clang -cc1 -cc1 -triple amd64-unknown-openbsd7.0 -analyze -disable-free -disable-llvm-verifier -discard-value-names -main-file-name login_fbtab.c -analyzer-store=region -analyzer-opt-analyze-nested-blocks -analyzer-checker=core -analyzer-checker=apiModeling -analyzer-checker=unix -analyzer-checker=deadcode -analyzer-checker=security.insecureAPI.UncheckedReturn -analyzer-checker=security.insecureAPI.getpw -analyzer-checker=security.insecureAPI.gets -analyzer-checker=security.insecureAPI.mktemp -analyzer-checker=security.insecureAPI.mkstemp -analyzer-checker=security.insecureAPI.vfork -analyzer-checker=nullability.NullPassedToNonnull -analyzer-checker=nullability.NullReturnedFromNonnull -analyzer-output plist -w -setup-static-analyzer -mrelocation-model pic -pic-level 1 -pic-is-pie -mframe-pointer=all -relaxed-aliasing -fno-rounding-math -mconstructor-aliases -munwind-tables -target-cpu x86-64 -target-feature +retpoline-indirect-calls -target-feature +retpoline-indirect-branches -tune-cpu generic -debugger-tuning=gdb -fcoverage-compilation-dir=/usr/src/lib/libutil/obj -resource-dir /usr/local/lib/clang/13.0.0 -internal-isystem /usr/local/lib/clang/13.0.0/include -internal-externc-isystem /usr/include -O2 -fdebug-compilation-dir=/usr/src/lib/libutil/obj -ferror-limit 19 -fwrapv -D_RET_PROTECTOR -ret-protector -fgnuc-version=4.2.1 -vectorize-loops -vectorize-slp -fno-builtin-malloc -fno-builtin-calloc -fno-builtin-realloc -fno-builtin-valloc -fno-builtin-free -fno-builtin-strdup -fno-builtin-strndup -analyzer-output=html -faddrsig -D__GCC_HAVE_DWARF2_CFI_ASM=1 -o /home/ben/Projects/vmm/scan-build/2022-01-12-194120-40624-1 -x c /usr/src/lib/libutil/login_fbtab.c
1 | |
2 | |
3 | |
4 | |
5 | |
6 | |
7 | |
8 | |
9 | |
10 | |
11 | |
12 | |
13 | |
14 | |
15 | |
16 | |
17 | |
18 | |
19 | |
20 | |
21 | |
22 | |
23 | |
24 | |
25 | |
26 | |
27 | |
28 | |
29 | |
30 | |
31 | |
32 | |
33 | |
34 | |
35 | |
36 | |
37 | |
38 | |
39 | |
40 | |
41 | |
42 | |
43 | |
44 | |
45 | |
46 | |
47 | |
48 | |
49 | |
50 | |
51 | |
52 | |
53 | |
54 | |
55 | |
56 | |
57 | |
58 | |
59 | |
60 | #include <sys/types.h> |
61 | #include <sys/stat.h> |
62 | |
63 | #include <errno.h> |
64 | #include <dirent.h> |
65 | #include <limits.h> |
66 | #include <paths.h> |
67 | #include <stdio.h> |
68 | #include <stdlib.h> |
69 | #include <string.h> |
70 | #include <syslog.h> |
71 | #include <unistd.h> |
72 | #include <util.h> |
73 | |
74 | #define _PATH_FBTAB "/etc/fbtab" |
75 | |
76 | static void login_protect(const char *, mode_t, uid_t, gid_t); |
77 | |
78 | #define WSPACE " \t\n" |
79 | |
80 | |
81 | |
82 | |
83 | void |
84 | login_fbtab(const char *tty, uid_t uid, gid_t gid) |
85 | { |
86 | FILE *fp; |
87 | char *buf, *toklast, *tbuf, *devnam, *cp; |
88 | mode_t prot; |
89 | size_t len; |
90 | |
91 | if ((fp = fopen(_PATH_FBTAB, "r")) == NULL) |
| 1 | Assuming the condition is false | |
|
| |
92 | return; |
93 | |
94 | tbuf = NULL; |
95 | while ((buf = fgetln(fp, &len)) != NULL) { |
| 3 | | Assuming the condition is true | |
|
| 4 | | Loop condition is true. Entering loop body | |
|
| 14 | | Assuming the condition is true | |
|
| 15 | | Loop condition is true. Entering loop body | |
|
96 | if (buf[len - 1] == '\n') |
| 5 | | Assuming the condition is false | |
|
| |
| 16 | | Assuming the condition is false | |
|
| |
97 | buf[len - 1] = '\0'; |
98 | else { |
99 | if ((tbuf = malloc(len + 1)) == NULL) |
| |
| 8 | | Assuming the condition is false | |
|
| |
| 18 | | Assuming the condition is false | |
|
| |
100 | break; |
101 | memcpy(tbuf, buf, len); |
| 20 | | Potential leak of memory pointed to by 'buf' |
|
102 | tbuf[len] = '\0'; |
103 | buf = tbuf; |
104 | } |
105 | if ((cp = strchr(buf, '#'))) |
| |
| |
106 | *cp = '\0'; |
107 | if (buf[0] == '\0' || |
| 12 | | Assuming the condition is true | |
|
108 | (cp = devnam = strtok_r(buf, WSPACE, &toklast)) == NULL) |
109 | continue; |
| 13 | | Execution continues on line 95 | |
|
110 | if (strncmp(devnam, _PATH_DEV, sizeof(_PATH_DEV) - 1) != 0 || |
111 | (cp = strtok_r(NULL, WSPACE, &toklast)) == NULL || |
112 | *cp != '0' || |
113 | sscanf(cp, "%o", &prot) == 0 || |
114 | prot == 0 || |
115 | (prot & 0777) != prot || |
116 | (cp = strtok_r(NULL, WSPACE, &toklast)) == NULL) { |
117 | syslog(LOG_ERR, "%s: bad entry: %s", _PATH_FBTAB, |
118 | cp ? cp : "(null)"); |
119 | continue; |
120 | } |
121 | if (strcmp(devnam + sizeof(_PATH_DEV) - 1, tty) == 0) { |
122 | for (cp = strtok_r(cp, ":", &toklast); cp != NULL; |
123 | cp = strtok_r(NULL, ":", &toklast)) |
124 | login_protect(cp, prot, uid, gid); |
125 | } |
126 | } |
127 | free(tbuf); |
128 | fclose(fp); |
129 | } |
130 | |
131 | |
132 | |
133 | |
134 | static void |
135 | login_protect(const char *path, mode_t mask, uid_t uid, gid_t gid) |
136 | { |
137 | char buf[PATH_MAX]; |
138 | size_t pathlen = strlen(path); |
139 | DIR *dir; |
140 | struct dirent *ent; |
141 | |
142 | if (pathlen >= sizeof(buf)) { |
143 | errno = ENAMETOOLONG; |
144 | syslog(LOG_ERR, "%s: %s: %m", _PATH_FBTAB, path); |
145 | return; |
146 | } |
147 | |
148 | if (strcmp("/*", path + pathlen - 2) != 0) { |
149 | if (chmod(path, mask) && errno != ENOENT) |
150 | syslog(LOG_ERR, "%s: chmod(%s): %m", _PATH_FBTAB, path); |
151 | if (chown(path, uid, gid) && errno != ENOENT) |
152 | syslog(LOG_ERR, "%s: chown(%s): %m", _PATH_FBTAB, path); |
153 | } else { |
154 | |
155 | |
156 | |
157 | |
158 | |
159 | memcpy(buf, path, pathlen - 1); |
160 | buf[pathlen - 1] = '\0'; |
161 | if ((dir = opendir(buf)) == NULL) { |
162 | syslog(LOG_ERR, "%s: opendir(%s): %m", _PATH_FBTAB, |
163 | path); |
164 | return; |
165 | } |
166 | |
167 | while ((ent = readdir(dir)) != NULL) { |
168 | if (strcmp(ent->d_name, ".") != 0 && |
169 | strcmp(ent->d_name, "..") != 0) { |
170 | buf[pathlen - 1] = '\0'; |
171 | if (strlcat(buf, ent->d_name, sizeof(buf)) |
172 | >= sizeof(buf)) { |
173 | errno = ENAMETOOLONG; |
174 | syslog(LOG_ERR, "%s: %s: %m", |
175 | _PATH_FBTAB, path); |
176 | } else |
177 | login_protect(buf, mask, uid, gid); |
178 | } |
179 | } |
180 | closedir(dir); |
181 | } |
182 | } |