diff options
| -rw-r--r-- | src/charon/daemon.c | 2 | ||||
| -rw-r--r-- | src/charon/plugins/sql/sql_attribute.c | 2 | ||||
| -rw-r--r-- | src/charon/plugins/updown/updown_plugin.c | 20 | ||||
| -rw-r--r-- | src/charon/sa/ike_sa.c | 4 | ||||
| -rw-r--r-- | src/dumm/dumm.c | 17 | ||||
| -rw-r--r-- | src/dumm/guest.c | 15 | ||||
| -rw-r--r-- | src/libfreeswan/freeswan.h | 1 | ||||
| -rw-r--r-- | src/libstrongswan/plugins/agent/agent_private_key.c | 38 | ||||
| -rw-r--r-- | src/libstrongswan/plugins/curl/curl_fetcher.c | 2 | ||||
| -rw-r--r-- | src/libstrongswan/utils.h | 5 | ||||
| -rw-r--r-- | src/pluto/ac.c | 2 | ||||
| -rw-r--r-- | src/pluto/ca.c | 2 | ||||
| -rw-r--r-- | src/pluto/crl.c | 2 | ||||
| -rw-r--r-- | src/pluto/defs.c | 9 | ||||
| -rw-r--r-- | src/pluto/fetch.c | 6 | ||||
| -rw-r--r-- | src/scepclient/scep.c | 2 | ||||
| -rw-r--r-- | src/starter/invokepluto.c | 4 | ||||
| -rw-r--r-- | src/starter/klips.c | 24 | ||||
| -rw-r--r-- | src/starter/netkey.c | 20 | ||||
| -rw-r--r-- | src/starter/parser.l | 1 | ||||
| -rw-r--r-- | src/starter/starter.c | 4 | ||||
| -rw-r--r-- | src/whack/whack.c | 2 |
22 files changed, 125 insertions, 59 deletions
diff --git a/src/charon/daemon.c b/src/charon/daemon.c index c5c43e86b..b9f173901 100644 --- a/src/charon/daemon.c +++ b/src/charon/daemon.c @@ -719,7 +719,7 @@ int main(int argc, char *argv[]) if (pid_file) { fprintf(pid_file, "%d\n", getpid()); - fchown(fileno(pid_file), charon->uid, charon->gid); + ignore_result(fchown(fileno(pid_file), charon->uid, charon->gid)); fclose(pid_file); } diff --git a/src/charon/plugins/sql/sql_attribute.c b/src/charon/plugins/sql/sql_attribute.c index 1e5c28966..f1e206279 100644 --- a/src/charon/plugins/sql/sql_attribute.c +++ b/src/charon/plugins/sql/sql_attribute.c @@ -17,6 +17,8 @@ #include "sql_attribute.h" +#include <time.h> + #include <daemon.h> typedef struct private_sql_attribute_t private_sql_attribute_t; diff --git a/src/charon/plugins/updown/updown_plugin.c b/src/charon/plugins/updown/updown_plugin.c index a0c39e371..f358026f7 100644 --- a/src/charon/plugins/updown/updown_plugin.c +++ b/src/charon/plugins/updown/updown_plugin.c @@ -72,7 +72,10 @@ static void updown(ike_sa_t *ike_sa, child_sa_t *child_sa, bool up) FILE *shell; /* get subnet/bits from string */ - asprintf(&my_client, "%R", my_ts); + if (asprintf(&my_client, "%R", my_ts) < 0) + { + my_client = NULL; + } pos = strchr(my_client, '/'); *pos = '\0'; my_client_mask = pos + 1; @@ -81,7 +84,10 @@ static void updown(ike_sa_t *ike_sa, child_sa_t *child_sa, bool up) { *pos = '\0'; } - asprintf(&other_client, "%R", other_ts); + if (asprintf(&other_client, "%R", other_ts) < 0) + { + other_client = NULL; + } pos = strchr(other_client, '/'); *pos = '\0'; other_client_mask = pos + 1; @@ -93,11 +99,17 @@ static void updown(ike_sa_t *ike_sa, child_sa_t *child_sa, bool up) if (vip) { - asprintf(&virtual_ip, "PLUTO_MY_SOURCEIP='%H' ", vip); + if (asprintf(&virtual_ip, "PLUTO_MY_SOURCEIP='%H' ", vip) < 0) + { + virtual_ip = NULL; + } } else { - asprintf(&virtual_ip, ""); + if (asprintf(&virtual_ip, "") < 0) + { + virtual_ip = NULL; + } } iface = charon->kernel_interface->get_interface( diff --git a/src/charon/sa/ike_sa.c b/src/charon/sa/ike_sa.c index 1c5953cd0..37691fbf7 100644 --- a/src/charon/sa/ike_sa.c +++ b/src/charon/sa/ike_sa.c @@ -2176,7 +2176,7 @@ static void remove_dns_servers(private_ike_sa_t *this) if (!found) { /* write line untouched back to file */ - fwrite(orig_line.ptr, orig_line.len, 1, file); + ignore_result(fwrite(orig_line.ptr, orig_line.len, 1, file)); fprintf(file, "\n"); } } @@ -2230,7 +2230,7 @@ static void add_dns_server(private_ike_sa_t *this, host_t *dns) { this->dns_servers->insert_last(this->dns_servers, dns->clone(dns)); } - fwrite(contents.ptr, contents.len, 1, file); + ignore_result(fwrite(contents.ptr, contents.len, 1, file)); fclose(file); } diff --git a/src/dumm/dumm.c b/src/dumm/dumm.c index eaefddb60..cf8d9719c 100644 --- a/src/dumm/dumm.c +++ b/src/dumm/dumm.c @@ -87,7 +87,7 @@ static void delete_guest(private_dumm_t *this, guest_t *guest) guest->destroy(guest); if (len > 8 && len < 512) { - system(buf); + ignore_result(system(buf)); } } } @@ -280,7 +280,10 @@ dumm_t *dumm_create(char *dir) } if (dir) { - asprintf(&this->dir, "%s/%s", cwd, dir); + if (asprintf(&this->dir, "%s/%s", cwd, dir) < 0) + { + this->dir = NULL; + } } else { @@ -288,17 +291,21 @@ dumm_t *dumm_create(char *dir) } } this->template = NULL; - asprintf(&this->guest_dir, "%s/%s", this->dir, GUEST_DIR); + if (asprintf(&this->guest_dir, "%s/%s", this->dir, GUEST_DIR) < 0) + { + this->guest_dir = NULL; + } this->guests = linked_list_create(); this->bridges = linked_list_create(); - if (mkdir(this->guest_dir, PERME) < 0 && errno != EEXIST) + if (this->dir == NULL || this->guest_dir == NULL || + (mkdir(this->guest_dir, PERME) < 0 && errno != EEXIST)) { DBG1("creating guest directory '%s' failed: %m", this->guest_dir); destroy(this); return NULL; } - + load_guests(this); return &this->public; } diff --git a/src/dumm/guest.c b/src/dumm/guest.c index aed2a3e18..014a9113f 100644 --- a/src/dumm/guest.c +++ b/src/dumm/guest.c @@ -576,11 +576,22 @@ static private_guest_t *guest_create_generic(char *parent, char *name, if (*parent == '/' || getcwd(cwd, sizeof(cwd)) == NULL) { - asprintf(&this->dirname, "%s/%s", parent, name); + if (asprintf(&this->dirname, "%s/%s", parent, name) < 0) + { + this->dirname = NULL; + } } else { - asprintf(&this->dirname, "%s/%s/%s", cwd, parent, name); + if (asprintf(&this->dirname, "%s/%s/%s", cwd, parent, name) < 0) + { + this->dirname = NULL; + } + } + if (this->dirname == NULL) + { + free(this); + return NULL; } if (create) { diff --git a/src/libfreeswan/freeswan.h b/src/libfreeswan/freeswan.h index 41b29bbb5..cf1f7b832 100644 --- a/src/libfreeswan/freeswan.h +++ b/src/libfreeswan/freeswan.h @@ -446,6 +446,7 @@ bitstomask( /* option pickup from files (userland only because of use of FILE) */ const char *optionsfrom(const char *filename, int *argcp, char ***argvp, int optind, FILE *errorreport); +#define ignore_result(call) { if (call); } #endif /* diff --git a/src/libstrongswan/plugins/agent/agent_private_key.c b/src/libstrongswan/plugins/agent/agent_private_key.c index a3b8eebf3..5e7d0839e 100644 --- a/src/libstrongswan/plugins/agent/agent_private_key.c +++ b/src/libstrongswan/plugins/agent/agent_private_key.c @@ -215,9 +215,13 @@ static bool read_key(private_agent_private_key_t *this, public_key_t *pubkey) chunk_t blob = chunk_from_buf(buf), key, type, tmp; len = htonl(1); - write(this->socket, &len, sizeof(len)); buf[0] = SSH_AGENT_ID_REQUEST; - write(this->socket, &buf, 1); + if (write(this->socket, &len, sizeof(len)) != sizeof(len) || + write(this->socket, &buf, 1) != 1) + { + DBG1("writing to ssh-agent failed"); + return FALSE; + } blob.len = read(this->socket, blob.ptr, blob.len); @@ -275,20 +279,36 @@ static bool sign(private_agent_private_key_t *this, signature_scheme_t scheme, } len = htonl(1 + sizeof(u_int32_t) * 3 + this->key.len + data.len); - write(this->socket, &len, sizeof(len)); buf[0] = SSH_AGENT_SIGN_REQUEST; - write(this->socket, &buf, 1); + if (write(this->socket, &len, sizeof(len)) != sizeof(len) || + write(this->socket, &buf, 1) != 1) + { + DBG1("writing to ssh-agent failed"); + return FALSE; + } len = htonl(this->key.len); - write(this->socket, &len, sizeof(len)); - write(this->socket, this->key.ptr, this->key.len); + if (write(this->socket, &len, sizeof(len)) != sizeof(len) || + write(this->socket, this->key.ptr, this->key.len) != this->key.len) + { + DBG1("writing to ssh-agent failed"); + return FALSE; + } len = htonl(data.len); - write(this->socket, &len, sizeof(len)); - write(this->socket, data.ptr, data.len); + if (write(this->socket, &len, sizeof(len)) != sizeof(len) || + write(this->socket, data.ptr, data.len) != data.len) + { + DBG1("writing to ssh-agent failed"); + return FALSE; + } flags = htonl(0); - write(this->socket, &flags, sizeof(flags)); + if (write(this->socket, &flags, sizeof(flags)) != sizeof(flags)) + { + DBG1("writing to ssh-agent failed"); + return FALSE; + } blob.len = read(this->socket, blob.ptr, blob.len); if (blob.len < sizeof(u_int32_t) + sizeof(u_char) || diff --git a/src/libstrongswan/plugins/curl/curl_fetcher.c b/src/libstrongswan/plugins/curl/curl_fetcher.c index fe49717fa..eac3b07a2 100644 --- a/src/libstrongswan/plugins/curl/curl_fetcher.c +++ b/src/libstrongswan/plugins/curl/curl_fetcher.c @@ -123,7 +123,7 @@ static bool set_option(private_curl_fetcher_t *this, fetcher_option_t option, .. case FETCH_REQUEST_DATA: { chunk_t data = va_arg(args, chunk_t); - curl_easy_setopt(this->curl, CURLOPT_POSTFIELDS, data.ptr); + curl_easy_setopt(this->curl, CURLOPT_POSTFIELDS, (char*)data.ptr); curl_easy_setopt(this->curl, CURLOPT_POSTFIELDSIZE, data.len); return TRUE; } diff --git a/src/libstrongswan/utils.h b/src/libstrongswan/utils.h index 4d05ce58b..af619ea4b 100644 --- a/src/libstrongswan/utils.h +++ b/src/libstrongswan/utils.h @@ -96,6 +96,11 @@ #define countof(array) (sizeof(array)/sizeof(array[0])) /** + * Ignore result of functions tagged with warn_unused_result attributes + */ +#define ignore_result(call) { if(call); } + +/** * Assign a function as a class method */ #define ASSIGN(method, function) (method = (typeof(method))function) diff --git a/src/pluto/ac.c b/src/pluto/ac.c index 2914426be..12f4f68d8 100644 --- a/src/pluto/ac.c +++ b/src/pluto/ac.c @@ -860,7 +860,7 @@ load_acerts(void) } } /* restore directory path */ - chdir(save_dir); + ignore_result(chdir(save_dir)); } /* diff --git a/src/pluto/ca.c b/src/pluto/ca.c index d2f9a47c2..701d15b44 100644 --- a/src/pluto/ca.c +++ b/src/pluto/ca.c @@ -295,7 +295,7 @@ load_authcerts(const char *type, const char *path, u_char auth_flags) } } /* restore directory path */ - chdir(save_dir); + ignore_result(chdir(save_dir)); } /* diff --git a/src/pluto/crl.c b/src/pluto/crl.c index 7970bacce..70d075263 100644 --- a/src/pluto/crl.c +++ b/src/pluto/crl.c @@ -373,7 +373,7 @@ load_crls(void) } } /* restore directory path */ - chdir(save_dir); + ignore_result(chdir(save_dir)); } /* diff --git a/src/pluto/defs.c b/src/pluto/defs.c index 5864099d3..c513506f7 100644 --- a/src/pluto/defs.c +++ b/src/pluto/defs.c @@ -249,6 +249,7 @@ write_chunk(const char *filename, const char *label, chunk_t ch { mode_t oldmask; FILE *fd; + size_t written; if (!force) { @@ -268,8 +269,14 @@ write_chunk(const char *filename, const char *label, chunk_t ch if (fd) { - fwrite(ch.ptr, sizeof(u_char), ch.len, fd); + written = fwrite(ch.ptr, sizeof(u_char), ch.len, fd); fclose(fd); + if (written != ch.len) + { + plog(" writing to %s file '%s' failed", label, filename); + umask(oldmask); + return FALSE; + } plog(" written %s file '%s' (%d bytes)", label, filename, (int)ch.len); umask(oldmask); return TRUE; diff --git a/src/pluto/fetch.c b/src/pluto/fetch.c index ac9ccc91c..284ade0d1 100644 --- a/src/pluto/fetch.c +++ b/src/pluto/fetch.c @@ -324,7 +324,7 @@ fetch_curl(char *url, chunk_t *blob) curl_easy_setopt(curl, CURLOPT_URL, url); curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, write_buffer); curl_easy_setopt(curl, CURLOPT_WRITEDATA, (void *)&response); - curl_easy_setopt(curl, CURLOPT_ERRORBUFFER, &errorbuffer); + curl_easy_setopt(curl, CURLOPT_ERRORBUFFER, errorbuffer); curl_easy_setopt(curl, CURLOPT_FAILONERROR, TRUE); curl_easy_setopt(curl, CURLOPT_CONNECTTIMEOUT, FETCH_CMD_TIMEOUT); @@ -705,9 +705,9 @@ fetch_ocsp_status(ocsp_location_t* location) curl_easy_setopt(curl, CURLOPT_URL, uri); curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, write_buffer); curl_easy_setopt(curl, CURLOPT_WRITEDATA, (void *)&response); - curl_easy_setopt(curl, CURLOPT_POSTFIELDS, request.ptr); + curl_easy_setopt(curl, CURLOPT_POSTFIELDS, (void*)request.ptr); curl_easy_setopt(curl, CURLOPT_POSTFIELDSIZE, request.len); - curl_easy_setopt(curl, CURLOPT_ERRORBUFFER, &errorbuffer); + curl_easy_setopt(curl, CURLOPT_ERRORBUFFER, errorbuffer); curl_easy_setopt(curl, CURLOPT_FAILONERROR, TRUE); curl_easy_setopt(curl, CURLOPT_CONNECTTIMEOUT, FETCH_CMD_TIMEOUT); diff --git a/src/scepclient/scep.c b/src/scepclient/scep.c index 0c1265918..1b01044df 100644 --- a/src/scepclient/scep.c +++ b/src/scepclient/scep.c @@ -522,7 +522,7 @@ scep_http_request(const char *url, chunk_t pkcs7, scep_op_t op headers = curl_slist_append(headers, "Content-Type:"); headers = curl_slist_append(headers, "Expect:"); curl_easy_setopt(curl, CURLOPT_HTTPHEADER, headers); - curl_easy_setopt(curl, CURLOPT_POSTFIELDS, pkcs7.ptr); + curl_easy_setopt(curl, CURLOPT_POSTFIELDS, (char*)pkcs7.ptr); curl_easy_setopt(curl, CURLOPT_POSTFIELDSIZE, pkcs7.len); } } diff --git a/src/starter/invokepluto.c b/src/starter/invokepluto.c index 241bad77d..99daf681b 100644 --- a/src/starter/invokepluto.c +++ b/src/starter/invokepluto.c @@ -215,7 +215,7 @@ starter_start_pluto (starter_config_t *cfg, bool no_fork) _stop_requested = 0; if (cfg->setup.prepluto) - system(cfg->setup.prepluto); + ignore_result(system(cfg->setup.prepluto)); pid = fork(); switch (pid) @@ -258,7 +258,7 @@ starter_start_pluto (starter_config_t *cfg, bool no_fork) DBG_log("pluto (%d) started", _pluto_pid) ) if (cfg->setup.postpluto) - system(cfg->setup.postpluto); + ignore_result(system(cfg->setup.postpluto)); return 0; } } diff --git a/src/starter/klips.c b/src/starter/klips.c index bed1674cc..7d8935636 100644 --- a/src/starter/klips.c +++ b/src/starter/klips.c @@ -36,7 +36,7 @@ starter_klips_init(void) /* ipsec module makes the pf_key proc interface visible */ if (stat(PROC_MODULES, &stb) == 0) { - system("modprobe -qv ipsec"); + ignore_result(system("modprobe -qv ipsec")); } /* now test again */ @@ -50,9 +50,9 @@ starter_klips_init(void) } /* load crypto algorithm modules */ - system("modprobe -qv ipsec_aes"); - system("modprobe -qv ipsec_blowfish"); - system("modprobe -qv ipsec_sha2"); + ignore_result(system("modprobe -qv ipsec_aes")); + ignore_result(system("modprobe -qv ipsec_blowfish")); + ignore_result(system("modprobe -qv ipsec_sha2")); DBG(DBG_CONTROL, DBG_log("Found KLIPS IPsec stack") @@ -64,19 +64,19 @@ starter_klips_init(void) void starter_klips_cleanup(void) { - if (system("type eroute > /dev/null 2>&1") == 0) - { - system("spi --clear"); - system("eroute --clear"); - } + if (system("type eroute > /dev/null 2>&1") == 0) + { + ignore_result(system("spi --clear")); + ignore_result(system("eroute --clear")); + } else if (system("type setkey > /dev/null 2>&1") == 0) { - system("setkey -F"); - system("setkey -FP"); + ignore_result(system("setkey -F")); + ignore_result(system("setkey -FP")); } else { - plog("WARNING: cannot flush IPsec state/policy database"); + plog("WARNING: cannot flush IPsec state/policy database"); } } diff --git a/src/starter/netkey.c b/src/starter/netkey.c index 115403b0d..7125c2147 100644 --- a/src/starter/netkey.c +++ b/src/starter/netkey.c @@ -36,7 +36,7 @@ starter_netkey_init(void) /* af_key module makes the netkey proc interface visible */ if (stat(PROC_MODULES, &stb) == 0) { - system("modprobe -qv af_key"); + ignore_result(system("modprobe -qv af_key")); } /* now test again */ @@ -52,11 +52,11 @@ starter_netkey_init(void) /* make sure that all required IPsec modules are loaded */ if (stat(PROC_MODULES, &stb) == 0) { - system("modprobe -qv ah4"); - system("modprobe -qv esp4"); - system("modprobe -qv ipcomp"); - system("modprobe -qv xfrm4_tunnel"); - system("modprobe -qv xfrm_user"); + ignore_result(system("modprobe -qv ah4")); + ignore_result(system("modprobe -qv esp4")); + ignore_result(system("modprobe -qv ipcomp")); + ignore_result(system("modprobe -qv xfrm4_tunnel")); + ignore_result(system("modprobe -qv xfrm_user")); } DBG(DBG_CONTROL, @@ -70,13 +70,13 @@ starter_netkey_cleanup(void) { if (system("ip xfrm state > /dev/null 2>&1") == 0) { - system("ip xfrm state flush"); - system("ip xfrm policy flush"); + ignore_result(system("ip xfrm state flush")); + ignore_result(system("ip xfrm policy flush")); } else if (system("type setkey > /dev/null 2>&1") == 0) { - system("setkey -F"); - system("setkey -FP"); + ignore_result(system("setkey -F")); + ignore_result(system("setkey -FP")); } else { diff --git a/src/starter/parser.l b/src/starter/parser.l index 33ea5ba60..c83a31f30 100644 --- a/src/starter/parser.l +++ b/src/starter/parser.l @@ -23,6 +23,7 @@ #define MAX_INCLUDE_DEPTH 20 +#define YY_NO_INPUT #define YY_NO_UNPUT extern void yyerror(const char *); extern int yylex (void); diff --git a/src/starter/starter.c b/src/starter/starter.c index 0166f1b66..de8567583 100644 --- a/src/starter/starter.c +++ b/src/starter/starter.c @@ -180,7 +180,7 @@ static void generate_selfcert() #endif setegid(gid); seteuid(uid); - system("ipsec scepclient --out pkcs1 --out cert-self --quiet"); + ignore_result(system("ipsec scepclient --out pkcs1 --out cert-self --quiet")); seteuid(0); setegid(0); @@ -195,7 +195,7 @@ static void generate_selfcert() fprintf(f, ": RSA myKey.der\n"); fclose(f); } - chown(SECRETS_FILE, uid, gid); + ignore_result(chown(SECRETS_FILE, uid, gid)); umask(oldmask); } } diff --git a/src/whack/whack.c b/src/whack/whack.c index d0cf00070..08ffcfb5d 100644 --- a/src/whack/whack.c +++ b/src/whack/whack.c @@ -1868,7 +1868,7 @@ main(int argc, char **argv) } le++; /* include NL in line */ - write(1, ls, le - ls); + ignore_result(write(1, ls, le - ls)); /* figure out prefix number * and how it should affect our exit status |