diff -up ecryptfs-utils-100/src/key_mod/ecryptfs_key_mod_pkcs11_helper.c.werror ecryptfs-utils-100/src/key_mod/ecryptfs_key_mod_pkcs11_helper.c
--- ecryptfs-utils-100/src/key_mod/ecryptfs_key_mod_pkcs11_helper.c.werror 2012-08-20 15:46:19.795460481 +0200
+++ ecryptfs-utils-100/src/key_mod/ecryptfs_key_mod_pkcs11_helper.c 2012-08-20 15:46:19.844460878 +0200
@@ -99,7 +99,7 @@ static int ecryptfs_pkcs11h_deserialize(
pkcs11h_data->serialized_id = NULL;
}
else {
- pkcs11h_data->serialized_id = blob + i;
+ pkcs11h_data->serialized_id = (char *)blob + i;
i += serialized_id_length;
}
pkcs11h_data->certificate_blob_size = blob[i++] % 256;
@@ -117,12 +117,11 @@ static int ecryptfs_pkcs11h_deserialize(
pkcs11h_data->passphrase = NULL;
}
else {
- pkcs11h_data->passphrase = blob + i;
+ pkcs11h_data->passphrase = (char *)blob + i;
i += passphrase_length;
}
rc = 0;
-out:
return rc;
}
@@ -359,14 +358,14 @@ static int ecryptfs_pkcs11h_get_key_sig(
data[i++] = '\02';
data[i++] = (char)(nbits >> 8);
data[i++] = (char)nbits;
- BN_bn2bin(rsa->n, &(data[i]));
+ BN_bn2bin(rsa->n, (unsigned char *)&(data[i]));
i += nbytes;
data[i++] = (char)(ebits >> 8);
data[i++] = (char)ebits;
- BN_bn2bin(rsa->e, &(data[i]));
+ BN_bn2bin(rsa->e, (unsigned char *)&(data[i]));
i += ebytes;
- SHA1(data, len + 3, hash);
- to_hex(sig, hash, ECRYPTFS_SIG_SIZE);
+ SHA1((unsigned char *)data, len + 3, (unsigned char *)hash);
+ to_hex((char *)sig, hash, ECRYPTFS_SIG_SIZE);
sig[ECRYPTFS_SIG_SIZE_HEX] = '\0';
rc = 0;
@@ -424,8 +423,8 @@ static int ecryptfs_pkcs11h_encrypt(char
if (
(rc = RSA_public_encrypt(
from_size,
- from,
- to,
+ (unsigned char *)from,
+ (unsigned char *)to,
rsa,
RSA_PKCS1_PADDING
)) == -1
@@ -519,9 +518,9 @@ static int ecryptfs_pkcs11h_decrypt(char
(rv = pkcs11h_certificate_decryptAny (
certificate,
CKM_RSA_PKCS,
- from,
+ (unsigned char *)from,
from_size,
- to,
+ (unsigned char *)to,
to_size
)) != CKR_OK
) {
@@ -547,9 +546,9 @@ static int ecryptfs_pkcs11h_decrypt(char
pkcs11h_certificate_decryptAny (
certificate,
CKM_RSA_PKCS,
- from,
+ (unsigned char *)from,
from_size,
- tmp,
+ (unsigned char *)tmp,
to_size
);
@@ -864,7 +863,7 @@ static int ecryptfs_pkcs11h_process_key(
rc = MOUNT_ERROR;
goto out;
}
- if ((rc = ecryptfs_pkcs11h_serialize(subgraph_key_ctx->key_mod->blob,
+ if ((rc = ecryptfs_pkcs11h_serialize((unsigned char *)subgraph_key_ctx->key_mod->blob,
&subgraph_key_ctx->key_mod->blob_size,
pkcs11h_data))) {
syslog(LOG_ERR, "PKCS#11: Error serializing pkcs11; rc=[%d]\n", rc);
@@ -943,7 +942,7 @@ static int tf_pkcs11h_global_loglevel(st
rc = DEFAULT_TOK;
node->val = NULL;
-out:
+// out:
return rc;
}
@@ -956,7 +955,7 @@ static int tf_pkcs11h_global_pincache(st
rc = DEFAULT_TOK;
node->val = NULL;
-out:
+// out:
return rc;
}
@@ -1026,7 +1025,7 @@ static int tf_pkcs11h_provider_prot_auth
sscanf (node->val, "%x", &subgraph_provider_ctx->allow_protected_authentication);
rc = DEFAULT_TOK;
node->val = NULL;
-out:
+
return rc;
}
@@ -1040,7 +1039,7 @@ static int tf_pkcs11h_provider_cert_priv
sscanf (node->val, "%x", &subgraph_provider_ctx->certificate_is_private);
rc = DEFAULT_TOK;
node->val = NULL;
-out:
+
return rc;
}
@@ -1055,7 +1054,7 @@ static int tf_pkcs11h_provider_private_m
rc = DEFAULT_TOK;
node->val = NULL;
-out:
+
return rc;
}
@@ -1086,7 +1085,7 @@ static int tf_pkcs11h_provider_end(struc
free(subgraph_provider_ctx);
*foo = NULL;
rc = DEFAULT_TOK;
-out:
+
return rc;
}
@@ -1133,7 +1132,7 @@ static int tf_pkcs11h_key_x509file(struc
X509 *x509 = NULL;
unsigned char *p = NULL;
FILE *fp = NULL;
- int rc;
+ int rc = 0;
subgraph_key_ctx = (struct pkcs11h_subgraph_key_ctx *)(*foo);
diff -up ecryptfs-utils-100/src/libecryptfs/ecryptfs-stat.c.werror ecryptfs-utils-100/src/libecryptfs/ecryptfs-stat.c
--- ecryptfs-utils-100/src/libecryptfs/ecryptfs-stat.c.werror 2012-05-18 21:06:17.000000000 +0200
+++ ecryptfs-utils-100/src/libecryptfs/ecryptfs-stat.c 2012-08-20 15:46:19.845460886 +0200
@@ -146,7 +146,7 @@ int ecryptfs_parse_stat(struct ecryptfs_
if (buf_size < (ECRYPTFS_FILE_SIZE_BYTES
+ MAGIC_ECRYPTFS_MARKER_SIZE_BYTES
+ 4)) {
- printf("%s: Invalid metadata size; must have at least [%lu] "
+ printf("%s: Invalid metadata size; must have at least [%zu] "
"bytes; there are only [%zu] bytes\n", __FUNCTION__,
(ECRYPTFS_FILE_SIZE_BYTES
+ MAGIC_ECRYPTFS_MARKER_SIZE_BYTES
diff -up ecryptfs-utils-100/src/libecryptfs/key_management.c.werror ecryptfs-utils-100/src/libecryptfs/key_management.c
--- ecryptfs-utils-100/src/libecryptfs/key_management.c.werror 2012-08-20 15:46:19.791460449 +0200
+++ ecryptfs-utils-100/src/libecryptfs/key_management.c 2012-08-20 15:46:19.845460886 +0200
@@ -228,7 +228,6 @@ int ecryptfs_wrap_passphrase_file(char *
int rc = 0;
ssize_t size;
int fd;
- int i;
char *p = NULL;
char decrypted_passphrase[ECRYPTFS_MAX_PASSPHRASE_BYTES + 1];
diff -up ecryptfs-utils-100/src/pam_ecryptfs/pam_ecryptfs.c.werror ecryptfs-utils-100/src/pam_ecryptfs/pam_ecryptfs.c
--- ecryptfs-utils-100/src/pam_ecryptfs/pam_ecryptfs.c.werror 2012-08-02 15:20:17.000000000 +0200
+++ ecryptfs-utils-100/src/pam_ecryptfs/pam_ecryptfs.c 2012-08-20 15:48:15.233393985 +0200
@@ -47,31 +47,6 @@
#define PRIVATE_DIR "Private"
-static void error(const char *msg)
-{
- syslog(LOG_ERR, "pam_ecryptfs: errno = [%i]; strerror = [%m]\n", errno);
- switch (errno) {
- case ENOKEY:
- syslog(LOG_ERR, "pam_ecryptfs: %s: Requested key not available\n", msg);
- return;
-
- case EKEYEXPIRED:
- syslog(LOG_ERR, "pam_ecryptfs: %s: Key has expired\n", msg);
- return;
-
- case EKEYREVOKED:
- syslog(LOG_ERR, "pam_ecryptfs: %s: Key has been revoked\n", msg);
- return;
-
- case EKEYREJECTED:
- syslog(LOG_ERR, "pam_ecryptfs: %s: Key was rejected by service\n", msg);
- return;
- default:
- syslog(LOG_ERR, "pam_ecryptfs: %s: Unknown key error\n", msg);
- return;
- }
-}
-
/* returns: 0 if file does not exist, 1 if it exists, <0 for error */
static int file_exists_dotecryptfs(const char *homedir, char *filename)
{
@@ -110,10 +85,8 @@ static int wrap_passphrase_if_necessary(
stat(wrapped_pw_filename, &s) != 0 &&
passphrase != NULL && *passphrase != '\0' &&
username != NULL && *username != '\0') {
- setuid(uid);
- rc = ecryptfs_wrap_passphrase_file(wrapped_pw_filename, passphrase, salt, unwrapped_pw_filename);
- if (rc != 0) {
- syslog(LOG_ERR, "pam_ecryptfs: Error wrapping cleartext password; " "rc = [%d]\n", rc);
+ if ((rc = setuid(uid))<0 || ((rc = ecryptfs_wrap_passphrase_file(wrapped_pw_filename, passphrase, salt, unwrapped_pw_filename)) != 0)) {
+ syslog(LOG_ERR, "pam_ecryptfs: Error wrapping cleartext password; " "rc = [%d]\n", rc);
}
return rc;
}
@@ -211,8 +184,6 @@ PAM_EXTERN int pam_sm_authenticate(pam_h
if ((argc == 1)
&& (memcmp(argv[0], "unwrap\0", 7) == 0)) {
char *wrapped_pw_filename;
- char *unwrapped_pw_filename;
- struct stat s;
rc = asprintf(
&wrapped_pw_filename, "%s/.ecryptfs/%s",
@@ -304,8 +275,6 @@ static int private_dir(pam_handle_t *pam
char *autoumount = "auto-umount";
struct stat s;
pid_t pid;
- struct utmp *u;
- int count = 0;
if ((pwd = fetch_pwd(pamh)) == NULL) {
/* fetch_pwd() logged a message */
@@ -351,7 +320,7 @@ static int private_dir(pam_handle_t *pam
if (stat(recorded, &s) != 0 && stat("/usr/share/ecryptfs-utils/ecryptfs-record-passphrase", &s) == 0) {
/* User has not recorded their passphrase */
unlink("/var/lib/update-notifier/user.d/ecryptfs-record-passphrase");
- symlink("/usr/share/ecryptfs-utils/ecryptfs-record-passphrase", "/var/lib/update-notifier/user.d/ecryptfs-record-passphrase");
+ rc=symlink("/usr/share/ecryptfs-utils/ecryptfs-record-passphrase", "/var/lib/update-notifier/user.d/ecryptfs-record-passphrase");
fd = open("/var/lib/update-notifier/dpkg-run-stamp", O_WRONLY|O_CREAT|O_NONBLOCK, 0666);
close(fd);
}
@@ -430,7 +399,6 @@ PAM_EXTERN int pam_sm_chauthtok(pam_hand
char *old_passphrase = NULL;
char *new_passphrase = NULL;
char *wrapped_pw_filename;
- char *name = NULL;
char salt[ECRYPTFS_SALT_SIZE];
char salt_hex[ECRYPTFS_SALT_SIZE_HEX];
pid_t child_pid, tmp_pid;
@@ -445,15 +413,15 @@ PAM_EXTERN int pam_sm_chauthtok(pam_hand
uid = pwd->pw_uid;
gid = pwd->pw_gid;
homedir = pwd->pw_dir;
- name = pwd->pw_name;
}
} else {
syslog(LOG_ERR, "pam_ecryptfs: Error getting passwd info for user [%s]; rc = [%d]\n", username, rc);
goto out;
}
- if ((oeuid = geteuid()) < 0 || (oegid = getegid()) < 0 ||
- (ngids = getgroups(sizeof(groups)/sizeof(gid_t), groups)) < 0) {
+ oeuid = geteuid();
+ oegid = getegid();
+ if ((ngids = getgroups(sizeof(groups)/sizeof(gid_t), groups)) < 0) {
syslog(LOG_ERR, "pam_ecryptfs: geteuid error");
goto outnouid;
}
@@ -512,7 +480,10 @@ PAM_EXTERN int pam_sm_chauthtok(pam_hand
char passphrase[ECRYPTFS_MAX_PASSWORD_LENGTH + 1];
/* temp regain uid 0 to drop privs */
- seteuid(oeuid);
+ if (seteuid(oeuid) < 0) {
+ syslog(LOG_ERR, "pam_ecryptfs: seteuid error");
+ goto out_child;
+ }
/* setgroups() already called */
if (setgid(gid) < 0 || setuid(uid) < 0)
goto out_child;
@@ -537,9 +508,9 @@ out_child:
free(wrapped_pw_filename);
out:
- seteuid(oeuid);
- setegid(oegid);
- setgroups(ngids, groups);
+ rc = seteuid(oeuid);
+ rc = setegid(oegid);
+ rc = setgroups(ngids, groups);
outnouid:
return rc;
diff -up ecryptfs-utils-100/src/utils/mount.ecryptfs.c.werror ecryptfs-utils-100/src/utils/mount.ecryptfs.c
--- ecryptfs-utils-100/src/utils/mount.ecryptfs.c.werror 2012-08-20 15:46:19.805460562 +0200
+++ ecryptfs-utils-100/src/utils/mount.ecryptfs.c 2012-08-20 15:46:19.847460902 +0200
@@ -34,6 +34,7 @@
#include <sys/mount.h>
#include <sys/stat.h>
#include <sys/types.h>
+#include <sys/wait.h>
#include "config.h"
#include "ecryptfs.h"
#include "decision_graph.h"
diff -up ecryptfs-utils-100/src/utils/mount.ecryptfs_private.c.werror ecryptfs-utils-100/src/utils/mount.ecryptfs_private.c
--- ecryptfs-utils-100/src/utils/mount.ecryptfs_private.c.werror 2012-08-20 15:46:19.801460530 +0200
+++ ecryptfs-utils-100/src/utils/mount.ecryptfs_private.c 2012-08-20 15:46:19.847460902 +0200
@@ -95,7 +95,7 @@ int read_config(char *pw_dir, int uid, c
*s = strdup(e->mnt_fsname);
if (!*s)
return -2;
-out:
+
return 0;
}
@@ -686,8 +686,8 @@ int main(int argc, char *argv[]) {
* update mtab for us, and replace the current process.
* Do not use the umount.ecryptfs helper (-i).
*/
- setresuid(0,0,0);
- setresgid(0,0,0);
+ rc=setresuid(0,0,0);
+ rc=setresgid(0,0,0);
clearenv();
/* Since we're doing a lazy unmount anyway, just unmount the current
diff -up ecryptfs-utils-100/src/utils/test.c.werror ecryptfs-utils-100/src/utils/test.c
--- ecryptfs-utils-100/src/utils/test.c.werror 2012-05-18 21:06:17.000000000 +0200
+++ ecryptfs-utils-100/src/utils/test.c 2012-08-20 15:46:19.847460902 +0200
@@ -281,7 +281,7 @@ int ecryptfs_encrypt_page(int page_cache
struct inode *lower_inode;
struct ecryptfs_crypt_stat *crypt_stat;
int rc = 0;
- int lower_byte_offset;
+ int lower_byte_offset = 0;
int orig_byte_offset = 0;
int num_extents_per_page;
#define ECRYPTFS_PAGE_STATE_UNREAD 0
diff -up ecryptfs-utils-100/tests/kernel/directory-concurrent/test.c.werror ecryptfs-utils-100/tests/kernel/directory-concurrent/test.c
--- ecryptfs-utils-100/tests/kernel/directory-concurrent/test.c.werror 2012-05-18 21:06:17.000000000 +0200
+++ ecryptfs-utils-100/tests/kernel/directory-concurrent/test.c 2012-08-20 15:46:19.848460910 +0200
@@ -149,7 +149,7 @@ int hang_check(int option, const char *f
int test_dirs(const char *path, const int max_dirs)
{
- int i, j;
+ int i/*, j*/;
char *filename;
size_t len = strlen(path) + 32;
int ret = TEST_PASSED;
diff -up ecryptfs-utils-100/tests/kernel/enospc/test.c.werror ecryptfs-utils-100/tests/kernel/enospc/test.c
--- ecryptfs-utils-100/tests/kernel/enospc/test.c.werror 2012-08-02 15:20:17.000000000 +0200
+++ ecryptfs-utils-100/tests/kernel/enospc/test.c 2012-08-20 15:46:19.848460910 +0200
@@ -37,9 +37,6 @@
int test_exercise(char *filename, ssize_t size)
{
int fd;
- ssize_t i;
- ssize_t n;
- struct stat statbuf;
ssize_t nbytes = size;
int ret = TEST_FAILED;
diff -up ecryptfs-utils-100/tests/kernel/extend-file-random/test.c.werror ecryptfs-utils-100/tests/kernel/extend-file-random/test.c
--- ecryptfs-utils-100/tests/kernel/extend-file-random/test.c.werror 2012-05-18 21:06:17.000000000 +0200
+++ ecryptfs-utils-100/tests/kernel/extend-file-random/test.c 2012-08-20 15:46:19.848460910 +0200
@@ -48,7 +48,7 @@ int test_write(int fd, char *buffer, siz
}
if (write(fd, buffer, len) != len) {
- fprintf(stderr, "Failed to write %lu bytes, position %lu: %s\n",
+ fprintf(stderr, "Failed to write %zu bytes, position %lu: %s\n",
len, offset, strerror(errno));
return TEST_FAILED;
}
@@ -58,13 +58,13 @@ int test_write(int fd, char *buffer, siz
int test_read(int fd, char *buffer, size_t len, off_t offset)
{
if (lseek(fd, offset, SEEK_SET) < 0) {
- fprintf(stderr, "Failed to seek to position %lu: %s\n",
+ fprintf(stderr, "Failed to seek to position %ld: %s\n",
offset, strerror(errno));
return TEST_FAILED;
}
if (read(fd, buffer, len) != len) {
- fprintf(stderr, "Failed to read %lu bytes, position %lu: %s\n",
+ fprintf(stderr, "Failed to read %zu bytes, position %lu: %s\n",
len, offset, strerror(errno));
return TEST_FAILED;
}
diff -up ecryptfs-utils-100/tests/kernel/file-concurrent/test.c.werror ecryptfs-utils-100/tests/kernel/file-concurrent/test.c
--- ecryptfs-utils-100/tests/kernel/file-concurrent/test.c.werror 2012-05-18 21:06:17.000000000 +0200
+++ ecryptfs-utils-100/tests/kernel/file-concurrent/test.c 2012-08-20 15:46:19.849460918 +0200
@@ -177,7 +177,7 @@ int hang_check(int option, const char *f
int test_files(const char *path, const int max_files)
{
- int i, j;
+ int i;
char *filename;
size_t len = strlen(path) + 32;
int ret = TEST_PASSED;
diff -up ecryptfs-utils-100/tests/kernel/inode-race-stat/test.c.werror ecryptfs-utils-100/tests/kernel/inode-race-stat/test.c
--- ecryptfs-utils-100/tests/kernel/inode-race-stat/test.c.werror 2012-08-02 15:20:17.000000000 +0200
+++ ecryptfs-utils-100/tests/kernel/inode-race-stat/test.c 2012-08-20 15:46:19.849460918 +0200
@@ -106,7 +106,6 @@ static void do_test(const int fdin, cons
{
for (;;) {
int n;
- int ret;
char cmd[32];
if ((n = read(fdin, cmd, sizeof(cmd))) < 1) {
@@ -122,7 +121,7 @@ static void do_test(const int fdin, cons
if (cmd[0] == CMD_TEST) {
int ret;
off_t sz;
- sscanf(cmd+1, "%zd", &sz);
+ sscanf(cmd+1, "%ld", &sz);
ret = check_size(filename, sz);
switch (ret) {
@@ -307,7 +306,7 @@ int main(int argc, char **argv)
}
/* Now tell children to stat the file */
- snprintf(cmd, sizeof(cmd), "%c%zd", CMD_TEST, sz);
+ snprintf(cmd, sizeof(cmd), "%c%ld", CMD_TEST, sz);
for (i = 0; i < threads; i++) {
if (write(pipe_to[i][1], cmd, strlen(cmd)+1) < 0) {
fprintf(stderr, "write to pipe failed: %s\n",
@@ -364,6 +363,7 @@ abort:
int ret;
ret = write(pipe_to[i][1], cmd, 1);
+ (void)ret;
(void)waitpid(pids[i], &status, 0);
(void)close(pipe_to[i][1]);
diff -up ecryptfs-utils-100/tests/kernel/lp-509180/test.c.werror ecryptfs-utils-100/tests/kernel/lp-509180/test.c
--- ecryptfs-utils-100/tests/kernel/lp-509180/test.c.werror 2012-05-18 21:06:17.000000000 +0200
+++ ecryptfs-utils-100/tests/kernel/lp-509180/test.c 2012-08-20 15:46:19.850460926 +0200
@@ -48,7 +48,6 @@ int main(int argc, char **argv)
int fd;
int opt, flags = 0;
int rc = 0;
- unsigned int *ptr;
char *file;
unsigned char buffer[1];
diff -up ecryptfs-utils-100/tests/kernel/trunc-file/test.c.werror ecryptfs-utils-100/tests/kernel/trunc-file/test.c
--- ecryptfs-utils-100/tests/kernel/trunc-file/test.c.werror 2012-05-18 21:06:17.000000000 +0200
+++ ecryptfs-utils-100/tests/kernel/trunc-file/test.c 2012-08-20 15:46:19.850460926 +0200
@@ -39,7 +39,7 @@
int write_buff(int fd, unsigned char *data, ssize_t size)
{
- char *ptr = data;
+ unsigned char *ptr = data;
ssize_t n;
ssize_t sz = size;
@@ -55,7 +55,7 @@ int write_buff(int fd, unsigned char *da
int read_buff(int fd, unsigned char *data, ssize_t size)
{
- char *ptr = data;
+ unsigned char *ptr = data;
ssize_t n;
ssize_t sz = size;
@@ -88,6 +88,7 @@ int test_write_random(char *filename, in
}
buflen -= n;
}
+ return TEST_PASSED;
}
int test_read_random(char *filename, int fd, unsigned char *buff, ssize_t size)
@@ -157,9 +158,6 @@ int test_read_rest(char *filename, int f
int test_exercise(char *filename, ssize_t size)
{
int fd;
- ssize_t i;
- ssize_t n;
- ssize_t buflen;
int ret = TEST_FAILED;
ssize_t trunc_size = size / 2;
struct stat statbuf;
@@ -254,8 +252,6 @@ void sighandler(int dummy)
int main(int argc, char **argv)
{
off_t len = DEFAULT_SIZE;
- int i;
- int ret;
if (argc < 2) {
fprintf(stderr, "Syntax: %s filename [size_in_K]\n", argv[0]);
@@ -272,7 +268,7 @@ int main(int argc, char **argv)
len *= 1024;
if (len > SSIZE_MAX) {
- fprintf(stderr, "size should be < %zd\n", SSIZE_MAX / 1024);
+ fprintf(stderr, "size should be < %zd\n", (size_t)SSIZE_MAX / 1024);
exit(TEST_ERROR);
}