On Fri, 2015-01-09 at 11:22 +1000, Russell Stuart wrote: > Package: atftpd > Version: 0.7.git20120829-1.1 > Severity: important > Tags: patch > > When developing the rollover patch I turned upped the number > of compile time checks. This patch fixes all the additional > (and some pre-existing) warning messages that arose.
Previous version of patch didn't apply cleanly. This one does.
# Description: Get rid of compiler warnings. One accessing an invalid pointer. # Author: Russell Stuart <russell-deb...@stuart.id.au> --- a/options.h +++ b/options.h @@ -27,7 +27,7 @@ int enabled; /* enabled for use by server or client */ }; -extern struct tftp_opt tftp_default_options[OPT_NUMBER]; +extern struct tftp_opt tftp_default_options[OPT_NUMBER + 1]; int opt_parse_request(char *data, int data_size, struct tftp_opt *options); int opt_parse_options(char *data, int data_size, struct tftp_opt *options); --- a/tftp_def.c +++ b/tftp_def.c @@ -32,7 +32,7 @@ */ // FIXME: is there a way to use TIMEOUT and SEGSIZE here? -struct tftp_opt tftp_default_options[OPT_NUMBER] = { +struct tftp_opt tftp_default_options[OPT_NUMBER + 1] = { { "filename", "", 0, 1}, /* file to transfer */ { "mode", "octet", 0, 1}, /* mode for transfer */ { "tsize", "0", 0, 1 }, /* RFC1350 options. See RFC2347, */ @@ -67,44 +67,36 @@ */ int timeval_diff(struct timeval *res, struct timeval *t1, struct timeval *t0) { + int neg = 1; res->tv_sec = t1->tv_sec - t0->tv_sec; res->tv_usec = t1->tv_usec - t0->tv_usec; - if (res->tv_sec > 0) + while (res->tv_sec < 0 || res->tv_usec < 0) { - if (res->tv_usec >= 0) - { - return 1; - } - else - { - res->tv_sec -= 1; - res->tv_usec += 1000000; - return 1; - } - } - else if (res->tv_sec < 0) - { - if (res->tv_usec > 0) - { - res->tv_sec += 1; - res->tv_usec -= 1000000; - return -1; - } - else if (res->tv_usec <= 0); - { - return -1; - } - } - else - { - if (res->tv_usec > 0) - return 1; - else if (res->tv_usec < 0) - return -1; - else - return 0; - } + if (res->tv_sec < 0 || (res->tv_sec == 0 && res->tv_usec < 0)) + { + neg = -neg; + res->tv_sec = -res->tv_sec; + res->tv_usec = -res->tv_usec; + } + if (res->tv_usec < 0) + { + long s = (res->tv_usec - 999999) / 1000000; + res->tv_sec += s; + res->tv_usec -= s * 1000000; + } + } + if (res->tv_usec >= 1000000) + { + long s = res->tv_usec / 1000000; + res->tv_sec += s; + res->tv_usec -= s * 1000000; + } + if (res->tv_sec == 0 && res->tv_usec == 0) + { + return 0; + } + return neg; } /* --- a/tftp_io.c +++ b/tftp_io.c @@ -320,7 +320,7 @@ memcpy(sa_from, &from, sizeof(from)); /* if sa as never been initialised, port is still 0 */ - if (sockaddr_get_port(&sa) == 0) + if (sockaddr_get_port(sa) == 0) memcpy(sa, &from, sizeof(from)); --- a/tftpd_list.c +++ b/tftpd_list.c @@ -149,7 +149,7 @@ opt_request_to_string(tftp_options, options, MAXLEN); index = strstr(options, "multicast"); - len = (int)index - (int)options; + len = (int)((unsigned long)index - (unsigned long)options); /* lock the whole list before walking it */ pthread_mutex_lock(&thread_list_mutex); --- a/tftp_mtftp.c +++ b/tftp_mtftp.c @@ -63,7 +63,7 @@ * If mode = 0, count missed packet from block 0. Else, start after first * received block. */ -int tftp_mtftp_missed_packet(int file_bitmap[], long last_block, int mode) +int tftp_mtftp_missed_packet(unsigned int file_bitmap[], long last_block, int mode) { int missed_block = 0; int block_number = 0; @@ -449,7 +449,7 @@ block_number, data_size - 4); fseek(fp, (block_number - 1) * (data->data_buffer_size - 4), SEEK_SET); - if (fwrite(tftphdr->th_data, 1, data_size - 4, fp) != + if ((int)fwrite(tftphdr->th_data, 1, data_size - 4, fp) != (data_size - 4)) { --- a/configure.ac +++ b/configure.ac @@ -67,14 +67,14 @@ dnl Check for AIX AC_AIX -CFLAGS="-g -Wall -D_REENTRANT" +CFLAGS="-g -Wall -Wextra -Wno-unused-parameter -D_REENTRANT" if test x$debug = xtrue; then CFLAGS="$CFLAGS -O0 -DDEBUG" else if test -n "$auto_cflags"; then if test -n "$GCC"; then - CFLAGS="$CFLAGS -g -O2 -Wall -Wno-implicit" + CFLAGS="$CFLAGS -g -O2 -Wall -Wextra -Wno-implicit -Wno-unused-parameter" else case "$host_os" in *hpux*) CFLAGS="$CFLAGS +O3" --- a/tftpd_pcre.c +++ b/tftpd_pcre.c @@ -245,7 +245,6 @@ /* if no match is found return -1 */ int tftpd_pcre_sub(tftpd_pcre_self_t *self, char *outstr, int outlen, char *str) { - int rc; int ovector[OVECCOUNT]; int matches; tftpd_pcre_pattern_t *pat; @@ -276,7 +275,7 @@ } /* we have a match - carry out substitution */ logger(LOG_DEBUG,"Pattern \"%s\" matches", pat->pattern); - rc = tftpd_pcre_makesub(pat, + tftpd_pcre_makesub(pat, outstr, outlen, str, ovector, matches); --- a/options.c +++ b/options.c @@ -304,14 +304,14 @@ for (i = 0; i < 2; i++) { - if ((index + strlen(options[i].option) + 2) < len) + if ((index + (int)strlen(options[i].option) + 2) < len) { Strncpy(string + index, options[i].option, len - index); index += strlen(options[i].option); Strncpy(string + index, ": ", len - index); index += 2; } - if ((index + strlen(options[i].value) + 2) < len) + if ((index + (int)strlen(options[i].value) + 2) < len) { Strncpy(string + index, options[i].value, len - index); index += strlen(options[i].value); @@ -333,14 +333,14 @@ { if (options[i].specified && options[i].enabled) { - if ((index + strlen(options[i].option) + 2) < len) + if ((index + (int)strlen(options[i].option) + 2) < len) { Strncpy(string + index, options[i].option, len - index); index += strlen(options[i].option); Strncpy(string + index, ": ", len - index); index += 2; } - if ((index + strlen(options[i].value) + 2) < len) + if ((index + (int)strlen(options[i].value) + 2) < len) { Strncpy(string + index, options[i].value, len - index); index += strlen(options[i].value); --- a/tftpd.c +++ b/tftpd.c @@ -326,8 +326,18 @@ } } - setgid(group->gr_gid); - setuid(user->pw_uid); + if (setgid(group->gr_gid) != OK) { + logger(LOG_ERR, + "atftpd: failed to setgid to group %d (%s).", + group->gr_gid, group_name); + exit(1); + } + if (setuid(user->pw_uid) != OK) { + logger(LOG_ERR, + "atftpd: failed to setuid to user %d (%s).", + user->pw_uid, user_name); + exit(1); + } /* Reopen log file now that we changed user, and that we've * open and dup2 the socket. */
signature.asc
Description: This is a digitally signed message part