if defined(TIGER_64_BIT) 1464 sprintf(out, /* known to fit */ 1465 MYFORMAT, 1466 (sh_word32)(res[0]>>32), 1467 (sh_word32)(res[0]), 1468 (sh_word32)(res[1]>>32), 1469 (sh_word32)(res[1]), 1470 (sh_word32)(res[2]>>32), 1471 (sh_word32)(res[2]) ); 1463 sl_snprintf(out, 1464 sizeof(out), 1465 MYFORMAT, 1466 (sh_word32)(res[0]>>32), 1467 (sh_word32)(res[0]), 1468 (sh_word32)(res[1]>>32), 1469 (sh_word32)(res[1]), 1470 (sh_word32)(res[2]>>32), 1471 (sh_word32)(res[2]) ); 1472 1472 #else 1473 s printf(out, /* known to fit */1474 MYFORMAT,1475 (sh_word32)(res[1]),1476 (sh_word32)(res[0]),1477 (sh_word32)(res[3]),1478 (sh_word32)(res[2]),1479 (sh_word32)(res[5]),1480 (sh_word32)(res[4]) );1481 #endif 1482 /*@+bufferoverflowhigh@*/ 1483 out[ KEY_LEN] = '\0';1473 sl_snprintf(out, 1474 sizeof(out), 1475 MYFORMAT, 1476 (sh_word32)(res[1]), 1477 (sh_word32)(res[0]), 1478 (sh_word32)(res[3]), 1479 (sh_word32)(res[2]), 1480 (sh_word32)(res[5]), 1481 (sh_word32)(res[4]) ); 1482 #endif 1483 out[sizeof(out)-1] = '\0'; 1484 1484 SL_RETURN( out, _("sh_tiger_hash_internal")); 1485 1485 … … 1507 1507 if (res != NULL) 1508 1508 { 1509 /*@-bufferoverflowhigh -formatconst@*/1510 1509 #if defined(TIGER_64_BIT) 1511 sprintf(outhash, /* known to fit */ 1512 GPGFORMAT, 1513 (sh_word32)(res[0]>>32), 1514 (sh_word32)(res[0]), 1515 (sh_word32)(res[1]>>32), 1516 (sh_word32)(res[1]), 1517 (sh_word32)(res[2]>>32), 1518 (sh_word32)(res[2]) ); 1510 sl_snprintf(outhash, 1511 sizeof(outhash), 1512 GPGFORMAT, 1513 (sh_word32)(res[0]>>32), 1514 (sh_word32)(res[0]), 1515 (sh_word32)(res[1]>>32), 1516 (sh_word32)(res[1]), 1517 (sh_word32)(res[2]>>32), 1518 (sh_word32)(res[2]) ); 1519 1519 #else 1520 s printf(outhash, /* known to fit */1521 GPGFORMAT,1522 (sh_word32)(res[1]),1523 (sh_word32)(res[0]),1524 (sh_word32)(res[3]),1525 (sh_word32)(res[2]),1526 (sh_word32)(res[5]),1527 (sh_word32)(res[4]) );1528 #endif 1529 /*@+bufferoverflowhigh@*/ 1530 outhash[ 48 + 6] = '\0';1520 sl_snprintf(outhash, 1521 sizeof(outhash), 1522 GPGFORMAT, 1523 (sh_word32)(res[1]), 1524 (sh_word32)(res[0]), 1525 (sh_word32)(res[3]), 1526 (sh_word32)(res[2]), 1527 (sh_word32)(res[5]), 1528 (sh_word32)(res[4]) ); 1529 #endif 1530 outhash[sizeof(outhash)-1] = '\0'; 1531 1531 } 1532 1532 else 1533 1533 { 1534 /*@-bufferoverflowhigh@*/ 1535 sprintf(outhash, /* known to fit */ 1536 _("00000000 00000000 00000000 00000000 00000000 00000000")); 1537 /*@+bufferoverflowhigh@*/ 1534 sl_strlcpy(outhash, 1535 _("00000000 00000000 00000000 00000000 00000000 00000000"), 1536 sizeof(outhash)); 1538 1537 } 1539 1538 -
trunk/src/sh_tools.c
r18 r22 441 441 int DoReverseLookup = S_TRUE; 442 442 443 int set_reverse_lookup (c har * c)443 int set_reverse_lookup (const char * c) 444 444 { 445 445 return sh_util_flagval(c, &DoReverseLookup); … … 462 462 463 463 int retval; 464 size_t len; 464 465 465 466 sin_cache * check_cache = conn_cache; … … 535 536 else 536 537 { 537 host_name = SH_ALLOC(sl_strlen(host_entry->h_name) + 1);538 if (sl_strlen(host_entry->h_name) > 0)539 strcpy(host_name, /* known to fit */540 host_entry->h_name);538 len = sl_strlen(host_entry->h_name) + 1; 539 host_name = SH_ALLOC(len); 540 if (len > 1) 541 sl_strlcpy(host_name, host_entry->h_name, len); 541 542 else 542 543 host_name[0] = '\0'; … … 714 715 */ 715 716 new_act.sa_handler = SIG_IGN; 717 sigemptyset( &new_act.sa_mask ); /* set an empty mask */ 718 new_act.sa_flags = 0; /* init sa_flags */ 716 719 sigaction (SIGPIPE, &new_act, &old_act); 717 720 -
trunk/src/sh_unix.c
r20 r22 307 307 *p = '0' + (u % 10); 308 308 u /= 10; 309 } while (u );310 if ( iisneg == 1) {309 } while (u && (p != str)); 310 if ((iisneg == 1) && (p != str)) { 311 311 --p; 312 312 *p = '-'; … … 323 323 extern int OnlyStderr; 324 324 325 int safe_logger (int signal, int method, pid_t thepid)325 int safe_logger (int signal, int method, char * details) 326 326 { 327 327 int i = 0; … … 331 331 char str[128]; 332 332 char * p; 333 333 334 334 char l0[64], l1[64], l2[64], l3[64]; 335 335 char a0[32], a1[32], a2[32]; 336 336 char e0[128]; 337 337 char msg[128]; 338 338 339 339 char * locations[] = { NULL, NULL, NULL, NULL, NULL }; 340 340 char * envp[] = { NULL, NULL }; 341 341 char * argp[] = { NULL, NULL, NULL, NULL, NULL }; 342 342 343 pid_t thepid = getpid(); 344 343 345 if ((sh.flag.isdaemon == S_FALSE) || (OnlyStderr == S_TRUE)) 344 346 method = 1; 345 347 346 348 /* seems that solaris cc needs this way of initializing ... 347 349 */ … … 350 352 locations[2] = l2; 351 353 locations[3] = l3; 352 354 353 355 envp[0] = e0; 354 356 355 357 argp[0] = a0; 356 358 argp[1] = a1; 357 359 argp[2] = a2; 358 359 strcpy (l0, _("/usr/bin/logger")); /* known to fit */ 360 strcpy (l1, _("/usr/sbin/logger")); /* known to fit */ 361 strcpy (l2, _("/usr/ucb/logger")); /* known to fit */ 362 strcpy (l3, _("/bin/logger")); /* known to fit */ 363 364 strcpy (a0, _("logger")); /* known to fit */ 365 strcpy (a1, _("-p")); /* known to fit */ 366 strcpy (a2, _("daemon.alert")); /* known to fit */ 367 368 strcpy (e0, /* known to fit */ 369 _("PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/ucb:/usr/local/bin")); 370 360 371 361 sl_strlcpy(msg, _("samhain["), 128); 372 362 p = safe_itoa((int) thepid, str, 128); … … 375 365 if (signal == 0) 376 366 { 377 sl_strlcat(msg, _("]: out of memory"), 128); 367 if (details == NULL) { 368 sl_strlcat(msg, _("]: out of memory"), 128); 369 } else { 370 sl_strlcat(msg, _("]: "), 128); 371 sl_strlcat(msg, details, 128); 372 } 378 373 } 379 374 else … … 393 388 return 0; 394 389 } 390 391 sl_strlcpy (l0, _("/usr/bin/logger"), 64); 392 sl_strlcpy (l1, _("/usr/sbin/logger"), 64); 393 sl_strlcpy (l2, _("/usr/ucb/logger"), 64); 394 sl_strlcpy (l3, _("/bin/logger"), 64); 395 396 sl_strlcpy (a0, _("logger"), 32); 397 sl_strlcpy (a1, _("-p"), 32); 398 sl_strlcpy (a2, _("daemon.alert"), 32); 399 400 sl_strlcpy (e0, 401 _("PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/ucb:/usr/local/bin"), 402 128); 403 395 404 while (locations[i] != NULL) { 396 405 status = stat(locations[i], &buf); … … 414 423 } 415 424 425 int safe_fatal (int signal, int method, char * details, 426 char * file, int line) 427 { 428 char msg[128]; 429 char str[128]; 430 char * p; 431 p = safe_itoa((int) line, str, 128); 432 sl_strlcpy(msg, _("FATAL: "), 128); 433 sl_strlcat(msg, file, 128); 434 sl_strlcat(msg, ": ", 128); 435 if (p && (*p)) { 436 sl_strlcat(msg, p , 128); 437 sl_strlcat(msg, ": ", 128); 438 } 439 sl_strlcat(msg, details, 128); 440 safe_logger (signal, method, msg); 441 _exit(EXIT_FAILURE); 442 } 416 443 417 444 extern char sh_sig_msg[64]; … … 451 478 { 452 479 chdir ("/"); 453 safe_logger (mysignal, 0, getpid());480 safe_logger (mysignal, 0, NULL); 454 481 } 455 482 _exit(mysignal); … … 504 531 memset (skey, '\0', sizeof(sh_key_t)); 505 532 if (immediate_exit_fast < 2) 506 safe_logger (mysignal, 0, getpid());533 safe_logger (mysignal, 0, NULL); 507 534 _exit(mysignal); 508 535 #else … … 518 545 close_ipc (); 519 546 #endif 520 safe_logger (mysignal, 0, getpid());547 safe_logger (mysignal, 0, NULL); 521 548 chdir ("/"); 522 549 raise(SIGFPE); … … 819 846 /* checksum the own binary 820 847 */ 821 int sh_unix_self_hash (c har * c)848 int sh_unix_self_hash (const char * c) 822 849 { 823 850 char message[512]; … … 891 918 892 919 /* added Tue Feb 22 10:36:44 NFT 2000 Rainer Wichmann */ 893 static int tf_add_trusted_user_int(c har * c)920 static int tf_add_trusted_user_int(const char * c) 894 921 { 895 922 register struct passwd * w; … … 919 946 } 920 947 921 int tf_add_trusted_user(c har * c)948 int tf_add_trusted_user(const char * c) 922 949 { 923 950 int i; … … 1229 1256 char ** env1; 1230 1257 int envlen = 0; 1258 size_t len; 1231 1259 1232 1260 SL_ENTER(_("sh_unix_copyenv")); … … 1248 1276 envlen = 0; 1249 1277 1250 while (env0 != NULL && env0[envlen] != NULL) { 1251 env1[envlen] = malloc (strlen(env0[envlen]) + 1); /* only once */ 1278 while (env0 != NULL && env0[envlen] != NULL) { 1279 len = strlen(env0[envlen]) + 1; 1280 env1[envlen] = malloc (len); /* only once */ 1252 1281 if (env1[envlen] == NULL) 1253 1282 { … … 1255 1284 SL_RET0(_("sh_unix_copyenv")); 1256 1285 } 1257 s trcpy(env1[envlen], env0[envlen]); /* known to fit */1286 sl_strlcpy(env1[envlen], env0[envlen], len); 1258 1287 ++envlen; 1259 1288 } … … 1435 1464 1436 1465 (void) uname (&buf); 1437 1466 /* flawfinder: ignore */ /* ff bug, ff sees system() */ 1438 1467 sl_strlcpy (sh.host.system, buf.sysname, SH_MINIBUF); 1439 1468 sl_strlcpy (sh.host.release, buf.release, SH_MINIBUF); … … 1639 1668 aud_exit(FIL__, __LINE__, EXIT_FAILURE); 1640 1669 } 1670 /* flawfinder: ignore */ 1641 1671 return (chroot(chroot_dir)); 1642 1672 } … … 1923 1953 } 1924 1954 1925 int sh_unix_settimeserver (c har * address)1955 int sh_unix_settimeserver (const char * address) 1926 1956 { 1927 1957 … … 2096 2126 /* whether to use localtime for file timesatams in logs 2097 2127 */ 2098 int sh_unix_uselocaltime (c har * c)2128 int sh_unix_uselocaltime (const char * c) 2099 2129 { 2100 2130 int i; … … 2732 2762 } 2733 2763 2734 int sh_unix_set_io_limit (c har * c)2764 int sh_unix_set_io_limit (const char * c) 2735 2765 { 2736 2766 long val; … … 2772 2802 if (tmpFile.size < fbuf->st_size) 2773 2803 { 2774 strcpy(fileHash, /* known to fit */ 2775 sh_tiger_generic_hash (filename, TIGER_FD, tmpFile.size, 2776 alert_timeout)); 2804 sl_strlcpy(fileHash, 2805 sh_tiger_generic_hash (filename, TIGER_FD, tmpFile.size, 2806 alert_timeout), 2807 KEY_LEN+1); 2777 2808 2778 2809 /* return */ … … 2781 2812 2782 2813 out: 2783 strcpy(fileHash, /* known to fit */ 2784 _("000000000000000000000000000000000000000000000000")); 2814 sl_strlcpy(fileHash, 2815 _("000000000000000000000000000000000000000000000000"), 2816 KEY_LEN+1); 2785 2817 SL_RETURN( -1, _("sh_unix_checksum_size")); 2786 2818 } … … 2903 2935 { 2904 2936 if (fileHash != NULL) 2905 strcpy(fileHash, /* known to fit */ 2906 _("000000000000000000000000000000000000000000000000")); 2937 sl_strlcpy(fileHash, 2938 _("000000000000000000000000000000000000000000000000"), 2939 KEY_LEN+1); 2907 2940 } 2908 2941 … … 2920 2953 if ((theFile->check_mask & MODI_CHK) == 0) 2921 2954 { 2922 strcpy(fileHash, /* known to fit */ 2923 _("000000000000000000000000000000000000000000000000")); 2955 sl_strlcpy(fileHash, 2956 _("000000000000000000000000000000000000000000000000"), 2957 KEY_LEN+1); 2924 2958 } 2925 2959 else if ((theFile->check_mask & MODI_PREL) != 0 && … … 2929 2963 if (0 != sh_prelink_run (theFile->fullpath, 2930 2964 fileHash, alert_timeout)) 2931 strcpy(fileHash, /* known to fit */ 2932 _("000000000000000000000000000000000000000000000000")); 2965 sl_strlcpy(fileHash, 2966 _("000000000000000000000000000000000000000000000000"), 2967 KEY_LEN+1); 2933 2968 } 2934 2969 else 2935 2970 { 2936 2971 tiger_fd = rval_open; 2937 strcpy(fileHash, /* known to fit */ 2938 sh_tiger_generic_hash (theFile->fullpath, TIGER_FD, 0, 2939 alert_timeout)); 2972 sl_strlcpy(fileHash, 2973 sh_tiger_generic_hash (theFile->fullpath, 2974 TIGER_FD, 0, 2975 alert_timeout), 2976 KEY_LEN+1); 2940 2977 if ((theFile->check_mask & MODI_SGROW) != 0) 2941 2978 { … … 2960 2997 if ((theFile->check_mask & MODI_CHK) == 0) 2961 2998 { 2962 strcpy(fileHash, /* known to fit */ 2963 _("000000000000000000000000000000000000000000000000")); 2999 sl_strlcpy(fileHash, 3000 _("000000000000000000000000000000000000000000000000"), 3001 KEY_LEN+1); 2964 3002 } 2965 3003 else if (policy == SH_LEVEL_PRELINK && … … 2969 3007 if (0 != sh_prelink_run (theFile->fullpath, 2970 3008 fileHash, alert_timeout)) 2971 strcpy(fileHash, /* known to fit */ 2972 _("000000000000000000000000000000000000000000000000")); 3009 sl_strlcpy(fileHash, 3010 _("000000000000000000000000000000000000000000000000"), 3011 KEY_LEN+1); 2973 3012 } 2974 3013 else … … 3145 3184 linknamebuf = SH_ALLOC(PATH_MAX); 3146 3185 3186 /* flawfinder: ignore */ 3147 3187 linksize = readlink (theFile->fullpath, linknamebuf, PATH_MAX-1); 3148 3188 … … 3160 3200 SH_FREE(tmp2); 3161 3201 SH_FREE(linknamebuf); 3202 theFile->linkpath[0] = '-'; 3203 theFile->linkpath[1] = '\0'; 3162 3204 SL_RETURN((-1),_("sh_unix_getinfo")); 3163 3205 } -
trunk/src/sh_utils.c
r20 r22 189 189 } 190 190 191 int sh_util_hidesetup(c har * c)191 int sh_util_hidesetup(const char * c) 192 192 { 193 193 int i; … … 646 646 static int sigtype = TYPE_HMAC; 647 647 648 int sh_util_sigtype (c har * c)648 int sh_util_sigtype (const char * c) 649 649 { 650 650 SL_ENTER(_("sh_util_sigtype")); … … 957 957 char * key; 958 958 char * path; 959 char * outpath ;959 char * outpath = NULL; 960 960 unsigned char * image = NULL; 961 961 long s = 0; … … 963 963 long ii, k = 0; 964 964 UINT32 * h1; 965 char * new ;965 char * new = NULL; 966 966 967 967 if (0 != sl_is_suid()) … … 999 999 fprintf(stderr, 1000 1000 _("ERROR: no path to executable given\n Argument must be 'key@path'\n")); 1001 free(new); 1001 1002 _exit (EXIT_FAILURE); 1002 1003 /*@notreached@*/ … … 1005 1006 else 1006 1007 path = &new[j]; 1008 1009 len = strlen(path) + 1 + 4; 1007 1010 /*@-usedef@*/ 1008 if (NULL == (outpath = malloc( strlen(path) + 1 + 4)))1011 if (NULL == (outpath = malloc(len))) 1009 1012 goto bail_mem; 1010 1013 /*@-usedef@*/ 1011 /*@-bufferoverflowhigh@*/ 1012 sprintf (outpath, _("%s.out"), path); /* known to fit */ 1013 /*@+bufferoverflowhigh@*/ 1014 sl_snprintf (outpath, len, _("%s.out"), path); 1014 1015 1015 1016 fp = sl_open_read(path, SL_NOPRIV); … … 1018 1019 fprintf(stderr, 1019 1020 _("ERROR: cannot open %s for read (errnum = %ld)\n"), path, fp); 1021 free(new); free (outpath); 1020 1022 _exit (EXIT_FAILURE); 1021 1023 /*@notreached@*/ … … 1028 1030 fprintf(stderr, 1029 1031 _("ERROR: cannot open %s (errnum = %ld)\n"), outpath, fout); 1032 free(new); free (outpath); 1030 1033 _exit (EXIT_FAILURE); 1031 1034 /*@notreached@*/ … … 1068 1071 (void) sl_close (fout); 1069 1072 printf(_("new file %s written\n"), outpath); 1073 free(new); free (outpath); free(image); 1070 1074 _exit (EXIT_SUCCESS); 1071 1075 /*@notreached@*/ … … 1076 1080 fprintf(stderr, 1077 1081 _("ERROR: old key not found\n")); 1082 free(new); free (outpath); free(image); 1078 1083 _exit (EXIT_FAILURE); 1079 1084 /*@notreached@*/ … … 1084 1089 fprintf(stderr, 1085 1090 _("ERROR: out of memory\n")); 1091 if (new) free(new); 1092 if (outpath) free (outpath); 1093 if (image) free (image); 1086 1094 _exit (EXIT_FAILURE); 1087 1095 /*@notreached@*/ … … 1329 1337 static unsigned char sh_obscure_index[256]; 1330 1338 1331 int sh_util_obscure_ok (c har * str)1339 int sh_util_obscure_ok (const char * str) 1332 1340 { 1333 1341 unsigned long i; 1334 char * endptr = str;1342 char * endptr = NULL; 1335 1343 1336 1344 SL_ENTER(_("sh_util_obscure_ex")); … … 1349 1357 sh_obscure_index[i] = (unsigned char)0; 1350 1358 } 1359 1360 i = strtoul (str, &endptr, 0); 1361 if (i > 255) 1362 { 1363 SL_RETURN(-1, _("sh_util_obscure_ex")); 1364 } 1365 sh_obscure_index[i] = (unsigned char)1; 1366 if (*endptr == ',') 1367 ++endptr; 1351 1368 1352 1369 while (*endptr != '\0') … … 1562 1579 } else if (!isgraph ((int) *p)) { /* not printable */ 1563 1580 /*@-bufferoverflowhigh -formatconst@*/ 1581 /* flawfinder: ignore */ 1564 1582 sprintf(oct, format, '\\', /* known to fit */ 1565 1583 (unsigned char) *p); -
trunk/src/slib.c
r20 r22 231 231 if (flag == 1) 232 232 { 233 s printf (val, _("\n--------- %10s "), file);233 sl_snprintf (val, 81, _("\n--------- %10s "), file); 234 234 sl_strlcpy (msg, val, 80); 235 s printf (val, _(" --- %6d ---------\n"), line);235 sl_snprintf (val, 81, _(" --- %6d ---------\n"), line); 236 236 sl_strlcat (msg, val, 80); 237 237 sh_log_console (msg); … … 578 578 #if !defined(HOST_IS_I86SOLARIS) 579 579 #if !defined (_GNU_SOURCE) 580 /* flawfinder: ignore */ 580 581 extern int vsnprintf ( char *str, size_t n, 581 582 const char *format, va_list ap ); … … 777 778 778 779 #if defined(HAVE_VSNPRINTF) && !defined(HAVE_BROKEN_VSNPRINTF) 779 len = vsnprintf (str, n, format, vl); 780 len = vsnprintf (str, n, format, vl); /* flawfinder: ignore */ 780 781 str[n-1] = '\0'; 781 782 #else 782 VA_COPY (vl2, vl); /* save the argument list */783 VA_COPY (vl2, vl); /* save the argument list */ 783 784 total = sl_printf_count (format, vl); 784 len 785 len = (int) total; 785 786 if (total < n) 786 787 { 788 /* flawfinder: ignore */ 787 789 vsprintf (str, format, vl2); /* program has checked that it fits */ 788 790 str[n-1] = '\0'; … … 804 806 * ENULL: src || format == NULL 805 807 * ERANGE: n out of range 806 * ETRUNC: truncated 808 * ETRUNC: truncated (unimplemented) 807 809 */ 808 810 int sl_snprintf(char *str, size_t n, … … 821 823 va_start (vl, format); 822 824 #if defined(HAVE_VSNPRINTF) && !defined(HAVE_BROKEN_VSNPRINTF) 825 /* flawfinder: ignore */ 823 826 vsnprintf (str, n, format, vl); 824 827 str[n-1] = '\0'; … … 828 831 if (total < n) 829 832 { 833 /* flawfinder: ignore */ 830 834 vsprintf (str, format, vl2); /* program has checked that it fits */ 831 835 str[n-1] = '\0'; … … 1568 1572 SL_TICKET sl_make_ticket (int fd, char * filename) 1569 1573 { 1574 size_t len; 1570 1575 SL_TICKET ticket; 1571 1576 SL_ENTER(_("sl_make_ticket")); … … 1587 1592 } 1588 1593 1589 if ( (ofiles[fd]->path = (char *) malloc( strlen(filename)+1) ) == NULL) 1594 len = sl_strlen(filename)+1; 1595 1596 if ( (ofiles[fd]->path = (char *) malloc(len) ) == NULL) 1590 1597 { 1591 1598 free(ofiles[fd]); … … 1605 1612 } 1606 1613 1607 s trcpy (ofiles[fd]->path, filename); /* Known to fit */1614 sl_strlcpy (ofiles[fd]->path, filename, len); 1608 1615 ofiles[fd]->ticket = ticket; 1609 1616 ofiles[fd]->fd = fd; … … 1646 1653 int fd; 1647 1654 int sflags; 1655 size_t len; 1648 1656 SL_TICKET ticket; 1649 1657 … … 1820 1828 } 1821 1829 1822 if ( (ofiles[fd]->path = (char *) malloc( strlen(filename)+1) ) == NULL) 1830 len = sl_strlen(filename)+1; 1831 1832 if ( (ofiles[fd]->path = (char *) malloc(len) ) == NULL) 1823 1833 { 1824 1834 free(ofiles[fd]); … … 1840 1850 } 1841 1851 1842 s trcpy (ofiles[fd]->path, filename); /* Known to fit */1852 sl_strlcpy (ofiles[fd]->path, filename, len); 1843 1853 ofiles[fd]->ticket = ticket; 1844 1854 ofiles[fd]->fd = fd; -
trunk/src/yulectl.c
r1 r22 300 300 if (0 != good) 301 301 { 302 fprintf (stderr, _("ERROR: Bounced message != original message .\n"));302 fprintf (stderr, _("ERROR: Bounced message != original message (possible reason: superfluous password).\n")); 303 303 return -1; 304 304 } … … 321 321 printf(_(" transfer to the client <client_hostname> when\n")); 322 322 printf(_(" this client connects to deliver a message.\n\n")); 323 printf(_(" If password is required, it is read from\n")); 324 printf(_(" $HOME/.yulectl_cred or taken from the environment\n")); 325 printf(_(" variable YULECTL_PASSWORD (not recommended).\n\n")); 323 326 324 327 printf(_("Commands: RELOAD <reload configuration>\n")); … … 337 340 FILE * fp; 338 341 struct passwd * pwent; 339 342 char * pw; 343 344 pw = getenv(_("YULECTL_PASSWORD")); 345 if (pw && strlen(pw) < 15) 346 { 347 strcpy(password, pw); 348 strcpy(message2, password); 349 goto do_msg; 350 } 340 351 341 352 pwent = getpwuid(geteuid()); … … 388 399 exit(EXIT_FAILURE); 389 400 } 390 if (strlen(message2) > 1 5)401 if (strlen(message2) > 14) 391 402 { 392 403 fprintf (stderr, … … 400 411 } 401 412 strcpy(password, message2); 413 fclose(fp); 414 do_msg: 402 415 strcat(message2, "@"); 403 fclose(fp);404 416 405 417 strncat(message2, message, SH_MAXMSG - strlen(message2) -1); -
trunk/test/test.sh
r19 r22 40 40 echo " ${S}test.sh 6${E} -- Controlling the daemon" 41 41 echo " ${S}test.sh 7${E} -- GnuPG signed files / prelude log" 42 echo " ${S}test.sh 8${E} -- Suidcheck" 42 43 43 44 echo " ${S}test.sh 10${E} -- Test c/s init/check (testrc_2.in)" … … 46 47 echo " ${S}test.sh 13${E} -- Test full c/s w/mysql (testrc_2.in)" 47 48 echo " ${S}test.sh 14${E} -- Test full c/s w/postgres (testrc_2.in)" 48 echo " ${S}test.sh all${E} -- All except 12+" 49 49 echo " ${S}test.sh all${E} -- All tests" 50 } 51 scripts () { 50 52 echo 51 echo "Scripts used by tests (located in ${SCRIPTDIR}):"53 echo "Scripts used by tests:" 52 54 echo " (1) testcompile.sh (2) testhash.sh (3) testrun_1.sh (4) testrun_1a.sh" 53 echo " (5) testext.sh (6) testtimesrv.sh (7) testrun_1b.sh (10) testrun_2.sh" 54 echo " (11) testrun_2a.sh (12) testrun_2b.sh (13) testrun_2c.sh (14) testrun_2d.sh" 55 echo " (5) testext.sh (6) testtimesrv.sh (7) testrun_1b.sh (8) testrun_1c.sh" 56 echo " (10) testrun_2.sh (11) testrun_2a.sh (12) testrun_2b.sh (13) testrun_2c.sh" 57 echo " (14) testrun_2d.sh" 55 58 } 56 59 … … 64 67 cleanup=on 65 68 doall= 69 usevalgrind= 66 70 67 71 while [ $# -gt 0 ] … … 69 73 case "$1" in 70 74 -h|--help) usage; exit 0;; 75 --scripts) usage; scripts; exit 0;; 71 76 -v|--verbose) verbose=on; quiet= ;; 72 77 -q|--quiet) quiet=on; verbose= ;; … … 74 79 --no-cleanup) cleanup= ;; 75 80 --really-all) doall=on;; 81 --valgrind) usevalgrind=on;; 76 82 --srcdir=*) TOP_SRCDIR=`echo $1 | sed s,--srcdir=,,`; export TOP_SRCDIR;; 77 83 --color=*) … … 285 291 rm -f ./.samhain_log* 286 292 rm -f ./.samhain_lock 287 test -d testrun_data && chmod -R 0700 testrun_data 288 rm -rf testrun_data 293 test -d testrun_testdata && chmod -R 0700 testrun_testdata 294 test -d .quarantine && rm -rf .quarantine 295 rm -rf testrun_testdata 289 296 rm -f test_log_db 290 297 rm -f test_log_prelude 298 rm -f test_log_valgrind 299 rm -f test_log_yulectl 300 rm -f yule.html 291 301 } 292 302 … … 342 352 fi 343 353 354 # Seems that 'valgrind' causes random hangs :-( 355 # 356 if [ -z "$usevalgrind" ]; then 357 VALGRIND= 358 else 359 VALGRIND=`find_path valgrind`; 360 fi 361 [ -z "$VALGRIND" ] || { 362 VALGRIND="$VALGRIND --quiet --tool=memcheck --suppressions=.test.supp"; 363 export VALGRIND; 364 [ -z "$verbose" ] || log_msg_ok "using valgrind" 365 cat > ".test.supp" <<End-of-data 366 # 367 # there are unitialized bytes in the struct... 368 # 369 { 370 pushdata_01 371 Memcheck:Param 372 write(buf) 373 obj:/lib/ld-*.so 374 fun:sh_hash_pushdata 375 fun:sh_files_filecheck 376 fun:sh_dirs_chk 377 } 378 { 379 pushdata_02 380 Memcheck:Param 381 write(buf) 382 obj:/lib/ld-*.so 383 fun:sh_hash_pushdata 384 fun:sh_files_filecheck 385 fun:sh_files_checkdir 386 } 387 { 388 pushdata_03 389 Memcheck:Param 390 write(buf) 391 obj:/lib/ld-*.so 392 fun:sh_hash_pushdata 393 fun:sh_hash_writeout 394 fun:main 395 } 396 397 End-of-data 398 } 399 344 400 if test x$1 = x1; then 345 401 . ${SCRIPTDIR}/testcompile.sh … … 385 441 exit $? 386 442 fi 443 if test x$1 = x8; then 444 . ${SCRIPTDIR}/testrun_1.sh 445 . ${SCRIPTDIR}/testrun_1c.sh 446 testrun1c 447 print_summary 448 exit $? 449 fi 387 450 if test x$1 = x10; then 388 451 . ${SCRIPTDIR}/testrun_2.sh … … 434 497 . ${SCRIPTDIR}/testrun_1b.sh 435 498 let "TEST_MAX = TEST_MAX + MAXTEST" >/dev/null 499 . ${SCRIPTDIR}/testrun_1c.sh 500 let "TEST_MAX = TEST_MAX + MAXTEST" >/dev/null 436 501 . ${SCRIPTDIR}/testrun_2.sh 437 502 let "TEST_MAX = TEST_MAX + MAXTEST" >/dev/null … … 471 536 MAXTEST=${TEST_MAX}; export MAXTEST 472 537 testrun1b 538 # 539 . ${SCRIPTDIR}/testrun_1.sh 540 . ${SCRIPTDIR}/testrun_1c.sh 541 MAXTEST=${TEST_MAX}; export MAXTEST 542 testrun1c 473 543 # 474 544 . ${SCRIPTDIR}/testrun_2.sh -
trunk/test/testcompile.sh
r19 r22 1 1 #! /bin/sh 2 2 3 MAXTEST=28; export MAXTEST 3 MAXTEST=56; export MAXTEST 4 5 run_smatch () 6 { 7 export CDIR=`pwd`; 8 9 if [ -z "$doall" ]; then 10 [ -z "$quiet" ] && log_skip $2 ${MAXTEST} "$TEST (smatch)"; 11 return 0 12 fi 13 14 if [ "x$3" = "xdebug" ]; then memcheck=debug; else memcheck=simple; fi 15 if [ -f ../sm_scripts/smatch.pm ]; then 16 ( 17 cd ../sm_scripts; 18 19 for i in ${CDIR}/*.c.sm ; do 20 # echo $i; 21 cat $i | ./unreached_code.pl; 22 cat $i | ./ampersand_missing.sh; 23 cat $i | ./uninitialized.pl; 24 cat $i | ./eqeq.pl; 25 cat $i | ./for_bounds.pl; 26 cat $i | ./unchecked_returns.pl; 27 cat $i | ./unreached_code.pl; 28 cat $i | ./uninitialized.pl; 29 # from http://people.redhat.com/mstefani/wine/smatch/ 30 if [ -f ./while_for_check.pl ]; then 31 cat $i | ./while_for_check.pl; 32 fi 33 # --> end wine <-- 34 # samhain specific 35 if [ $memcheck = xsimple ]; then 36 if [ -f ./samhain_unfree.pl ]; then 37 cat $i | ./samhain_unfree.pl | \ 38 egrep -v 'x_cutest_.*Test_' | \ 39 egrep -v 'x_sh_unix.c .... .... sh_unix_copyenv'; 40 fi 41 fi 42 if [ $memcheck = xdebug ]; then 43 if [ -f ./samhain_unfree_debug.pl ]; then 44 cat $i | ./samhain_unfree_debug.pl | \ 45 egrep -v 'x_cutest_.*Test_' | \ 46 egrep -v 'x_sh_unix.c .... .... sh_unix_copyenv'; 47 fi 48 fi 49 # --> end samhain specific <-- 50 #cat $i | ./unfree.pl | \ 51 # egrep -v 'x_cutest_.*Test_' | \ 52 # grep -v 'x_sh_unix.c .... .... sh_unix_copyenv'; 53 touch list_null_funcs_uniq; 54 cat $i | ./deference_check.pl; 55 rm -f list_null_funcs_uniq; 56 rm -f $i 57 done 58 ) >test_log_smatch 2>&1 59 if [ -f test_log_smatch ]; then 60 lines=`cat test_log_smatch | wc -l` 61 if [ $lines -ne 0 ]; then 62 cat test_log_smatch 63 rm -f test_log_smatch 64 [ -z "$quiet" ] && log_fail $2 ${MAXTEST} "$TEST (smatch)"; 65 return 1 66 fi 67 fi 68 [ -z "$quiet" ] && log_ok $2 ${MAXTEST} "$TEST (smatch)"; 69 return 0 70 fi 71 [ -z "$quiet" ] && log_skip $2 ${MAXTEST} "$TEST (smatch)"; 72 return 0 73 } 4 74 5 75 testmake () … … 8 78 if test x$1 = x0; then 9 79 [ -z "$verbose" ] || log_msg_ok "configure... $TEST"; 10 $MAKE cutest > /dev/null 2>> test_log80 $MAKE ${SMATCH} cutest > /dev/null 2>> test_log 11 81 if test x$? = x0; then 12 82 [ -z "$verbose" ] || log_msg_ok "make cutest... $TEST"; … … 34 104 log_start "COMPILE" 35 105 106 if [ -f /usr/local/gcc-smatch/bin/gcc ]; then 107 SAVE_CC="${CC}" 108 SMATCH="DBGDEF=--smatch"; export SMATCH 109 CC="/usr/local/gcc-smatch/bin/gcc"; export CC 110 fi 111 36 112 num=0 37 113 numfail=0 … … 40 116 # test standalone compilation 41 117 # 42 TEST="${S}standalone agentw/suidcheck${E}"118 TEST="${S}standalone w/suidcheck${E}" 43 119 # 44 120 if test -r "Makefile"; then … … 50 126 let "num = num + 1" >/dev/null 51 127 testmake $? $num || let "numfail = numfail + 1" >/dev/null 128 let "num = num + 1" >/dev/null 129 run_smatch $? $num || let "numfail = numfail + 1" >/dev/null 52 130 53 131 # 54 132 # test standalone compilation 55 133 # 56 TEST="${S}standalone agent w/mounts-check andw/userfiles${E}"134 TEST="${S}standalone w/mounts-check w/userfiles${E}" 57 135 # 58 136 if test -r "Makefile"; then … … 64 142 let "num = num + 1" >/dev/null 65 143 testmake $? $num || let "numfail = numfail + 1" >/dev/null 144 let "num = num + 1" >/dev/null 145 run_smatch $? $num || let "numfail = numfail + 1" >/dev/null 66 146 67 147 … … 69 149 # test standalone compilation 70 150 # 71 TEST="${S}standalone agent w/timeserver and w/message-queue${E}"151 TEST="${S}standalone w/timeserver and w/msgqueue${E}" 72 152 # 73 153 if test -r "Makefile"; then … … 79 159 let "num = num + 1" >/dev/null 80 160 testmake $? $num || let "numfail = numfail + 1" >/dev/null 161 let "num = num + 1" >/dev/null 162 run_smatch $? $num || let "numfail = numfail + 1" >/dev/null 81 163 82 164 # 83 165 # test standalone compilation with --with-nocl=PW 84 166 # 85 TEST="${S}standalone agentw/nocl${E}"167 TEST="${S}standalone w/nocl${E}" 86 168 # 87 169 if test -r "Makefile"; then … … 93 175 let "num = num + 1" >/dev/null 94 176 testmake $? $num || let "numfail = numfail + 1" >/dev/null 177 let "num = num + 1" >/dev/null 178 run_smatch $? $num || let "numfail = numfail + 1" >/dev/null 95 179 96 180 # 97 181 # test standalone compilation w/ debug 98 182 # 99 TEST="${S}standalone agentw/debug${E}"183 TEST="${S}standalone w/debug${E}" 100 184 # 101 185 if test -r "Makefile"; then … … 107 191 let "num = num + 1" >/dev/null 108 192 testmake $? $num || let "numfail = numfail + 1" >/dev/null 193 let "num = num + 1" >/dev/null 194 run_smatch $? $num debug || let "numfail = numfail + 1" >/dev/null 109 195 110 196 # 111 197 # test standalone compilation w/ gpg 112 198 # 113 TEST="${S}standalone agentw/gpg${E}"199 TEST="${S}standalone w/gpg${E}" 114 200 # 115 201 GPG=`find_path gpg` … … 126 212 # 127 213 testmake $? $num || let "numfail = numfail + 1" >/dev/null 214 let "num = num + 1" >/dev/null 215 run_smatch $? $num || let "numfail = numfail + 1" >/dev/null 128 216 fi 129 217 … … 131 219 # test standalone compilation w/stealth 132 220 # 133 TEST="${S}standalone agentw/stealth${E}"221 TEST="${S}standalone w/stealth${E}" 134 222 # 135 223 if test -r "Makefile"; then … … 141 229 let "num = num + 1" >/dev/null 142 230 testmake $? $num || let "numfail = numfail + 1" >/dev/null 231 let "num = num + 1" >/dev/null 232 run_smatch $? $num || let "numfail = numfail + 1" >/dev/null 143 233 144 234 # 145 235 # test standalone compilation w/logwatch 146 236 # 147 TEST="${S}standalone agentw/login-watch${E}"237 TEST="${S}standalone w/login-watch${E}" 148 238 # 149 239 if test -r "Makefile"; then … … 155 245 let "num = num + 1" >/dev/null 156 246 testmake $? $num || let "numfail = numfail + 1" >/dev/null 247 let "num = num + 1" >/dev/null 248 run_smatch $? $num || let "numfail = numfail + 1" >/dev/null 157 249 158 250 # 159 251 # test standalone compilation w/mysql 160 252 # 161 TEST="${S}standalone agentw/mysql${E}"253 TEST="${S}standalone w/mysql${E}" 162 254 # 163 255 if test -r "Makefile"; then … … 169 261 let "num = num + 1" >/dev/null 170 262 testmake $? $num "skip" || let "numfail = numfail + 1" >/dev/null 263 let "num = num + 1" >/dev/null 264 run_smatch $? $num || let "numfail = numfail + 1" >/dev/null 171 265 172 266 # 173 267 # test standalone compilation w/postgresql 174 268 # 175 TEST="${S}standalone agentw/postgresql${E}"269 TEST="${S}standalone w/postgresql${E}" 176 270 # 177 271 if test -r "Makefile"; then … … 183 277 let "num = num + 1" >/dev/null 184 278 testmake $? $num "skip" || let "numfail = numfail + 1" >/dev/null 279 let "num = num + 1" >/dev/null 280 run_smatch $? $num || let "numfail = numfail + 1" >/dev/null 185 281 186 282 # 187 283 # test standalone compilation 188 284 # 189 TEST="${S}standalone agentw/o mail${E}"285 TEST="${S}standalone w/o mail${E}" 190 286 # 191 287 if test -r "Makefile"; then … … 197 293 let "num = num + 1" >/dev/null 198 294 testmake $? $num || let "numfail = numfail + 1" >/dev/null 295 let "num = num + 1" >/dev/null 296 run_smatch $? $num || let "numfail = numfail + 1" >/dev/null 199 297 200 298 # 201 299 # test standalone compilation 202 300 # 203 TEST="${S}standalone agent w/o external scripts${E}"301 TEST="${S}standalone w/o external${E}" 204 302 # 205 303 if test -r "Makefile"; then … … 211 309 let "num = num + 1" >/dev/null 212 310 testmake $? $num || let "numfail = numfail + 1" >/dev/null 311 let "num = num + 1" >/dev/null 312 run_smatch $? $num || let "numfail = numfail + 1" >/dev/null 213 313 214 314 # echo; echo "${S}__ TEST CLIENT/SERVER __${E}"; echo; … … 227 327 let "num = num + 1" >/dev/null 228 328 testmake $? $num || let "numfail = numfail + 1" >/dev/null 329 let "num = num + 1" >/dev/null 330 run_smatch $? $num || let "numfail = numfail + 1" >/dev/null 229 331 230 332 if test -r "Makefile"; then … … 236 338 let "num = num + 1" >/dev/null 237 339 testmake $? $num || let "numfail = numfail + 1" >/dev/null 340 let "num = num + 1" >/dev/null 341 run_smatch $? $num || let "numfail = numfail + 1" >/dev/null 238 342 239 343 # … … 257 361 # 258 362 testmake $? $num || let "numfail = numfail + 1" >/dev/null 363 let "num = num + 1" >/dev/null 364 run_smatch $? $num || let "numfail = numfail + 1" >/dev/null 259 365 # 260 366 if test -r "Makefile"; then … … 266 372 let "num = num + 1" >/dev/null 267 373 testmake $? $num || let "numfail = numfail + 1" >/dev/null 374 let "num = num + 1" >/dev/null 375 run_smatch $? $num || let "numfail = numfail + 1" >/dev/null 268 376 fi 269 377 … … 282 390 let "num = num + 1" >/dev/null 283 391 testmake $? $num || let "numfail = numfail + 1" >/dev/null 392 let "num = num + 1" >/dev/null 393 run_smatch $? $num || let "numfail = numfail + 1" >/dev/null 284 394 # 285 395 if test -r "Makefile"; then … … 291 401 let "num = num + 1" >/dev/null 292 402 testmake $? $num || let "numfail = numfail + 1" >/dev/null 403 let "num = num + 1" >/dev/null 404 run_smatch $? $num || let "numfail = numfail + 1" >/dev/null 293 405 294 406 # … … 305 417 let "num = num + 1" >/dev/null 306 418 testmake $? $num || let "numfail = numfail + 1" >/dev/null 419 let "num = num + 1" >/dev/null 420 run_smatch $? $num debug || let "numfail = numfail + 1" >/dev/null 307 421 # 308 422 if test -r "Makefile"; then … … 314 428 let "num = num + 1" >/dev/null 315 429 testmake $? $num || let "numfail = numfail + 1" >/dev/null 430 let "num = num + 1" >/dev/null 431 run_smatch $? $num debug || let "numfail = numfail + 1" >/dev/null 316 432 317 433 # … … 328 444 let "num = num + 1" >/dev/null 329 445 testmake $? $num || let "numfail = numfail + 1" >/dev/null 446 let "num = num + 1" >/dev/null 447 run_smatch $? $num || let "numfail = numfail + 1" >/dev/null 330 448 # 331 449 if test -r "Makefile"; then … … 337 455 let "num = num + 1" >/dev/null 338 456 testmake $? $num || let "numfail = numfail + 1" >/dev/null 457 let "num = num + 1" >/dev/null 458 run_smatch $? $num || let "numfail = numfail + 1" >/dev/null 339 459 340 460 # … … 351 471 let "num = num + 1" >/dev/null 352 472 testmake $? $num || let "numfail = numfail + 1" >/dev/null 473 let "num = num + 1" >/dev/null 474 run_smatch $? $num || let "numfail = numfail + 1" >/dev/null 353 475 # 354 476 if test -r "Makefile"; then … … 360 482 let "num = num + 1" >/dev/null 361 483 testmake $? $num || let "numfail = numfail + 1" >/dev/null 484 let "num = num + 1" >/dev/null 485 run_smatch $? $num || let "numfail = numfail + 1" >/dev/null 362 486 363 487 # … … 374 498 let "num = num + 1" >/dev/null 375 499 testmake $? $num || let "numfail = numfail + 1" >/dev/null 500 let "num = num + 1" >/dev/null 501 run_smatch $? $num debug || let "numfail = numfail + 1" >/dev/null 376 502 # 377 503 if test -r "Makefile"; then … … 383 509 let "num = num + 1" >/dev/null 384 510 testmake $? $num || let "numfail = numfail + 1" >/dev/null 511 let "num = num + 1" >/dev/null 512 run_smatch $? $num debug || let "numfail = numfail + 1" >/dev/null 385 513 386 514 # 387 515 # test client/server compilation 388 516 # 389 TEST="${S}client/server application w/o external scripts${E}"517 TEST="${S}client/server application w/o external${E}" 390 518 # 391 519 if test -r "Makefile"; then … … 397 525 let "num = num + 1" >/dev/null 398 526 testmake $? $num || let "numfail = numfail + 1" >/dev/null 527 let "num = num + 1" >/dev/null 528 run_smatch $? $num || let "numfail = numfail + 1" >/dev/null 399 529 # 400 530 if test -r "Makefile"; then … … 406 536 let "num = num + 1" >/dev/null 407 537 testmake $? $num || let "numfail = numfail + 1" >/dev/null 538 let "num = num + 1" >/dev/null 539 run_smatch $? $num || let "numfail = numfail + 1" >/dev/null 540 541 [ -z "${SMATCH}" ] || { CC="${SAVE_CC}"; export CC; } 408 542 409 543 log_end "COMPILE" -
trunk/test/testext.sh
r19 r22 79 79 rm -f $PW_DIR/pdbg.child 80 80 rm -f $PW_DIR/pdbg.main 81 ./samhain -p none 81 ./samhain -p none 82 82 83 83 # The shell is too fast ... -
trunk/test/testrc_2.in
r19 r22 130 130 131 131 SetUseSocket = yes 132 SetSocketAllowUid=0 133 SetSocketPassword=samhain 132 134 133 135 SetClientFromAccept = yes -
trunk/test/testrun_1.sh
r19 r22 749 749 run_init () 750 750 { 751 ./samhain -t init -p none 751 rm -f test_log_valgrind 752 753 ${VALGRIND} ./samhain -t init -p none 2>>test_log_valgrind 752 754 753 755 if test x$? = x0; then … … 761 763 run_check () 762 764 { 763 ./samhain -t check -p none -l debug765 ${VALGRIND} ./samhain -t check -p none -l debug 2>>test_log_valgrind 764 766 765 767 if test x$? = x0; then … … 778 780 run_update () 779 781 { 780 ./samhain -t update -p none -l debug782 ${VALGRIND} ./samhain -t update -p none -l debug 2>>test_log_valgrind 781 783 782 784 if test x$? = x0; then … … 792 794 rm -rf $LOGFILE 793 795 794 ./samhain -t check -p none -l debug796 ${VALGRIND} ./samhain -t check -p none -l debug 2>>test_log_valgrind 795 797 796 798 if test x$? = x0; then … … 807 809 fi 808 810 # 811 [ -z "$VALGRIND" ] || { 812 tmp=`cat test_log_valgrind 2>/dev/null | wc -l`; 813 if [ $tmp -ne 0 ]; then 814 [ -z "$verbose" ] || log_msg_fail "valgrind reports errors"; 815 cat test_log_valgrind 816 return 1; 817 fi; 818 } 819 # 809 820 [ -z "$verbose" ] || log_msg_ok "check(2)..."; 810 821 else … … 816 827 prep_testdata () 817 828 { 818 chmod -R 0700 "${BASE}" || { 819 [ -z "$quiet" ] && log_msg_fail "chmod -R 0700 ${BASE}"; 820 return 1; 821 } 829 if [ -d "${BASE}" ]; then 830 chmod -R 0700 "${BASE}" || { 831 [ -z "$quiet" ] && log_msg_fail "chmod -R 0700 ${BASE}"; 832 return 1; 833 } 834 fi 822 835 823 836 rm -rf "${BASE}" || { -
trunk/test/testrun_1b.sh
r20 r22 15 15 # 16 16 if test -r "Makefile"; then 17 $MAKE distclean >/dev/null 17 $MAKE distclean >/dev/null >&1 18 18 fi 19 19 # … … 24 24 if test x$? = x0; then 25 25 [ -z "$verbose" ] || log_msg_ok "configure..."; 26 $MAKE > /dev/null 26 $MAKE > /dev/null 2>&1 27 27 if test x$? = x0; then 28 28 [ -z "$verbose" ] || log_msg_ok "make..."; -
trunk/test/testrun_2.sh
r19 r22 3 3 LOGFILE="$PW_DIR/.samhain_log"; export LOGFILE 4 4 RCFILE="$PW_DIR/testrc_2"; export RCFILE 5 HTML="$PW_DIR/yule.html"; export HTML 5 6 6 7 … … 12 13 echo; 13 14 } 14 ./yule -l info -p none >/dev/null 2>&1 & 15 16 rm -f test_log_valgrind 17 18 ${VALGRIND} ./yule -l info -p none >/dev/null 2>>test_log_valgrind & 15 19 PROC_Y=$! 16 20 sleep 5 … … 22 26 } 23 27 24 ./samhain.new -t check -p none -l none -e info --bind-address=127.0.0.1 >/dev/null 2>&128 ${VALGRIND} ./samhain.new -t check -p none -l none -e info --bind-address=127.0.0.1 >/dev/null 2>>test_log_valgrind 25 29 if test x$? = x0; then 26 30 [ -z "$verbose" ] || log_msg_ok "samhain.new -t check"; … … 59 63 return 1 60 64 fi 61 65 66 [ -z "$VALGRIND" ] || { 67 tmp=`cat test_log_valgrind 2>/dev/null | wc -l`; 68 if [ $tmp -ne 0 ]; then 69 [ -z "$verbose" ] || log_msg_fail "valgrind reports errors"; 70 cat test_log_valgrind 71 return 1; 72 fi; 73 } 62 74 63 75 return 0 … … 81 93 82 94 rm -f $LOGFILE 83 84 ./yule -l info -p none >/dev/null 2>&1 & 95 rm -f test_log_valgrind 96 97 ${VALGRIND} ./yule -l info -p none >/dev/null 2>>test_log_valgrind & 85 98 PROC_Y=$! 86 99 sleep 5 … … 92 105 } 93 106 94 ./samhain.new -t check -p none -l none -e info --bind-address=127.0.0.1 >/dev/null 2>&1107 ${VALGRIND} ./samhain.new -t check -p none -l none -e info --bind-address=127.0.0.1 >/dev/null 2>>test_log_valgrind 95 108 if test x$? = x0; then 96 109 [ -z "$verbose" ] || log_msg_ok "samhain.new -t check"; … … 112 125 CLIENTLOG="${LOGFILE}.${remhost}" 113 126 else 114 CLIENTLOG=`ls -1 ${LOGFILE}.* | tail -n 1`127 CLIENTLOG=`ls -1 ${LOGFILE}.* 2>/dev/null | tail -n 1` 115 128 fi 116 129 … … 140 153 return 1 141 154 fi 155 156 [ -z "$VALGRIND" ] || { 157 tmp=`cat test_log_valgrind 2>/dev/null | wc -l`; 158 if [ $tmp -ne 0 ]; then 159 [ -z "$verbose" ] || log_msg_fail "valgrind reports errors"; 160 cat test_log_valgrind 161 return 1; 162 fi; 163 } 142 164 143 165 rm -f ${LOGFILE}.${remhost} … … 171 193 172 194 rm -f $LOGFILE 173 174 ./yule -p none >/dev/null 2>&1 & 195 rm -f test_log_valgrind 196 197 ${VALGRIND} ./yule -p none >/dev/null 2>>test_log_valgrind & 175 198 PROC_Y=$! 176 199 sleep 5 … … 182 205 } 183 206 184 ./samhain.new -t check -p none -l none --forever --bind-address=127.0.0.1 >/dev/null 2>&1&207 ${VALGRIND} ./samhain.new -t check -p none -l none --forever --bind-address=127.0.0.1 >/dev/null 2>>test_log_valgrind & 185 208 if test x$? = x0; then 186 209 PROC_S=$! … … 231 254 return 1 232 255 fi 256 257 [ -z "$VALGRIND" ] || { 258 tmp=`cat test_log_valgrind 2>/dev/null | wc -l`; 259 if [ $tmp -ne 0 ]; then 260 [ -z "$verbose" ] || log_msg_fail "valgrind reports errors"; 261 cat test_log_valgrind 262 return 1; 263 fi; 264 } 233 265 234 rm -f ${LOGFILE} .${remhost}266 rm -f ${LOGFILE} 235 267 return 0 236 268 } 269 270 do_test_4 () { 271 272 # don't know what is supported on the test platform, so 273 # prepare for both (password and socket credential) 274 275 # 'id -u' is posix 276 me=`id -u` 277 278 ORIGINAL_1="SetSocketAllowUid=0" 279 REPLACEMENT_1="SetSocketAllowUid=$me" 280 ex $RCFILE <<EOF 281 :%s/${ORIGINAL_1}/${REPLACEMENT_1}/g 282 :wq 283 EOF 284 285 [ -z "$verbose" ] || { 286 echo; 287 echo "${S}Start Server${E}: ./yule -l info -p none &"; 288 echo; 289 } 290 291 rm -f $LOGFILE 292 rm -f test_log_valgrind 293 294 ${VALGRIND} ./yule -l info -p none >/dev/null 2>>test_log_valgrind & 295 PROC_Y=$! 296 sleep 5 297 298 [ -z "$verbose" ] || { 299 echo; 300 echo "${S}Start Client${E}: ./samhain.new -l none -p none -e info -t check"; 301 echo; 302 } 303 304 $MAKE yulectl >/dev/null 305 if [ $? -ne 0 ]; then 306 [ -z "$verbose" ] || log_msg_fail "make yulectl"; 307 kill $PROC_Y 308 return 1 309 fi 310 311 312 ./yulectl -v -c RELOAD foobar1 >test_log_yulectl 2>/dev/null 313 314 if [ $? -ne 0 ]; then 315 YULECTL_PASSWORD=samhain; export YULECTL_PASSWORD 316 ./yulectl -v -c RELOAD foobar1 >test_log_yulectl 317 if [ $? -ne 0 ]; then 318 kill ${PROC_Y} 319 [ -z "$verbose" ] || log_msg_fail "yulectl"; 320 return 1 321 fi 322 fi 323 324 ./yulectl -v -c RELOAD foobar2 >test_yulectl_log 325 326 if [ $? -ne 0 ]; then 327 kill ${PROC_Y} 328 [ -z "$verbose" ] || log_msg_fail "yulectl"; 329 return 1 330 fi 331 332 ./yulectl -v -c RELOAD foobar3 >test_log_yulectl 333 334 if [ $? -ne 0 ]; then 335 kill ${PROC_Y} 336 [ -z "$verbose" ] || log_msg_fail "yulectl"; 337 return 1 338 fi 339 340 ./yulectl -v -c LISTALL dummy >test_log_yulectl 341 342 if [ $? -ne 0 ]; then 343 kill ${PROC_Y} 344 [ -z "$verbose" ] || log_msg_fail "yulectl"; 345 return 1 346 fi 347 348 tmp=`cat test_log_yulectl | grep RELOAD | wc -l` 349 if [ $tmp -ne 3 ]; then 350 kill ${PROC_Y} 351 [ -z "$verbose" ] || log_msg_fail "command confirmation"; 352 return 1 353 fi 354 355 ./yulectl -v -c CANCEL foobar3 >test_log_yulectl 356 357 if [ $? -ne 0 ]; then 358 kill ${PROC_Y} 359 [ -z "$verbose" ] || log_msg_fail "yulectl"; 360 return 1 361 fi 362 363 ./yulectl -v -c LISTALL dummy >test_log_yulectl 364 365 if [ $? -ne 0 ]; then 366 kill ${PROC_Y} 367 [ -z "$verbose" ] || log_msg_fail "yulectl"; 368 return 1 369 fi 370 371 tmp=`cat test_log_yulectl | grep RELOAD | wc -l` 372 if [ $tmp -ne 2 ]; then 373 kill ${PROC_Y} 374 [ -z "$verbose" ] || log_msg_fail "command confirmation"; 375 return 1 376 fi 377 378 kill ${PROC_Y} 379 380 [ -z "$VALGRIND" ] || { 381 tmp=`cat test_log_valgrind 2>/dev/null | wc -l`; 382 if [ $tmp -ne 0 ]; then 383 [ -z "$verbose" ] || log_msg_fail "valgrind reports errors"; 384 cat test_log_valgrind 385 return 1; 386 fi; 387 } 388 389 return 0 390 } 391 392 do_test_5 () { 393 394 [ -z "$verbose" ] || { 395 echo; 396 echo "${S}Start Server${E}: ./yule -l info -p none &"; 397 echo; 398 } 399 400 ( cat <<EOF 401 <!-- head --> 402 <html><head><title>test</title></head> 403 <body> 404 Current time: %T <br> 405 <table> 406 <!-- ehead --> 407 EOF 408 ) >head.html 409 410 ( cat <<EOF 411 <!-- foot --> 412 </table> 413 </body> 414 <!-- efoot --> 415 EOF 416 ) >foot.html 417 418 ( cat <<EOF 419 <!-- entry --> 420 <tr> 421 <td>%H</td> 422 <td>%S</td> 423 <td>%T</td> 424 </tr> 425 <!-- eentry --> 426 EOF 427 ) >entry.html 428 429 ${VALGRIND} ./yule -l info -p none >/dev/null 2>>test_log_valgrind & 430 PROC_Y=$! 431 sleep 5 432 433 egrep '<!-- head -->' $HTML >/dev/null 2>&1 434 if [ $? -ne 0 ]; then 435 rm -f head.html; rm -f foot.html; rm -f entry.html; 436 kill $PROC_Y 437 [ -z "$verbose" ] || log_msg_fail "head.html"; 438 return 1 439 fi 440 441 egrep '<!-- foot -->' $HTML >/dev/null 2>&1 442 if [ $? -ne 0 ]; then 443 rm -f head.html; rm -f foot.html; rm -f entry.html; 444 kill $PROC_Y 445 [ -z "$verbose" ] || log_msg_fail "foot.html"; 446 return 1 447 fi 448 449 [ -z "$verbose" ] || { 450 echo; 451 echo "${S}Start Client${E}: ./samhain.new -l none -p none -e info -t check"; 452 echo; 453 } 454 455 ${VALGRIND} ./samhain.new -t check -p none -l none -e info --bind-address=127.0.0.1 >/dev/null 2>>test_log_valgrind 456 if test x$? = x0; then 457 [ -z "$verbose" ] || log_msg_ok "samhain.new -t check"; 458 else 459 kill $PROC_Y 460 [ -z "$quiet" ] && log_msg_fail "samhain.new -t check"; 461 return 1 462 fi 463 464 kill $PROC_Y 465 sleep 5 466 467 # rm -f head.html; rm -f foot.html; rm -f entry.html; 468 469 egrep "START(>|\").*Yule(>|\")" $LOGFILE >/dev/null 2>&1 470 if [ $? -ne 0 ]; then 471 [ -z "$verbose" ] || log_msg_fail "Server start"; 472 return 1 473 fi 474 egrep "NEW CLIENT" $LOGFILE >/dev/null 2>&1 475 if [ $? -ne 0 ]; then 476 [ -z "$verbose" ] || log_msg_fail "Client connect"; 477 return 1 478 fi 479 egrep "remote_host.*Checking.*/bin" $LOGFILE >/dev/null 2>&1 480 if [ $? -ne 0 ]; then 481 [ -z "$verbose" ] || log_msg_fail "Client file check"; 482 return 1 483 fi 484 egrep "remote_host.*EXIT.*Samhain" $LOGFILE >/dev/null 2>&1 485 if [ $? -ne 0 ]; then 486 [ -z "$verbose" ] || log_msg_fail "Client exit"; 487 return 1 488 fi 489 egrep "EXIT.*Yule.*SIGTERM" $LOGFILE >/dev/null 2>&1 490 if [ $? -ne 0 ]; then 491 [ -z "$verbose" ] || log_msg_fail "Server exit"; 492 return 1 493 fi 494 495 egrep '<!-- head -->' $HTML >/dev/null 2>&1 496 if [ $? -ne 0 ]; then 497 [ -z "$verbose" ] || log_msg_fail "head.html"; 498 return 1 499 fi 500 egrep '<!-- ehead -->' $HTML >/dev/null 2>&1 501 if [ $? -ne 0 ]; then 502 [ -z "$verbose" ] || log_msg_fail "head.html"; 503 return 1 504 fi 505 506 egrep '<!-- entry -->' $HTML >/dev/null 2>&1 507 if [ $? -ne 0 ]; then 508 [ -z "$verbose" ] || log_msg_fail "entry.html"; 509 return 1 510 fi 511 egrep '<!-- eentry -->' $HTML >/dev/null 2>&1 512 if [ $? -ne 0 ]; then 513 [ -z "$verbose" ] || log_msg_fail "entry.html"; 514 return 1 515 fi 516 517 egrep '<!-- foot -->' $HTML >/dev/null 2>&1 518 if [ $? -ne 0 ]; then 519 [ -z "$verbose" ] || log_msg_fail "foot.html"; 520 return 1 521 fi 522 egrep '<!-- efoot -->' $HTML >/dev/null 2>&1 523 if [ $? -ne 0 ]; then 524 [ -z "$verbose" ] || log_msg_fail "foot.html"; 525 return 1 526 fi 527 528 [ -z "$VALGRIND" ] || { 529 tmp=`cat test_log_valgrind 2>/dev/null | wc -l`; 530 if [ $tmp -ne 0 ]; then 531 [ -z "$verbose" ] || log_msg_fail "valgrind reports errors"; 532 cat test_log_valgrind 533 return 1; 534 fi; 535 } 536 537 return 0 538 } 539 237 540 238 541 testrun2_internal () … … 273 576 make clean >/dev/null || return 1 274 577 275 ${TOP_SRCDIR}/configure --quiet $TRUST --enable-debug --enable-network=server --enable-xml-log --enable-login-watch --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$RCFILE --with-log-file=$LOGFILE --with-pid-file=$PW_DIR/.samhain_lock --with-data-file=$PW_DIR/.samhain_file -- enable-identity=rainer--enable-encrypt=2578 ${TOP_SRCDIR}/configure --quiet $TRUST --enable-debug --enable-network=server --enable-xml-log --enable-login-watch --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$RCFILE --with-log-file=$LOGFILE --with-pid-file=$PW_DIR/.samhain_lock --with-data-file=$PW_DIR/.samhain_file --with-html-file=$HTML --enable-encrypt=2 276 579 # 277 580 if test x$? = x0; then … … 353 656 do_test_2 354 657 if [ $? -eq 0 ]; then 355 [ -z "$quiet" ] && log_ok 2 ${MAXTEST} "Client logging, sep erate logfiles";356 else 357 [ -z "$quiet" ] && log_fail 2 ${MAXTEST} "Client logging, sep erate logfiles";658 [ -z "$quiet" ] && log_ok 2 ${MAXTEST} "Client logging, separate logfiles"; 659 else 660 [ -z "$quiet" ] && log_fail 2 ${MAXTEST} "Client logging, separate logfiles"; 358 661 fi 359 662 … … 365 668 fi 366 669 670 do_test_4 671 if [ $? -eq 0 ]; then 672 [ -z "$quiet" ] && log_ok 4 ${MAXTEST} "Server command socket"; 673 else 674 [ -z "$quiet" ] && log_fail 4 ${MAXTEST} "Server command socket"; 675 fi 676 677 do_test_5 678 if [ $? -eq 0 ]; then 679 [ -z "$quiet" ] && log_ok 5 ${MAXTEST} "Server status file"; 680 else 681 [ -z "$quiet" ] && log_fail 5 ${MAXTEST} "Server status file"; 682 fi 683 367 684 return $? 368 685 } 369 686 370 MAXTEST= 3; export MAXTEST687 MAXTEST=5; export MAXTEST 371 688 372 689 testrun2 () -
trunk/test/testrun_2a.sh
r19 r22 15 15 echo; 16 16 } 17 ./yule -l info -p none >/dev/null 2>&1 & 17 rm -f test_log_valgrind 18 19 ${VALGRIND} ./yule -l info -p none >/dev/null 2>>test_log_valgrind & 18 20 PROC_Y=$! 19 21 sleep 5 … … 25 27 } 26 28 27 ./samhain.new -t check -p none -l none -e info --bind-address=127.0.0.1 >/dev/null 2>&129 ${VALGRIND} ./samhain.new -t check -p none -l none -e info --bind-address=127.0.0.1 >/dev/null 2>>test_log_valgrind 28 30 if test x$? = x0; then 29 31 [ -z "$verbose" ] || log_msg_ok "samhain.new -t check"; … … 63 65 fi 64 66 67 [ -z "$VALGRIND" ] || { 68 tmp=`cat test_log_valgrind 2>/dev/null | wc -l`; 69 if [ $tmp -ne 0 ]; then 70 [ -z "$verbose" ] || log_msg_fail "valgrind reports errors"; 71 cat test_log_valgrind 72 return 1; 73 fi; 74 } 65 75 66 76 return 0 -
trunk/test/testrun_2b.sh
r19 r22 140 140 141 141 ALTHOST=`find_hostname` 142 cp ./testrc_2"./rc.${ALTHOST}"142 cp "${RCFILE_C}" "./rc.${ALTHOST}" 143 143 cp ./file.${SH_LOCALHOST} "./file.${ALTHOST}" 2>/dev/null 144 144 } … … 166 166 167 167 testrun2b_internal "$GPG" 168 168 169 SAVE_VALGRIND="${VALGRIND}"; VALGRIND=''; export VALGRIND 169 170 do_test_1_a 171 VALGRIND="${SAVE_VALGRIND}"; export VALGRIND 170 172 if [ $? -eq 0 ]; then 171 173 [ -z "$quiet" ] && log_ok 1 ${MAXTEST} "Client download+logging w/gpg"; -
trunk/test/testrun_2d.sh
r19 r22 80 80 # 81 81 do_test_1_a 82 # 82 83 if [ $? -ne 0 ]; then 83 84 [ -z "$quiet" ] && log_fail 1 ${MAXTEST} "Client/server w/postgresql";
Note:
See TracChangeset
for help on using the changeset viewer.
