From owner-freebsd-audit Wed Aug 8 4:22:10 2001 Delivered-To: freebsd-audit@freebsd.org Received: from mailman.zeta.org.au (mailman.zeta.org.au [203.26.10.16]) by hub.freebsd.org (Postfix) with ESMTP id 6847B37B403 for ; Wed, 8 Aug 2001 04:22:05 -0700 (PDT) (envelope-from bde@zeta.org.au) Received: from bde.zeta.org.au (bde.zeta.org.au [203.2.228.102]) by mailman.zeta.org.au (8.9.3/8.8.7) with ESMTP id VAA10884; Wed, 8 Aug 2001 21:21:46 +1000 Date: Wed, 8 Aug 2001 21:19:17 +1000 (EST) From: Bruce Evans X-X-Sender: To: Mark Murray Cc: Subject: Re: [patch] su(1) WARNS=2 cleanup In-Reply-To: <20010808165645.W5697-100000@besplex.bde.org> Message-ID: <20010808204101.O6896-100000@besplex.bde.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Wed, 8 Aug 2001, I wrote: > On Tue, 7 Aug 2001, Mark Murray wrote: > > > Please review. > > Index: su.c > > =================================================================== > > RCS file: /home/ncvs/src/usr.bin/su/su.c,v > > retrieving revision 1.39 > > diff -u -d -r1.39 su.c > > --- su.c 2001/05/26 09:52:36 1.39 > > +++ su.c 2001/08/06 14:07:11 > > ... > > @@ -378,18 +381,19 @@ > > > > if (iscsh == YES) { > > if (fastlogin) > > - *np-- = "-f"; > > + (const char *)(*np--) = "-f"; > > Bugs: > - casts are not lvalues in C. > - the cast is to hide the bug that np has the wrong type, but -Wcast-qual > should warn about it anyway (it doesn't). The string (pointer) has type > "const char *", but after assigning it to *np-- it can be accessed via > *(np + 1) which has type "char *". > > > if (asme) > > - *np-- = "-m"; > > + (const char *)(*np--) = "-m"; > >... > > - execv(shell, np); > > + execv(shell, (char * const *)np); > > Style bug: bogus cast. execve(2)'s second parameter has type > "char * const *". Conversion of np's type "(char **)" is automatic in C. Removing all the casts and "fixing" the types of nargv and np gives the following patch. Now there is a fundamental fatal type mismatch between np and execv(2)'s second parameter. np needs to have type char const * * so that it can be initialized without warnings, but it needs to have type char * const * so that it can be passed to execv(). These requirements are incompatible. np must be cast to hide the apparent bug that it is incompatible with execve()'s second arg, but -Wcast-qual shows that the cast is a bug. Index: su.c =================================================================== RCS file: /home/ncvs/src/usr.bin/su/su.c,v retrieving revision 1.39 diff -u -2 -r1.39 su.c --- su.c 2001/05/26 09:52:36 1.39 +++ su.c 2001/08/08 07:35:23 @@ -121,7 +121,7 @@ int asme, ch, asthem, fastlogin, prio, i, setwhat, retcode, statusp, child_pid, child_pgrp, ret_pid; - char *p, *user, *shell, *username, *cleanenv, **nargv, **np, - *class, *mytty, shellbuf[MAXPATHLEN], + char *username, *cleanenv, *class, shellbuf[MAXPATHLEN], myhost[MAXHOSTNAMELEN + 1]; + const char *p, *user, *shell, **nargv, **np, *mytty; shell = class = cleanenv = NULL; Bruce To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message