diff -up ecryptfs-utils-109/src/key_mod/ecryptfs_key_mod_pkcs11_helper.c.werror ecryptfs-utils-109/src/key_mod/ecryptfs_key_mod_pkcs11_helper.c
--- ecryptfs-utils-109/src/key_mod/ecryptfs_key_mod_pkcs11_helper.c.werror 2016-01-26 17:01:19.803230193 +0100
+++ ecryptfs-utils-109/src/key_mod/ecryptfs_key_mod_pkcs11_helper.c 2016-01-26 17:01:19.810230176 +0100
@@ -98,7 +98,7 @@ static int ecryptfs_pkcs11h_deserialize(
pkcs11h_data->serialized_id = NULL;
}
else {
- pkcs11h_data->serialized_id = blob + i;
+ pkcs11h_data->serialized_id = (char *)blob + i;
i += serialized_id_length;
}
pkcs11h_data->certificate_blob_size = blob[i++] % 256;
@@ -116,12 +116,11 @@ static int ecryptfs_pkcs11h_deserialize(
pkcs11h_data->passphrase = NULL;
}
else {
- pkcs11h_data->passphrase = blob + i;
+ pkcs11h_data->passphrase = (char *)blob + i;
i += passphrase_length;
}
rc = 0;
-out:
return rc;
}
@@ -379,15 +379,15 @@ static int ecryptfs_pkcs11h_get_key_sig(
data[i++] = (char)(nbits >> 8);
data[i++] = (char)nbits;
RSA_get0_key(rsa, &rsa_n, NULL, NULL);
- BN_bn2bin(rsa_n, &(data[i]));
+ BN_bn2bin(rsa_n, (unsigned char *)&(data[i]));
i += nbytes;
data[i++] = (char)(ebits >> 8);
data[i++] = (char)ebits;
RSA_get0_key(rsa, NULL, &rsa_e, NULL);
- BN_bn2bin(rsa_e, &(data[i]));
+ BN_bn2bin(rsa_e, (unsigned char *)&(data[i]));
i += ebytes;
- SHA1(data, len + 3, hash);
- to_hex(sig, hash, ECRYPTFS_SIG_SIZE);
+ SHA1((unsigned char *)data, len + 3, (unsigned char *)hash);
+ to_hex((char *)sig, hash, ECRYPTFS_SIG_SIZE);
sig[ECRYPTFS_SIG_SIZE_HEX] = '\0';
rc = 0;
@@ -423,8 +422,8 @@ static int ecryptfs_pkcs11h_encrypt(char
if (
(rc = RSA_public_encrypt(
from_size,
- from,
- to,
+ (unsigned char *)from,
+ (unsigned char *)to,
rsa,
RSA_PKCS1_PADDING
)) == -1
@@ -518,9 +517,9 @@ static int ecryptfs_pkcs11h_decrypt(char
(rv = pkcs11h_certificate_decryptAny (
certificate,
CKM_RSA_PKCS,
- from,
+ (unsigned char *)from,
from_size,
- to,
+ (unsigned char *)to,
to_size
)) != CKR_OK
) {
@@ -546,9 +545,9 @@ static int ecryptfs_pkcs11h_decrypt(char
pkcs11h_certificate_decryptAny (
certificate,
CKM_RSA_PKCS,
- from,
+ (unsigned char *)from,
from_size,
- tmp,
+ (unsigned char *)tmp,
to_size
);
@@ -863,7 +862,7 @@ static int ecryptfs_pkcs11h_process_key(
rc = MOUNT_ERROR;
goto out;
}
- if ((rc = ecryptfs_pkcs11h_serialize(subgraph_key_ctx->key_mod->blob,
+ if ((rc = ecryptfs_pkcs11h_serialize((unsigned char *)subgraph_key_ctx->key_mod->blob,
&subgraph_key_ctx->key_mod->blob_size,
pkcs11h_data))) {
syslog(LOG_ERR, "PKCS#11: Error serializing pkcs11; rc=[%d]\n", rc);
@@ -942,7 +941,7 @@ static int tf_pkcs11h_global_loglevel(st
rc = DEFAULT_TOK;
node->val = NULL;
-out:
+// out:
return rc;
}
@@ -955,7 +954,7 @@ static int tf_pkcs11h_global_pincache(st
rc = DEFAULT_TOK;
node->val = NULL;
-out:
+// out:
return rc;
}
@@ -1025,7 +1024,7 @@ static int tf_pkcs11h_provider_prot_auth
sscanf (node->val, "%x", &subgraph_provider_ctx->allow_protected_authentication);
rc = DEFAULT_TOK;
node->val = NULL;
-out:
+
return rc;
}
@@ -1039,7 +1038,7 @@ static int tf_pkcs11h_provider_cert_priv
sscanf (node->val, "%x", &subgraph_provider_ctx->certificate_is_private);
rc = DEFAULT_TOK;
node->val = NULL;
-out:
+
return rc;
}
@@ -1054,7 +1053,7 @@ static int tf_pkcs11h_provider_private_m
rc = DEFAULT_TOK;
node->val = NULL;
-out:
+
return rc;
}
@@ -1085,7 +1084,7 @@ static int tf_pkcs11h_provider_end(struc
free(subgraph_provider_ctx);
*foo = NULL;
rc = DEFAULT_TOK;
-out:
+
return rc;
}
@@ -1132,7 +1131,7 @@ static int tf_pkcs11h_key_x509file(struc
X509 *x509 = NULL;
unsigned char *p = NULL;
FILE *fp = NULL;
- int rc;
+ int rc = 0;
subgraph_key_ctx = (struct pkcs11h_subgraph_key_ctx *)(*foo);
diff -up ecryptfs-utils-109/src/pam_ecryptfs/pam_ecryptfs.c.werror ecryptfs-utils-109/src/pam_ecryptfs/pam_ecryptfs.c
--- ecryptfs-utils-109/src/pam_ecryptfs/pam_ecryptfs.c.werror 2015-12-21 21:38:59.000000000 +0100
+++ ecryptfs-utils-109/src/pam_ecryptfs/pam_ecryptfs.c 2016-01-26 17:01:19.810230176 +0100
@@ -84,9 +84,7 @@ static int wrap_passphrase_if_necessary(
stat(wrapped_pw_filename, &s) != 0 &&
passphrase != NULL && *passphrase != '\0' &&
username != NULL && *username != '\0') {
- setuid(uid);
- rc = ecryptfs_wrap_passphrase_file(wrapped_pw_filename, passphrase, salt, unwrapped_pw_filename);
- if (rc != 0) {
+ if ((rc = setuid(uid))<0 || ((rc = ecryptfs_wrap_passphrase_file(wrapped_pw_filename, passphrase, salt, unwrapped_pw_filename)) != 0)) {
syslog(LOG_ERR, "pam_ecryptfs: Error wrapping cleartext password; " "rc = [%d]\n", rc);
}
return rc;
@@ -356,7 +354,7 @@ static int private_dir(pam_handle_t *pam
if (stat(recorded, &s) != 0 && stat("/usr/share/ecryptfs-utils/ecryptfs-record-passphrase", &s) == 0) {
/* User has not recorded their passphrase */
unlink("/var/lib/update-notifier/user.d/ecryptfs-record-passphrase");
- symlink("/usr/share/ecryptfs-utils/ecryptfs-record-passphrase", "/var/lib/update-notifier/user.d/ecryptfs-record-passphrase");
+ rc=symlink("/usr/share/ecryptfs-utils/ecryptfs-record-passphrase", "/var/lib/update-notifier/user.d/ecryptfs-record-passphrase");
fd = open("/var/lib/update-notifier/dpkg-run-stamp", O_WRONLY|O_CREAT|O_NONBLOCK, 0666);
if (fd != -1)
close(fd);
@@ -517,7 +515,10 @@ PAM_EXTERN int pam_sm_chauthtok(pam_hand
char passphrase[ECRYPTFS_MAX_PASSWORD_LENGTH + 1];
/* temp regain uid 0 to drop privs */
- seteuid(oeuid);
+ if (seteuid(oeuid) < 0) {
+ syslog(LOG_ERR, "pam_ecryptfs: seteuid error");
+ goto out_child;
+ }
/* setgroups() already called */
if (setgid(gid) < 0 || setuid(uid) < 0)
goto out_child;
@@ -542,9 +543,9 @@ out_child:
free(wrapped_pw_filename);
out:
- seteuid(oeuid);
- setegid(oegid);
- setgroups(ngids, groups);
+ rc = seteuid(oeuid);
+ rc = setegid(oegid);
+ rc = setgroups(ngids, groups);
outnouid:
return rc;
diff -up ecryptfs-utils-109/src/utils/ecryptfs_generate_tpm_key.c.werror ecryptfs-utils-109/src/utils/ecryptfs_generate_tpm_key.c
--- ecryptfs-utils-109/src/utils/ecryptfs_generate_tpm_key.c.werror 2015-12-21 21:38:59.000000000 +0100
+++ ecryptfs-utils-109/src/utils/ecryptfs_generate_tpm_key.c 2016-01-26 17:01:19.810230176 +0100
@@ -89,7 +89,7 @@ int main(int argc, char **argv)
int i, c, *pcrsSelected = NULL, numPcrsSelected = 0;
TSS_UUID *uuid;
BYTE wellknown[] = TSS_WELL_KNOWN_SECRET;
- char *tmp_pcrs;
+ int *tmp_pcrs;
while (1) {
c = getopt(argc, argv, "p:");
diff -up ecryptfs-utils-109/src/utils/mount.ecryptfs_private.c.werror ecryptfs-utils-109/src/utils/mount.ecryptfs_private.c
--- ecryptfs-utils-109/src/utils/mount.ecryptfs_private.c.werror 2016-01-26 17:01:19.807230183 +0100
+++ ecryptfs-utils-109/src/utils/mount.ecryptfs_private.c 2016-01-26 17:01:30.262205251 +0100
@@ -232,7 +232,7 @@ static int check_cwd_f_type()
*
* This whitelist is to prevent malicious mount.ecryptfs_private users
* from mounting over filesystem types such as PROC_SUPER_MAGIC to
- * deceive other programs with a crafted /proc/self/*. See
+ * deceive other programs with a crafted /proc/self/ *. See
* https://launchpad.net/bugs/1530566 for more details.
*/
__SWORD_TYPE f_type_whitelist[] = {
@@ -276,7 +276,7 @@ static int check_cwd_f_type()
fprintf(stderr,
"Refusing to mount over an unapproved filesystem type: %#lx\n",
- buf.f_type);
+ (long unsigned int)buf.f_type);
return 1;
}
@@ -829,8 +829,8 @@ int main(int argc, char *argv[]) {
* update mtab for us, and replace the current process.
* Do not use the umount.ecryptfs helper (-i).
*/
- setresuid(0,0,0);
- setresgid(0,0,0);
+ rc=setresuid(0,0,0);
+ rc=setresgid(0,0,0);
clearenv();
/* Since we're doing a lazy unmount anyway, just unmount the current
diff -up ecryptfs-utils-109/tests/kernel/inode-race-stat/test.c.werror ecryptfs-utils-109/tests/kernel/inode-race-stat/test.c
--- ecryptfs-utils-109/tests/kernel/inode-race-stat/test.c.werror 2015-12-21 21:38:59.000000000 +0100
+++ ecryptfs-utils-109/tests/kernel/inode-race-stat/test.c 2016-01-26 17:01:19.811230174 +0100
@@ -364,6 +364,7 @@ abort:
if (write(pipe_to[i][1], cmd, 1) != 1)
continue;
+ (void)ret;
(void)waitpid(pids[i], &status, 0);
(void)close(pipe_to[i][1]);