Bug Summary

File:src/usr.bin/chpass/edit.c
Warning:line 189, column 16
1st function call argument is an uninitialized value

Annotated Source Code

Press '?' to see keyboard shortcuts

clang -cc1 -cc1 -triple amd64-unknown-openbsd7.0 -analyze -disable-free -disable-llvm-verifier -discard-value-names -main-file-name edit.c -analyzer-store=region -analyzer-opt-analyze-nested-blocks -analyzer-checker=core -analyzer-checker=apiModeling -analyzer-checker=unix -analyzer-checker=deadcode -analyzer-checker=security.insecureAPI.UncheckedReturn -analyzer-checker=security.insecureAPI.getpw -analyzer-checker=security.insecureAPI.gets -analyzer-checker=security.insecureAPI.mktemp -analyzer-checker=security.insecureAPI.mkstemp -analyzer-checker=security.insecureAPI.vfork -analyzer-checker=nullability.NullPassedToNonnull -analyzer-checker=nullability.NullReturnedFromNonnull -analyzer-output plist -w -setup-static-analyzer -mrelocation-model pic -pic-level 1 -pic-is-pie -mframe-pointer=all -relaxed-aliasing -fno-rounding-math -mconstructor-aliases -munwind-tables -target-cpu x86-64 -target-feature +retpoline-indirect-calls -target-feature +retpoline-indirect-branches -tune-cpu generic -debugger-tuning=gdb -fcoverage-compilation-dir=/usr/src/usr.bin/chpass/obj -resource-dir /usr/local/lib/clang/13.0.0 -I /usr/src/usr.bin/chpass/../../lib/libc/include -internal-isystem /usr/local/lib/clang/13.0.0/include -internal-externc-isystem /usr/include -O2 -fdebug-compilation-dir=/usr/src/usr.bin/chpass/obj -ferror-limit 19 -fwrapv -D_RET_PROTECTOR -ret-protector -fgnuc-version=4.2.1 -vectorize-loops -vectorize-slp -fno-builtin-malloc -fno-builtin-calloc -fno-builtin-realloc -fno-builtin-valloc -fno-builtin-free -fno-builtin-strdup -fno-builtin-strndup -analyzer-output=html -faddrsig -D__GCC_HAVE_DWARF2_CFI_ASM=1 -o /home/ben/Projects/vmm/scan-build/2022-01-12-194120-40624-1 -x c /usr/src/usr.bin/chpass/edit.c
1/* $OpenBSD: edit.c,v 1.35 2015/01/16 06:40:06 deraadt Exp $ */
2/* $NetBSD: edit.c,v 1.6 1996/05/15 21:50:45 jtc Exp $ */
3
4/*-
5 * Copyright (c) 1990, 1993, 1994
6 * The Regents of the University of California. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 * 3. Neither the name of the University nor the names of its contributors
17 * may be used to endorse or promote products derived from this software
18 * without specific prior written permission.
19 *
20 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30 * SUCH DAMAGE.
31 */
32
33#include <sys/stat.h>
34
35#include <ctype.h>
36#include <err.h>
37#include <errno(*__errno()).h>
38#include <fcntl.h>
39#include <paths.h>
40#include <pwd.h>
41#include <stdio.h>
42#include <stdlib.h>
43#include <string.h>
44#include <unistd.h>
45#include <limits.h>
46#include <util.h>
47
48#include "chpass.h"
49
50int
51edit(char *tempname, struct passwd *pw)
52{
53 struct stat begin, end;
54
55 for (;;) {
1
Loop condition is true. Entering loop body
56 if (lstat(tempname, &begin) == -1 || S_ISLNK(begin.st_mode)((begin.st_mode & 0170000) == 0120000))
2
Assuming the condition is false
3
Assuming the condition is false
4
Taking false branch
57 return (EDIT_ERROR-1);
58 pw_edit(1, tempname);
59 if (lstat(tempname, &end) == -1 || S_ISLNK(end.st_mode)((end.st_mode & 0170000) == 0120000))
5
Assuming the condition is false
6
Assuming the condition is false
7
Taking false branch
60 return (EDIT_ERROR-1);
61 if (!timespeccmp(&begin.st_mtimespec, &end.st_mtimespec, -)(((&begin.st_mtim)->tv_sec == (&end.st_mtim)->tv_sec
) ? ((&begin.st_mtim)->tv_nsec - (&end.st_mtim)->
tv_nsec) : ((&begin.st_mtim)->tv_sec - (&end.st_mtim
)->tv_sec)) &&
8
Assuming '' is not equal to ''
9
'?' condition is false
62 begin.st_size == end.st_size) {
63 warnx("no changes made");
64 return (EDIT_NOCHANGE1);
65 }
66 if (verify(tempname, pw))
10
Calling 'verify'
67 break;
68 pw_prompt();
69 }
70 return(EDIT_OK0);
71}
72
73/*
74 * display --
75 * print out the file for the user to edit; strange side-effect:
76 * set conditional flag if the user gets to edit the shell.
77 */
78void
79display(char *tempname, int fd, struct passwd *pw)
80{
81 FILE *fp;
82 char *bp, *p;
83 char chngstr[256];
84
85 if (!(fp = fdopen(fd, "w")))
86 pw_error(tempname, 1, 1);
87
88 (void)fprintf(fp,
89 "# Changing user database information for %s.\n", pw->pw_name);
90 if (!uid) {
91 (void)fprintf(fp, "Login: %s\n", pw->pw_name);
92 (void)fprintf(fp, "Encrypted password: %s\n", pw->pw_passwd);
93 (void)fprintf(fp, "Uid [#]: %u\n", pw->pw_uid);
94 (void)fprintf(fp, "Gid [# or name]: %u\n", pw->pw_gid);
95 (void)fprintf(fp, "Change [month day year]: %s\n",
96 ttoa(chngstr, sizeof(chngstr), pw->pw_change));
97 (void)fprintf(fp, "Expire [month day year]: %s\n",
98 ttoa(chngstr, sizeof(chngstr), pw->pw_expire));
99 (void)fprintf(fp, "Class: %s\n", pw->pw_class);
100 (void)fprintf(fp, "Home directory: %s\n", pw->pw_dir);
101 (void)fprintf(fp, "Shell: %s\n",
102 *pw->pw_shell ? pw->pw_shell : _PATH_BSHELL"/bin/sh");
103 }
104 /* Only admin can change "restricted" shells. */
105 else if (ok_shell(pw->pw_shell, NULL((void *)0)))
106 /*
107 * Make shell a restricted field. Ugly with a
108 * necklace, but there's not much else to do.
109 */
110 (void)fprintf(fp, "Shell: %s\n",
111 *pw->pw_shell ? pw->pw_shell : _PATH_BSHELL"/bin/sh");
112 else
113 list[E_SHELL12].restricted = 1;
114 bp = pw->pw_gecos;
115 p = strsep(&bp, ",");
116 (void)fprintf(fp, "Full Name: %s\n", p ? p : "");
117 p = strsep(&bp, ",");
118 (void)fprintf(fp, "Office Location: %s\n", p ? p : "");
119 p = strsep(&bp, ",");
120 (void)fprintf(fp, "Office Phone: %s\n", p ? p : "");
121 p = strsep(&bp, ",");
122 (void)fprintf(fp, "Home Phone: %s\n", p ? p : "");
123
124 (void)fchown(fd, getuid(), getgid());
125 (void)fclose(fp);
126}
127
128int
129verify(char *tempname, struct passwd *pw)
130{
131 unsigned int line;
132 size_t alen;
133 static char buf[LINE_MAX2048];
134 struct stat sb;
135 char *p, *q;
136 ENTRY *ep;
137 FILE *fp;
11
'fp' declared without an initial value
138 int fd;
139
140 if ((fd = open(tempname, O_RDONLY0x0000|O_NOFOLLOW0x0100)) == -1 ||
12
Assuming the condition is true
141 (fp = fdopen(fd, "r")) == NULL((void *)0))
142 pw_error(tempname, 1, 1);
143 if (fstat(fd, &sb))
13
Assuming the condition is false
14
Taking false branch
144 pw_error(tempname, 1, 1);
145 if (sb.st_size == 0 || sb.st_nlink != 1 || sb.st_uid != uid) {
15
Assuming field 'st_size' is equal to 0
146 warnx("corrupted temporary file");
147 goto bad;
16
Control jumps to line 189
148 }
149 line = 0;
150 while (fgets(buf, sizeof(buf), fp)) {
151 line++;
152 if (!buf[0] || buf[0] == '#')
153 continue;
154 if ((p = strchr(buf, '\n')) != NULL((void *)0))
155 *p = '\0';
156 else if (!feof(fp)(!__isthreaded ? (((fp)->_flags & 0x0020) != 0) : (feof
)(fp))) {
157 warnx("line %u too long", line);
158 goto bad;
159 }
160 for (ep = list;; ++ep) {
161 if (!ep->prompt) {
162 warnx("unrecognized field on line %u", line);
163 goto bad;
164 }
165 if (!strncasecmp(buf, ep->prompt, ep->len)) {
166 if (ep->restricted && uid) {
167 warnx(
168 "you may not change the %s field",
169 ep->prompt);
170 goto bad;
171 }
172 if (!(p = strchr(buf, ':'))) {
173 warnx("line %u corrupted", line);
174 goto bad;
175 }
176 while (isspace((unsigned char)*++p))
177 ;
178 for (q = p; isprint((unsigned char)*q); q++) {
179 if (ep->except && strchr(ep->except,*q))
180 break;
181 }
182 if (*q) {
183 warnx(
184 "illegal character in the \"%s\" field",
185 ep->prompt);
186 goto bad;
187 }
188 if ((ep->func)(p, pw, ep)) {
189bad: (void)fclose(fp);
17
1st function call argument is an uninitialized value
190 return (0);
191 }
192 break;
193 }
194 }
195 }
196 (void)fclose(fp);
197
198 if (list[E_NAME7].save == NULL((void *)0))
199 list[E_NAME7].save = "";
200 if (list[E_BPHONE8].save == NULL((void *)0))
201 list[E_BPHONE8].save = "";
202 if (list[E_HPHONE9].save == NULL((void *)0))
203 list[E_HPHONE9].save = "";
204 if (list[E_LOCATE10].save == NULL((void *)0))
205 list[E_LOCATE10].save = "";
206
207 /* Build the gecos field. */
208 for (alen = 0, p = list[E_NAME7].save; *p; p++)
209 if (*p == '&')
210 alen = alen + strlen(pw->pw_name) - 1;
211 if (asprintf(&p, "%s,%s,%s,%s", list[E_NAME7].save,
212 list[E_LOCATE10].save, list[E_BPHONE8].save, list[E_HPHONE9].save) == -1)
213 err(1, NULL((void *)0));
214 pw->pw_gecos = p;
215
216 if (snprintf(buf, sizeof(buf),
217 "%s:%s:%u:%u:%s:%ld:%ld:%s:%s:%s",
218 pw->pw_name, pw->pw_passwd, pw->pw_uid, pw->pw_gid, pw->pw_class,
219 (long)pw->pw_change, (long)pw->pw_expire, pw->pw_gecos, pw->pw_dir,
220 pw->pw_shell) >= 1023 ||
221 strlen(buf) + alen >= 1023) {
222 warnx("entries too long");
223 free(p);
224 return (0);
225 }
226 free(p);
227
228 return (pw_scan(buf, pw, NULL((void *)0)));
229}