Date: Wed, 8 Aug 2001 21:19:17 +1000 (EST) From: Bruce Evans <bde@zeta.org.au> To: Mark Murray <mark@grondar.za> Cc: <audit@FreeBSD.ORG> Subject: Re: [patch] su(1) WARNS=2 cleanup Message-ID: <20010808204101.O6896-100000@besplex.bde.org> In-Reply-To: <20010808165645.W5697-100000@besplex.bde.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 8 Aug 2001, I wrote:
> On Tue, 7 Aug 2001, Mark Murray wrote:
>
> > Please review.
> > Index: su.c
> > ===================================================================
> > RCS file: /home/ncvs/src/usr.bin/su/su.c,v
> > retrieving revision 1.39
> > diff -u -d -r1.39 su.c
> > --- su.c 2001/05/26 09:52:36 1.39
> > +++ su.c 2001/08/06 14:07:11
> > ...
> > @@ -378,18 +381,19 @@
> >
> > if (iscsh == YES) {
> > if (fastlogin)
> > - *np-- = "-f";
> > + (const char *)(*np--) = "-f";
>
> Bugs:
> - casts are not lvalues in C.
> - the cast is to hide the bug that np has the wrong type, but -Wcast-qual
> should warn about it anyway (it doesn't). The string (pointer) has type
> "const char *", but after assigning it to *np-- it can be accessed via
> *(np + 1) which has type "char *".
>
> > if (asme)
> > - *np-- = "-m";
> > + (const char *)(*np--) = "-m";
> >...
> > - execv(shell, np);
> > + execv(shell, (char * const *)np);
>
> Style bug: bogus cast. execve(2)'s second parameter has type
> "char * const *". Conversion of np's type "(char **)" is automatic in C.
Removing all the casts and "fixing" the types of nargv and np gives the
following patch. Now there is a fundamental fatal type mismatch between
np and execv(2)'s second parameter. np needs to have type
char const * <non-const> *
so that it can be initialized without warnings, but it needs to have type
char <non-const> * const *
so that it can be passed to execv(). These requirements are incompatible.
np must be cast to hide the apparent bug that it is incompatible with
execve()'s second arg, but -Wcast-qual shows that the cast is a bug.
Index: su.c
===================================================================
RCS file: /home/ncvs/src/usr.bin/su/su.c,v
retrieving revision 1.39
diff -u -2 -r1.39 su.c
--- su.c 2001/05/26 09:52:36 1.39
+++ su.c 2001/08/08 07:35:23
@@ -121,7 +121,7 @@
int asme, ch, asthem, fastlogin, prio, i, setwhat, retcode,
statusp, child_pid, child_pgrp, ret_pid;
- char *p, *user, *shell, *username, *cleanenv, **nargv, **np,
- *class, *mytty, shellbuf[MAXPATHLEN],
+ char *username, *cleanenv, *class, shellbuf[MAXPATHLEN],
myhost[MAXHOSTNAMELEN + 1];
+ const char *p, *user, *shell, **nargv, **np, *mytty;
shell = class = cleanenv = NULL;
Bruce
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-audit" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010808204101.O6896-100000>