clang -cc1 -cc1 -triple amd64-unknown-openbsd7.0 -analyze -disable-free -disable-llvm-verifier -discard-value-names -main-file-name chpass.c -analyzer-store=region -analyzer-opt-analyze-nested-blocks -analyzer-checker=core -analyzer-checker=apiModeling -analyzer-checker=unix -analyzer-checker=deadcode -analyzer-checker=security.insecureAPI.UncheckedReturn -analyzer-checker=security.insecureAPI.getpw -analyzer-checker=security.insecureAPI.gets -analyzer-checker=security.insecureAPI.mktemp -analyzer-checker=security.insecureAPI.mkstemp -analyzer-checker=security.insecureAPI.vfork -analyzer-checker=nullability.NullPassedToNonnull -analyzer-checker=nullability.NullReturnedFromNonnull -analyzer-output plist -w -setup-static-analyzer -mrelocation-model pic -pic-level 1 -pic-is-pie -mframe-pointer=all -relaxed-aliasing -fno-rounding-math -mconstructor-aliases -munwind-tables -target-cpu x86-64 -target-feature +retpoline-indirect-calls -target-feature +retpoline-indirect-branches -tune-cpu generic -debugger-tuning=gdb -fcoverage-compilation-dir=/usr/src/usr.bin/chpass/obj -resource-dir /usr/local/lib/clang/13.0.0 -I /usr/src/usr.bin/chpass/../../lib/libc/include -internal-isystem /usr/local/lib/clang/13.0.0/include -internal-externc-isystem /usr/include -O2 -fdebug-compilation-dir=/usr/src/usr.bin/chpass/obj -ferror-limit 19 -fwrapv -D_RET_PROTECTOR -ret-protector -fgnuc-version=4.2.1 -vectorize-loops -vectorize-slp -fno-builtin-malloc -fno-builtin-calloc -fno-builtin-realloc -fno-builtin-valloc -fno-builtin-free -fno-builtin-strdup -fno-builtin-strndup -analyzer-output=html -faddrsig -D__GCC_HAVE_DWARF2_CFI_ASM=1 -o /home/ben/Projects/vmm/scan-build/2022-01-12-194120-40624-1 -x c /usr/src/usr.bin/chpass/chpass.c
1 | |
2 | |
3 | |
4 | |
5 | |
6 | |
7 | |
8 | |
9 | |
10 | |
11 | |
12 | |
13 | |
14 | |
15 | |
16 | |
17 | |
18 | |
19 | |
20 | |
21 | |
22 | |
23 | |
24 | |
25 | |
26 | |
27 | |
28 | |
29 | |
30 | |
31 | |
32 | |
33 | #include <sys/resource.h> |
34 | #include <sys/stat.h> |
35 | #include <sys/time.h> |
36 | #include <sys/uio.h> |
37 | |
38 | #include <err.h> |
39 | #include <errno.h> |
40 | #include <fcntl.h> |
41 | #include <paths.h> |
42 | #include <pwd.h> |
43 | #include <signal.h> |
44 | #include <stdio.h> |
45 | #include <stdlib.h> |
46 | #include <string.h> |
47 | #include <unistd.h> |
48 | #include <util.h> |
49 | |
50 | #include "chpass.h" |
51 | |
52 | extern char *__progname; |
53 | |
54 | enum { NEWSH, LOADENTRY, EDITENTRY } op; |
55 | uid_t uid; |
56 | |
57 | void baduser(void); |
58 | void kbintr(int); |
59 | void usage(void); |
60 | |
61 | int |
62 | main(int argc, char *argv[]) |
63 | { |
64 | struct passwd *pw = NULL, *opw = NULL, lpw; |
65 | int i, ch, pfd, tfd, dfd; |
66 | char *tz, *arg = NULL; |
67 | sigset_t fullset; |
68 | |
69 | |
70 | if ((tz = getenv("TZ")) != NULL) { |
| 1 | Assuming the condition is false | |
|
| |
71 | unsetenv("TZ"); |
72 | tzset(); |
73 | setenv("TZ", tz, 1); |
74 | } |
75 | |
76 | op = EDITENTRY; |
77 | while ((ch = getopt(argc, argv, "a:s:")) != -1) |
| 3 | | Assuming the condition is false | |
|
| 4 | | Loop condition is false. Execution continues on line 91 | |
|
78 | switch(ch) { |
79 | case 'a': |
80 | op = LOADENTRY; |
81 | arg = optarg; |
82 | break; |
83 | case 's': |
84 | op = NEWSH; |
85 | arg = optarg; |
86 | break; |
87 | case '?': |
88 | default: |
89 | usage(); |
90 | } |
91 | argc -= optind; |
92 | argv += optind; |
93 | |
94 | uid = getuid(); |
95 | |
96 | if (op == EDITENTRY || op == NEWSH) |
97 | switch(argc) { |
| 5 | | Control jumps to 'case 0:' at line 98 | |
|
98 | case 0: |
99 | pw = getpwuid_shadow(uid); |
100 | if (!pw) |
| 6 | | Assuming 'pw' is non-null | |
|
| |
101 | errx(1, "unknown user: uid %u", uid); |
102 | break; |
| 8 | | Execution continues on line 114 | |
|
103 | case 1: |
104 | pw = getpwnam_shadow(*argv); |
105 | if (!pw) |
106 | errx(1, "unknown user: %s", *argv); |
107 | if (uid && uid != pw->pw_uid) |
108 | baduser(); |
109 | break; |
110 | default: |
111 | usage(); |
112 | } |
113 | |
114 | if (op == LOADENTRY) { |
| |
115 | if (argc != 0) |
116 | errx(1, "option -a does not accept user argument"); |
117 | if (uid) |
118 | baduser(); |
119 | pw = &lpw; |
120 | if (!pw_scan(arg, pw, NULL)) |
121 | exit(1); |
122 | opw = getpwnam_shadow(pw->pw_name); |
123 | } |
124 | if (opw == NULL && (opw = pw_dup(pw)) == NULL) |
| 10 | | Assuming the condition is false | |
|
| |
125 | err(1, NULL); |
126 | |
127 | |
128 | if (op == EDITENTRY) { |
| |
129 | char tempname[] = _PATH_VARTMP "pw.XXXXXXXXXX"; |
130 | int edit_status; |
131 | |
132 | if ((pw = pw_dup(pw)) == NULL) |
| |
| 14 | | Assuming pointer value is null | |
|
| |
133 | pw_error(NULL, 1, 1); |
134 | dfd = mkostemp(tempname, O_CLOEXEC); |
135 | if (dfd == -1) |
| 16 | | Assuming the condition is false | |
|
| |
136 | pw_error(tempname, 1, 1); |
137 | display(tempname, dfd, pw); |
138 | |
139 | if (unveil(_PATH_BSHELL, "x") == -1) |
| 18 | | Assuming the condition is false | |
|
| |
140 | err(1, "unveil %s", _PATH_BSHELL); |
141 | if (unveil(_PATH_SHELLS, "r") == -1) |
| 20 | | Assuming the condition is false | |
|
| |
142 | err(1, "unveil %s", _PATH_SHELLS); |
143 | if (unveil(tempname, "rc") == -1) |
| 22 | | Assuming the condition is false | |
|
| |
144 | err(1, "unveil %s", tempname); |
145 | if (pledge("stdio rpath wpath cpath id proc exec unveil", |
| 24 | | Assuming the condition is false | |
|
| |
146 | NULL) == -1) |
147 | err(1, "pledge"); |
148 | |
149 | edit_status = edit(tempname, pw); |
150 | close(dfd); |
151 | unlink(tempname); |
152 | |
153 | switch (edit_status) { |
| 26 | | Control jumps to 'case 0:' at line 154 | |
|
154 | case EDIT_OK: |
155 | break; |
| 27 | | Execution continues on line 166 | |
|
156 | case EDIT_NOCHANGE: |
157 | pw_error(NULL, 0, 0); |
158 | break; |
159 | case EDIT_ERROR: |
160 | default: |
161 | pw_error(tempname, 1, 1); |
162 | break; |
163 | } |
164 | } |
165 | |
166 | if (op == NEWSH) { |
| 28 | | Assuming 'op' is not equal to NEWSH | |
|
| |
167 | if (unveil(_PATH_SHELLS, "r") == -1) |
168 | err(1, "unveil %s", _PATH_SHELLS); |
169 | if (pledge("stdio rpath wpath cpath id proc exec unveil", |
170 | NULL) == -1) |
171 | err(1, "pledge"); |
172 | |
173 | |
174 | if (!arg[0]) |
175 | usage(); |
176 | if (p_shell(arg, pw, NULL)) |
177 | pw_error(NULL, 0, 1); |
178 | } |
179 | |
180 | |
181 | setuid(0); |
182 | sigfillset(&fullset); |
183 | sigdelset(&fullset, SIGINT); |
184 | sigprocmask(SIG_BLOCK, &fullset, NULL); |
185 | |
186 | if (unveil(_PATH_MASTERPASSWD_LOCK, "rwc") == -1) |
| 30 | | Assuming the condition is false | |
|
| |
187 | err(1, "unveil %s", _PATH_MASTERPASSWD_LOCK); |
188 | if (unveil(_PATH_MASTERPASSWD, "r") == -1) |
| 32 | | Assuming the condition is false | |
|
| |
189 | err(1, "unveil %s", _PATH_MASTERPASSWD); |
190 | if (unveil(_PATH_PWD_MKDB, "x") == -1) |
| 34 | | Assuming the condition is false | |
|
| |
191 | err(1, "unveil %s", _PATH_PWD_MKDB); |
192 | if (pledge("stdio rpath wpath cpath proc exec", NULL) == -1) |
| 36 | | Assuming the condition is false | |
|
| |
193 | err(1, "pledge"); |
194 | |
195 | |
196 | pw_init(); |
197 | for (i = 1; (tfd = pw_lock(0)) == -1; i++) { |
| 38 | | Assuming the condition is false | |
|
| 39 | | Loop condition is false. Execution continues on line 207 | |
|
198 | if (i == 4) |
199 | (void)fputs("Attempting to lock password file, " |
200 | "please wait or press ^C to abort", stderr); |
201 | (void)signal(SIGINT, kbintr); |
202 | if (i % 16 == 0) |
203 | fputc('.', stderr); |
204 | usleep(250000); |
205 | (void)signal(SIGINT, SIG_IGN); |
206 | } |
207 | if (i >= 4) |
| |
208 | fputc('\n', stderr); |
209 | pfd = open(_PATH_MASTERPASSWD, O_RDONLY|O_CLOEXEC); |
210 | if (pfd == -1) |
| 41 | | Assuming the condition is false | |
|
| |
211 | pw_error(_PATH_MASTERPASSWD, 1, 1); |
212 | |
213 | |
214 | pw_copy(pfd, tfd, pw, opw); |
215 | |
216 | |
217 | arg = !strcmp(opw->pw_name, pw->pw_name) ? pw->pw_name : NULL; |
| 43 | | Access to field 'pw_name' results in a dereference of a null pointer (loaded from variable 'pw') |
|
218 | |
219 | |
220 | if (pw_mkdb(arg, 0) == -1) |
221 | pw_error(NULL, 0, 1); |
222 | exit(0); |
223 | } |
224 | |
225 | void |
226 | baduser(void) |
227 | { |
228 | |
229 | errx(1, "%s", strerror(EACCES)); |
230 | } |
231 | |
232 | |
233 | void |
234 | kbintr(int signo) |
235 | { |
236 | dprintf(STDERR_FILENO, "\n%s: %s unchanged\n", |
237 | __progname, _PATH_MASTERPASSWD); |
238 | _exit(1); |
239 | } |
240 | |
241 | void |
242 | usage(void) |
243 | { |
244 | |
245 | (void)fprintf(stderr, "usage: %s [-s newshell] [user]\n", __progname); |
246 | (void)fprintf(stderr, " %s -a list\n", __progname); |
247 | exit(1); |
248 | } |