From d9082075bacbd5630cc20ff172983c307d525072 Mon Sep 17 00:00:00 2001 From: Mattia Biondi Date: Thu, 9 Jan 2020 19:45:38 +0100 Subject: [PATCH 1/3] check if in debian package before PostInstall --- src/CMakeLists.txt | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index b86ddff..4e58971 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -34,11 +34,13 @@ install( DESTINATION ${CMAKE_INSTALL_BINDIR} ) -install( - CODE "execute_process( - COMMAND ${CMAKE_COMMAND} - -DBINDIR=${CMAKE_INSTALL_FULL_BINDIR} - -DLIBDIR=${CMAKE_INSTALL_FULL_LIBDIR} - -P ${PROJECT_SOURCE_DIR}/PostInstall.cmake - )" -) +if(NOT DEBUILD) + install( + CODE "execute_process( + COMMAND ${CMAKE_COMMAND} + -DBINDIR=${CMAKE_INSTALL_FULL_BINDIR} + -DLIBDIR=${CMAKE_INSTALL_FULL_LIBDIR} + -P ${PROJECT_SOURCE_DIR}/PostInstall.cmake + )" + ) +endif() From 97a13ad95bfa9cfed10bf0fb7d927b873c4ee912 Mon Sep 17 00:00:00 2001 From: Mattia Biondi Date: Thu, 9 Jan 2020 19:50:58 +0100 Subject: [PATCH 2/3] ignore retvalue (credit @rd235) --- CMakeLists.txt | 2 +- src/cado.c | 5 ++++- src/compute_digest.c | 7 ++++++- src/scado.c | 19 +++++++++---------- 4 files changed, 20 insertions(+), 13 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index c7a1576..b7b6368 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -6,7 +6,7 @@ project(cado LANGUAGES C) include(GNUInstallDirs) -set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall -pedantic") +set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -D_FORTIFY_SOURCE=2 -O2 -Wall -pedantic") set(LIBS_REQUIRED cap execs mhash pam pam_misc) diff --git a/src/cado.c b/src/cado.c index c7f1a01..c42be9c 100644 --- a/src/cado.c +++ b/src/cado.c @@ -198,7 +198,10 @@ int main(int argc, char*argv[]) grantcap = reqcaps & okcaps; /* revert setgid mode */ - setuid(getuid()); + if (setuid(getuid()) < 0) { + fprintf(stderr,"%s: setuid failure\n",progname); + exit(2); + } /* ask for pam authorization (usually password) if required */ if (pam_check_required && pam_check(user_groups[0]) != PAM_SUCCESS) { diff --git a/src/compute_digest.c b/src/compute_digest.c index 7e93373..d397de2 100644 --- a/src/compute_digest.c +++ b/src/compute_digest.c @@ -43,7 +43,12 @@ static ssize_t fcompute_digest(int infd, int outfd, char *ascii_digest) { while ((n=read(infd,buf,BUFSIZE)) > 0) { mhash(td, buf, n); - if (outfd >= 0) write(outfd, buf, n); + if (outfd >= 0) { + if (write(outfd, buf, n) < 0) { + n = -1; + break; + } + } rv += n; } diff --git a/src/scado.c b/src/scado.c index 39ac9c9..79f2561 100644 --- a/src/scado.c +++ b/src/scado.c @@ -97,12 +97,12 @@ static int editor_garbage_collect(char *path) { if(!(childpid = fork())) { /* Child */ if(!fork()) { - char c = 0; /* Grandchild */ - if (close(checkpipe[1]) == 0 && setsid() > 0) - read(checkpipe[0], &c, 1); - if (c == 0) - unlink(path); + if (close(checkpipe[1]) == 0 && setsid() > 0) { + char c; + if (read(checkpipe[0], &c, 1) == 0) + unlink(path); + } exit(0); } else exit(0); @@ -115,7 +115,8 @@ static int editor_garbage_collect(char *path) { static void editor_garbage_collect_do_not_unlink(int fd) { char c = 'K'; // keep it, any other non-null char would fit. - write(fd, &c, 1); + int n = write(fd, &c, 1); + (void) n; } /* command line selectable functions */ @@ -188,7 +189,7 @@ int scado_edit(char *progname, char *username, char *program_path) { char tmp_file[PATH_MAX]; char scado_file[PATH_MAX]; char *editor; - char *args = NULL; + char *args; int status = 0; pid_t pid, xpid; char digest_before[DIGESTSTRLEN + 1]; @@ -242,9 +243,7 @@ int scado_edit(char *progname, char *username, char *program_path) { exit(ERROR_EXIT); } - asprintf(&args, "%s %s", editor, tmp_file); - - if (args == NULL) { + if (asprintf(&args, "%s %s", editor, tmp_file) < 0) { exit(ERROR_EXIT); } From 576d72c6b32d4d95ef2228b5f9603d3ea5ab90e2 Mon Sep 17 00:00:00 2001 From: Mattia Biondi Date: Thu, 9 Jan 2020 19:53:16 +0100 Subject: [PATCH 3/3] config.h patch (credit @rd235) --- CMakeLists.txt | 4 ++-- src/CMakeLists.txt | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index b7b6368..5239708 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -24,8 +24,8 @@ else (WITHEDITOR) endif (WITHEDITOR) configure_file( - "${PROJECT_SOURCE_DIR}/include/config.h.in" - "${PROJECT_SOURCE_DIR}/include/config.h" + "include/config.h.in" + "include/config.h" ) add_subdirectory(man) diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index 4e58971..bd77523 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -5,27 +5,27 @@ add_executable( read_conf.c set_ambient_cap.c compute_digest.c file_utils.c scado_parse.c cado_scado_check.c ) -target_include_directories(cado PRIVATE ${PROJECT_SOURCE_DIR}/include) +target_include_directories(cado PRIVATE ${PROJECT_SOURCE_DIR}/include ${CMAKE_BINARY_DIR}/include) target_link_libraries( cado ${pam_library} ${pam_misc_library} ${cap_library} ${mhash_library} ${execs_library}) add_executable(cadrop cadrop.c capset_from_namelist.c set_ambient_cap.c) -target_include_directories(cadrop PRIVATE ${PROJECT_SOURCE_DIR}/include) +target_include_directories(cadrop PRIVATE ${PROJECT_SOURCE_DIR}/include ${CMAKE_BINARY_DIR}/include) target_link_libraries(cadrop ${cap_library}) add_executable( scado scado.c pam_check.c file_utils.c compute_digest.c capset_from_namelist.c scado_parse.c ) -target_include_directories(scado PRIVATE ${PROJECT_SOURCE_DIR}/include) +target_include_directories(scado PRIVATE ${PROJECT_SOURCE_DIR}/include ${CMAKE_BINARY_DIR}/include) target_link_libraries( scado ${pam_library} ${pam_misc_library} ${cap_library} ${mhash_library} ${execs_library} ) add_executable(caprint caprint.c) -target_include_directories(caprint PRIVATE ${PROJECT_SOURCE_DIR}/include) +target_include_directories(caprint PRIVATE ${PROJECT_SOURCE_DIR}/include ${CMAKE_BINARY_DIR}/include) target_link_libraries(caprint ${cap_library}) install(