diff options
author | deraadt@openbsd.org <deraadt@openbsd.org> | 2019-06-28 15:35:04 +0200 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2019-07-05 03:10:39 +0200 |
commit | 4d28fa78abce2890e136281950633fae2066cc29 (patch) | |
tree | 33226ec64ced661bb7e40005e30744b68fa59a80 /uidswap.c | |
parent | upstream: asprintf returns -1, not an arbitrary value < 0. Also (diff) | |
download | openssh-4d28fa78abce2890e136281950633fae2066cc29.tar.xz openssh-4d28fa78abce2890e136281950633fae2066cc29.zip |
upstream: When system calls indicate an error they return -1, not
some arbitrary value < 0. errno is only updated in this case. Change all
(most?) callers of syscalls to follow this better, and let's see if this
strictness helps us in the future.
OpenBSD-Commit-ID: 48081f00db7518e3b712a49dca06efc2a5428075
Diffstat (limited to 'uidswap.c')
-rw-r--r-- | uidswap.c | 32 |
1 files changed, 16 insertions, 16 deletions
@@ -1,4 +1,4 @@ -/* $OpenBSD: uidswap.c,v 1.41 2018/07/18 11:34:04 dtucker Exp $ */ +/* $OpenBSD: uidswap.c,v 1.42 2019/06/28 13:35:04 deraadt Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -84,12 +84,12 @@ temporarily_use_uid(struct passwd *pw) temporarily_use_uid_effective = 1; saved_egroupslen = getgroups(0, NULL); - if (saved_egroupslen < 0) + if (saved_egroupslen == -1) fatal("getgroups: %.100s", strerror(errno)); if (saved_egroupslen > 0) { saved_egroups = xreallocarray(saved_egroups, saved_egroupslen, sizeof(gid_t)); - if (getgroups(saved_egroupslen, saved_egroups) < 0) + if (getgroups(saved_egroupslen, saved_egroups) == -1) fatal("getgroups: %.100s", strerror(errno)); } else { /* saved_egroupslen == 0 */ free(saved_egroups); @@ -98,17 +98,17 @@ temporarily_use_uid(struct passwd *pw) /* set and save the user's groups */ if (user_groupslen == -1 || user_groups_uid != pw->pw_uid) { - if (initgroups(pw->pw_name, pw->pw_gid) < 0) + if (initgroups(pw->pw_name, pw->pw_gid) == -1) fatal("initgroups: %s: %.100s", pw->pw_name, strerror(errno)); user_groupslen = getgroups(0, NULL); - if (user_groupslen < 0) + if (user_groupslen == -1) fatal("getgroups: %.100s", strerror(errno)); if (user_groupslen > 0) { user_groups = xreallocarray(user_groups, user_groupslen, sizeof(gid_t)); - if (getgroups(user_groupslen, user_groups) < 0) + if (getgroups(user_groupslen, user_groups) == -1) fatal("getgroups: %.100s", strerror(errno)); } else { /* user_groupslen == 0 */ free(user_groups); @@ -117,17 +117,17 @@ temporarily_use_uid(struct passwd *pw) user_groups_uid = pw->pw_uid; } /* Set the effective uid to the given (unprivileged) uid. */ - if (setgroups(user_groupslen, user_groups) < 0) + if (setgroups(user_groupslen, user_groups) == -1) fatal("setgroups: %.100s", strerror(errno)); #ifndef SAVED_IDS_WORK_WITH_SETEUID /* Propagate the privileged gid to all of our gids. */ - if (setgid(getegid()) < 0) + if (setgid(getegid()) == -1) debug("setgid %u: %.100s", (u_int) getegid(), strerror(errno)); /* Propagate the privileged uid to all of our uids. */ - if (setuid(geteuid()) < 0) + if (setuid(geteuid()) == -1) debug("setuid %u: %.100s", (u_int) geteuid(), strerror(errno)); #endif /* SAVED_IDS_WORK_WITH_SETEUID */ - if (setegid(pw->pw_gid) < 0) + if (setegid(pw->pw_gid) == -1) fatal("setegid %u: %.100s", (u_int)pw->pw_gid, strerror(errno)); if (seteuid(pw->pw_uid) == -1) @@ -152,9 +152,9 @@ restore_uid(void) #ifdef SAVED_IDS_WORK_WITH_SETEUID debug("restore_uid: %u/%u", (u_int)saved_euid, (u_int)saved_egid); /* Set the effective uid back to the saved privileged uid. */ - if (seteuid(saved_euid) < 0) + if (seteuid(saved_euid) == -1) fatal("seteuid %u: %.100s", (u_int)saved_euid, strerror(errno)); - if (setegid(saved_egid) < 0) + if (setegid(saved_egid) == -1) fatal("setegid %u: %.100s", (u_int)saved_egid, strerror(errno)); #else /* SAVED_IDS_WORK_WITH_SETEUID */ /* @@ -166,7 +166,7 @@ restore_uid(void) setgid(getgid()); #endif /* SAVED_IDS_WORK_WITH_SETEUID */ - if (setgroups(saved_egroupslen, saved_egroups) < 0) + if (setgroups(saved_egroupslen, saved_egroups) == -1) fatal("setgroups: %.100s", strerror(errno)); temporarily_use_uid_effective = 0; } @@ -190,7 +190,7 @@ permanently_set_uid(struct passwd *pw) debug("permanently_set_uid: %u/%u", (u_int)pw->pw_uid, (u_int)pw->pw_gid); - if (setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) < 0) + if (setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) == -1) fatal("setresgid %u: %.100s", (u_int)pw->pw_gid, strerror(errno)); #ifdef __APPLE__ @@ -198,12 +198,12 @@ permanently_set_uid(struct passwd *pw) * OS X requires initgroups after setgid to opt back into * memberd support for >16 supplemental groups. */ - if (initgroups(pw->pw_name, pw->pw_gid) < 0) + if (initgroups(pw->pw_name, pw->pw_gid) == -1) fatal("initgroups %.100s %u: %.100s", pw->pw_name, (u_int)pw->pw_gid, strerror(errno)); #endif - if (setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid) < 0) + if (setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid) == -1) fatal("setresuid %u: %.100s", (u_int)pw->pw_uid, strerror(errno)); #ifndef NO_UID_RESTORATION_TEST |