sudo frontend: silence most -Wconversion warnings.

plugins/sample/sample_plugin.c

@@ -65,7 +65,7 @@ static sudo_conv_t sudo_conv;
 static sudo_printf_t sudo_log;
 static FILE *input, *output;
 static uid_t runas_uid = ROOT_UID;
-static gid_t runas_gid = -1;
+static gid_t runas_gid = (gid_t)-1;
 static int use_sudoedit = false;
 
 /*
@@ -286,7 +286,7 @@ find_editor(int nfiles, char * const files[], char **argv_out[])
     }
     if (editor_path != editor)
 	free(editor);
-    nargv = malloc((nargc + 1 + nfiles + 1) * sizeof(char *));
+    nargv = reallocarray(NULL, (size_t)(nargc + 1 + nfiles + 1), sizeof(char *));
     if (nargv == NULL) {
 	sudo_log(SUDO_CONV_ERROR_MSG, "unable to allocate memory\n");
 	free(editor_path);

src/conversation.c

@@ -199,7 +199,7 @@ sudo_conversation_printf(int msg_type, const char *fmt, ...)
 	len = vfprintf(ttyfp ? ttyfp : fp, fmt, ap);
 	va_end(ap);
 	if (len >= 0 && crnl != NULL) {
-	    len += fwrite(crnl, 1, 2, ttyfp ? ttyfp : fp);
+	    len += (int)fwrite(crnl, 1, 2, ttyfp ? ttyfp : fp);
 	}
 	break;
     default:

src/copy_file.c

@@ -54,10 +54,10 @@ sudo_extend_file(int fd, const char *name, off_t new_size)
 	__func__, name, (long long)old_size, (long long)new_size);
 
     for (size = old_size; size < new_size; size += nwritten) {
-	size_t len = new_size - size;
-	if (len > sizeof(zeroes))
-	    len = sizeof(zeroes);
-	nwritten = write(fd, zeroes, len);
+	off_t len = new_size - size;
+	if (len > ssizeof(zeroes))
+	    len = ssizeof(zeroes);
+	nwritten = write(fd, zeroes, (size_t)len);
 	if (nwritten == -1) {
 	    int serrno = errno;
 	    if (ftruncate(fd, old_size) == -1) {
@@ -110,7 +110,7 @@ sudo_copy_file(const char *src, int src_fd, off_t src_len, const char *dst,
     while ((nread = read(src_fd, buf, sizeof(buf))) > 0) {
 	ssize_t off = 0;
 	do {
-	    nwritten = write(dst_fd, buf + off, nread - off);
+	    nwritten = write(dst_fd, buf + off, (size_t)(nread - off));
 	    if (nwritten == -1)
 		goto write_error;
 	    off += nwritten;

src/env_hooks.c

@@ -96,7 +96,7 @@ rpl_putenv(PUTENV_CONST char *string)
     }
 
     /* Look for existing entry. */
-    len = (equal - string) + 1;
+    len = (size_t)(equal - string) + 1;
     for (ep = environ; *ep != NULL; ep++) {
 	if (strncmp(string, *ep, len) == 0) {
 	    *ep = (char *)string;

src/exec.c

@@ -133,7 +133,7 @@ exec_setup(struct command_details *details, int intercept_fd, int errfd)
 #endif
 #ifdef HAVE_LOGIN_CAP_H
 	if (details->login_class) {
-	    int flags;
+	    unsigned int flags;
 	    login_cap_t *lc;
 
 	    /*

src/exec_common.c

@@ -123,11 +123,11 @@ sudo_execve(int fd, const char *path, char *const argv[], char *envp[],
 
 	for (argc = 0; argv[argc] != NULL; argc++)
 	    continue;
-	nargv = reallocarray(NULL, argc + 2, sizeof(char *));
+	nargv = reallocarray(NULL, (size_t)argc + 2, sizeof(char *));
 	if (nargv != NULL) {
 	    nargv[0] = "sh";
 	    nargv[1] = path;
-	    memcpy(nargv + 2, argv + 1, argc * sizeof(char *));
+	    memcpy(nargv + 2, argv + 1, (size_t)argc * sizeof(char *));
 	    execve(_PATH_SUDO_BSHELL, (char **)nargv, envp);
 	    free(nargv);
 	}

src/exec_intercept.c

@@ -1,7 +1,7 @@
 /*
  * SPDX-License-Identifier: ISC
  *
- * Copyright (c) 2021-2022 Todd C. Miller <Todd.Miller@sudo.ws>
+ * Copyright (c) 2021-2023 Todd C. Miller <Todd.Miller@sudo.ws>
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -37,6 +37,7 @@
 #include <unistd.h>
 #include <errno.h>
 #include <fcntl.h>
+#include <limits.h>
 
 #include "sudo.h"
 #include "sudo_exec.h"
@@ -374,7 +375,8 @@ intercept_check_policy(const char *command, int argc, char **argv, int envc,
     char **command_info_copy = NULL;
     char **user_env_out = NULL;
     char **run_argv = NULL;
-    int i, rc, saved_dir = -1;
+    int rc, saved_dir = -1;
+    size_t i;
     bool ret = true;
     struct stat sb;
     debug_decl(intercept_check_policy, SUDO_DEBUG_EXEC);
@@ -470,11 +472,11 @@ intercept_check_policy(const char *command, int argc, char **argv, int envc,
 	    "run_command: %s", closure->command);
 	for (i = 0; command_info[i] != NULL; i++) {
 	    sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO,
-		"command_info[%d]: %s", i, command_info[i]);
+		"command_info[%zu]: %s", i, command_info[i]);
 	}
 	for (i = 0; run_argv[i] != NULL; i++) {
 	    sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO,
-		"run_argv[%d]: %s", i, run_argv[i]);
+		"run_argv[%zu]: %s", i, run_argv[i]);
 	}
     }
 
@@ -492,10 +494,10 @@ intercept_check_policy(const char *command, int argc, char **argv, int envc,
     closure->run_argv[i] = NULL;
 
     /* Make a copy of envp, which may not be NULL-terminated. */
-    closure->run_envp = reallocarray(NULL, envc + 1, sizeof(char *));
+    closure->run_envp = reallocarray(NULL, (size_t)envc + 1, sizeof(char *));
     if (closure->run_envp == NULL)
 	goto oom;
-    for (i = 0; i < envc; i++) {
+    for (i = 0; i < (size_t)envc; i++) {
 	closure->run_envp[i] = strdup(envp[i]);
 	if (closure->run_envp[i] == NULL)
 	    goto oom;
@@ -562,7 +564,7 @@ intercept_check_policy_req(PolicyCheckRequest *req,
     size_t n;
     debug_decl(intercept_check_policy_req, SUDO_DEBUG_EXEC);
 
-    if (req->command == NULL) {
+    if (req->command == NULL || req->n_argv > INT_MAX || req->n_envp > INT_MAX) {
 	closure->errstr = N_("invalid PolicyCheckRequest");
 	goto done;
     }
@@ -595,8 +597,8 @@ intercept_check_policy_req(PolicyCheckRequest *req,
     }
     argv[n] = NULL;
 
-    ret = intercept_check_policy(req->command, req->n_argv, argv, req->n_envp,
-	req->envp, req->cwd, &oldcwd, closure);
+    ret = intercept_check_policy(req->command, (int)req->n_argv, argv,
+	(int)req->n_envp, req->envp, req->cwd, &oldcwd, closure);
 
 done:
     if (oldcwd != -1) {
@@ -635,7 +637,7 @@ intercept_verify_token(int fd, struct intercept_closure *closure)
 	if (nread + closure->off == sizeof(closure->token))
 	    break;
 	/* partial read, update offset and try again */
-	closure->off += nread;
+	closure->off += (uint32_t)nread;
 	errno = EAGAIN;
 	debug_return_int(-1);
     }
@@ -734,7 +736,7 @@ intercept_read(int fd, struct intercept_closure *closure)
 	sudo_warn("recv");
 	goto done;
     default:
-	closure->off += nread;
+	closure->off += (uint32_t)nread;
 	break;
     }
     sudo_debug_printf(SUDO_DEBUG_INFO, "%s: received %zd bytes from client",
@@ -820,7 +822,7 @@ fmt_intercept_response(InterceptResponse *resp,
     bool ret = false;
     debug_decl(fmt_intercept_response, SUDO_DEBUG_EXEC);
 
-    closure->len = intercept_response__get_packed_size(resp);
+    closure->len = (uint32_t)intercept_response__get_packed_size(resp);
     if (closure->len > MESSAGE_SIZE_MAX) {
 	sudo_warnx(U_("server message too large: %zu"), (size_t)closure->len);
 	goto done;
@@ -968,7 +970,7 @@ intercept_write(int fd, struct intercept_closure *closure)
 	sudo_warn("send");
 	goto done;
     }
-    closure->off += nwritten;
+    closure->off += (uint32_t)nwritten;
 
     if (closure->off != closure->len) {
 	/* Partial write. */

src/exec_monitor.c

@@ -145,7 +145,7 @@ send_status(int fd, struct command_status *cstat)
 	}
 	cstat->type = CMD_INVALID; /* prevent re-sending */
     }
-    debug_return_int(n);
+    debug_return_ssize_t(n);
 }
 
 /*

src/exec_nopty.c

@@ -64,8 +64,8 @@ handle_sigwinch(struct exec_closure *ec, int fd)
             log_winchange(ec, wsize.ws_row, wsize.ws_col);
 
             /* Update rows/cols. */
-            ec->rows = wsize.ws_row;
-            ec->cols = wsize.ws_col;
+            ec->rows = (short)wsize.ws_row;
+            ec->cols = (short)wsize.ws_col;
         }
     }
 }
@@ -218,8 +218,8 @@ fill_exec_closure(struct exec_closure *ec, struct command_status *cstat,
     ec->ppgrp = getpgrp();
     ec->cstat = cstat;
     ec->details = details;
-    ec->rows = user_details->ts_rows;
-    ec->cols = user_details->ts_cols;
+    ec->rows = (short)user_details->ts_rows;
+    ec->cols = (short)user_details->ts_cols;
 
     /* Setup event base and events. */
     ec->evbase = evbase;
@@ -373,11 +373,11 @@ read_callback(int fd, int what, void *v)
 	default:
 	    sudo_debug_printf(SUDO_DEBUG_INFO,
 		"read %zd bytes from fd %d", n, fd);
-	    if (!iob->action(iob->buf + iob->len, n, iob)) {
+	    if (!iob->action(iob->buf + iob->len, (unsigned int)n, iob)) {
 		terminate_command(iob->ec->cmnd_pid, false);
 		iob->ec->cmnd_pid = -1;
 	    }
-	    iob->len += n;
+	    iob->len += (unsigned int)n;
 	    /* Disable reader if buffer is full. */
 	    if (iob->len == sizeof(iob->buf))
 		sudo_ev_del(evbase, iob->revent);
@@ -410,7 +410,7 @@ write_callback(int fd, int what, void *v)
 	case EBADF:
 	    /* other end of pipe closed */
 	    sudo_debug_printf(SUDO_DEBUG_INFO,
-		"unable to write %d bytes to fd %d",
+		"unable to write %u bytes to fd %d",
 		iob->len - iob->off, fd);
 	    /* Close reader if there is one. */
 	    if (iob->revent != NULL) {
@@ -436,7 +436,7 @@ write_callback(int fd, int what, void *v)
     } else {
 	sudo_debug_printf(SUDO_DEBUG_INFO,
 	    "wrote %zd bytes to fd %d", n, fd);
-	iob->off += n;
+	iob->off += (unsigned int)n;
 	/* Disable writer and reset the buffer if fully consumed. */
 	if (iob->off == iob->len) {
 	    iob->off = iob->len = 0;

src/exec_preload.c

@@ -77,7 +77,8 @@ fmtstr(sudo_alloc_fn_t alloc_fn, sudo_free_fn_t free_fn, const char *ofmt, ...)
 		continue;
 	    case 'd': {
 		char numbuf[(((sizeof(int) * 8) + 2) / 3) + 2];
-		len = snprintf(numbuf, sizeof(numbuf), "%d", va_arg(ap, int));
+		len = (size_t)snprintf(numbuf, sizeof(numbuf), "%d",
+		    va_arg(ap, int));
 		if (len >= sizeof(numbuf)) {
 		    goto oflow;
 		}
@@ -117,7 +118,7 @@ fmtstr(sudo_alloc_fn_t alloc_fn, sudo_free_fn_t free_fn, const char *ofmt, ...)
 		if (size < 2) {
 		    goto oflow;
 		}
-		*cur++ = va_arg(ap, int);
+		*cur++ = (char )va_arg(ap, int);
 		size--;
 		fmt += 2;
 		continue;
@@ -132,7 +133,7 @@ fmtstr(sudo_alloc_fn_t alloc_fn, sudo_free_fn_t free_fn, const char *ofmt, ...)
 		fmt += 2;
 		continue;
 	    case 'd':
-		len = snprintf(cur, size, "%d", va_arg(ap, int));
+		len = (size_t)snprintf(cur, size, "%d", va_arg(ap, int));
 		if (len >= size) {
 		    goto oflow;
 		}
@@ -267,7 +268,7 @@ sudo_preload_dso_alloc(char *const envp[], const char *dso_file,
 	    if (intercept_ptr != NULL)
 		continue;
 
-	    fd = sudo_strtonum(cp, 0, INT_MAX, &errstr);
+	    fd = (int)sudo_strtonum(cp, 0, INT_MAX, &errstr);
 	    if (fd == intercept_fd && errstr == NULL)
 		fd_present = true;