From 69f3b27b3f1d6e8ff37923bca3d2d3559129e843 Mon Sep 17 00:00:00 2001
From: "Dmitry V. Levin" <ldv@altlinux.org>
Date: Thu, 19 Mar 2020 18:40:16 +0000
Subject: modules/pam_timestamp: fix compilation warnings
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Fix the following compilation warnings reported by gcc on ilp32 platforms:

  modules/pam_timestamp/hmacfile.c: In function ‘testvectors’:
  modules/pam_timestamp/hmacfile.c:121:44: warning: format ‘%lu’ expects argument of type ‘long unsigned int’, but argument 2 has type ‘size_t’ {aka ‘unsigned int’} [-Wformat=]
    121 |      printf("Incorrect result for vector %lu\n", i + 1);
        |                                          ~~^     ~~~~~
        |                                            |       |
        |                                            |       size_t {aka unsigned int}
        |                                            long unsigned int
        |                                          %u
  modules/pam_timestamp/hmacfile.c:128:30: warning: format ‘%lu’ expects argument of type ‘long unsigned int’, but argument 2 has type ‘size_t’ {aka ‘unsigned int’} [-Wformat=]
    128 |    printf("Error in vector %lu.\n", i + 1);
        |                            ~~^      ~~~~~
        |                              |        |
        |                              |        size_t {aka unsigned int}
        |                              long unsigned int
        |                            %u
  In function ‘strncpy’,
    inlined from ‘pam_sm_open_session’ at modules/pam_timestamp/pam_timestamp.c:584:4:
  /usr/include/bits/string_fortified.h:106:10: warning: ‘__builtin___strncpy_chk’ output may be truncated copying between 1 and 4095 bytes from a string of length 4095 [-Wstringop-truncation]

* modules/pam_timestamp/hmacfile.c (testvectors): Cast the argument
of type size_t to unsigned long before passing it to printf.
* modules/pam_timestamp/pam_timestamp.c (pam_sm_open_session): Use
memcpy instead of strncpy as the source is not NUL-terminated, add an
extra check to ensure that iterator stays inside bounds.
---
 modules/pam_timestamp/hmacfile.c      | 6 ++++--
 modules/pam_timestamp/pam_timestamp.c | 4 ++--
 2 files changed, 6 insertions(+), 4 deletions(-)

(limited to 'modules')

diff --git a/modules/pam_timestamp/hmacfile.c b/modules/pam_timestamp/hmacfile.c
index 7c1f8bfb..69d39afa 100644
--- a/modules/pam_timestamp/hmacfile.c
+++ b/modules/pam_timestamp/hmacfile.c
@@ -118,14 +118,16 @@ testvectors(void)
 				if (strncasecmp(hex,
 						vectors[i].hmac + 2 * j,
 						2) != 0) {
-					printf("Incorrect result for vector %lu\n", i + 1);
+					printf("Incorrect result for vector %lu\n",
+					       (unsigned long) i + 1);
 					exit(1);
 
 				}
 			}
 			free(hmac);
 		} else {
-			printf("Error in vector %lu.\n", i + 1);
+			printf("Error in vector %lu.\n",
+			       (unsigned long) i + 1);
 			exit(1);
 		}
 	}
diff --git a/modules/pam_timestamp/pam_timestamp.c b/modules/pam_timestamp/pam_timestamp.c
index 832aa629..d6a04a50 100644
--- a/modules/pam_timestamp/pam_timestamp.c
+++ b/modules/pam_timestamp/pam_timestamp.c
@@ -578,10 +578,10 @@ pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED, int argc, const char *
 
 	/* Create the directory for the timestamp file if it doesn't already
 	 * exist. */
-	for (i = 1; path[i] != '\0'; i++) {
+	for (i = 1; i < (int) sizeof(path) && path[i] != '\0'; i++) {
 		if (path[i] == '/') {
 			/* Attempt to create the directory. */
-			strncpy(subdir, path, i);
+			memcpy(subdir, path, i);
 			subdir[i] = '\0';
 			if (mkdir(subdir, 0700) == 0) {
 				/* Attempt to set the owner to the superuser. */
-- 
cgit v1.2.3