clang -cc1 -cc1 -triple amd64-unknown-openbsd7.4 -analyze -disable-free -clear-ast-before-backend -disable-llvm-verifier -discard-value-names -main-file-name login_fbtab.c -analyzer-checker=core -analyzer-checker=apiModeling -analyzer-checker=unix -analyzer-checker=deadcode -analyzer-checker=security.insecureAPI.UncheckedReturn -analyzer-checker=security.insecureAPI.getpw -analyzer-checker=security.insecureAPI.gets -analyzer-checker=security.insecureAPI.mktemp -analyzer-checker=security.insecureAPI.mkstemp -analyzer-checker=security.insecureAPI.vfork -analyzer-checker=nullability.NullPassedToNonnull -analyzer-checker=nullability.NullReturnedFromNonnull -analyzer-output plist -w -setup-static-analyzer -mrelocation-model pic -pic-level 1 -pic-is-pie -mframe-pointer=all -relaxed-aliasing -ffp-contract=on -fno-rounding-math -mconstructor-aliases -funwind-tables=2 -target-cpu x86-64 -target-feature +retpoline-indirect-calls -target-feature +retpoline-indirect-branches -tune-cpu generic -debugger-tuning=gdb -fcoverage-compilation-dir=/usr/src/lib/libutil/obj -resource-dir /usr/local/llvm16/lib/clang/16 -internal-isystem /usr/local/llvm16/lib/clang/16/include -internal-externc-isystem /usr/include -O2 -fdebug-compilation-dir=/usr/src/lib/libutil/obj -ferror-limit 19 -fwrapv -D_RET_PROTECTOR -ret-protector -fcf-protection=branch -fno-jump-tables -fgnuc-version=4.2.1 -vectorize-loops -vectorize-slp -fno-builtin-malloc -fno-builtin-calloc -fno-builtin-realloc -fno-builtin-valloc -fno-builtin-free -fno-builtin-strdup -fno-builtin-strndup -analyzer-output=html -faddrsig -D__GCC_HAVE_DWARF2_CFI_ASM=1 -o /home/ben/Projects/scan/2024-01-11-140451-98009-1 -x c /usr/src/lib/libutil/login_fbtab.c
1 | |
2 | |
3 | |
4 | |
5 | |
6 | |
7 | |
8 | |
9 | |
10 | |
11 | |
12 | |
13 | |
14 | |
15 | |
16 | |
17 | |
18 | |
19 | |
20 | |
21 | |
22 | |
23 | |
24 | |
25 | |
26 | |
27 | |
28 | |
29 | |
30 | |
31 | |
32 | |
33 | |
34 | |
35 | |
36 | |
37 | |
38 | |
39 | |
40 | |
41 | |
42 | |
43 | |
44 | |
45 | |
46 | |
47 | |
48 | |
49 | |
50 | |
51 | |
52 | |
53 | |
54 | |
55 | |
56 | |
57 | |
58 | |
59 | |
60 | #include <sys/types.h> |
61 | #include <sys/stat.h> |
62 | |
63 | #include <errno.h> |
64 | #include <limits.h> |
65 | #include <glob.h> |
66 | #include <paths.h> |
67 | #include <stdio.h> |
68 | #include <stdlib.h> |
69 | #include <string.h> |
70 | #include <syslog.h> |
71 | #include <unistd.h> |
72 | #include <util.h> |
73 | |
74 | #define _PATH_FBTAB "/etc/fbtab" |
75 | |
76 | static void login_protect(const char *, mode_t, uid_t, gid_t); |
77 | |
78 | #define WSPACE " \t\n" |
79 | |
80 | |
81 | |
82 | |
83 | void |
84 | login_fbtab(const char *tty, uid_t uid, gid_t gid) |
85 | { |
86 | FILE *fp; |
87 | char *buf, *toklast, *tbuf, *devnam, *cp; |
88 | mode_t prot; |
89 | size_t len; |
90 | |
91 | if ((fp = fopen(_PATH_FBTAB, "r")) == NULL) |
| 1 | Assuming the condition is false | |
|
| |
92 | return; |
93 | |
94 | tbuf = NULL; |
95 | while ((buf = fgetln(fp, &len)) != NULL) { |
| 3 | | Assuming the condition is true | |
|
| 4 | | Loop condition is true. Entering loop body | |
|
| 12 | | Execution continues on line 95 | |
|
| 13 | | Assuming the condition is true | |
|
| 14 | | Loop condition is true. Entering loop body | |
|
96 | if (buf[len - 1] == '\n') |
| 5 | | Assuming the condition is false | |
|
| |
| 15 | | Assuming the condition is false | |
|
| |
97 | buf[len - 1] = '\0'; |
98 | else { |
99 | if ((tbuf = malloc(len + 1)) == NULL) |
| |
| 8 | | Assuming the condition is false | |
|
| |
| 17 | | Assuming the condition is false | |
|
| |
100 | break; |
101 | memcpy(tbuf, buf, len); |
| 19 | | Potential leak of memory pointed to by 'buf' |
|
102 | tbuf[len] = '\0'; |
103 | buf = tbuf; |
104 | } |
105 | if ((cp = strchr(buf, '#'))) |
| |
106 | *cp = '\0'; |
107 | if (buf[0] == '\0' || |
| 11 | | Assuming the condition is true | |
|
108 | (cp = devnam = strtok_r(buf, WSPACE, &toklast)) == NULL) |
109 | continue; |
110 | if (strncmp(devnam, _PATH_DEV, sizeof(_PATH_DEV) - 1) != 0 || |
111 | (cp = strtok_r(NULL, WSPACE, &toklast)) == NULL || |
112 | *cp != '0' || |
113 | sscanf(cp, "%o", &prot) == 0 || |
114 | prot == 0 || |
115 | (prot & 0777) != prot || |
116 | (cp = strtok_r(NULL, WSPACE, &toklast)) == NULL) { |
117 | syslog(LOG_ERR, "%s: bad entry: %s", _PATH_FBTAB, |
118 | cp ? cp : "(null)"); |
119 | continue; |
120 | } |
121 | if (strcmp(devnam + sizeof(_PATH_DEV) - 1, tty) == 0) { |
122 | for (cp = strtok_r(cp, ":", &toklast); cp != NULL; |
123 | cp = strtok_r(NULL, ":", &toklast)) |
124 | login_protect(cp, prot, uid, gid); |
125 | } |
126 | } |
127 | free(tbuf); |
128 | fclose(fp); |
129 | } |
130 | |
131 | |
132 | |
133 | |
134 | static void |
135 | login_protect(const char *path, mode_t mask, uid_t uid, gid_t gid) |
136 | { |
137 | glob_t g; |
138 | size_t n; |
139 | char *gpath; |
140 | |
141 | if (strlen(path) >= PATH_MAX) { |
142 | errno = ENAMETOOLONG; |
143 | syslog(LOG_ERR, "%s: %s: %m", _PATH_FBTAB, path); |
144 | return; |
145 | } |
146 | |
147 | if (glob(path, GLOB_NOSORT, NULL, &g) != 0) { |
148 | if (errno != ENOENT) |
149 | syslog(LOG_ERR, "%s: glob(%s): %m", _PATH_FBTAB, path); |
150 | globfree(&g); |
151 | return; |
152 | } |
153 | |
154 | for (n = 0; n < g.gl_matchc; n++) { |
155 | gpath = g.gl_pathv[n]; |
156 | |
157 | if (chmod(gpath, mask) && errno != ENOENT) |
158 | syslog(LOG_ERR, "%s: chmod(%s): %m", _PATH_FBTAB, gpath); |
159 | if (chown(gpath, uid, gid) && errno != ENOENT) |
160 | syslog(LOG_ERR, "%s: chown(%s): %m", _PATH_FBTAB, gpath); |
161 | } |
162 | |
163 | globfree(&g); |
164 | } |