From 32f4b98f6b4aea4951a2d7b56a55ba4a9e035b22 Mon Sep 17 00:00:00 2001 From: "Todd C. Miller" Date: Fri, 7 Jul 2023 15:07:04 -0600 Subject: [PATCH] sudo frontend: silence most -Wconversion warnings. --- plugins/sample/sample_plugin.c | 4 +- src/conversation.c | 2 +- src/copy_file.c | 10 +- src/env_hooks.c | 2 +- src/exec.c | 2 +- src/exec_common.c | 4 +- src/exec_intercept.c | 28 +++--- src/exec_monitor.c | 2 +- src/exec_nopty.c | 16 ++-- src/exec_preload.c | 9 +- src/exec_ptrace.c | 169 +++++++++++++++++---------------- src/exec_pty.c | 16 ++-- src/net_ifs.c | 4 +- src/parse_args.c | 6 +- src/preserve_fds.c | 2 +- src/sudo.c | 29 +++--- src/sudo.h | 2 +- src/sudo_edit.c | 8 +- src/sudo_exec.h | 4 +- src/sudo_intercept.c | 10 +- src/sudo_intercept_common.c | 12 +-- src/tgetpass.c | 2 +- src/ttyname.c | 13 +-- 23 files changed, 185 insertions(+), 171 deletions(-) diff --git a/plugins/sample/sample_plugin.c b/plugins/sample/sample_plugin.c index a494c11052..a324d5ef5e 100644 --- a/plugins/sample/sample_plugin.c +++ b/plugins/sample/sample_plugin.c @@ -65,7 +65,7 @@ static sudo_conv_t sudo_conv; static sudo_printf_t sudo_log; static FILE *input, *output; static uid_t runas_uid = ROOT_UID; -static gid_t runas_gid = -1; +static gid_t runas_gid = (gid_t)-1; static int use_sudoedit = false; /* @@ -286,7 +286,7 @@ find_editor(int nfiles, char * const files[], char **argv_out[]) } if (editor_path != editor) free(editor); - nargv = malloc((nargc + 1 + nfiles + 1) * sizeof(char *)); + nargv = reallocarray(NULL, (size_t)(nargc + 1 + nfiles + 1), sizeof(char *)); if (nargv == NULL) { sudo_log(SUDO_CONV_ERROR_MSG, "unable to allocate memory\n"); free(editor_path); diff --git a/src/conversation.c b/src/conversation.c index eac50becc6..073a96d26c 100644 --- a/src/conversation.c +++ b/src/conversation.c @@ -199,7 +199,7 @@ sudo_conversation_printf(int msg_type, const char *fmt, ...) len = vfprintf(ttyfp ? ttyfp : fp, fmt, ap); va_end(ap); if (len >= 0 && crnl != NULL) { - len += fwrite(crnl, 1, 2, ttyfp ? ttyfp : fp); + len += (int)fwrite(crnl, 1, 2, ttyfp ? ttyfp : fp); } break; default: diff --git a/src/copy_file.c b/src/copy_file.c index 6713338281..8f08ffdcba 100644 --- a/src/copy_file.c +++ b/src/copy_file.c @@ -54,10 +54,10 @@ sudo_extend_file(int fd, const char *name, off_t new_size) __func__, name, (long long)old_size, (long long)new_size); for (size = old_size; size < new_size; size += nwritten) { - size_t len = new_size - size; - if (len > sizeof(zeroes)) - len = sizeof(zeroes); - nwritten = write(fd, zeroes, len); + off_t len = new_size - size; + if (len > ssizeof(zeroes)) + len = ssizeof(zeroes); + nwritten = write(fd, zeroes, (size_t)len); if (nwritten == -1) { int serrno = errno; if (ftruncate(fd, old_size) == -1) { @@ -110,7 +110,7 @@ sudo_copy_file(const char *src, int src_fd, off_t src_len, const char *dst, while ((nread = read(src_fd, buf, sizeof(buf))) > 0) { ssize_t off = 0; do { - nwritten = write(dst_fd, buf + off, nread - off); + nwritten = write(dst_fd, buf + off, (size_t)(nread - off)); if (nwritten == -1) goto write_error; off += nwritten; diff --git a/src/env_hooks.c b/src/env_hooks.c index eaacaa7d9d..1a789047a7 100644 --- a/src/env_hooks.c +++ b/src/env_hooks.c @@ -96,7 +96,7 @@ rpl_putenv(PUTENV_CONST char *string) } /* Look for existing entry. */ - len = (equal - string) + 1; + len = (size_t)(equal - string) + 1; for (ep = environ; *ep != NULL; ep++) { if (strncmp(string, *ep, len) == 0) { *ep = (char *)string; diff --git a/src/exec.c b/src/exec.c index d30252a3e1..1098fd8c13 100644 --- a/src/exec.c +++ b/src/exec.c @@ -133,7 +133,7 @@ exec_setup(struct command_details *details, int intercept_fd, int errfd) #endif #ifdef HAVE_LOGIN_CAP_H if (details->login_class) { - int flags; + unsigned int flags; login_cap_t *lc; /* diff --git a/src/exec_common.c b/src/exec_common.c index c5d704fe8a..869078f74c 100644 --- a/src/exec_common.c +++ b/src/exec_common.c @@ -123,11 +123,11 @@ sudo_execve(int fd, const char *path, char *const argv[], char *envp[], for (argc = 0; argv[argc] != NULL; argc++) continue; - nargv = reallocarray(NULL, argc + 2, sizeof(char *)); + nargv = reallocarray(NULL, (size_t)argc + 2, sizeof(char *)); if (nargv != NULL) { nargv[0] = "sh"; nargv[1] = path; - memcpy(nargv + 2, argv + 1, argc * sizeof(char *)); + memcpy(nargv + 2, argv + 1, (size_t)argc * sizeof(char *)); execve(_PATH_SUDO_BSHELL, (char **)nargv, envp); free(nargv); } diff --git a/src/exec_intercept.c b/src/exec_intercept.c index 3c7791ad2e..d84c9d6052 100644 --- a/src/exec_intercept.c +++ b/src/exec_intercept.c @@ -1,7 +1,7 @@ /* * SPDX-License-Identifier: ISC * - * Copyright (c) 2021-2022 Todd C. Miller + * Copyright (c) 2021-2023 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -37,6 +37,7 @@ #include #include #include +#include #include "sudo.h" #include "sudo_exec.h" @@ -374,7 +375,8 @@ intercept_check_policy(const char *command, int argc, char **argv, int envc, char **command_info_copy = NULL; char **user_env_out = NULL; char **run_argv = NULL; - int i, rc, saved_dir = -1; + int rc, saved_dir = -1; + size_t i; bool ret = true; struct stat sb; debug_decl(intercept_check_policy, SUDO_DEBUG_EXEC); @@ -470,11 +472,11 @@ intercept_check_policy(const char *command, int argc, char **argv, int envc, "run_command: %s", closure->command); for (i = 0; command_info[i] != NULL; i++) { sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO, - "command_info[%d]: %s", i, command_info[i]); + "command_info[%zu]: %s", i, command_info[i]); } for (i = 0; run_argv[i] != NULL; i++) { sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO, - "run_argv[%d]: %s", i, run_argv[i]); + "run_argv[%zu]: %s", i, run_argv[i]); } } @@ -492,10 +494,10 @@ intercept_check_policy(const char *command, int argc, char **argv, int envc, closure->run_argv[i] = NULL; /* Make a copy of envp, which may not be NULL-terminated. */ - closure->run_envp = reallocarray(NULL, envc + 1, sizeof(char *)); + closure->run_envp = reallocarray(NULL, (size_t)envc + 1, sizeof(char *)); if (closure->run_envp == NULL) goto oom; - for (i = 0; i < envc; i++) { + for (i = 0; i < (size_t)envc; i++) { closure->run_envp[i] = strdup(envp[i]); if (closure->run_envp[i] == NULL) goto oom; @@ -562,7 +564,7 @@ intercept_check_policy_req(PolicyCheckRequest *req, size_t n; debug_decl(intercept_check_policy_req, SUDO_DEBUG_EXEC); - if (req->command == NULL) { + if (req->command == NULL || req->n_argv > INT_MAX || req->n_envp > INT_MAX) { closure->errstr = N_("invalid PolicyCheckRequest"); goto done; } @@ -595,8 +597,8 @@ intercept_check_policy_req(PolicyCheckRequest *req, } argv[n] = NULL; - ret = intercept_check_policy(req->command, req->n_argv, argv, req->n_envp, - req->envp, req->cwd, &oldcwd, closure); + ret = intercept_check_policy(req->command, (int)req->n_argv, argv, + (int)req->n_envp, req->envp, req->cwd, &oldcwd, closure); done: if (oldcwd != -1) { @@ -635,7 +637,7 @@ intercept_verify_token(int fd, struct intercept_closure *closure) if (nread + closure->off == sizeof(closure->token)) break; /* partial read, update offset and try again */ - closure->off += nread; + closure->off += (uint32_t)nread; errno = EAGAIN; debug_return_int(-1); } @@ -734,7 +736,7 @@ intercept_read(int fd, struct intercept_closure *closure) sudo_warn("recv"); goto done; default: - closure->off += nread; + closure->off += (uint32_t)nread; break; } sudo_debug_printf(SUDO_DEBUG_INFO, "%s: received %zd bytes from client", @@ -820,7 +822,7 @@ fmt_intercept_response(InterceptResponse *resp, bool ret = false; debug_decl(fmt_intercept_response, SUDO_DEBUG_EXEC); - closure->len = intercept_response__get_packed_size(resp); + closure->len = (uint32_t)intercept_response__get_packed_size(resp); if (closure->len > MESSAGE_SIZE_MAX) { sudo_warnx(U_("server message too large: %zu"), (size_t)closure->len); goto done; @@ -968,7 +970,7 @@ intercept_write(int fd, struct intercept_closure *closure) sudo_warn("send"); goto done; } - closure->off += nwritten; + closure->off += (uint32_t)nwritten; if (closure->off != closure->len) { /* Partial write. */ diff --git a/src/exec_monitor.c b/src/exec_monitor.c index 79abdff113..2acb82cb41 100644 --- a/src/exec_monitor.c +++ b/src/exec_monitor.c @@ -145,7 +145,7 @@ send_status(int fd, struct command_status *cstat) } cstat->type = CMD_INVALID; /* prevent re-sending */ } - debug_return_int(n); + debug_return_ssize_t(n); } /* diff --git a/src/exec_nopty.c b/src/exec_nopty.c index 4eb82ba8b1..8ad7dad4cf 100644 --- a/src/exec_nopty.c +++ b/src/exec_nopty.c @@ -64,8 +64,8 @@ handle_sigwinch(struct exec_closure *ec, int fd) log_winchange(ec, wsize.ws_row, wsize.ws_col); /* Update rows/cols. */ - ec->rows = wsize.ws_row; - ec->cols = wsize.ws_col; + ec->rows = (short)wsize.ws_row; + ec->cols = (short)wsize.ws_col; } } } @@ -218,8 +218,8 @@ fill_exec_closure(struct exec_closure *ec, struct command_status *cstat, ec->ppgrp = getpgrp(); ec->cstat = cstat; ec->details = details; - ec->rows = user_details->ts_rows; - ec->cols = user_details->ts_cols; + ec->rows = (short)user_details->ts_rows; + ec->cols = (short)user_details->ts_cols; /* Setup event base and events. */ ec->evbase = evbase; @@ -373,11 +373,11 @@ read_callback(int fd, int what, void *v) default: sudo_debug_printf(SUDO_DEBUG_INFO, "read %zd bytes from fd %d", n, fd); - if (!iob->action(iob->buf + iob->len, n, iob)) { + if (!iob->action(iob->buf + iob->len, (unsigned int)n, iob)) { terminate_command(iob->ec->cmnd_pid, false); iob->ec->cmnd_pid = -1; } - iob->len += n; + iob->len += (unsigned int)n; /* Disable reader if buffer is full. */ if (iob->len == sizeof(iob->buf)) sudo_ev_del(evbase, iob->revent); @@ -410,7 +410,7 @@ write_callback(int fd, int what, void *v) case EBADF: /* other end of pipe closed */ sudo_debug_printf(SUDO_DEBUG_INFO, - "unable to write %d bytes to fd %d", + "unable to write %u bytes to fd %d", iob->len - iob->off, fd); /* Close reader if there is one. */ if (iob->revent != NULL) { @@ -436,7 +436,7 @@ write_callback(int fd, int what, void *v) } else { sudo_debug_printf(SUDO_DEBUG_INFO, "wrote %zd bytes to fd %d", n, fd); - iob->off += n; + iob->off += (unsigned int)n; /* Disable writer and reset the buffer if fully consumed. */ if (iob->off == iob->len) { iob->off = iob->len = 0; diff --git a/src/exec_preload.c b/src/exec_preload.c index f82de7ebe9..f9cabcb304 100644 --- a/src/exec_preload.c +++ b/src/exec_preload.c @@ -77,7 +77,8 @@ fmtstr(sudo_alloc_fn_t alloc_fn, sudo_free_fn_t free_fn, const char *ofmt, ...) continue; case 'd': { char numbuf[(((sizeof(int) * 8) + 2) / 3) + 2]; - len = snprintf(numbuf, sizeof(numbuf), "%d", va_arg(ap, int)); + len = (size_t)snprintf(numbuf, sizeof(numbuf), "%d", + va_arg(ap, int)); if (len >= sizeof(numbuf)) { goto oflow; } @@ -117,7 +118,7 @@ fmtstr(sudo_alloc_fn_t alloc_fn, sudo_free_fn_t free_fn, const char *ofmt, ...) if (size < 2) { goto oflow; } - *cur++ = va_arg(ap, int); + *cur++ = (char )va_arg(ap, int); size--; fmt += 2; continue; @@ -132,7 +133,7 @@ fmtstr(sudo_alloc_fn_t alloc_fn, sudo_free_fn_t free_fn, const char *ofmt, ...) fmt += 2; continue; case 'd': - len = snprintf(cur, size, "%d", va_arg(ap, int)); + len = (size_t)snprintf(cur, size, "%d", va_arg(ap, int)); if (len >= size) { goto oflow; } @@ -267,7 +268,7 @@ sudo_preload_dso_alloc(char *const envp[], const char *dso_file, if (intercept_ptr != NULL) continue; - fd = sudo_strtonum(cp, 0, INT_MAX, &errstr); + fd = (int)sudo_strtonum(cp, 0, INT_MAX, &errstr); if (fd == intercept_fd && errstr == NULL) fd_present = true; diff --git a/src/exec_ptrace.c b/src/exec_ptrace.c index 201c5f8a97..e645515d4b 100644 --- a/src/exec_ptrace.c +++ b/src/exec_ptrace.c @@ -351,7 +351,7 @@ ptrace_setregs(int pid, struct sudo_ptrace_regs *regs) * Read the string at addr and store in buf using process_vm_readv(2). * Returns the number of bytes stored, including the NUL. */ -static size_t +static ssize_t ptrace_readv_string(pid_t pid, unsigned long addr, char *buf, size_t bufsize) { const char *cp, *buf0 = buf; @@ -395,11 +395,11 @@ ptrace_readv_string(pid_t pid, unsigned long addr, char *buf, size_t bufsize) debug_return_ssize_t(-1); default: /* Check for NUL terminator in page. */ - cp = memchr(buf, '\0', nread); + cp = memchr(buf, '\0', (size_t)nread); if (cp != NULL) - debug_return_size_t((cp - buf0) + 1); /* includes NUL */ + debug_return_ssize_t((cp - buf0) + 1); /* includes NUL */ buf += nread; - bufsize -= nread; + bufsize -= (size_t)nread; addr += sizeof(unsigned long); break; } @@ -412,7 +412,7 @@ ptrace_readv_string(pid_t pid, unsigned long addr, char *buf, size_t bufsize) * Read the string at addr and store in buf using ptrace(2). * Returns the number of bytes stored, including the NUL. */ -static size_t +static ssize_t ptrace_read_string(pid_t pid, unsigned long addr, char *buf, size_t bufsize) { const char *cp, *buf0 = buf; @@ -421,9 +421,9 @@ ptrace_read_string(pid_t pid, unsigned long addr, char *buf, size_t bufsize) debug_decl(ptrace_read_string, SUDO_DEBUG_EXEC); #ifdef HAVE_PROCESS_VM_READV - i = ptrace_readv_string(pid, addr, buf, bufsize); - if (i != (size_t)-1 || errno != ENOSYS) - debug_return_size_t(i); + ssize_t nread = ptrace_readv_string(pid, addr, buf, bufsize); + if (nread != -1 || errno != ENOSYS) + debug_return_ssize_t(nread); #endif /* HAVE_PROCESS_VM_READV */ /* @@ -450,7 +450,7 @@ ptrace_read_string(pid_t pid, unsigned long addr, char *buf, size_t bufsize) } *buf = cp[i]; if (*buf++ == '\0') - debug_return_size_t(buf - buf0); + debug_return_ssize_t(buf - buf0); bufsize--; } addr += sizeof(unsigned long); @@ -493,7 +493,7 @@ growbuf(char **bufp, size_t *bufsizep, char **curp, size_t *remp) * However, NULL is still stored as NULL. * Returns (size_t)-1 on failure. */ -static size_t +static ssize_t strtab_to_vec(char *strtab, size_t strtab_len, int *countp, char ***vecp, char **bufp, size_t *bufsizep, size_t remainder) { @@ -509,7 +509,7 @@ strtab_to_vec(char *strtab, size_t strtab_len, int *countp, char ***vecp, strend = strtab + strtab_len; } vec = (char **)LONGALIGN(strend); - remainder -= (char *)vec - strend; + remainder -= (size_t)((char *)vec - strend); /* Fill in vector with the strings we read. */ for (vp = vec; strtab < strend; ) { @@ -523,7 +523,7 @@ strtab_to_vec(char *strtab, size_t strtab_len, int *countp, char ***vecp, /* Store offset into buf (not a pointer) in case of realloc(). */ *vp++ = (char *)(strtab - *bufp); remainder -= sizeof(char *); - strtab = memchr(strtab, '\0', strend - strtab); + strtab = memchr(strtab, '\0', (size_t)(strend - strtab)); if (strtab == NULL) break; strtab++; @@ -534,7 +534,7 @@ strtab_to_vec(char *strtab, size_t strtab_len, int *countp, char ***vecp, *countp = count; *vecp = (char **)((char *)vec - *bufp); - debug_return_size_t((char *)vp - strend); + debug_return_ssize_t((char *)vp - strend); } /* @@ -546,17 +546,17 @@ strtab_to_vec(char *strtab, size_t strtab_len, int *countp, char ***vecp, * offsets into pointers based on the buffer before using. * Returns the number of bytes in buf consumed (including NULs). */ -static size_t +static ssize_t ptrace_read_vec(pid_t pid, struct sudo_ptrace_regs *regs, unsigned long addr, int *countp, char ***vecp, char **bufp, size_t *bufsizep, size_t off) { # ifdef SECCOMP_AUDIT_ARCH_COMPAT - unsigned long next_word = -1; + unsigned long next_word = (unsigned long)-1; # endif - size_t remainder = *bufsizep - off; + size_t strtab_len, remainder = *bufsizep - off; char *strtab = *bufp + off; unsigned long word; - size_t len, strtab_len; + ssize_t len; debug_decl(ptrace_read_vec, SUDO_DEBUG_EXEC); /* Treat a NULL vector as empty, thanks Linux. */ @@ -571,7 +571,7 @@ ptrace_read_vec(pid_t pid, struct sudo_ptrace_regs *regs, unsigned long addr, *vecp = (char **)((char *)vp - *bufp); *countp = 0; *vp++ = NULL; - debug_return_size_t((char *)vp - strtab); + debug_return_ssize_t((char *)vp - strtab); } /* Fill in string table. */ @@ -608,7 +608,7 @@ ptrace_read_vec(pid_t pid, struct sudo_ptrace_regs *regs, unsigned long addr, default: for (;;) { len = ptrace_read_string(pid, word, strtab, remainder); - if (len != (size_t)-1) + if (len != -1) break; if (errno != ENOSPC) debug_return_ssize_t(-1); @@ -616,21 +616,21 @@ ptrace_read_vec(pid_t pid, struct sudo_ptrace_regs *regs, unsigned long addr, debug_return_ssize_t(-1); } strtab += len; - remainder -= len; + remainder -= (size_t)len; addr += regs->wordsize; continue; } } while (word != 0); /* Store strings in a vector after the string table. */ - strtab_len = strtab - (*bufp + off); + strtab_len = (size_t)(strtab - (*bufp + off)); strtab = *bufp + off; len = strtab_to_vec(strtab, strtab_len, countp, vecp, bufp, bufsizep, remainder); - if (len == (size_t)-1) + if (len == -1) debug_return_ssize_t(-1); - debug_return_size_t(strtab_len + len); + debug_return_ssize_t((ssize_t)strtab_len + len); } #ifdef HAVE_PROCESS_VM_READV @@ -639,7 +639,7 @@ ptrace_read_vec(pid_t pid, struct sudo_ptrace_regs *regs, unsigned long addr, * process_vm_writev(2). * Returns the number of bytes written, including trailing NUL. */ -static size_t +static ssize_t ptrace_writev_string(pid_t pid, unsigned long addr, const char *str0) { const char *str = str0; @@ -678,10 +678,10 @@ ptrace_writev_string(pid_t pid, unsigned long addr, const char *str0) debug_return_ssize_t(-1); default: str += nwritten; - len -= nwritten; - addr += nwritten; + len -= (size_t)nwritten; + addr += (size_t)nwritten; if (len == 0) - debug_return_size_t(str - str0); /* includes NUL */ + debug_return_ssize_t(str - str0); /* includes NUL */ break; } } @@ -693,7 +693,7 @@ ptrace_writev_string(pid_t pid, unsigned long addr, const char *str0) * Write the NUL-terminated string str to addr in the tracee using ptrace(2). * Returns the number of bytes written, including trailing NUL. */ -static size_t +static ssize_t ptrace_write_string(pid_t pid, unsigned long addr, const char *str) { const char *str0 = str; @@ -705,9 +705,9 @@ ptrace_write_string(pid_t pid, unsigned long addr, const char *str) debug_decl(ptrace_write_string, SUDO_DEBUG_EXEC); #ifdef HAVE_PROCESS_VM_READV - i = ptrace_writev_string(pid, addr, str); - if (i != (size_t)-1 || errno != ENOSYS) - debug_return_size_t(i); + ssize_t nwritten = ptrace_writev_string(pid, addr, str); + if (nwritten != -1 || errno != ENOSYS) + debug_return_ssize_t(nwritten); #endif /* HAVE_PROCESS_VM_READV */ /* @@ -731,7 +731,7 @@ ptrace_write_string(pid_t pid, unsigned long addr, const char *str) } if ((u.word & 0xff) == 0) { /* If the last byte we wrote is a NUL we are done. */ - debug_return_size_t(str - str0 + 1); + debug_return_ssize_t(str - str0 + 1); } addr += sizeof(unsigned long); } @@ -744,7 +744,7 @@ ptrace_write_string(pid_t pid, unsigned long addr, const char *str) * Returns the number of bytes used in strtab (including NULs). * process_vm_writev() version. */ -static size_t +static ssize_t ptrace_writev_vec(pid_t pid, struct sudo_ptrace_regs *regs, char **vec, unsigned long addr, unsigned long strtab) { @@ -817,7 +817,7 @@ ptrace_writev_vec(pid_t pid, struct sudo_ptrace_regs *regs, char **vec, goto done; /* Copy the strings to the (remote) string table. */ - expected = strtab - strtab0; + expected = (ssize_t)(strtab - strtab0); for (;;) { nwritten = process_vm_writev(pid, local + off, len - off, remote + off, len - off, 0); @@ -844,7 +844,7 @@ ptrace_writev_vec(pid_t pid, struct sudo_ptrace_regs *regs, char **vec, /* Adjust offset for partial write (doesn't cross iov boundary). */ while (off < len) { - nwritten -= local[off].iov_len; + nwritten -= (ssize_t)local[off].iov_len; off++; if (nwritten <= 0) break; @@ -863,7 +863,7 @@ ptrace_writev_vec(pid_t pid, struct sudo_ptrace_regs *regs, char **vec, free(remote); free(addrbuf); if (total_written == expected) - debug_return_size_t(total_written); + debug_return_ssize_t(total_written); debug_return_ssize_t(-1); } #endif /* HAVE_PROCESS_VM_READV */ @@ -873,18 +873,18 @@ ptrace_writev_vec(pid_t pid, struct sudo_ptrace_regs *regs, char **vec, * sufficient space. Strings are written to strtab. * Returns the number of bytes used in strtab (including NULs). */ -static size_t +static ssize_t ptrace_write_vec(pid_t pid, struct sudo_ptrace_regs *regs, char **vec, unsigned long addr, unsigned long strtab) { const unsigned long strtab0 = strtab; - size_t i, len; + size_t i; debug_decl(ptrace_write_vec, SUDO_DEBUG_EXEC); #ifdef HAVE_PROCESS_VM_READV - i = ptrace_writev_vec(pid, regs, vec, addr, strtab); - if (i != (size_t)-1 || errno != ENOSYS) - debug_return_size_t(i); + ssize_t nwritten = ptrace_writev_vec(pid, regs, vec, addr, strtab); + if (nwritten != -1 || errno != ENOSYS) + debug_return_ssize_t(nwritten); #endif /* HAVE_PROCESS_VM_READV */ /* Copy string vector into tracee one word at a time. */ @@ -892,10 +892,10 @@ ptrace_write_vec(pid_t pid, struct sudo_ptrace_regs *regs, char **vec, unsigned long word = strtab; /* First write the actual string to tracee's string table. */ - len = ptrace_write_string(pid, strtab, vec[i]); - if (len == (size_t)-1) - debug_return_int(-1); - strtab += len; + nwritten = ptrace_write_string(pid, strtab, vec[i]); + if (nwritten == -1) + debug_return_ssize_t(-1); + strtab += (size_t)nwritten; # ifdef SECCOMP_AUDIT_ARCH_COMPAT if (regs->compat) { @@ -922,7 +922,7 @@ ptrace_write_vec(pid_t pid, struct sudo_ptrace_regs *regs, char **vec, if (ptrace(PTRACE_POKEDATA, pid, addr, word) == -1) { sudo_warn("%s: ptrace(PTRACE_POKEDATA, %d, 0x%lx, 0x%lx)", __func__, (int)pid, addr, word); - debug_return_int(-1); + debug_return_ssize_t(-1); } addr += sizeof(unsigned long); } @@ -932,11 +932,11 @@ ptrace_write_vec(pid_t pid, struct sudo_ptrace_regs *regs, char **vec, if (ptrace(PTRACE_POKEDATA, pid, addr, NULL) == -1) { sudo_warn("%s: ptrace(PTRACE_POKEDATA, %d, 0x%lx, NULL)", __func__, (int)pid, addr); - debug_return_int(-1); + debug_return_ssize_t(-1); } } - debug_return_size_t(strtab - strtab0); + debug_return_ssize_t((ssize_t)(strtab - strtab0)); } /* @@ -947,14 +947,14 @@ ptrace_write_vec(pid_t pid, struct sudo_ptrace_regs *regs, char **vec, static bool proc_read_link(pid_t pid, const char *name, char *buf, size_t bufsize) { - size_t len; + ssize_t len; char path[PATH_MAX]; debug_decl(proc_read_link, SUDO_DEBUG_EXEC); len = snprintf(path, sizeof(path), "/proc/%d/%s", (int)pid, name); - if (len < sizeof(path)) { + if (len > 0 && len < ssizeof(path)) { len = readlink(path, buf, bufsize - 1); - if (len != (size_t)-1) { + if (len != -1) { /* readlink(2) does not add the NUL for us. */ buf[len] = '\0'; debug_return_bool(true); @@ -973,8 +973,9 @@ get_execve_info(pid_t pid, struct sudo_ptrace_regs *regs, char **pathname_out, { char *argbuf, **argv, **envp, *pathname = NULL; unsigned long argv_addr, envp_addr, path_addr; - size_t bufsize, len, off = 0; + size_t bufsize, off = 0; int i, argc, envc = 0; + ssize_t nread; debug_decl(get_execve_info, SUDO_DEBUG_EXEC); bufsize = PATH_MAX + arg_max; @@ -994,27 +995,27 @@ get_execve_info(pid_t pid, struct sudo_ptrace_regs *regs, char **pathname_out, /* Read the pathname, if not NULL. */ if (path_addr != 0) { - len = ptrace_read_string(pid, path_addr, argbuf, bufsize); - if (len == (size_t)-1) { + nread = ptrace_read_string(pid, path_addr, argbuf, bufsize); + if (nread == -1) { sudo_debug_printf( SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO, "unable to read execve pathname for process %d", (int)pid); goto bad; } /* Defer setting pathname until after all reallocations are done. */ - off = len; + off = (size_t)nread; } /* Read argv */ - len = ptrace_read_vec(pid, regs, argv_addr, &argc, &argv, &argbuf, + nread = ptrace_read_vec(pid, regs, argv_addr, &argc, &argv, &argbuf, &bufsize, off); - if (len == (size_t)-1) { + if (nread == -1) { sudo_debug_printf( SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO, "unable to read execve argv for process %d", (int)pid); goto bad; } - off += len; + off += (size_t)nread; if (argc == 0) { /* Reserve an extra slot so we can store argv[0]. */ @@ -1026,9 +1027,9 @@ get_execve_info(pid_t pid, struct sudo_ptrace_regs *regs, char **pathname_out, } /* Read envp */ - len = ptrace_read_vec(pid, regs, envp_addr, &envc, &envp, &argbuf, + nread = ptrace_read_vec(pid, regs, envp_addr, &envc, &envp, &argbuf, &bufsize, off); - if (len == (size_t)-1) { + if (nread == -1) { sudo_debug_printf( SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO, "unable to read execve envp for process %d", (int)pid); @@ -1228,11 +1229,11 @@ exec_ptrace_seize(pid_t child) debug_decl(exec_ptrace_seize, SUDO_DEBUG_EXEC); #ifdef HAVE_PROCESS_VM_READV - page_size = sysconf(_SC_PAGESIZE); + page_size = (size_t)sysconf(_SC_PAGESIZE); if (page_size == (size_t)-1) page_size = 4096; #endif - arg_max = sysconf(_SC_ARG_MAX); + arg_max = (size_t)sysconf(_SC_ARG_MAX); if (arg_max == (size_t)-1) arg_max = 128 * 1024; @@ -1420,19 +1421,18 @@ script_matches(const char *script, const char *execpath, int argc, debug_return_int((int)(argv - orig_argv)); } -static size_t +static ssize_t proc_read_vec(pid_t pid, const char *name, int *countp, char ***vecp, char **bufp, size_t *bufsizep, size_t off) { - size_t remainder = *bufsizep - off; - size_t len, strtab_len; + size_t strtab_len, remainder = *bufsizep - off; char path[PATH_MAX], *strtab = *bufp + off; + ssize_t len, nread; int fd; - ssize_t nread; debug_decl(proc_read_vec, SUDO_DEBUG_EXEC); len = snprintf(path, sizeof(path), "/proc/%d/%s", (int)pid, name); - if (len >= sizeof(path)) + if (len >= ssizeof(path)) debug_return_ssize_t(-1); fd = open(path, O_RDONLY); @@ -1449,7 +1449,7 @@ proc_read_vec(pid_t pid, const char *name, int *countp, char ***vecp, debug_return_ssize_t(-1); } strtab += nread; - remainder -= nread; + remainder -= (size_t)nread; if (remainder < sizeof(char *)) { while (!growbuf(bufp, bufsizep, &strtab, &remainder)) { close(fd); @@ -1466,14 +1466,14 @@ proc_read_vec(pid_t pid, const char *name, int *countp, char ***vecp, } /* Store strings in a vector after the string table. */ - strtab_len = strtab - (*bufp + off); + strtab_len = (size_t)(strtab - (*bufp + off)); strtab = *bufp + off; len = strtab_to_vec(strtab, strtab_len, countp, vecp, bufp, bufsizep, remainder); - if (len == (size_t)-1) + if (len == -1) debug_return_ssize_t(-1); - debug_return_size_t(strtab_len + len); + debug_return_ssize_t((ssize_t)strtab_len + len); } /* @@ -1606,7 +1606,8 @@ ptrace_verify_post_exec(pid_t pid, struct sudo_ptrace_regs *regs, sigset_t chldmask; bool ret = false; int argc, envc, i, status; - size_t bufsize, len; + size_t bufsize; + ssize_t len; debug_decl(ptrace_verify_post_exec, SUDO_DEBUG_EXEC); /* Block SIGCHLD for the critical section (waitpid). */ @@ -1653,15 +1654,16 @@ ptrace_verify_post_exec(pid_t pid, struct sudo_ptrace_regs *regs, } len = proc_read_vec(pid, "cmdline", &argc, &argv, &argbuf, &bufsize, 0); - if (len == (size_t)-1) { + if (len == -1) { sudo_debug_printf( SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO, "unable to read execve argv for process %d", (int)pid); goto done; } - len = proc_read_vec(pid, "environ", &envc, &envp, &argbuf, &bufsize, len); - if (len == (size_t)-1) { + len = proc_read_vec(pid, "environ", &envc, &envp, &argbuf, &bufsize, + (size_t)len); + if (len == -1) { sudo_debug_printf( SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO, "unable to read execve envp for process %d", (int)pid); @@ -1861,7 +1863,8 @@ ptrace_intercept_execve(pid_t pid, struct intercept_closure *closure) */ unsigned long sp = get_stack_pointer(®s) - 128; unsigned long strtab; - size_t len, space = 0; + size_t space = 0; + ssize_t nwritten; sudo_debug_execve(SUDO_DEBUG_DIAG, closure->command, closure->run_argv, envp); @@ -1881,7 +1884,7 @@ ptrace_intercept_execve(pid_t pid, struct intercept_closure *closure) */ if (argv_mismatch) { /* argv pointers */ - space += (argc + 1 + regs.compat) * regs.wordsize; + space += (size_t)(argc + 1 + regs.compat) * regs.wordsize; /* argv strings */ for (argc = 0; closure->run_argv[argc] != NULL; argc++) { @@ -1902,21 +1905,21 @@ ptrace_intercept_execve(pid_t pid, struct intercept_closure *closure) set_sc_arg2(®s, sp); /* Skip over argv pointers (plus NULL) for string table. */ - strtab += (argc + 1 + regs.compat) * regs.wordsize; + strtab += (size_t)(argc + 1 + regs.compat) * regs.wordsize; - len = ptrace_write_vec(pid, ®s, closure->run_argv, + nwritten = ptrace_write_vec(pid, ®s, closure->run_argv, sp, strtab); - if (len == (size_t)-1) + if (nwritten == -1) goto done; - strtab += len; + strtab += (unsigned long)nwritten; } if (path_mismatch) { /* Update pathname address in the tracee to our new value. */ set_sc_arg1(®s, strtab); /* Write pathname to the string table. */ - len = ptrace_write_string(pid, strtab, closure->command); - if (len == (size_t)-1) + nwritten = ptrace_write_string(pid, strtab, closure->command); + if (nwritten == -1) goto done; } diff --git a/src/exec_pty.c b/src/exec_pty.c index ebd4f9f7da..90e6a7ffbd 100644 --- a/src/exec_pty.c +++ b/src/exec_pty.c @@ -418,11 +418,11 @@ read_callback(int fd, int what, void *v) default: sudo_debug_printf(SUDO_DEBUG_INFO, "read %zd bytes from fd %d", n, fd); - if (!iob->action(iob->buf + iob->len, n, iob)) { + if (!iob->action(iob->buf + iob->len, (unsigned int)n, iob)) { terminate_command(iob->ec->cmnd_pid, true); iob->ec->cmnd_pid = -1; } - iob->len += n; + iob->len += (unsigned int)n; /* Disable reader if buffer is full. */ if (iob->len == sizeof(iob->buf)) sudo_ev_del(evbase, iob->revent); @@ -484,7 +484,7 @@ write_callback(int fd, int what, void *v) case EBADF: /* other end of pipe closed or pty revoked */ sudo_debug_printf(SUDO_DEBUG_INFO, - "unable to write %d bytes to fd %d", + "unable to write %u bytes to fd %d", iob->len - iob->off, fd); /* Close reader if there is one. */ if (iob->revent != NULL) { @@ -515,7 +515,7 @@ write_callback(int fd, int what, void *v) } else { sudo_debug_printf(SUDO_DEBUG_INFO, "wrote %zd bytes to fd %d", n, fd); - iob->off += n; + iob->off += (unsigned int)n; /* Disable writer and reset the buffer if fully consumed. */ if (iob->off == iob->len) { iob->off = iob->len = 0; @@ -946,8 +946,8 @@ fill_exec_closure(struct exec_closure *ec, struct command_status *cstat, ec->cmnd_pid = -1; ec->cstat = cstat; ec->details = details; - ec->rows = user_details->ts_rows; - ec->cols = user_details->ts_cols; + ec->rows = (short)user_details->ts_rows; + ec->cols = (short)user_details->ts_cols; /* Reset cstat for running the command. */ cstat->type = CMD_INVALID; @@ -1464,8 +1464,8 @@ sync_ttysize(struct exec_closure *ec) killpg(ec->cmnd_pid, SIGWINCH); /* Update rows/cols. */ - ec->rows = wsize.ws_row; - ec->cols = wsize.ws_col; + ec->rows = (short)wsize.ws_row; + ec->cols = (short)wsize.ws_col; } } diff --git a/src/net_ifs.c b/src/net_ifs.c index 68c21453b6..678730fbdb 100644 --- a/src/net_ifs.c +++ b/src/net_ifs.c @@ -140,7 +140,7 @@ get_net_ifs(char **addrinfo_out) } if (num_interfaces == 0) goto done; - ailen = num_interfaces * 2 * INET6_ADDRSTRLEN; + ailen = (size_t)num_interfaces * 2 * INET6_ADDRSTRLEN; if ((cp = malloc(ailen)) == NULL) { sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, "unable to allocate memory"); @@ -207,7 +207,7 @@ get_net_ifs(char **addrinfo_out) goto bad; } cp += len; - ailen -= len; + ailen -= (size_t)len; } *addrinfo_out = addrinfo; goto done; diff --git a/src/parse_args.c b/src/parse_args.c index 31607841ff..ff1118902d 100644 --- a/src/parse_args.c +++ b/src/parse_args.c @@ -642,7 +642,7 @@ parse_args(int argc, char **argv, const char *shell, int *old_optind, ac += 2; /* -c cmnd */ } - av = reallocarray(NULL, ac + 1, sizeof(char *)); + av = reallocarray(NULL, (size_t)ac + 1, sizeof(char *)); if (av == NULL) sudo_fatalx(U_("%s: %s"), __func__, U_("unable to allocate memory")); if (!gc_add(GC_PTR, av)) @@ -667,7 +667,7 @@ parse_args(int argc, char **argv, const char *shell, int *old_optind, char **av; int ac; - av = reallocarray(NULL, argc + 2, sizeof(char *)); + av = reallocarray(NULL, (size_t)argc + 2, sizeof(char *)); if (av == NULL) sudo_fatalx(U_("%s: %s"), __func__, U_("unable to allocate memory")); if (!gc_add(GC_PTR, av)) @@ -713,7 +713,7 @@ display_usage(FILE *fp) if (strcmp(getprogname(), "sudoedit") == 0) uvecs = sudoedit_usage; - indent = strlen(getprogname()) + 8; + indent = (int)strlen(getprogname()) + 8; while ((uvec = *uvecs) != NULL) { (void)fprintf(fp, "usage: %s %s\n", getprogname(), uvec[0]); for (i = 1; uvec[i] != NULL; i++) { diff --git a/src/preserve_fds.c b/src/preserve_fds.c index 3dd65db7c1..b912d3f01e 100644 --- a/src/preserve_fds.c +++ b/src/preserve_fds.c @@ -126,7 +126,7 @@ closefrom_except(int startfd, struct preserved_fd_list *pfds) } /* Create bitmap of preserved (relocated) fds. */ - fdbits = calloc((lastfd + NBBY) / NBBY, 1); + fdbits = calloc((size_t)(lastfd + NBBY) / NBBY, 1); if (fdbits == NULL) sudo_fatalx(U_("%s: %s"), __func__, U_("unable to allocate memory")); TAILQ_FOREACH(pfd, pfds, entries) { diff --git a/src/sudo.c b/src/sudo.c index e3f4837a88..0e22e084cb 100644 --- a/src/sudo.c +++ b/src/sudo.c @@ -400,7 +400,8 @@ fill_group_list(const char *user, struct sudo_cred *cred) */ cred->ngroups = sudo_conf_max_groups(); if (cred->ngroups > 0) { - cred->groups = reallocarray(NULL, cred->ngroups, sizeof(GETGROUPS_T)); + cred->groups = + reallocarray(NULL, (size_t)cred->ngroups, sizeof(GETGROUPS_T)); if (cred->groups != NULL) { /* Clamp to max_groups if insufficient space for all groups. */ if (sudo_getgrouplist2(user, cred->gid, &cred->groups, @@ -446,7 +447,8 @@ get_user_groups(const char *user, struct sudo_cred *cred) if (cred->ngroups > 0) { /* Use groups from kernel if not at limit or source is static. */ if (cred->ngroups != maxgroups || group_source == GROUP_SOURCE_STATIC) { - cred->groups = reallocarray(NULL, cred->ngroups, sizeof(GETGROUPS_T)); + cred->groups = reallocarray(NULL, (size_t)cred->ngroups, + sizeof(GETGROUPS_T)); if (cred->groups == NULL) goto done; cred->ngroups = getgroups(cred->ngroups, cred->groups); @@ -476,17 +478,19 @@ get_user_groups(const char *user, struct sudo_cred *cred) /* * Format group list as a comma-separated string of gids. */ - glsize = sizeof("groups=") - 1 + (cred->ngroups * (MAX_UID_T_LEN + 1)); + glsize = sizeof("groups=") - 1 + ((size_t)cred->ngroups * (MAX_UID_T_LEN + 1)); if ((gid_list = malloc(glsize)) == NULL) goto done; memcpy(gid_list, "groups=", sizeof("groups=") - 1); cp = gid_list + sizeof("groups=") - 1; + glsize -= (size_t)(cp - gid_list); for (i = 0; i < cred->ngroups; i++) { - len = snprintf(cp, glsize - (cp - gid_list), "%s%u", - i ? "," : "", (unsigned int)cred->groups[i]); - if (len < 0 || (size_t)len >= glsize - (cp - gid_list)) + len = snprintf(cp, glsize, "%s%u", i ? "," : "", + (unsigned int)cred->groups[i]); + if (len < 0 || (size_t)len >= glsize) sudo_fatalx(U_("internal error, %s overflow"), __func__); cp += len; + glsize -= (size_t)len; } done: debug_return_str(gid_list); @@ -704,7 +708,8 @@ command_info_to_details(char * const info[], struct command_details *details) SET_FLAG("cwd_optional=", CD_CWD_OPTIONAL) if (strncmp("closefrom=", info[i], sizeof("closefrom=") - 1) == 0) { cp = info[i] + sizeof("closefrom=") - 1; - details->closefrom = sudo_strtonum(cp, 0, INT_MAX, &errstr); + details->closefrom = + (int)sudo_strtonum(cp, 0, INT_MAX, &errstr); if (errstr != NULL) sudo_fatalx(U_("%s: %s"), info[i], U_(errstr)); break; @@ -714,7 +719,8 @@ command_info_to_details(char * const info[], struct command_details *details) SET_FLAG("exec_background=", CD_EXEC_BG) if (strncmp("execfd=", info[i], sizeof("execfd=") - 1) == 0) { cp = info[i] + sizeof("execfd=") - 1; - details->execfd = sudo_strtonum(cp, 0, INT_MAX, &errstr); + details->execfd = + (int)sudo_strtonum(cp, 0, INT_MAX, &errstr); if (errstr != NULL) sudo_fatalx(U_("%s: %s"), info[i], U_(errstr)); #ifdef HAVE_FEXECVE @@ -740,7 +746,7 @@ command_info_to_details(char * const info[], struct command_details *details) case 'n': if (strncmp("nice=", info[i], sizeof("nice=") - 1) == 0) { cp = info[i] + sizeof("nice=") - 1; - details->priority = sudo_strtonum(cp, INT_MIN, INT_MAX, + details->priority = (int)sudo_strtonum(cp, INT_MIN, INT_MAX, &errstr); if (errstr != NULL) sudo_fatalx(U_("%s: %s"), info[i], U_(errstr)); @@ -840,7 +846,7 @@ command_info_to_details(char * const info[], struct command_details *details) SET_FLAG("sudoedit_follow=", CD_SUDOEDIT_FOLLOW) if (strncmp("sudoedit_nfiles=", info[i], sizeof("sudoedit_nfiles=") - 1) == 0) { cp = info[i] + sizeof("sudoedit_nfiles=") - 1; - details->nfiles = sudo_strtonum(cp, 1, INT_MAX, + details->nfiles = (int)sudo_strtonum(cp, 1, INT_MAX, &errstr); if (errstr != NULL) sudo_fatalx(U_("%s: %s"), info[i], U_(errstr)); @@ -850,7 +856,8 @@ command_info_to_details(char * const info[], struct command_details *details) case 't': if (strncmp("timeout=", info[i], sizeof("timeout=") - 1) == 0) { cp = info[i] + sizeof("timeout=") - 1; - details->timeout = sudo_strtonum(cp, 0, INT_MAX, &errstr); + details->timeout = + (unsigned int)sudo_strtonum(cp, 0, UINT_MAX, &errstr); if (errstr != NULL) sudo_fatalx(U_("%s: %s"), info[i], U_(errstr)); SET(details->flags, CD_SET_TIMEOUT); diff --git a/src/sudo.h b/src/sudo.h index 892e522d4c..ce7bd74485 100644 --- a/src/sudo.h +++ b/src/sudo.h @@ -191,7 +191,7 @@ struct command_details { mode_t umask; int argc; int priority; - int timeout; + unsigned int timeout; int closefrom; int flags; int execfd; diff --git a/src/sudo_edit.c b/src/sudo_edit.c index 1ee86426f3..556796ab40 100644 --- a/src/sudo_edit.c +++ b/src/sudo_edit.c @@ -84,7 +84,7 @@ set_tmpdir(const struct sudo_cred *user_cred) saved_cred.ngroups = getgroups(0, NULL); // -V575 if (saved_cred.ngroups > 0) { saved_cred.groups = - reallocarray(NULL, saved_cred.ngroups, sizeof(GETGROUPS_T)); + reallocarray(NULL, (size_t)saved_cred.ngroups, sizeof(GETGROUPS_T)); if (saved_cred.groups == NULL) { sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); debug_return_bool(false); @@ -149,7 +149,7 @@ sudo_edit_mktemp(const char *ofile, char **tfile) sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); debug_return_int(-1); } - tfd = mkstemps(*tfile, suff ? strlen(suff) : 0); + tfd = mkstemps(*tfile, suff ? (int)strlen(suff) : 0); sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO, "%s -> %s, fd %d", ofile, *tfile, tfd); debug_return_int(tfd); @@ -687,7 +687,7 @@ sudo_edit(struct command_details *command_details, } /* Copy editor files to temporaries. */ - tf = calloc(nfiles, sizeof(*tf)); + tf = calloc((size_t)nfiles, sizeof(*tf)); if (tf == NULL) { sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); goto cleanup; @@ -707,7 +707,7 @@ sudo_edit(struct command_details *command_details, * to create a new argv. */ nargc = editor_argc + nfiles; - nargv = reallocarray(NULL, nargc + 1, sizeof(char *)); + nargv = reallocarray(NULL, (size_t)nargc + 1, sizeof(char *)); if (nargv == NULL) { sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); goto cleanup; diff --git a/src/sudo_exec.h b/src/sudo_exec.h index 71d97a5770..e5eac91d5d 100644 --- a/src/sudo_exec.h +++ b/src/sudo_exec.h @@ -95,8 +95,8 @@ struct io_buffer { struct sudo_event *revent; struct sudo_event *wevent; sudo_io_action_t action; - int len; /* buffer length (how much produced) */ - int off; /* write position (how much already consumed) */ + unsigned int len; /* buffer length (how much produced) */ + unsigned int off; /* write position (how much already consumed) */ char buf[64 * 1024]; }; SLIST_HEAD(io_buffer_list, io_buffer); diff --git a/src/sudo_intercept.c b/src/sudo_intercept.c index 7ffbeb6483..965f275475 100644 --- a/src/sudo_intercept.c +++ b/src/sudo_intercept.c @@ -90,7 +90,7 @@ static char ** copy_vector(char * const *src) { char **copy; - int i, len = 0; + size_t i, len = 0; debug_decl(copy_vector, SUDO_DEBUG_EXEC); if (src != NULL) { @@ -141,7 +141,7 @@ resolve_path(const char *cmnd, char *out_cmnd, size_t out_size) endp = cp + strlen(cp); while (cp < endp) { char *colon = strchr(cp, ':'); - dirlen = colon ? (colon - cp) : (endp - cp); + dirlen = colon ? (int)(colon - cp) : (int)(endp - cp); if (dirlen == 0) { /* empty PATH component is the same as "." */ len = snprintf(path, sizeof(path), "./%s", cmnd); @@ -265,12 +265,12 @@ exec_wrapper(const char *cmnd, char * const argv[], char * const envp[], for (argc = 0; argv[argc] != NULL; argc++) continue; - shargv = sudo_mmap_allocarray(argc + 2, sizeof(char *)); + shargv = sudo_mmap_allocarray((size_t)argc + 2, sizeof(char *)); if (shargv == NULL) goto bad; shargv[0] = "sh"; shargv[1] = ncmnd; - memcpy(shargv + 2, nargv + 1, argc * sizeof(char *)); + memcpy(shargv + 2, nargv + 1, (size_t)argc * sizeof(char *)); ((sudo_fn_execve_t)fn)(_PATH_SUDO_BSHELL, (char **)shargv, nenvp); sudo_mmap_free(shargv); } @@ -311,7 +311,7 @@ execl_wrapper(int type, const char *name, const char *arg, va_list ap) while (va_arg(ap2, char *) != NULL) argc++; va_end(ap2); - argv = sudo_mmap_allocarray(argc + 1, sizeof(char *)); + argv = sudo_mmap_allocarray((size_t)argc + 1, sizeof(char *)); if (argv == NULL) debug_return_int(-1); diff --git a/src/sudo_intercept_common.c b/src/sudo_intercept_common.c index 82576332d5..4355de0fff 100644 --- a/src/sudo_intercept_common.c +++ b/src/sudo_intercept_common.c @@ -85,7 +85,7 @@ send_req(int sock, const void *buf, size_t len) continue; debug_return_bool(false); } - len -= nwritten; + len -= (size_t)nwritten; cp += nwritten; } while (len > 0); @@ -115,7 +115,7 @@ send_client_hello(int sock) goto done; } /* Wire message size is used for length encoding, precedes message. */ - msg_len = len; + msg_len = len & 0xffffffff; len += sizeof(msg_len); if ((buf = sudo_mmap_alloc(len)) == NULL) { @@ -196,7 +196,7 @@ recv_intercept_response(int fd) "error reading response"); goto done; default: - rem -= nread; + rem -= (uint32_t)nread; cp += nread; break; } @@ -248,7 +248,7 @@ sudo_interposer_init(void) sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO, "%s", *p); - fd = sudo_strtonum(fdstr, 0, INT_MAX, &errstr); + fd = (int)sudo_strtonum(fdstr, 0, INT_MAX, &errstr); if (errstr != NULL) { sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, "invalid SUDO_INTERCEPT_FD: %s: %s", fdstr, errstr); @@ -280,7 +280,7 @@ sudo_interposer_init(void) if (res->type_case == INTERCEPT_RESPONSE__TYPE_HELLO_RESP) { intercept_token.u64[0] = res->u.hello_resp->token_lo; intercept_token.u64[1] = res->u.hello_resp->token_hi; - intercept_port = res->u.hello_resp->portno; + intercept_port = (in_port_t)res->u.hello_resp->portno; log_only = res->u.hello_resp->log_only; } else { sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, @@ -340,7 +340,7 @@ send_policy_check_req(int sock, const char *cmnd, char * const argv[], goto done; } /* Wire message size is used for length encoding, precedes message. */ - msg_len = len; + msg_len = len & 0xffffffff; len += sizeof(msg_len); if ((buf = sudo_mmap_alloc(len)) == NULL) { diff --git a/src/tgetpass.c b/src/tgetpass.c index 0e69969531..481256e6ff 100644 --- a/src/tgetpass.c +++ b/src/tgetpass.c @@ -222,7 +222,7 @@ tgetpass(const char *prompt, int timeout, int flags, } if (timeout > 0) - alarm(timeout); + alarm((unsigned int)timeout); pass = getln(input, buf, sizeof(buf), feedback, &errval); alarm(0); save_errno = errno; diff --git a/src/ttyname.c b/src/ttyname.c index 2a5c288fc4..ccf4952cba 100644 --- a/src/ttyname.c +++ b/src/ttyname.c @@ -133,7 +133,7 @@ get_process_ttyname(char *name, size_t namelen) if (rc != -1) { if ((dev_t)ki_proc->sudo_kp_tdev != (dev_t)-1) { errno = serrno; - ret = sudo_ttyname_dev(ki_proc->sudo_kp_tdev, name, namelen); + ret = sudo_ttyname_dev((dev_t)ki_proc->sudo_kp_tdev, name, namelen); if (ret == NULL) { sudo_debug_printf(SUDO_DEBUG_WARN|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO, "unable to map device number %lu to name", @@ -223,7 +223,7 @@ get_process_ttyname(char *name, size_t namelen) */ if ((fd = open(path, O_RDONLY | O_NOFOLLOW)) != -1) { cp = buf; - while ((nread = read(fd, cp, buf + sizeof(buf) - cp)) != 0) { + while ((nread = read(fd, cp, sizeof(buf) - (size_t)(cp - buf))) != 0) { if (nread == -1) { if (errno == EAGAIN || errno == EINTR) continue; @@ -233,7 +233,7 @@ get_process_ttyname(char *name, size_t namelen) if (cp >= buf + sizeof(buf)) break; } - if (nread == 0 && memchr(buf, '\0', cp - buf) == NULL) { + if (nread == 0 && memchr(buf, '\0', (size_t)(cp - buf)) == NULL) { /* * Field 7 is the tty dev (0 if no tty). * Since the process name at field 2 "(comm)" may include @@ -251,8 +251,8 @@ get_process_ttyname(char *name, size_t namelen) *ep = '\0'; field++; if (field == 7) { - int tty_nr = sudo_strtonum(cp, INT_MIN, INT_MAX, - &errstr); + int tty_nr = (int)sudo_strtonum(cp, INT_MIN, + INT_MAX, &errstr); if (errstr) { sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, "%s: tty device %s: %s", path, cp, errstr); @@ -272,7 +272,8 @@ get_process_ttyname(char *name, size_t namelen) break; } if (field == 3) { - ppid = sudo_strtonum(cp, INT_MIN, INT_MAX, NULL); + ppid = + (int)sudo_strtonum(cp, INT_MIN, INT_MAX, NULL); } cp = ep + 1; }