clang -cc1 -cc1 -triple amd64-unknown-openbsd7.4 -analyze -disable-free -clear-ast-before-backend -disable-llvm-verifier -discard-value-names -main-file-name pwd_check.c -analyzer-checker=core -analyzer-checker=apiModeling -analyzer-checker=unix -analyzer-checker=deadcode -analyzer-checker=security.insecureAPI.UncheckedReturn -analyzer-checker=security.insecureAPI.getpw -analyzer-checker=security.insecureAPI.gets -analyzer-checker=security.insecureAPI.mktemp -analyzer-checker=security.insecureAPI.mkstemp -analyzer-checker=security.insecureAPI.vfork -analyzer-checker=nullability.NullPassedToNonnull -analyzer-checker=nullability.NullReturnedFromNonnull -analyzer-output plist -w -setup-static-analyzer -mrelocation-model pic -pic-level 1 -pic-is-pie -mframe-pointer=all -relaxed-aliasing -ffp-contract=on -fno-rounding-math -mconstructor-aliases -funwind-tables=2 -target-cpu x86-64 -target-feature +retpoline-indirect-calls -target-feature +retpoline-indirect-branches -tune-cpu generic -debugger-tuning=gdb -fcoverage-compilation-dir=/usr/src/libexec/login_lchpass/obj -resource-dir /usr/local/llvm16/lib/clang/16 -internal-isystem /usr/local/llvm16/lib/clang/16/include -internal-externc-isystem /usr/include -O2 -Wno-unused -fdebug-compilation-dir=/usr/src/libexec/login_lchpass/obj -ferror-limit 19 -fwrapv -D_RET_PROTECTOR -ret-protector -fcf-protection=branch -fno-jump-tables -fgnuc-version=4.2.1 -vectorize-loops -vectorize-slp -fno-builtin-malloc -fno-builtin-calloc -fno-builtin-realloc -fno-builtin-valloc -fno-builtin-free -fno-builtin-strdup -fno-builtin-strndup -analyzer-output=html -faddrsig -D__GCC_HAVE_DWARF2_CFI_ASM=1 -o /home/ben/Projects/scan/2024-01-11-140451-98009-1 -x c /usr/src/libexec/login_lchpass/../../usr.bin/passwd/pwd_check.c
1 | |
2 | |
3 | |
4 | |
5 | |
6 | |
7 | |
8 | |
9 | |
10 | |
11 | |
12 | |
13 | |
14 | |
15 | |
16 | |
17 | |
18 | |
19 | |
20 | |
21 | |
22 | |
23 | |
24 | |
25 | |
26 | |
27 | |
28 | |
29 | |
30 | |
31 | |
32 | |
33 | #include <sys/types.h> |
34 | #include <sys/wait.h> |
35 | |
36 | #include <stdio.h> |
37 | #include <stdlib.h> |
38 | #include <string.h> |
39 | #include <unistd.h> |
40 | #include <limits.h> |
41 | #include <errno.h> |
42 | #include <err.h> |
43 | #include <regex.h> |
44 | #include <grp.h> |
45 | #include <paths.h> |
46 | #include <login_cap.h> |
47 | #include <signal.h> |
48 | |
49 | int pwd_check(login_cap_t *, char *); |
50 | int pwd_gettries(login_cap_t *); |
51 | |
52 | struct pattern { |
53 | char *match; |
54 | int flags; |
55 | char *response; |
56 | }; |
57 | |
58 | struct pattern patterns[] = { |
59 | { |
60 | "^[0-9]*$", |
61 | REG_EXTENDED|REG_NOSUB, |
62 | "Please don't use all-digit passwords." |
63 | }, |
64 | { |
65 | "^[a-z]{1,9}$", |
66 | REG_EXTENDED|REG_NOSUB, |
67 | "Please don't use an all-lower case password." |
68 | }, |
69 | { |
70 | "^[a-z]{1,6}[0-9]+$", |
71 | REG_EXTENDED|REG_NOSUB|REG_ICASE, |
72 | "Please use a more complicated password." |
73 | }, |
74 | { |
75 | "^([a-z][0-9]){1,4}$", |
76 | REG_EXTENDED|REG_NOSUB|REG_ICASE, |
77 | "Please use a more complicated password." |
78 | }, |
79 | { |
80 | "^([0-9][a-z]){1,4}$", |
81 | REG_EXTENDED|REG_NOSUB|REG_ICASE, |
82 | "Please use a more complicated password." |
83 | } |
84 | }; |
85 | |
86 | int |
87 | pwd_check(login_cap_t *lc, char *password) |
88 | { |
89 | regex_t rgx; |
90 | int i, res, min_len; |
91 | char *checker; |
92 | char *argp[] = { "sh", "-c", NULL, NULL}; |
93 | int pipefds[2]; |
94 | pid_t child; |
95 | uid_t uid; |
96 | gid_t gid; |
97 | |
98 | min_len = (int)login_getcapnum(lc, "minpasswordlen", 6, 6); |
99 | if (min_len > 0 && strlen(password) < min_len) { |
| 1 | Assuming 'min_len' is <= 0 | |
|
100 | fprintf(stderr, "Please enter a longer password.\n"); |
101 | return (0); |
102 | } |
103 | |
104 | |
105 | checker = login_getcapstr(lc, "passwordcheck", NULL, NULL); |
106 | |
107 | |
108 | if (checker != NULL && pipe(pipefds) == -1) { |
| 2 | | Assuming 'checker' is equal to NULL | |
|
109 | warn("pipe"); |
110 | goto out; |
111 | } |
112 | |
113 | |
114 | switch (child = fork()) { |
| 3 | | Control jumps to 'case -1:' at line 115 | |
|
115 | case -1: |
116 | warn("fork"); |
117 | close(pipefds[0]); |
| 4 | | 1st function call argument is an uninitialized value |
|
118 | close(pipefds[1]); |
119 | goto out; |
120 | case 0: |
121 | (void)signal(SIGINT, SIG_DFL); |
122 | (void)signal(SIGQUIT, SIG_DFL); |
123 | uid = getuid(); |
124 | gid = getgid(); |
125 | if (setresgid(gid, gid, gid) == -1) { |
126 | warn("setresgid"); |
127 | exit(1); |
128 | } |
129 | if (setgroups(1, &gid) == -1) { |
130 | warn("setgroups"); |
131 | exit(1); |
132 | } |
133 | if (setresuid(uid, uid, uid) == -1) { |
134 | warn("setresuid"); |
135 | exit(1); |
136 | } |
137 | |
138 | if (checker == NULL) { |
139 | if (pledge("stdio", NULL) == -1) |
140 | err(1, "pledge"); |
141 | |
142 | for (i = 0; i < sizeof(patterns) / sizeof(*patterns); i++) { |
143 | int ret; |
144 | |
145 | if (regcomp(&rgx, patterns[i].match, |
146 | patterns[i].flags) != 0) |
147 | continue; |
148 | ret = regexec(&rgx, password, 0, NULL, 0); |
149 | regfree(&rgx); |
150 | if (ret == 0) { |
151 | fprintf(stderr, "%s\n", patterns[i].response); |
152 | exit(1); |
153 | } |
154 | } |
155 | |
156 | exit(0); |
157 | } |
158 | |
159 | if (pledge("stdio exec", NULL) == -1) |
160 | err(1, "pledge"); |
161 | |
162 | |
163 | argp[2] = checker; |
164 | if (dup2(pipefds[0], STDIN_FILENO) == -1) { |
165 | warn("dup2"); |
166 | exit(1); |
167 | } |
168 | close(pipefds[0]); |
169 | close(pipefds[1]); |
170 | |
171 | if (execv(_PATH_BSHELL, argp) == -1) { |
172 | warn("exec"); |
173 | exit(1); |
174 | } |
175 | |
176 | default: |
177 | break; |
178 | } |
179 | |
180 | if (checker != NULL) { |
181 | |
182 | close(pipefds[0]); |
183 | write(pipefds[1], password, strlen(password) + 1); |
184 | close(pipefds[1]); |
185 | } |
186 | |
187 | |
188 | while (waitpid(child, &res, 0) == -1) { |
189 | if (errno != EINTR) { |
190 | warn("waitpid"); |
191 | goto out; |
192 | } |
193 | } |
194 | if (WIFEXITED(res) && WEXITSTATUS(res) == 0) { |
195 | free(checker); |
196 | return (1); |
197 | } |
198 | |
199 | out: |
200 | free(checker); |
201 | fprintf(stderr, "Please use a different password. Unusual capitalization,\n"); |
202 | fprintf(stderr, "control characters, or digits are suggested.\n"); |
203 | |
204 | return (0); |
205 | } |
206 | |
207 | int |
208 | pwd_gettries(login_cap_t *lc) |
209 | { |
210 | quad_t ntries; |
211 | |
212 | if ((ntries = login_getcapnum(lc, "passwordtries", -1, -1)) != -1) { |
213 | if (ntries >= 0 && ntries <= INT_MAX) |
214 | return((int)ntries); |
215 | fprintf(stderr, |
216 | "Warning: pwdtries out of range in /etc/login.conf"); |
217 | } |
218 | |
219 | |
220 | |
221 | |
222 | |
223 | |
224 | |
225 | return (3); |
226 | } |