From: <n-...@us...> - 2010-04-13 09:46:48
|
Revision: 4648 http://gfarm.svn.sourceforge.net/gfarm/?rev=4648&view=rev Author: n-soda Date: 2010-04-13 09:46:42 +0000 (Tue, 13 Apr 2010) Log Message: ----------- fix remaining "Unchecked Return Value" issues, pointed out by Fortify, via Teppei Baba-san Modified Paths: -------------- gfarm_v2/trunk/include/gfarm/gflog.h gfarm_v2/trunk/lib/libgfarm/gfarm/auth_common.c gfarm_v2/trunk/lib/libgfarm/gfarm/auth_server.c gfarm_v2/trunk/server/gfmd/gfmd.c gfarm_v2/trunk/server/gfsd/gfsd.c Modified: gfarm_v2/trunk/include/gfarm/gflog.h =================================================================== --- gfarm_v2/trunk/include/gfarm/gflog.h 2010-04-13 09:45:35 UTC (rev 4647) +++ gfarm_v2/trunk/include/gfarm/gflog.h 2010-04-13 09:46:42 UTC (rev 4648) @@ -73,6 +73,15 @@ #define gflog_warning_errno(msg_no, ...) \ gflog_message_errno(msg_no, LOG_WARNING,\ __FILE__, __LINE__, __func__, __VA_ARGS__) +#define gflog_notice_errno(msg_no, ...) \ + gflog_message_errno(msg_no, LOG_NOTICE,\ + __FILE__, __LINE__, __func__, __VA_ARGS__) +#define gflog_info_errno(msg_no, ...) \ + gflog_message_errno(msg_no, LOG_INFO,\ + __FILE__, __LINE__, __func__, __VA_ARGS__) +#define gflog_debug_errno(msg_no, ...) \ + gflog_message_errno(msg_no, LOG_DEBUG,\ + __FILE__, __LINE__, __func__, __VA_ARGS__) void gflog_initialize(void); void gflog_terminate(void); Modified: gfarm_v2/trunk/lib/libgfarm/gfarm/auth_common.c =================================================================== --- gfarm_v2/trunk/lib/libgfarm/gfarm/auth_common.c 2010-04-13 09:45:35 UTC (rev 4647) +++ gfarm_v2/trunk/lib/libgfarm/gfarm/auth_common.c 2010-04-13 09:46:42 UTC (rev 4648) @@ -155,6 +155,7 @@ uid_t o_uid; gid_t o_gid; + int is_root = 0; static pthread_mutex_t privilege_mutex = PTHREAD_MUTEX_INITIALIZER; static const char privilege_diag[] = "privilege_mutex"; static const char diag[] = "gfarm_auth_shared_key_get"; @@ -177,10 +178,18 @@ gfarm_mutex_lock(&privilege_mutex, diag, privilege_diag); o_gid = getegid(); o_uid = geteuid(); - seteuid(0); /* recover root privilege */ - initgroups(pwd->pw_name, pwd->pw_gid); - setegid(pwd->pw_gid); - seteuid(pwd->pw_uid); + if (seteuid(0) == 0) /* recover root privilege */ + is_root = 1; + if (initgroups(pwd->pw_name, pwd->pw_gid) == -1 && is_root) + gflog_error_errno(GFARM_MSG_UNFIXED, + "inigroups(%s, %d)", + pwd->pw_name, (int)pwd->pw_gid); + if (setegid(pwd->pw_gid) == -1 && is_root) + gflog_error_errno(GFARM_MSG_UNFIXED, + "setegid(%d)", (int)pwd->pw_gid); + if (seteuid(pwd->pw_uid) == -1 && is_root) + gflog_error_errno(GFARM_MSG_UNFIXED, + "seteuid(%d)", (int)pwd->pw_uid); } if ((fp = fopen(keyfilename, "r+")) != NULL) { @@ -244,16 +253,28 @@ write_hex(fp, shared_key, GFARM_AUTH_SHARED_KEY_LEN); fputc('\n', fp); } - fclose(fp); + if (fclose(fp) != 0) { + e = gfarm_errno_to_error(errno); + } else { + e = GFARM_ERR_NO_ERROR; + *expirep = expire; + } free(keyfilename); - *expirep = expire; - e = GFARM_ERR_NO_ERROR; finish: if (pwd != NULL) { - seteuid(0); /* recover root privilege */ - setgroups(1, &o_gid); /* abandon group privileges */ - setegid(o_gid); - seteuid(o_uid); /* suppress root privilege, if possible */ + if (seteuid(0) == -1 && is_root) /* recover root privilege */ + gflog_error_errno(GFARM_MSG_UNFIXED, "seteuid(0)"); + /* abandon group privileges */ + if (setgroups(1, &o_gid) == -1 && is_root) + gflog_error_errno(GFARM_MSG_UNFIXED, + "setgroups(%d)", (int)o_gid); + if (setegid(o_gid) == -1 && is_root) + gflog_error_errno(GFARM_MSG_UNFIXED, + "setegid(%d)", (int)o_gid); + /* suppress root privilege, if possible */ + if (seteuid(o_uid) == -1 && is_root) + gflog_error_errno(GFARM_MSG_UNFIXED, + "seteuid(%d)", (int)o_uid); gfarm_mutex_unlock(&privilege_mutex, diag, privilege_diag); } if (e != GFARM_ERR_NO_ERROR) { Modified: gfarm_v2/trunk/lib/libgfarm/gfarm/auth_server.c =================================================================== --- gfarm_v2/trunk/lib/libgfarm/gfarm/auth_server.c 2010-04-13 09:45:35 UTC (rev 4647) +++ gfarm_v2/trunk/lib/libgfarm/gfarm/auth_server.c 2010-04-13 09:46:42 UTC (rev 4648) @@ -288,6 +288,7 @@ int eof; enum gfarm_auth_id_type peer_type; struct passwd pwbuf, *pwd; + int is_root = 0; e = gfp_xdr_recv(conn, 0, &eof, "s", &global_username); if (e != GFARM_ERR_NO_ERROR) { @@ -395,14 +396,25 @@ * we should create new session before calling * setlogin(). */ - seteuid(0); /* make sure to have root privilege */ - setsid(); + if (seteuid(0) == 0) /* make sure to have root privilege */ + is_root = 1; + if (setsid() == -1) + gflog_debug_errno(GFARM_MSG_UNFIXED, "setsid()"); #ifdef HAVE_SETLOGIN - setlogin(pwd->pw_name); + if (setlogin(pwd->pw_name) == -1 && is_root) + gflog_warning_errno(GFARM_MSG_UNFIXED, + "setlogin(%s)", pwd->pw_name); #endif - initgroups(pwd->pw_name, pwd->pw_gid); - setgid(pwd->pw_gid); - setuid(pwd->pw_uid); + if (initgroups(pwd->pw_name, pwd->pw_gid) == -1 && is_root) + gflog_error_errno(GFARM_MSG_UNFIXED, + "initgroups(%s, %d)", + pwd->pw_name, (int)pwd->pw_gid); + if (setgid(pwd->pw_gid) == -1 && is_root) + gflog_error_errno(GFARM_MSG_UNFIXED, + "setgid(%d)", (int)pwd->pw_gid); + if (setuid(pwd->pw_uid) == -1 && is_root) + gflog_error_errno(GFARM_MSG_UNFIXED, + "setuid(%d)", (int)pwd->pw_uid); gfarm_set_global_username(global_username); gfarm_set_local_username(local_username); Modified: gfarm_v2/trunk/server/gfmd/gfmd.c =================================================================== --- gfarm_v2/trunk/server/gfmd/gfmd.c 2010-04-13 09:45:35 UTC (rev 4647) +++ gfarm_v2/trunk/server/gfmd/gfmd.c 2010-04-13 09:46:42 UTC (rev 4648) @@ -928,24 +928,33 @@ if (pid_fp == NULL) gflog_fatal_errno(GFARM_MSG_1000196, "open: %s", pid_file); - fprintf(pid_fp, "%ld\n", (long)getpid()); - fclose(pid_fp); + if (fprintf(pid_fp, "%ld\n", (long)getpid()) == -1) + gflog_error_errno(GFARM_MSG_UNFIXED, + "writing PID to %s", pid_file); + if (fclose(pid_fp) != 0) + gflog_error_errno(GFARM_MSG_UNFIXED, "fclose(%s)", pid_file); } void sigs_set(sigset_t *sigs) { - sigemptyset(sigs); + if (sigemptyset(sigs) == -1) + gflog_fatal_errno(GFARM_MSG_UNFIXED, "sigemptyset()"); sigaddset(sigs, SIGHUP); #ifdef __NetBSD__ /* NetBSD 4 delivers SIGINT to gfmd even under gdb */ if (!debug_mode) #endif - sigaddset(sigs, SIGINT); - sigaddset(sigs, SIGTERM); + if (sigaddset(sigs, SIGINT) == -1) + gflog_fatal_errno(GFARM_MSG_UNFIXED, + "sigaddset(SIGINT)"); + if (sigaddset(sigs, SIGTERM) == -1) + gflog_fatal_errno(GFARM_MSG_UNFIXED, "sigaddset(SIGTERM)"); #ifdef SIGINFO - sigaddset(sigs, SIGINFO); + if (sigaddset(sigs, SIGINFO) == -1) + gflog_fatal_errno(GFARM_MSG_UNFIXED, "sigaddset(SIGINFO)"); #endif - sigaddset(sigs, SIGUSR2); + if (sigaddset(sigs, SIGUSR2) == -1) + gflog_fatal_errno(GFARM_MSG_UNFIXED, "sigaddset(SIGUSR2)"); } void * Modified: gfarm_v2/trunk/server/gfsd/gfsd.c =================================================================== --- gfarm_v2/trunk/server/gfsd/gfsd.c 2010-04-13 09:45:35 UTC (rev 4647) +++ gfarm_v2/trunk/server/gfsd/gfsd.c 2010-04-13 09:46:42 UTC (rev 4648) @@ -153,10 +153,16 @@ cleanup(int sighandler) { if (getpid() == master_gfsd_pid) { - unlink(local_sockname.sun_path); - rmdir(local_sockdir); + if (unlink(local_sockname.sun_path) == -1 && !sighandler) + gflog_warning_errno(GFARM_MSG_UNFIXED, + "unlink(%s)", local_sockname.sun_path); + if (rmdir(local_sockdir) == -1 && !sighandler) + gflog_warning_errno(GFARM_MSG_UNFIXED, + "rmdir(%s)", local_sockdir); /* send terminate signal to a back channel process */ - kill(back_channel_gfsd_pid, SIGTERM); + if (kill(back_channel_gfsd_pid, SIGTERM) == -1 && !sighandler) + gflog_warning_errno(GFARM_MSG_UNFIXED, + "kill(%d)", back_channel_gfsd_pid); } if (credential_exported != NULL) @@ -250,8 +256,12 @@ int i; for (i = 0; i < accepting.local_socks_count; i++) { - unlink(accepting.local_socks[i].name); - rmdir(accepting.local_socks[i].dir); + if (unlink(accepting.local_socks[i].name) == -1) + gflog_warning(GFARM_MSG_UNFIXED, + "unlink(%s)", accepting.local_socks[i].name); + if (rmdir(accepting.local_socks[i].dir) == -1) + gflog_warning(GFARM_MSG_UNFIXED, + "rmdir(%s)", accepting.local_socks[i].dir); } } @@ -3276,7 +3286,9 @@ for (i = 3; i < stderr_pipe[1]; i++) close(i); /* re-install default signal handler (see main) */ - signal(SIGPIPE, SIG_DFL); + if (signal(SIGPIPE, SIG_DFL) == SIG_ERR) + gflog_error_errno(GFARM_MSG_UNFIXED, + "signal(SIGPIPE, SIG_DFL)"); /* * create a process group * to make it possible to send a signal later @@ -4031,14 +4043,18 @@ sock = socket(PF_UNIX, SOCK_STREAM, 0); if (sock < 0) { save_errno = errno; - rmdir(sock_dir); + if (rmdir(sock_dir) == -1) + gflog_error_errno(GFARM_MSG_UNFIXED, + "rmdir(%s)", sock_dir); accepting_fatal(GFARM_MSG_1000578, "creating UNIX domain socket: %s", strerror(save_errno)); } if (bind(sock, (struct sockaddr *)&self_addr, self_addr_size) == -1) { save_errno = errno; - rmdir(sock_dir); + if (rmdir(sock_dir) == -1) + gflog_error_errno(GFARM_MSG_UNFIXED, + "rmdir(%s)", sock_dir); accepting_fatal(GFARM_MSG_1000579, "%s: cannot bind UNIX domain socket: %s", sock_name, strerror(save_errno)); @@ -4047,12 +4063,18 @@ gflog_warning_errno(GFARM_MSG_1002202, "chown(%s, %d)", sock_name, gfsd_uid); /* ensure access from all user, Linux at least since 2.4 needs this. */ - chmod(sock_name, LOCAL_SOCKET_MODE); + if (chmod(sock_name, LOCAL_SOCKET_MODE) == -1) + gflog_debug_errno(GFARM_MSG_UNFIXED, "chmod(%s, 0%o)", + sock_name, (int)LOCAL_SOCKET_MODE); if (listen(sock, LISTEN_BACKLOG) == -1) { save_errno = errno; - unlink(sock_name); - rmdir(sock_dir); + if (unlink(sock_name) == -1) + gflog_error_errno(GFARM_MSG_UNFIXED, + "unlink(%s)", sock_name); + if (rmdir(sock_dir) == -1) + gflog_error_errno(GFARM_MSG_UNFIXED, + "rmdir(%s)", sock_dir); accepting_fatal(GFARM_MSG_1000580, "listen UNIX domain socket: %s", strerror(save_errno)); } @@ -4159,6 +4181,7 @@ fd_set requests; struct stat sb; int spool_check_level = 0; + int is_root = geteuid() == 0; if (argc >= 1) program_name = basename(argv[0]); @@ -4245,7 +4268,9 @@ } gfsd_uid = gfsd_pw->pw_uid; - seteuid(gfsd_uid); + if (seteuid(gfsd_uid) == -1 && is_root) + gflog_error_errno(GFARM_MSG_UNFIXED, + "seteuid(%d)", (int)gfsd_uid); e = gfarm_set_local_user_for_this_local_account(); if (e != GFARM_ERR_NO_ERROR) { @@ -4273,9 +4298,12 @@ * We do this before calling gfarm_daemon() * to print the error message to stderr. */ - seteuid(0); + if (seteuid(0) == -1 && is_root) + gflog_error_errno(GFARM_MSG_UNFIXED, "seteuid(0)"); pid_fp = fopen(pid_file, "w"); - seteuid(gfsd_uid); + if (seteuid(gfsd_uid) == -1 && is_root) + gflog_error_errno(GFARM_MSG_UNFIXED, + "seteuid(%d)", (int)gfsd_uid); if (pid_fp == NULL) accepting_fatal_errno(GFARM_MSG_1000590, "failed to open file: %s", pid_file); @@ -4290,15 +4318,23 @@ /* We do this after calling gfarm_daemon(), because it changes pid. */ master_gfsd_pid = getpid(); sa.sa_handler = cleanup_handler; - sigemptyset(&sa.sa_mask); + if (sigemptyset(&sa.sa_mask) == -1) + gflog_fatal_errno(GFARM_MSG_UNFIXED, "sigemptyset()"); sa.sa_flags = 0; - sigaction(SIGHUP, &sa, NULL); /* XXX - need to restart gfsd */ - sigaction(SIGINT, &sa, NULL); - sigaction(SIGTERM, &sa, NULL); + if (sigaction(SIGHUP, &sa, NULL) == -1) /* XXX - need to restart gfsd */ + gflog_fatal_errno(GFARM_MSG_UNFIXED, "sigaction(SIGHUP)"); + if (sigaction(SIGINT, &sa, NULL) == -1) + gflog_fatal_errno(GFARM_MSG_UNFIXED, "sigaction(SIGINT)"); + if (sigaction(SIGTERM, &sa, NULL) == -1) + gflog_fatal_errno(GFARM_MSG_UNFIXED, "sigaction(SIGTERM)"); if (pid_file != NULL) { - fprintf(pid_fp, "%ld\n", (long)master_gfsd_pid); - fclose(pid_fp); + if (fprintf(pid_fp, "%ld\n", (long)master_gfsd_pid) == -1) + gflog_error_errno(GFARM_MSG_UNFIXED, + "writing PID to %s", pid_file); + if (fclose(pid_fp) != 0) + gflog_error_errno(GFARM_MSG_UNFIXED, + "fclose(%s)", pid_file); } gfarm_set_auth_id_type(GFARM_AUTH_ID_TYPE_SPOOL_HOST); @@ -4331,7 +4367,8 @@ canonical_self_name, gfarm_error_string(e)); } - seteuid(0); + if (seteuid(0) == -1 && is_root) + gflog_error_errno(GFARM_MSG_UNFIXED, "seteuid(0)"); if (listen_addrname == NULL) listen_addrname = gfarm_spool_server_listen_address; @@ -4392,8 +4429,14 @@ accepting_fatal(GFARM_MSG_1000597, "too big socket file descriptor: %d", max_fd); - seteuid(gfsd_uid); + if (seteuid(gfsd_uid) == -1) { + int save_errno = errno; + if (geteuid() == 0) + gflog_error(GFARM_MSG_UNFIXED, + "seteuid(%d): %s", gfsd_uid, strerror(save_errno)); + } + /* XXX - kluge for gfrcmd (to mkdir HOME....) for now */ /* XXX - kluge for GFS_PROTO_STATFS for now */ if (chdir(gfarm_spool_root) == -1) @@ -4407,7 +4450,9 @@ /* * We don't want SIGPIPE, but want EPIPE on write(2)/close(2). */ - signal(SIGPIPE, SIG_IGN); + if (signal(SIGPIPE, SIG_IGN) == SIG_ERR) + gflog_fatal_errno(GFARM_MSG_UNFIXED, + "signal(SIGPIPE, SIG_IGN)"); /* start back channel server */ start_back_channel_server(); @@ -4424,9 +4469,11 @@ * we do not rely on the feature. */ sa.sa_handler = sigchld_handler; - sigemptyset(&sa.sa_mask); + if (sigemptyset(&sa.sa_mask) == -1) + gflog_fatal_errno(GFARM_MSG_UNFIXED, "sigemptyset"); sa.sa_flags = SA_NOCLDSTOP; - sigaction(SIGCHLD, &sa, NULL); + if (sigaction(SIGCHLD, &sa, NULL) == -1) + gflog_fatal_errno(GFARM_MSG_UNFIXED, "sigaction(SIGCHLD)"); /* * To deal with race condition which may be caused by RST, This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |