Blame SOURCES/shadow-4.6-coverity.patch

9f13c6
diff -up shadow-4.6/lib/commonio.c.coverity shadow-4.6/lib/commonio.c
9f13c6
--- shadow-4.6/lib/commonio.c.coverity	2018-10-10 09:50:59.307738194 +0200
9f13c6
+++ shadow-4.6/lib/commonio.c	2018-10-10 09:55:32.919319048 +0200
9f13c6
@@ -382,7 +382,7 @@ int commonio_lock_nowait (struct commoni
9f13c6
 	char* lock = NULL;
9f13c6
 	size_t lock_file_len;
9f13c6
 	size_t file_len;
9f13c6
-	int err;
9f13c6
+	int err = 0;
9f13c6
 
9f13c6
 	if (db->locked) {
9f13c6
 		return 1;
9f13c6
@@ -391,12 +391,10 @@ int commonio_lock_nowait (struct commoni
9f13c6
 	lock_file_len = strlen(db->filename) + 6; /* sizeof ".lock" */
9f13c6
 	file = (char*)malloc(file_len);
9f13c6
 	if(file == NULL) {
9f13c6
-		err = ENOMEM;
9f13c6
 		goto cleanup_ENOMEM;
9f13c6
 	}
9f13c6
 	lock = (char*)malloc(lock_file_len);
9f13c6
 	if(lock == NULL) {
9f13c6
-		err = ENOMEM;
9f13c6
 		goto cleanup_ENOMEM;
9f13c6
 	}
9f13c6
 	snprintf (file, file_len, "%s.%lu",
9f13c6
diff -up shadow-4.6/libmisc/console.c.coverity shadow-4.6/libmisc/console.c
9f13c6
--- shadow-4.6/libmisc/console.c.coverity	2018-04-29 18:42:37.000000000 +0200
9f13c6
+++ shadow-4.6/libmisc/console.c	2018-10-10 11:56:51.368837533 +0200
9f13c6
@@ -50,7 +50,7 @@ static bool is_listed (const char *cfgin
9f13c6
 static bool is_listed (const char *cfgin, const char *tty, bool def)
9f13c6
 {
9f13c6
 	FILE *fp;
9f13c6
-	char buf[200], *s;
9f13c6
+	char buf[1024], *s;
9f13c6
 	const char *cons;
9f13c6
 
9f13c6
 	/*
9f13c6
@@ -70,7 +70,8 @@ static bool is_listed (const char *cfgin
9f13c6
 
9f13c6
 	if (*cons != '/') {
9f13c6
 		char *pbuf;
9f13c6
-		strcpy (buf, cons);
9f13c6
+		strncpy (buf, cons, sizeof (buf));
9f13c6
+		buf[sizeof (buf) - 1] = '\0';
9f13c6
 		pbuf = &buf[0];
9f13c6
 		while ((s = strtok (pbuf, ":")) != NULL) {
9f13c6
 			if (strcmp (s, tty) == 0) {
9f13c6
diff -up shadow-4.6/lib/spawn.c.coverity shadow-4.6/lib/spawn.c
9f13c6
--- shadow-4.6/lib/spawn.c.coverity	2018-04-29 18:42:37.000000001 +0200
9f13c6
+++ shadow-4.6/lib/spawn.c	2018-10-10 11:36:49.035784609 +0200
9f13c6
@@ -69,7 +69,7 @@ int run_command (const char *cmd, const
9f13c6
 	do {
9f13c6
 		wpid = waitpid (pid, status, 0);
9f13c6
 	} while (   ((pid_t)-1 == wpid && errno == EINTR)
9f13c6
-	         || (wpid != pid));
9f13c6
+	         || ((pid_t)-1 != wpid && wpid != pid));
9f13c6
 
9f13c6
 	if ((pid_t)-1 == wpid) {
9f13c6
 		fprintf (stderr, "%s: waitpid (status: %d): %s\n",
9f13c6
diff -up shadow-4.6/src/useradd.c.coverity shadow-4.6/src/useradd.c
9f13c6
--- shadow-4.6/src/useradd.c.coverity	2018-10-10 09:50:59.303738098 +0200
9f13c6
+++ shadow-4.6/src/useradd.c	2018-10-12 13:51:54.480490257 +0200
9f13c6
@@ -314,7 +314,7 @@ static void fail_exit (int code)
9f13c6
 static void get_defaults (void)
9f13c6
 {
9f13c6
 	FILE *fp;
9f13c6
-	char* default_file = USER_DEFAULTS_FILE;
9f13c6
+	char *default_file = USER_DEFAULTS_FILE;
9f13c6
 	char buf[1024];
9f13c6
 	char *cp;
9f13c6
 
9f13c6
@@ -324,6 +324,8 @@ static void get_defaults (void)
9f13c6
 
9f13c6
 		len = strlen(prefix) + strlen(USER_DEFAULTS_FILE) + 2;
9f13c6
 		default_file = malloc(len);
9f13c6
+                if (default_file == NULL)
9f13c6
+                       return;
9f13c6
 		wlen = snprintf(default_file, len, "%s/%s", prefix, USER_DEFAULTS_FILE);
9f13c6
 		assert (wlen == (int) len -1);
9f13c6
 	}
9f13c6
@@ -334,7 +336,7 @@ static void get_defaults (void)
9f13c6
 
9f13c6
 	fp = fopen (default_file, "r");
9f13c6
 	if (NULL == fp) {
9f13c6
-		return;
9f13c6
+		goto getdef_err;
9f13c6
 	}
9f13c6
 
9f13c6
 	/*
9f13c6
@@ -445,7 +447,7 @@ static void get_defaults (void)
9f13c6
 		}
9f13c6
 	}
9f13c6
 	(void) fclose (fp);
9f13c6
-
9f13c6
+     getdef_err:
9f13c6
 	if(prefix[0]) {
9f13c6
 		free(default_file);
9f13c6
 	}
9f13c6
@@ -480,8 +482,8 @@ static int set_defaults (void)
9f13c6
 	FILE *ifp;
9f13c6
 	FILE *ofp;
9f13c6
 	char buf[1024];
9f13c6
-	char* new_file = NEW_USER_FILE;
9f13c6
-	char* default_file = USER_DEFAULTS_FILE;
9f13c6
+	char *new_file = NULL;
9f13c6
+	char *default_file = USER_DEFAULTS_FILE;
9f13c6
 	char *cp;
9f13c6
 	int ofd;
9f13c6
 	int wlen;
9f13c6
@@ -492,17 +494,30 @@ static int set_defaults (void)
9f13c6
 	bool out_shell = false;
9f13c6
 	bool out_skel = false;
9f13c6
 	bool out_create_mail_spool = false;
9f13c6
+	size_t len;
9f13c6
+	int ret = -1;
9f13c6
 
9f13c6
-	if(prefix[0]) {
9f13c6
-		size_t len;
9f13c6
 
9f13c6
-		len = strlen(prefix) + strlen(NEW_USER_FILE) + 2;
9f13c6
-		new_file = malloc(len);
9f13c6
-		wlen = snprintf(new_file, len, "%s/%s", prefix, NEW_USER_FILE);
9f13c6
-		assert (wlen == (int) len -1);
9f13c6
+	len = strlen(prefix) + strlen(NEW_USER_FILE) + 2;
9f13c6
+	new_file = malloc(len);
9f13c6
+        if (new_file == NULL) {
9f13c6
+		fprintf (stderr,
9f13c6
+		         _("%s: cannot create new defaults file: %s\n"),
9f13c6
+		         Prog, strerror(errno));
9f13c6
+		return -1;
9f13c6
+        }
9f13c6
+	wlen = snprintf(new_file, len, "%s%s%s", prefix, prefix[0]?"/":"", NEW_USER_FILE);
9f13c6
+	assert (wlen <= (int) len -1);
9f13c6
 
9f13c6
+	if(prefix[0]) {
9f13c6
 		len = strlen(prefix) + strlen(USER_DEFAULTS_FILE) + 2;
9f13c6
 		default_file = malloc(len);
9f13c6
+		if (default_file == NULL) {
9f13c6
+			fprintf (stderr,
9f13c6
+			         _("%s: cannot create new defaults file: %s\n"),
9f13c6
+			         Prog, strerror(errno));
9f13c6
+			goto setdef_err;
9f13c6
+		}
9f13c6
 		wlen = snprintf(default_file, len, "%s/%s", prefix, USER_DEFAULTS_FILE);
9f13c6
 		assert (wlen == (int) len -1);
9f13c6
 	}
9f13c6
@@ -515,7 +530,7 @@ static int set_defaults (void)
9f13c6
 		fprintf (stderr,
9f13c6
 		         _("%s: cannot create new defaults file\n"),
9f13c6
 		         Prog);
9f13c6
-		return -1;
9f13c6
+		goto setdef_err;
9f13c6
 	}
9f13c6
 
9f13c6
 	ofp = fdopen (ofd, "w");
9f13c6
@@ -523,7 +538,7 @@ static int set_defaults (void)
9f13c6
 		fprintf (stderr,
9f13c6
 		         _("%s: cannot open new defaults file\n"),
9f13c6
 		         Prog);
9f13c6
-		return -1;
9f13c6
+		goto setdef_err;
9f13c6
 	}
9f13c6
 
9f13c6
 	/*
9f13c6
@@ -550,7 +565,7 @@ static int set_defaults (void)
9f13c6
 				         _("%s: line too long in %s: %s..."),
9f13c6
 				         Prog, default_file, buf);
9f13c6
 				(void) fclose (ifp);
9f13c6
-				return -1;
9f13c6
+				goto setdef_err;
9f13c6
 			}
9f13c6
 		}
9f13c6
 
9f13c6
@@ -614,7 +629,7 @@ static int set_defaults (void)
9f13c6
 	    || (fsync (fileno (ofp)) != 0)
9f13c6
 	    || (fclose (ofp) != 0)) {
9f13c6
 		unlink (new_file);
9f13c6
-		return -1;
9f13c6
+		goto setdef_err;
9f13c6
 	}
9f13c6
 
9f13c6
 	/*
9f13c6
@@ -629,7 +644,7 @@ static int set_defaults (void)
9f13c6
 		         _("%s: Cannot create backup file (%s): %s\n"),
9f13c6
 		         Prog, buf, strerror (err));
9f13c6
 		unlink (new_file);
9f13c6
-		return -1;
9f13c6
+		goto setdef_err;
9f13c6
 	}
9f13c6
 
9f13c6
 	/*
9f13c6
@@ -640,11 +655,11 @@ static int set_defaults (void)
9f13c6
 		fprintf (stderr,
9f13c6
 		         _("%s: rename: %s: %s\n"),
9f13c6
 		         Prog, new_file, strerror (err));
9f13c6
-		return -1;
9f13c6
+		goto setdef_err;
9f13c6
 	}
9f13c6
 #ifdef WITH_AUDIT
9f13c6
 	audit_logger (AUDIT_USYS_CONFIG, Prog,
9f13c6
-	              "changing-useradd-defaults",
9f13c6
+	              "changing useradd defaults",
9f13c6
 	              NULL, AUDIT_NO_ID,
9f13c6
 	              SHADOW_AUDIT_SUCCESS);
9f13c6
 #endif
9f13c6
@@ -654,13 +669,14 @@ static int set_defaults (void)
9f13c6
 	         (unsigned int) def_group, def_home, def_shell,
9f13c6
 	         def_inactive, def_expire, def_template,
9f13c6
 	         def_create_mail_spool));
9f13c6
-
9f13c6
+	ret = 0;
9f13c6
+    setdef_err:
9f13c6
+	free(new_file);
9f13c6
 	if(prefix[0]) {
9f13c6
-		free(new_file);
9f13c6
 		free(default_file);
9f13c6
 	}
9f13c6
 
9f13c6
-	return 0;
9f13c6
+	return ret;
9f13c6
 }
9f13c6
 
9f13c6
 /*