Index: /trunk/aclocal.m4 =================================================================== --- /trunk/aclocal.m4 (revision 226) +++ /trunk/aclocal.m4 (revision 227) @@ -1202,4 +1202,20 @@ ]) +AC_DEFUN([GCC_STACK_CHECK_CC],[ + AC_LANG_ASSERT(C) + if test "X$CC" != "X"; then + AC_CACHE_CHECK([whether ${CC} accepts -fstack-check], + stackcheck_cv_cc, + [stackcheck_old_cflags="$CFLAGS" + CFLAGS="$CFLAGS -fstack-check" + AC_TRY_COMPILE(,, stackcheck_cv_cc=yes, stackcheck_cv_cc=no) + CFLAGS="$stackcheck_old_cflags" + ]) + if test $stackcheck_cv_cc = yes; then + CFLAGS="$CFLAGS -fstack-check" + fi + fi +]) + AC_DEFUN([GCC_WEMPTY_BODY],[ AC_LANG_ASSERT(C) Index: /trunk/configure.ac =================================================================== --- /trunk/configure.ac (revision 226) +++ /trunk/configure.ac (revision 227) @@ -637,4 +637,5 @@ GCC_STACK_PROTECT_LIB GCC_STACK_PROTECT_CC +dnl GCC_STACK_CHECK_CC GCC_PIE_CC fi Index: /trunk/docs/Changelog =================================================================== --- /trunk/docs/Changelog (revision 226) +++ /trunk/docs/Changelog (revision 227) @@ -1,3 +1,4 @@ 2.5.5: + * fix warnings with -fstack-check (too large stack frames) * fix for incorrect handling of hostnames in database insertion (reported by byron) Index: /trunk/src/CuTest.c =================================================================== --- /trunk/src/CuTest.c (revision 226) +++ /trunk/src/CuTest.c (revision 227) @@ -120,7 +120,7 @@ { va_list argp; - char buf[HUGE_STRING_LEN]; + char buf[2048]; va_start(argp, format); - vsprintf(buf, format, argp); + vsnprintf(buf, sizeof(buf), format, argp); va_end(argp); CuStringAppend(str, buf); @@ -174,7 +174,7 @@ static void CuFailInternal(CuTest* tc, const char* file, int line, CuString* string) { - char buf[HUGE_STRING_LEN]; - - sprintf(buf, "%s:%d: ", file, line); + char buf[256]; + + snprintf(buf, sizeof(buf), "%s:%d: ", file, line); CuStringInsert(string, buf, 0); Index: /trunk/src/sh_entropy.c =================================================================== --- /trunk/src/sh_entropy.c (revision 226) +++ /trunk/src/sh_entropy.c (revision 227) @@ -594,7 +594,7 @@ #if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETPWNAM_R) struct passwd pwd; - char buffer[SH_PWBUF_SIZE]; + char * buffer = SH_ALLOC(SH_PWBUF_SIZE); struct passwd * tempres; - sh_getpwnam_r(DEFAULT_IDENT, &pwd, buffer, sizeof(buffer), &tempres); + sh_getpwnam_r(DEFAULT_IDENT, &pwd, buffer, SH_PWBUF_SIZE, &tempres); #else struct passwd * tempres = sh_getpwnam(DEFAULT_IDENT); @@ -614,4 +614,7 @@ i = -1; } +#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETPWNAM_R) + SH_FREE(buffer); +#endif } Index: /trunk/src/sh_extern.c =================================================================== --- /trunk/src/sh_extern.c (revision 226) +++ /trunk/src/sh_extern.c (revision 227) @@ -1003,5 +1003,5 @@ #if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETPWNAM_R) struct passwd pwd; - char buffer[SH_PWBUF_SIZE]; + char * buffer = SH_ALLOC(SH_PWBUF_SIZE); #endif @@ -1012,9 +1012,12 @@ if (user == NULL) { +#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETPWNAM_R) + SH_FREE(buffer); +#endif SL_RETURN (-1, _("sh_ext_uid")); } #if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETPWNAM_R) - sh_getpwnam_r(user, &pwd, buffer, sizeof(buffer), &tempres); + sh_getpwnam_r(user, &pwd, buffer, SH_PWBUF_SIZE, &tempres); #else tempres = sh_getpwnam(user); @@ -1025,7 +1028,13 @@ *uid = tempres->pw_uid; *gid = tempres->pw_gid; +#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETPWNAM_R) + SH_FREE(buffer); +#endif SL_RETURN (0, _("sh_ext_uid")); } +#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETPWNAM_R) + SH_FREE(buffer); +#endif SL_RETURN (-1, _("sh_ext_uid")); } Index: /trunk/src/sh_files.c =================================================================== --- /trunk/src/sh_files.c (revision 226) +++ /trunk/src/sh_files.c (revision 227) @@ -1489,9 +1489,9 @@ int status; int dummy = S_FALSE; - dir_type theDir; + dir_type * theDir; ShFileType checkit; static unsigned int state = 1; - file_type theFile; + file_type * theFile; char * tmpname; char * tmpcat; @@ -1571,17 +1571,19 @@ /* ---- stat the directory ---- */ - sl_strlcpy (theFile.fullpath, iname, PATH_MAX); - theFile.attr_string = NULL; - theFile.link_path = NULL; + theFile = SH_ALLOC(sizeof(file_type)); + sl_strlcpy (theFile->fullpath, iname, PATH_MAX); + theFile->attr_string = NULL; + theFile->link_path = NULL; (void) relativeName; status = sh_unix_getinfo (ShDFLevel[SH_ERR_T_DIR], iname, - &theFile, NULL, iclass); + theFile, NULL, iclass); if ((sig_termfast == 1) || (sig_terminate == 1)) { - if (theFile.attr_string) SH_FREE(theFile.attr_string); - if (theFile.link_path) SH_FREE(theFile.link_path); + if (theFile->attr_string) SH_FREE(theFile->attr_string); + if (theFile->link_path) SH_FREE(theFile->link_path); + SH_FREE(theFile); SL_RETURN((0), _("sh_files_checkdir")); } @@ -1590,10 +1592,11 @@ { SH_FREE(tmpname); - if (theFile.attr_string) SH_FREE(theFile.attr_string); - if (theFile.link_path) SH_FREE(theFile.link_path); - SL_RETURN((-1), _("sh_files_checkdir")); - } - - if (theFile.c_mode[0] != 'd') + if (theFile->attr_string) SH_FREE(theFile->attr_string); + if (theFile->link_path) SH_FREE(theFile->link_path); + SH_FREE(theFile); + SL_RETURN((-1), _("sh_files_checkdir")); + } + + if (theFile->c_mode[0] != 'd') { sh_error_handle (ShDFLevel[SH_ERR_T_DIR], FIL__, __LINE__, 0, @@ -1601,11 +1604,15 @@ tmpname); SH_FREE(tmpname); - if (theFile.attr_string) SH_FREE(theFile.attr_string); - if (theFile.link_path) SH_FREE(theFile.link_path); + if (theFile->attr_string) SH_FREE(theFile->attr_string); + if (theFile->link_path) SH_FREE(theFile->link_path); + SH_FREE(theFile); SL_RETURN((-1), _("sh_files_checkdir")); } - hardlink_num = theFile.hardlinks; - + hardlink_num = theFile->hardlinks; + + if (theFile->attr_string) SH_FREE(theFile->attr_string); + if (theFile->link_path) SH_FREE(theFile->link_path); + SH_FREE(theFile); /* ---- open directory for reading ---- @@ -1623,22 +1630,21 @@ sh_error_message (status, errbuf, sizeof(errbuf)), tmpname); SH_FREE(tmpname); - - if (theFile.attr_string) SH_FREE(theFile.attr_string); - if (theFile.link_path) SH_FREE(theFile.link_path); SL_RETURN((-1), _("sh_files_checkdir")); } - theDir.NumRegular = 0; - theDir.NumDirs = 0; - theDir.NumSymlinks = 0; - theDir.NumFifos = 0; - theDir.NumSockets = 0; - theDir.NumCDev = 0; - theDir.NumBDev = 0; - theDir.NumDoor = 0; - theDir.NumPort = 0; - theDir.NumAll = 0; - theDir.TotalBytes = 0; - sl_strlcpy (theDir.DirPath, iname, PATH_MAX); + theDir = SH_ALLOC(sizeof(dir_type)); + + theDir->NumRegular = 0; + theDir->NumDirs = 0; + theDir->NumSymlinks = 0; + theDir->NumFifos = 0; + theDir->NumSockets = 0; + theDir->NumCDev = 0; + theDir->NumBDev = 0; + theDir->NumDoor = 0; + theDir->NumPort = 0; + theDir->NumAll = 0; + theDir->TotalBytes = 0; + sl_strlcpy (theDir->DirPath, iname, PATH_MAX); @@ -1654,13 +1660,13 @@ if (thisEntry != NULL) { - ++theDir.NumAll; + ++theDir->NumAll; if (sl_strcmp (thisEntry->d_name, ".") == 0) { - ++theDir.NumDirs; + ++theDir->NumDirs; continue; } if (sl_strcmp (thisEntry->d_name, "..") == 0) { - ++theDir.NumDirs; + ++theDir->NumDirs; continue; } @@ -1686,6 +1692,5 @@ if (sig_termfast == 1) { - if (theFile.attr_string) SH_FREE(theFile.attr_string); - if (theFile.link_path) SH_FREE(theFile.link_path); + SH_FREE(theDir); SL_RETURN((0), _("sh_files_checkdir")); } @@ -1769,5 +1774,5 @@ if (checkit == SH_FILE_DIRECTORY) { - ++theDir.NumDirs; + ++theDir->NumDirs; } SH_FREE(tmpcat); @@ -1805,9 +1810,9 @@ if (checkit == SH_FILE_REGULAR) - ++theDir.NumRegular; + ++theDir->NumRegular; else if (checkit == SH_FILE_DIRECTORY) { - ++theDir.NumDirs; + ++theDir->NumDirs; if (rdepth_next >= 0 && cchecked_flag != S_TRUE) { @@ -1870,11 +1875,11 @@ } - else if (checkit == SH_FILE_SYMLINK) ++theDir.NumSymlinks; - else if (checkit == SH_FILE_FIFO) ++theDir.NumFifos; - else if (checkit == SH_FILE_SOCKET) ++theDir.NumSockets; - else if (checkit == SH_FILE_CDEV) ++theDir.NumCDev; - else if (checkit == SH_FILE_BDEV) ++theDir.NumBDev; - else if (checkit == SH_FILE_DOOR) ++theDir.NumDoor; - else if (checkit == SH_FILE_PORT) ++theDir.NumPort; + else if (checkit == SH_FILE_SYMLINK) ++theDir->NumSymlinks; + else if (checkit == SH_FILE_FIFO) ++theDir->NumFifos; + else if (checkit == SH_FILE_SOCKET) ++theDir->NumSockets; + else if (checkit == SH_FILE_CDEV) ++theDir->NumCDev; + else if (checkit == SH_FILE_BDEV) ++theDir->NumBDev; + else if (checkit == SH_FILE_DOOR) ++theDir->NumDoor; + else if (checkit == SH_FILE_PORT) ++theDir->NumPort; SH_FREE(tmpcat); @@ -1882,6 +1887,5 @@ if ((sig_termfast == 1) || (sig_terminate == 1)) { - if (theFile.attr_string) SH_FREE(theFile.attr_string); - if (theFile.link_path) SH_FREE(theFile.link_path); + SH_FREE(theDir); SL_RETURN((0), _("sh_files_checkdir")); } @@ -1897,11 +1901,11 @@ { sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_FI_DSUM, - theDir.NumDirs, - theDir.NumRegular, - theDir.NumSymlinks, - theDir.NumFifos, - theDir.NumSockets, - theDir.NumCDev, - theDir.NumBDev); + theDir->NumDirs, + theDir->NumRegular, + theDir->NumSymlinks, + theDir->NumFifos, + theDir->NumSockets, + theDir->NumCDev, + theDir->NumBDev); } @@ -1912,7 +1916,7 @@ * Hardlink check; not done on MacOS X because of resource forks */ - if ((sh_check_hardlinks == S_TRUE) && (hardlink_num != theDir.NumDirs)) - { - if (0 != sh_files_hle_test(hardlink_num-theDir.NumDirs, iname)) + if ((sh_check_hardlinks == S_TRUE) && (hardlink_num != theDir->NumDirs)) + { + if (0 != sh_files_hle_test(hardlink_num-theDir->NumDirs, iname)) { len = strlen(tmpname); @@ -1922,5 +1926,5 @@ sl_snprintf(tmpcat, len, _("%s: subdirectory count (%d) != hardlinks (%d)"), - tmpname, theDir.NumDirs, hardlink_num); + tmpname, theDir->NumDirs, hardlink_num); sh_error_handle (ShDFLevel[SH_ERR_T_DIR], FIL__, __LINE__, 0, MSG_E_SUBGEN, tmpcat, _("sh_files_checkdir")); @@ -1930,7 +1934,6 @@ #endif - if (theFile.attr_string) SH_FREE(theFile.attr_string); - if (theFile.link_path) SH_FREE(theFile.link_path); SH_FREE(tmpname); + SH_FREE(theDir); SL_RETURN((0), _("sh_files_checkdir")); @@ -1947,8 +1950,8 @@ /* 28 Aug 2001 allow NULL fileName */ - char fullpath[PATH_MAX]; + char * fullpath; char fileHash[2*(KEY_LEN + 1)]; int status; - file_type theFile; + file_type * theFile; char * tmpdir; char * tmpname; @@ -1956,6 +1959,10 @@ struct utimbuf utime_buf; static unsigned int state = 1; + char sc; SL_ENTER(_("sh_files_filecheck")); + + fullpath = SH_ALLOC(PATH_MAX); + theFile = SH_ALLOC(sizeof(file_type)); BREAKEXIT(sh_derr); @@ -1982,4 +1989,6 @@ { sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_FI_NULL); + SH_FREE(fullpath); + SH_FREE(theFile); SL_RETURN(SH_FILE_UNKNOWN, _("sh_files_filecheck")); } @@ -2020,4 +2029,6 @@ SH_FREE(tmpname); SH_FREE(tmpdir); + SH_FREE(fullpath); + SH_FREE(theFile); SL_RETURN(SH_FILE_UNKNOWN, _("sh_files_filecheck")); } @@ -2026,9 +2037,9 @@ /* stat the file and determine checksum (if a regular file) */ - sl_strlcpy (theFile.fullpath, fullpath, PATH_MAX); - theFile.check_mask = sh_files_maskof(class); - theFile.file_reported = (*reported); - theFile.attr_string = NULL; - theFile.link_path = NULL; + sl_strlcpy (theFile->fullpath, fullpath, PATH_MAX); + theFile->check_mask = sh_files_maskof(class); + theFile->file_reported = (*reported); + theFile->attr_string = NULL; + theFile->link_path = NULL; TPT(( 0, FIL__, __LINE__, _("msg=\n"), fullpath)); @@ -2037,5 +2048,5 @@ ShDFLevel[class] : ShDFLevel[SH_ERR_T_FILE], fileName, - &theFile, fileHash, class); + theFile, fileHash, class); if (status != 0) @@ -2045,6 +2056,8 @@ if (class == SH_LEVEL_ALLIGNORE && sh.flag.checkSum != SH_CHECK_INIT) sh_hash_set_visited_true (fullpath); - if (theFile.attr_string) SH_FREE(theFile.attr_string); - if (theFile.link_path) SH_FREE(theFile.link_path); + if (theFile->attr_string) SH_FREE(theFile->attr_string); + if (theFile->link_path) SH_FREE(theFile->link_path); + SH_FREE(fullpath); + SH_FREE(theFile); SL_RETURN(SH_FILE_UNKNOWN, _("sh_files_filecheck")); } @@ -2056,5 +2069,5 @@ /* report */ - if ((flag_err_debug == SL_TRUE) && (theFile.c_mode[0] == '-')) + if ((flag_err_debug == SL_TRUE) && (theFile->c_mode[0] == '-')) { tmpname = sh_util_safe_name (fullpath); /* fixed in 1.5.4 */ @@ -2067,5 +2080,5 @@ if ( sh.flag.checkSum == SH_CHECK_INIT /* && sh.flag.update == S_FALSE */) { - sh_hash_pushdata (&theFile, fileHash); + sh_hash_pushdata (theFile, fileHash); } else if (sh.flag.checkSum == SH_CHECK_CHECK @@ -2074,15 +2087,15 @@ ) { - sh_hash_compdata (class, &theFile, fileHash, NULL, -1); + sh_hash_compdata (class, theFile, fileHash, NULL, -1); } - (*reported) = theFile.file_reported; + (*reported) = theFile->file_reported; /* reset the access time */ - if (class == SH_LEVEL_NOIGNORE && (theFile.check_mask & MODI_ATM) != 0) - { - utime_buf.actime = (time_t) theFile.atime; - utime_buf.modtime = (time_t) theFile.mtime; + if (class == SH_LEVEL_NOIGNORE && (theFile->check_mask & MODI_ATM) != 0) + { + utime_buf.actime = (time_t) theFile->atime; + utime_buf.modtime = (time_t) theFile->mtime; #if !defined(O_NOATIME) retry_aud_utime (FIL__, __LINE__, fullpath, &utime_buf); @@ -2094,10 +2107,10 @@ * Check for resource fork */ - if ( (theFile.c_mode[0] != 'd') && (rsrcflag == 0) ) + if ( (theFile->c_mode[0] != 'd') && (rsrcflag == 0) ) { int dummy; static int rsrc_init = 0; static char rsrc[17]; - char testpath[PATH_MAX]; + char testpath = SH_ALLOC(PATH_MAX); if (rsrc_init == 0) { @@ -2116,4 +2129,5 @@ } } + SH_FREE(testpath); } #else @@ -2123,8 +2137,12 @@ ret_point: - if (theFile.attr_string) SH_FREE(theFile.attr_string); - if (theFile.link_path) SH_FREE(theFile.link_path); - - switch (theFile.c_mode[0]) + sc = theFile->c_mode[0]; + + if (theFile->attr_string) SH_FREE(theFile->attr_string); + if (theFile->link_path) SH_FREE(theFile->link_path); + SH_FREE(fullpath); + SH_FREE(theFile); + + switch (sc) { case '-': SL_RETURN(SH_FILE_REGULAR, _("sh_files_filecheck")); Index: /trunk/src/sh_gpg.c =================================================================== --- /trunk/src/sh_gpg.c (revision 226) +++ /trunk/src/sh_gpg.c (revision 227) @@ -295,7 +295,7 @@ #if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETPWNAM_R) struct passwd pwd; - char buffer[SH_PWBUF_SIZE]; + char * buffer = SH_ALLOC(SH_PWBUF_SIZE); struct passwd * tempres; - sh_getpwnam_r(DEFAULT_IDENT, &pwd, buffer, sizeof(buffer), &tempres); + sh_getpwnam_r(DEFAULT_IDENT, &pwd, buffer, SH_PWBUF_SIZE, &tempres); #else struct passwd * tempres = sh_getpwnam(DEFAULT_IDENT); @@ -363,4 +363,7 @@ sl_strlcpy (cc4, tempres->pw_dir, SH_PATHBUF+32); sl_strlcat (cc4, _("/.gnupg"), SH_PATHBUF+32); +#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETPWNAM_R) + SH_FREE(buffer); +#endif } #endif @@ -964,5 +967,5 @@ #if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETPWNAM_R) struct passwd pwd; - char buffer[SH_PWBUF_SIZE]; + char * buffer = SH_ALLOC(SH_PWBUF_SIZE); #endif #endif @@ -989,4 +992,9 @@ sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_EXIT_ABORT1, sh.prg_name); aud_exit (FIL__, __LINE__, EXIT_FAILURE); +#if defined(SH_WITH_SERVER) +#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETPWNAM_R) + SH_FREE(buffer); +#endif +#endif SL_RETURN( (-1), _("sh_gpg_check_sign")); } @@ -997,5 +1005,5 @@ #if defined(SH_WITH_SERVER) #if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETPWNAM_R) - sh_getpwnam_r(DEFAULT_IDENT, &pwd, buffer, sizeof(buffer), &tempres); + sh_getpwnam_r(DEFAULT_IDENT, &pwd, buffer, SH_PWBUF_SIZE, &tempres); #else tempres = sh_getpwnam(DEFAULT_IDENT); @@ -1018,5 +1026,5 @@ #if defined(SH_WITH_SERVER) #if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETPWNAM_R) - sh_getpwnam_r(DEFAULT_IDENT, &pwd, buffer, sizeof(buffer), &tempres); + sh_getpwnam_r(DEFAULT_IDENT, &pwd, buffer, SH_PWBUF_SIZE, &tempres); #else tempres = sh_getpwnam(DEFAULT_IDENT); @@ -1065,4 +1073,9 @@ } smsg = S_TRUE; +#if defined(SH_WITH_SERVER) +#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETPWNAM_R) + SH_FREE(buffer); +#endif +#endif SL_RETURN(0, _("sh_gpg_check_sign")); } @@ -1093,4 +1106,9 @@ } smsg = S_TRUE; +#if defined(SH_WITH_SERVER) +#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETPWNAM_R) + SH_FREE(buffer); +#endif +#endif SL_RETURN(0, _("sh_gpg_check_sign")); #endif @@ -1102,4 +1120,9 @@ (sl_strcmp(gp.data_fp, gp.conf_fp) == 0)) { +#if defined(SH_WITH_SERVER) +#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETPWNAM_R) + SH_FREE(buffer); +#endif +#endif SL_RETURN(0, _("sh_gpg_check_sign")); } @@ -1131,7 +1154,7 @@ #if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETPWNAM_R) struct passwd e_pwd; - char e_buffer[SH_PWBUF_SIZE]; + char * e_buffer = SH_ALLOC(SH_PWBUF_SIZE); struct passwd * e_tempres; - sh_getpwnam_r(DEFAULT_IDENT, &e_pwd, e_buffer, sizeof(e_buffer), &e_tempres); + sh_getpwnam_r(DEFAULT_IDENT, &e_pwd, e_buffer, SH_PWBUF_SIZE, &e_tempres); #else struct passwd * e_tempres = sh_getpwnam(DEFAULT_IDENT); @@ -1153,4 +1176,10 @@ #endif (int) e_uid, e_home); + +#if defined(SH_WITH_SERVER) +#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETPWNAM_R) + SH_FREE(e_buffer); +#endif +#endif } Index: /trunk/src/sh_hash.c =================================================================== --- /trunk/src/sh_hash.c (revision 226) +++ /trunk/src/sh_hash.c (revision 227) @@ -1338,4 +1338,6 @@ --sig_raised; --sig_urgent; retval = 1; exitval = EXIT_SUCCESS; + SH_FREE(line); + line = NULL; goto unlock_and_return; } @@ -2173,39 +2175,39 @@ unsigned char * str, int size) { - file_type tmpFile; int i = 0; char * p; char i2h[2]; - - tmpFile.attr_string = NULL; - tmpFile.link_path = NULL; - - sl_strlcpy(tmpFile.fullpath, key, PATH_MAX); - tmpFile.size = val1; - tmpFile.mtime = val2; - tmpFile.ctime = val3; - - tmpFile.atime = 0; - tmpFile.mode = 0; - tmpFile.owner = 0; - tmpFile.group = 0; - sl_strlcpy(tmpFile.c_owner, _("root"), 5); - sl_strlcpy(tmpFile.c_group, _("root"), 5); + file_type * tmpFile = SH_ALLOC(sizeof(file_type)); + + tmpFile->attr_string = NULL; + tmpFile->link_path = NULL; + + sl_strlcpy(tmpFile->fullpath, key, PATH_MAX); + tmpFile->size = val1; + tmpFile->mtime = val2; + tmpFile->ctime = val3; + + tmpFile->atime = 0; + tmpFile->mode = 0; + tmpFile->owner = 0; + tmpFile->group = 0; + sl_strlcpy(tmpFile->c_owner, _("root"), 5); + sl_strlcpy(tmpFile->c_group, _("root"), 5); if ((str != NULL) && (size < (PATH_MAX/2)-1)) { - tmpFile.c_mode[0] = 'l'; - tmpFile.c_mode[1] = 'r'; tmpFile.c_mode[2] = 'w'; - tmpFile.c_mode[3] = 'x'; tmpFile.c_mode[4] = 'r'; - tmpFile.c_mode[5] = 'w'; tmpFile.c_mode[6] = 'x'; - tmpFile.c_mode[7] = 'r'; tmpFile.c_mode[8] = 'w'; - tmpFile.c_mode[9] = 'x'; tmpFile.c_mode[10] = '\0'; - tmpFile.link_path = SH_ALLOC((size * 2) + 2); + tmpFile->c_mode[0] = 'l'; + tmpFile->c_mode[1] = 'r'; tmpFile->c_mode[2] = 'w'; + tmpFile->c_mode[3] = 'x'; tmpFile->c_mode[4] = 'r'; + tmpFile->c_mode[5] = 'w'; tmpFile->c_mode[6] = 'x'; + tmpFile->c_mode[7] = 'r'; tmpFile->c_mode[8] = 'w'; + tmpFile->c_mode[9] = 'x'; tmpFile->c_mode[10] = '\0'; + tmpFile->link_path = SH_ALLOC((size * 2) + 2); for (i = 0; i < size; ++i) { p = sh_util_charhex (str[i],i2h); - tmpFile.link_path[2*i] = p[0]; - tmpFile.link_path[2*i+1] = p[1]; - tmpFile.link_path[2*i+2] = '\0'; + tmpFile->link_path[2*i] = p[0]; + tmpFile->link_path[2*i+1] = p[1]; + tmpFile->link_path[2*i+2] = '\0'; } } @@ -2213,16 +2215,17 @@ { for (i = 0; i < 10; ++i) - tmpFile.c_mode[i] = '-'; - tmpFile.c_mode[10] = '\0'; - tmpFile.link_path = sh_util_strdup("-"); + tmpFile->c_mode[i] = '-'; + tmpFile->c_mode[10] = '\0'; + tmpFile->link_path = sh_util_strdup("-"); } if (sh.flag.checkSum == SH_CHECK_CHECK && sh.flag.update == S_TRUE) - sh_hash_pushdata_memory (&tmpFile, SH_KEY_NULL); - else - sh_hash_pushdata (&tmpFile, SH_KEY_NULL); - - if (tmpFile.link_path) SH_FREE(tmpFile.link_path); + sh_hash_pushdata_memory (tmpFile, SH_KEY_NULL); + else + sh_hash_pushdata (tmpFile, SH_KEY_NULL); + + if (tmpFile->link_path) SH_FREE(tmpFile->link_path); + SH_FREE(tmpFile); return; } @@ -2234,24 +2237,24 @@ int * size) { - file_type tmpFile; size_t len; char * p; int i; char * retval = NULL; + file_type * tmpFile = SH_ALLOC(sizeof(file_type)); *size = 0; - if (0 == sh_hash_get_it (key, &tmpFile)) - { - *val1 = tmpFile.size; - *val2 = tmpFile.mtime; - *val3 = tmpFile.ctime; - - if (tmpFile.link_path && tmpFile.link_path[0] != '-') - { - len = strlen(tmpFile.link_path); + if (0 == sh_hash_get_it (key, tmpFile)) + { + *val1 = tmpFile->size; + *val2 = tmpFile->mtime; + *val3 = tmpFile->ctime; + + if (tmpFile->link_path && tmpFile->link_path[0] != '-') + { + len = strlen(tmpFile->link_path); p = SH_ALLOC((len/2)+1); - i = sh_util_hextobinary (p, tmpFile.link_path, len); + i = sh_util_hextobinary (p, tmpFile->link_path, len); if (i == 0) @@ -2279,5 +2282,6 @@ *val3 = 0; } - if (tmpFile.link_path) SH_FREE(tmpFile.link_path); + if (tmpFile->link_path) SH_FREE(tmpFile->link_path); + SH_FREE(tmpFile); return retval; } @@ -3990,4 +3994,5 @@ decompressed[clen] = '\0'; fputs( (char*) decompressed, stdout); + SH_FREE(decompressed); return 0; } Index: /trunk/src/sh_prelude.c =================================================================== --- /trunk/src/sh_prelude.c (revision 226) +++ /trunk/src/sh_prelude.c (revision 227) @@ -707,5 +707,5 @@ #if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETPWNAM_R) struct passwd pwd; - char buffer[SH_PWBUF_SIZE]; + char * buffer; #endif @@ -896,5 +896,6 @@ #if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETPWNAM_R) - sh_getpwnam_r(ptr, &pwd, buffer, sizeof(buffer), &pw); + buffer = SH_ALLOC(SH_PWBUF_SIZE); + sh_getpwnam_r(ptr, &pwd, buffer, SH_PWBUF_SIZE, &pw); #else pw = sh_getpwnam(ptr); @@ -906,9 +907,16 @@ if ( ret < 0 ) { free(ptr); +#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETPWNAM_R) + SH_FREE(buffer); +#endif return ret; } prelude_string_set_nodup(str, ptr); +#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETPWNAM_R) + SH_FREE(buffer); +#endif } + ptr = get_value(msg, _("path"), NULL); @@ -967,5 +975,5 @@ #if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETPWNAM_R) struct passwd pwd; - char buffer[SH_PWBUF_SIZE]; + char * buffer; #endif prelude_string_t *str; @@ -1054,5 +1062,6 @@ #if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETPWNAM_R) - sh_getpwnam_r(ptr, &pwd, buffer, sizeof(buffer), &pw); + buffer = SH_ALLOC(SH_PWBUF_SIZE); + sh_getpwnam_r(ptr, &pwd, buffer, SH_PWBUF_SIZE, &pw); #else pw = sh_getpwnam(ptr); @@ -1064,4 +1073,7 @@ if ( ret < 0 ) { free(ptr); +#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETPWNAM_R) + SH_FREE(buffer); +#endif return ret; } @@ -1073,4 +1085,7 @@ if ( ret < 0 ) { free(ptr); +#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETPWNAM_R) + SH_FREE(buffer); +#endif return ret; } @@ -1078,4 +1093,7 @@ prelude_string_set_nodup(str, ptr); } +#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETPWNAM_R) + SH_FREE(buffer); +#endif } Index: /trunk/src/sh_suidchk.c =================================================================== --- /trunk/src/sh_suidchk.c (revision 226) +++ /trunk/src/sh_suidchk.c (revision 227) @@ -860,5 +860,5 @@ char * fs; long sl_status; - file_type theFile; + file_type * theFile = NULL; char fileHash[2*(KEY_LEN + 1)]; @@ -959,4 +959,5 @@ _("sh_suidchk_check_internal"), tmp ); SH_FREE(tmp); + SH_FREE(tmpcat); dirlist = dirlist->next; continue; @@ -1032,14 +1033,15 @@ ) { - - (void) sl_strlcpy (theFile.fullpath, tmpcat, PATH_MAX); - theFile.check_mask = sh_files_maskof(SH_LEVEL_READONLY); - CLEAR_SH_FFLAG_REPORTED(theFile.file_reported); - theFile.attr_string = NULL; - theFile.link_path = NULL; + theFile = SH_ALLOC(sizeof(file_type)); + + (void) sl_strlcpy (theFile->fullpath, tmpcat, PATH_MAX); + theFile->check_mask = sh_files_maskof(SH_LEVEL_READONLY); + CLEAR_SH_FFLAG_REPORTED(theFile->file_reported); + theFile->attr_string = NULL; + theFile->link_path = NULL; status = sh_unix_getinfo (ShDFLevel[SH_ERR_T_RO], dirlist->sh_d_name, - &theFile, fileHash, 0); + theFile, fileHash, 0); tmp = sh_util_safe_name(tmpcat); @@ -1076,9 +1078,9 @@ if (0 == sh_hash_compdata (SH_LEVEL_READONLY, - &theFile, fileHash, + theFile, fileHash, _("[SuidCheck]"), ShSuidchkSeverity)) { - sh_hash_pushdata_memory (&theFile, fileHash); + sh_hash_pushdata_memory (theFile, fileHash); } @@ -1092,5 +1094,5 @@ /* Running init. Report on files detected. */ - sh_hash_pushdata (&theFile, fileHash); + sh_hash_pushdata (theFile, fileHash); sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_SUID_FOUND, tmp ); @@ -1111,9 +1113,9 @@ if (-1 == fflags) { - (void) sh_unix_gmttime (theFile.ctime, timestrc, sizeof(timestrc)); - (void) sh_unix_gmttime (theFile.atime, timestra, sizeof(timestra)); - (void) sh_unix_gmttime (theFile.mtime, timestrm, sizeof(timestrm)); - - report_file(tmpcat, &theFile, timestrc, timestra, timestrm); + (void) sh_unix_gmttime (theFile->ctime, timestrc, sizeof(timestrc)); + (void) sh_unix_gmttime (theFile->atime, timestra, sizeof(timestra)); + (void) sh_unix_gmttime (theFile->mtime, timestrm, sizeof(timestrm)); + + report_file(tmpcat, theFile, timestrc, timestra, timestrm); } /* Quarantine file according to configured method @@ -1124,11 +1126,11 @@ { case SH_Q_DELETE: - sh_q_delete(theFile.fullpath); + sh_q_delete(theFile->fullpath); break; case SH_Q_CHANGEPERM: - sh_q_changeperm(theFile.fullpath); + sh_q_changeperm(theFile->fullpath); break; case SH_Q_MOVE: - sh_q_move(theFile.fullpath, &theFile, timestrc, timestra, timestrm); + sh_q_move(theFile->fullpath, theFile, timestrc, timestra, timestrm); break; default: @@ -1144,5 +1146,5 @@ */ (void) sh_hash_compdata (SH_LEVEL_READONLY, - &theFile, fileHash, + theFile, fileHash, _("[SuidCheck]"), ShSuidchkSeverity); @@ -1157,5 +1159,5 @@ */ (void) sh_hash_compdata (SH_LEVEL_READONLY, - &theFile, fileHash, + theFile, fileHash, _("[SuidCheck]"), ShSuidchkSeverity); @@ -1167,6 +1169,7 @@ } SH_FREE(tmp); - if (theFile.attr_string) SH_FREE(theFile.attr_string); - if (theFile.link_path) SH_FREE(theFile.link_path); + if (theFile->attr_string) SH_FREE(theFile->attr_string); + if (theFile->link_path) SH_FREE(theFile->link_path); + SH_FREE(theFile); } } Index: /trunk/src/sh_unix.c =================================================================== --- /trunk/src/sh_unix.c (revision 226) +++ /trunk/src/sh_unix.c (revision 227) @@ -990,5 +990,5 @@ #if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETPWNAM_R) struct passwd pwd; - char buffer[SH_PWBUF_SIZE]; + char * buffer; #endif @@ -998,5 +998,6 @@ */ #if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETPWNAM_R) - sh_getpwnam_r(c, &pwd, buffer, sizeof(buffer), &w); + buffer = SH_ALLOC(SH_PWBUF_SIZE); + sh_getpwnam_r(c, &pwd, buffer, SH_PWBUF_SIZE, &w); #else w = sh_getpwnam(c); @@ -1014,8 +1015,14 @@ sh_error_handle ((-1), FIL__, __LINE__, EINVAL, MSG_EINVALS, _("add trusted user"), c); +#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETPWNAM_R) + SH_FREE(buffer); +#endif SL_RETURN((-1), _("tf_add_trusted_user_int")); succe: count = sl_trust_add_user(pwid); +#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETPWNAM_R) + SH_FREE(buffer); +#endif SL_RETURN((count), _("tf_add_trusted_user_int")); } @@ -1092,7 +1099,7 @@ #if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETPWNAM_R) struct passwd pwd; - char buffer[SH_PWBUF_SIZE]; + char * buffer = SH_ALLOC(SH_PWBUF_SIZE); struct passwd * tempres; - sh_getpwnam_r(DEFAULT_IDENT, &pwd, buffer, sizeof(buffer), &tempres); + sh_getpwnam_r(DEFAULT_IDENT, &pwd, buffer, SH_PWBUF_SIZE, &tempres); #else struct passwd * tempres = sh_getpwnam(DEFAULT_IDENT); @@ -1107,4 +1114,7 @@ } ff_euid = tempres->pw_uid; +#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETPWNAM_R) + SH_FREE(buffer); +#endif } #endif @@ -2469,5 +2479,5 @@ #if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETPWUID_R) struct passwd pwd; - char buffer[SH_PWBUF_SIZE]; + char * buffer; #endif char errbuf[SH_ERRBUF_SIZE]; @@ -2476,5 +2486,6 @@ #if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETPWUID_R) - sh_getpwuid_r(uid, &pwd, buffer, sizeof(buffer), &tempres); + buffer = SH_ALLOC(SH_PWBUF_SIZE); + sh_getpwuid_r(uid, &pwd, buffer, SH_PWBUF_SIZE, &tempres); #else errno = 0; @@ -2487,4 +2498,7 @@ sh_error_message(status, errbuf, sizeof(errbuf)), _("getpwuid"), (long) uid, _("completely missing")); +#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETGRGID_R) + SH_FREE(buffer); +#endif SL_RETURN( NULL, _("sh_unix_getUIDdir")); } @@ -2492,4 +2506,7 @@ if (tempres->pw_dir != NULL) { sl_strlcpy(out, tempres->pw_dir, len); +#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETGRGID_R) + SH_FREE(buffer); +#endif SL_RETURN( out, _("sh_unix_getUIDdir")); } else { @@ -2497,4 +2514,7 @@ sh_error_message(status, errbuf, sizeof(errbuf)), _("getpwuid"), (long) uid, _("pw_dir")); +#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETGRGID_R) + SH_FREE(buffer); +#endif SL_RETURN( NULL, _("sh_unix_getUIDdir")); } @@ -2508,5 +2528,5 @@ #if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETPWUID_R) struct passwd pwd; - char buffer[SH_PWBUF_SIZE]; + char * buffer; #endif int status = 0; @@ -2529,5 +2549,6 @@ #if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETPWUID_R) - sh_getpwuid_r(uid, &pwd, buffer, sizeof(buffer), &tempres); + buffer = SH_ALLOC(SH_PWBUF_SIZE); + sh_getpwuid_r(uid, &pwd, buffer, SH_PWBUF_SIZE, &tempres); #else errno = 0; @@ -2540,4 +2561,7 @@ sh_error_message(status, errbuf, sizeof(errbuf)), _("getpwuid"), (long) uid, _("completely missing")); +#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETGRGID_R) + SH_FREE(buffer); +#endif SL_RETURN( NULL, _("sh_unix_getUIDname")); } @@ -2550,4 +2574,7 @@ sl_strlcpy(out, name, len); SH_MUTEX_UNLOCK_UNSAFE(mutex_getUIDname); +#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETGRGID_R) + SH_FREE(buffer); +#endif SL_RETURN( out, _("sh_unix_getUIDname")); } else { @@ -2555,4 +2582,7 @@ sh_error_message(status, errbuf, sizeof(errbuf)), _("getpwuid"), (long) uid, _("pw_user")); +#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETGRGID_R) + SH_FREE(buffer); +#endif SL_RETURN( NULL, _("sh_unix_getUIDname")); } @@ -2569,5 +2599,5 @@ #if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETGRGID_R) struct group grp; - char buffer[SH_GRBUF_SIZE]; + char * buffer; #endif char errbuf[SH_ERRBUF_SIZE]; @@ -2588,5 +2618,6 @@ #if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETGRGID_R) - status = sh_getgrgid_r(gid, &grp, buffer, sizeof(buffer), &tempres); + buffer = SH_ALLOC(SH_GRBUF_SIZE); + status = sh_getgrgid_r(gid, &grp, buffer, SH_GRBUF_SIZE, &tempres); #else errno = 0; @@ -2600,4 +2631,7 @@ _("getgrgid"), (long) gid, _("completely missing")); +#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETGRGID_R) + SH_FREE(buffer); +#endif SL_RETURN( NULL, _("sh_unix_getGIDname")); } @@ -2609,4 +2643,7 @@ sl_strlcpy(out, name, len); SH_MUTEX_UNLOCK_UNSAFE(mutex_getGIDname); +#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETGRGID_R) + SH_FREE(buffer); +#endif SL_RETURN( out, _("sh_unix_getGIDname")); } else { @@ -2614,4 +2651,7 @@ sh_error_message(status, errbuf, sizeof(errbuf)), _("getgrgid"), (long) gid, _("gr_name")); +#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETGRGID_R) + SH_FREE(buffer); +#endif SL_RETURN( NULL, _("sh_unix_getGIDname")); } @@ -3136,15 +3176,16 @@ char * fileHash, int alert_timeout, SL_TICKET fd) { - file_type tmpFile; + file_type * tmpFile; int status; SL_ENTER(_("sh_unix_checksum_size")); - tmpFile.link_path = NULL; + tmpFile = SH_ALLOC(sizeof(file_type)); + tmpFile->link_path = NULL; if (sh.flag.checkSum != SH_CHECK_INIT) { /* lookup file in database */ - status = sh_hash_get_it (filename, &tmpFile); + status = sh_hash_get_it (filename, tmpFile); if (status != 0) { goto out; @@ -3153,12 +3194,12 @@ else { - tmpFile.size = fbuf->st_size; + tmpFile->size = fbuf->st_size; } /* if last < current get checksum */ - if (tmpFile.size < fbuf->st_size) + if (tmpFile->size < fbuf->st_size) { char hashbuf[KEYBUF_SIZE]; - UINT64 local_length = (UINT64) (tmpFile.size < 0 ? 0 : tmpFile.size); + UINT64 local_length = (UINT64) (tmpFile->size < 0 ? 0 : tmpFile->size); sl_strlcpy(fileHash, sh_tiger_generic_hash (filename, fd, &(local_length), @@ -3167,10 +3208,12 @@ /* return */ - if (tmpFile.link_path) SH_FREE(tmpFile.link_path); + if (tmpFile->link_path) SH_FREE(tmpFile->link_path); + SH_FREE(tmpFile); SL_RETURN( 0, _("sh_unix_checksum_size")); } out: - if (tmpFile.link_path) SH_FREE(tmpFile.link_path); + if (tmpFile->link_path) SH_FREE(tmpFile->link_path); + SH_FREE(tmpFile); sl_strlcpy(fileHash, SH_KEY_NULL, KEY_LEN+1); SL_RETURN( -1, _("sh_unix_checksum_size")); Index: /trunk/src/sh_userfiles.c =================================================================== --- /trunk/src/sh_userfiles.c (revision 226) +++ /trunk/src/sh_userfiles.c (revision 227) @@ -251,4 +251,5 @@ struct userhomeslist *new; struct userhomeslist *homes; + char * filepath; (void) arg; @@ -297,7 +298,8 @@ SH_MUTEX_UNLOCK(mutex_pwent); + filepath = SH_ALLOC(PATH_MAX); + for (homes = userHomes; homes != NULL; homes = homes->next ) { struct userfileslist *file_ptr; - char filepath[PATH_MAX]; for (file_ptr = userFiles; file_ptr != NULL; file_ptr = file_ptr->next) { @@ -348,4 +350,6 @@ } } + + SH_FREE(filepath); SL_RETURN(0, _("sh_userfiles_init")); Index: /trunk/src/slib.c =================================================================== --- /trunk/src/slib.c (revision 226) +++ /trunk/src/slib.c (revision 227) @@ -1473,7 +1473,9 @@ #if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETPWNAM_R) struct passwd pwd; - char buffer[SH_PWBUF_SIZE]; + char * buffer; struct passwd * tempres; - sh_getpwnam_r(user, &pwd, buffer, sizeof(buffer), &tempres); + buffer = malloc(SH_PWBUF_SIZE); + SL_REQUIRE (buffer != NULL, _("buffer != NULL")); + sh_getpwnam_r(user, &pwd, buffer, SH_PWBUF_SIZE, &tempres); #else struct passwd * tempres = sh_getpwnam(user); @@ -1484,4 +1486,7 @@ rgid_orig = tempres->pw_gid; ruid_orig = tempres->pw_uid; +#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETPWNAM_R) + free(buffer); +#endif } else @@ -1516,7 +1521,9 @@ #if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETPWNAM_R) struct passwd pwd; - char buffer[SH_PWBUF_SIZE]; + char * buffer; struct passwd * tempres; - sh_getpwnam_r(user, &pwd, buffer, sizeof(buffer), &tempres); + buffer = malloc(SH_PWBUF_SIZE); + SL_REQUIRE (buffer != NULL, _("buffer != NULL")); + sh_getpwnam_r(user, &pwd, buffer, SH_PWBUF_SIZE, &tempres); #else struct passwd * tempres = sh_getpwnam(user); @@ -1527,4 +1534,7 @@ SL_REQUIRE (sl_drop_privileges() == SL_ENONE, _("sl_drop_privileges() == SL_ENONE")); +#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETPWNAM_R) + free(buffer); +#endif } SL_IRETURN(SL_ENONE, _("sl_policy_get_user")); Index: /trunk/src/trustfile.c =================================================================== --- /trunk/src/trustfile.c (revision 226) +++ /trunk/src/trustfile.c (revision 227) @@ -422,7 +422,7 @@ #if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETGRGID_R) struct group gr; - char buffer[SH_GRBUF_SIZE]; + char * buffer = NULL; struct passwd pwd; - char pbuffer[SH_PWBUF_SIZE]; + char * pbuffer = NULL; #endif @@ -430,5 +430,6 @@ #if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETGRGID_R) - sh_getgrgid_r(grp, &gr, buffer, sizeof(buffer), &g); + buffer = malloc(SH_GRBUF_SIZE); + sh_getgrgid_r(grp, &gr, buffer, SH_GRBUF_SIZE, &g); #else g = sh_getgrgid(grp); @@ -437,13 +438,13 @@ if (g == NULL) { - SL_IRETURN(SL_FALSE, _("isingrp") ); - } - /* - if(g->gr_mem == NULL || g->gr_mem[0] == NULL ) - SL_IRETURN(SL_FALSE, _("isingrp") ); - */ + goto end_false; + } /* this will return at the first match */ +#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETGRGID_R) + pbuffer = malloc(SH_PWBUF_SIZE); +#endif + for(p = g->gr_mem; *p != NULL; p++) { @@ -452,5 +453,5 @@ /* map user name to UID and compare */ #if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETPWNAM_R) - sh_getpwnam_r(*p, &pwd, pbuffer, sizeof(pbuffer), &w); + sh_getpwnam_r(*p, &pwd, pbuffer, SH_PWBUF_SIZE, &w); #else w = sh_getpwnam(*p); @@ -459,9 +460,9 @@ #ifdef TRUST_MAIN if (w != NULL && *u == (uid_t)(w->pw_uid) ) - SL_IRETURN(SL_TRUE, _("isingrp")); + goto end_true; #else if (w != NULL && *u == (uid_t)(w->pw_uid) ) { - SL_IRETURN(SL_TRUE, _("isingrp")); + goto end_true; } #endif @@ -474,5 +475,5 @@ { #if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETPWUID_R) - sh_getpwuid_r(*u, &pwd, pbuffer, sizeof(pbuffer), &w); + sh_getpwuid_r(*u, &pwd, pbuffer, SH_PWBUF_SIZE, &w); #else w = sh_getpwuid(*u); @@ -480,14 +481,26 @@ #ifdef TRUST_MAIN if (w != NULL && grp == (gid_t)(w->pw_gid) ) - SL_IRETURN(SL_TRUE, _("isingrp")); + goto end_true; #else if (w != NULL && grp == (gid_t)(w->pw_gid) ) { - SL_IRETURN(SL_TRUE, _("isingrp")); - } -#endif - } - + goto end_true; + } +#endif + } + + end_false: +#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETGRGID_R) + if (buffer) free(buffer); + if (pbuffer) free(pbuffer); +#endif SL_IRETURN(SL_FALSE, _("isingrp")); + + end_true: +#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETGRGID_R) + if (buffer) free(buffer); + if (pbuffer) free(pbuffer); +#endif + SL_IRETURN(SL_TRUE, _("isingrp")); } @@ -506,7 +519,7 @@ #if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETGRGID_R) struct group gr; - char buffer[SH_GRBUF_SIZE]; + char * buffer = NULL; struct passwd pw; - char pbuffer[SH_PWBUF_SIZE]; + char * pbuffer = NULL; #endif @@ -521,5 +534,6 @@ #if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETGRGID_R) - sh_getgrgid_r(grp, &gr, buffer, sizeof(buffer), &g); + buffer = malloc(SH_GRBUF_SIZE); + sh_getgrgid_r(grp, &gr, buffer, SH_GRBUF_SIZE, &g); #else g = sh_getgrgid(grp); @@ -533,5 +547,6 @@ (UID_CAST)grp); #endif - SL_IRETURN(SL_FALSE, _("onlytrustedingrp") ); + retval = SL_FALSE; + goto end_retval; } @@ -544,4 +559,8 @@ /* check for untrusted members of the group */ +#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETPWNAM_R) + pbuffer = malloc(SH_PWBUF_SIZE); +#endif + for(p = g->gr_mem; *p != NULL; p++) { @@ -553,5 +572,5 @@ */ #if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETPWNAM_R) - sh_getpwnam_r(*p, &pw, pbuffer, sizeof(pbuffer), &w); + sh_getpwnam_r(*p, &pw, pbuffer, SH_PWBUF_SIZE, &w); #else w = sh_getpwnam(*p); @@ -601,7 +620,15 @@ #endif tf_baduid = w->pw_uid; - SL_IRETURN(SL_FALSE, _("onlytrustedingrp")); - } - } + retval = SL_FALSE; +#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETGRGID_R) + if (pbuffer) free(pbuffer); +#endif + goto end_retval; + } + } + +#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETGRGID_R) + if (pbuffer) free(pbuffer); +#endif #ifndef TEST_ONLY @@ -680,4 +707,8 @@ /* all found */ + end_retval: +#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETGRGID_R) + if (buffer) free(buffer); +#endif SL_IRETURN(retval, _("onlytrustedingrp")); } @@ -685,6 +716,6 @@ int sl_trustfile(const char *fname, uid_t *okusers, uid_t *badusers) { - char fexp[MAXFILENAME]; /* file name fully expanded */ - register char *p = fexp; /* used to hold name to be checked */ + char * fexp = NULL; /* file name fully expanded */ + register char *p; /* used to hold name to be checked */ struct stat stbuf; /* used to check file permissions */ char c; /* used to hold temp char */ @@ -693,4 +724,10 @@ if (fname == NULL) SL_IRETURN(SL_EBADFILE, _("sl_trustfile")); + + fexp = malloc( MAXFILENAME ); + if (!fexp) + SL_IRETURN(SL_EMEM, _("sl_trustfile")); + + p = fexp; /* @@ -701,8 +738,14 @@ sl_errno = getfname(fname, fexp, MAXFILENAME); if (sl_errno != 0) - return sl_errno; + { + free(fexp); + return sl_errno; + } #else if (SL_ISERROR(getfname(fname, fexp, MAXFILENAME))) + { + free(fexp); SL_IRETURN(sl_errno, _("sl_trustfile")); + } #endif @@ -755,4 +798,5 @@ fprintf(stderr, "---------------------------------------------\n"); #endif + free(fexp); SL_IRETURN(SL_ESTAT, _("sl_trustfile")); } @@ -781,6 +825,6 @@ * got it? */ - char csym[MAXFILENAME]; /* contents of symlink file */ - char full[MAXFILENAME]; /* "full" name of symlink */ + char * csym; /* contents of symlink file */ + char * full; /* "full" name of symlink */ register char *b, *t; /* used to copy stuff around */ register int lsym; /* num chars in symlink ref */ @@ -797,4 +841,11 @@ * R.W. Tue May 29 22:05:16 CEST 2001 */ + csym = malloc( MAXFILENAME ); + if (!csym) + { + free(fexp); + SL_IRETURN(SL_EMEM, _("sl_trustfile")); + } + lsym = readlink(fexp, csym, MAXFILENAME-1); if (lsym >= 0) @@ -808,5 +859,15 @@ fprintf(stderr, "---------------------------------------------\n"); #endif + free(csym); + free(fexp); SL_IRETURN(SL_EBADNAME, _("sl_trustfile")); + } + + full = malloc( MAXFILENAME ); + if (!full) + { + free(csym); + free(fexp); + SL_IRETURN(SL_EMEM, _("sl_trustfile")); } @@ -857,4 +918,7 @@ fprintf(stderr, "---------------------------------------------\n"); #endif + free(full); + free(csym); + free(fexp); SL_IRETURN(SL_ETRUNC, _("sl_trustfile")); } @@ -872,5 +936,10 @@ */ if ((i = sl_trustfile(full, okusers, badusers)) != SL_ENONE) - SL_IRETURN(i, _("sl_trustfile")); + { + free(full); + free(csym); + free(fexp); + SL_IRETURN(i, _("sl_trustfile")); + } /* @@ -891,4 +960,6 @@ p++; } + free(full); + free(csym); continue; } @@ -922,4 +993,5 @@ tf_baduid = (uid_t) stbuf.st_uid; + free(fexp); SL_IRETURN(SL_EBADUID, _("sl_trustfile")); } @@ -961,4 +1033,5 @@ tf_badgid = (gid_t) stbuf.st_gid; + free(fexp); SL_IRETURN(SL_EBADGID, _("sl_trustfile")); } @@ -984,4 +1057,5 @@ tf_path[sizeof(tf_path)-1] = '\0'; + free(fexp); SL_IRETURN(SL_EBADOTH, _("sl_trustfile")); } @@ -1009,4 +1083,5 @@ tf_path[sizeof(tf_path)-1] = '\0'; + free(fexp); SL_IRETURN(SL_ENONE, _("sl_trustfile")); } Index: /trunk/test/testcompile.sh =================================================================== --- /trunk/test/testcompile.sh (revision 226) +++ /trunk/test/testcompile.sh (revision 227) @@ -178,7 +178,8 @@ echo malloc > list_null_funcs_uniq; echo getenv >> list_null_funcs_uniq; - cat $i | ./deference_check.pl; + cat $i | ./deference_check.pl |\ + egrep -v 'x_trustfile.c ... ... sl_trustfile'; rm -f list_null_funcs_uniq; - rm -f $i + # rm -f $i done ) >test_log_smatch 2>&1