rooty/yubico-pam
1
0
Fork 0
mirror of https://github.com/Yubico/yubico-pam.git synced 2025-01-19 16:52:17 +01:00
Code Issues Projects Releases Wiki Activity

Use unsigned, fix printf conversion spec warnings

Browse Source 
Some of the printf conversion specifications were wrong when used on
size_t, causing

> pam_yubico.c:957:57: warning: format specifies type 'int' but the argument has type 'size_t' (aka 'unsigned long') [-Wformat]
>       DBG (("OTP too short to be considered : %i < %i", password_len, (cfg->token_id_length + TOKEN_OTP_LEN)));
>                                               ~~        ^~~~~~~~~~~~
>                                               %zu
> pam_yubico.c:132:36: note: expanded from macro 'DBG'
> #define DBG(x) if (cfg->debug) { D(x); }
>                                    ^
> ./util.h:47:12: note: expanded from macro 'D'
>     printf x;                                                           \
>            ^

and

> pam_yubico.c:967:14: warning: format specifies type 'int' but the argument has type 'size_t' (aka 'unsigned long') [-Wformat]
>         skip_bytes, password_len, cfg->token_id_length, TOKEN_OTP_LEN));
>                     ^~~~~~~~~~~~
> pam_yubico.c:132:36: note: expanded from macro 'DBG'
> #define DBG(x) if (cfg->debug) { D(x); }
>                                    ^
> ./util.h:47:12: note: expanded from macro 'D'
>     printf x;                                                           \
>            ^

Fix these by using the appropriate %zu conversions for size_t. While
looking through the code, there are a couple more places where format
string specifiers could be improved, e.g. using %zu instead of casting
the result of sizeof(x) or strlen(x) to unsigned long.

In addition, convert TOKEN_OTP_LEN, MAX_TOKEN_ID_LEN and
DEFAULT_TOKEN_ID_LEN to unsigned numbers, because negative values would
not make any sense for those.
This commit is contained in:
Clemens Lang 2015-03-28 13:10:35 +01:00
parent c1f61bae0f
commit ac5bb65013
1 changed files with 9 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
pam_yubico.c
View File

@ -89,9 +89,9 @@
#endif #endif
#endif #endif
#define TOKEN_OTP_LEN 32 #define TOKEN_OTP_LEN 32u
#define MAX_TOKEN_ID_LEN 16 #define MAX_TOKEN_ID_LEN 16u
#define DEFAULT_TOKEN_ID_LEN 12 #define DEFAULT_TOKEN_ID_LEN 12u
enum key_mode { enum key_mode {
CHRESP, CHRESP,
@ -538,7 +538,7 @@ do_challenge_response(pam_handle_t *pamh, struct cfg *cfg, const char *username)
goto out; goto out;
} }
DBG(("Got the expected response, generating new challenge (%i bytes).", CR_CHALLENGE_SIZE)); DBG(("Got the expected response, generating new challenge (%u bytes).", CR_CHALLENGE_SIZE));
errstr = "Error generating new challenge, please check syslog or contact your system administrator"; errstr = "Error generating new challenge, please check syslog or contact your system administrator";
if (generate_random(state.challenge, sizeof(state.challenge))) { if (generate_random(state.challenge, sizeof(state.challenge))) {
@ -568,7 +568,7 @@ do_challenge_response(pam_handle_t *pamh, struct cfg *cfg, const char *username)
* Write the challenge and response we will expect the next time to the state file. * Write the challenge and response we will expect the next time to the state file.
*/ */
if (response_len > sizeof(state.response)) { if (response_len > sizeof(state.response)) {
DBG(("Got too long response ??? (%u/%lu)", response_len, (unsigned long) sizeof(state.response))); DBG(("Got too long response ??? (%u/%zu)", response_len, sizeof(state.response)));
goto out; goto out;
} }
memcpy (state.response, buf, response_len); memcpy (state.response, buf, response_len);
@ -788,7 +788,7 @@ pam_sm_authenticate (pam_handle_t * pamh,
if (cfg->token_id_length > MAX_TOKEN_ID_LEN) if (cfg->token_id_length > MAX_TOKEN_ID_LEN)
{ {
DBG (("configuration error: token_id_length too long. Maximum acceptable value : %d", MAX_TOKEN_ID_LEN)); DBG (("configuration error: token_id_length too long. Maximum acceptable value : %u", MAX_TOKEN_ID_LEN));
retval = PAM_AUTHINFO_UNAVAIL; retval = PAM_AUTHINFO_UNAVAIL;
goto done; goto done;
} }
@ -946,7 +946,7 @@ pam_sm_authenticate (pam_handle_t * pamh,
goto done; goto done;
} }
DBG (("conv returned %lu bytes", (unsigned long) strlen(resp->resp))); DBG (("conv returned %zu bytes", strlen(resp->resp)));
password = resp->resp; password = resp->resp;
} }
@ -954,7 +954,7 @@ pam_sm_authenticate (pam_handle_t * pamh,
password_len = strlen (password); password_len = strlen (password);
if (password_len < (cfg->token_id_length + TOKEN_OTP_LEN)) if (password_len < (cfg->token_id_length + TOKEN_OTP_LEN))
{ {
DBG (("OTP too short to be considered : %i < %i", password_len, (cfg->token_id_length + TOKEN_OTP_LEN))); DBG (("OTP too short to be considered : %zu < %u", password_len, (cfg->token_id_length + TOKEN_OTP_LEN)));
retval = PAM_AUTH_ERR; retval = PAM_AUTH_ERR;
goto done; goto done;
} }
@ -963,7 +963,7 @@ pam_sm_authenticate (pam_handle_t * pamh,
"systempassword" when copying the token_id and OTP to separate buffers */ "systempassword" when copying the token_id and OTP to separate buffers */
skip_bytes = password_len - (cfg->token_id_length + TOKEN_OTP_LEN); skip_bytes = password_len - (cfg->token_id_length + TOKEN_OTP_LEN);
DBG (("Skipping first %i bytes. Length is %i, token_id set to %i and token OTP always %i.", DBG (("Skipping first %i bytes. Length is %zu, token_id set to %u and token OTP always %u.",
skip_bytes, password_len, cfg->token_id_length, TOKEN_OTP_LEN)); skip_bytes, password_len, cfg->token_id_length, TOKEN_OTP_LEN));
/* Copy full YubiKey output (public ID + OTP) into otp */ /* Copy full YubiKey output (public ID + OTP) into otp */