Use safer allocation macros

Use of these macros, apart from the benefits mentioned in the commit that adds the macros, has some other good side effects: - Consistency in getting the size of the object from sizeof(type), instead of a mix of sizeof(type) sometimes and sizeof(*p) other times. - More readable code: no casts, and no sizeof(), so also shorter lines that we don't need to cut. - Consistency in using array allocation calls for allocations of arrays of objects, even when the object size is 1. Cc: Valentin V. Bartenev <vbartenev@gmail.com> Signed-off-by: Alejandro Colomar <alx@kernel.org>
2023-02-04 22:41:18 +01:00
parent 6e58c12752
commit efbbcade43
44 changed files with 196 additions and 118 deletions
--- a/src/gpasswd.c
+++ b/src/gpasswd.c
@@ -19,6 +19,8 @@
 #include <signal.h>
 #include <stdio.h>
 #include <sys/types.h>
+
+#include "alloc.h"
 #include "defines.h"
 #include "groupio.h"
 #include "nscd.h"
@@ -834,7 +836,7 @@ static void get_group (struct group *gr)

 			sg->sg_mem = dup_list (gr->gr_mem);

-			sg->sg_adm = (char **) xmallocarray (2, sizeof (char *));
+			sg->sg_adm = XMALLOCARRAY (2, char *);
 #ifdef FIRST_MEMBER_IS_ADMIN
 			if (sg->sg_mem[0]) {
 				sg->sg_adm[0] = xstrdup (sg->sg_mem[0]);
--- a/src/groupmems.c
+++ b/src/groupmems.c
@@ -18,6 +18,8 @@
 #include "pam_defs.h"
 #endif				/* USE_PAM */
 #include <pwd.h>
+
+#include "alloc.h"
 #include "defines.h"
 #include "prototypes.h"
 #include "groupio.h"
@@ -125,7 +127,7 @@ static void add_user (const char *user,
 			static struct sgrp sgrent;
 			sgrent.sg_name = xstrdup (newgrp->gr_name);
 			sgrent.sg_mem = dup_list (newgrp->gr_mem);
-			sgrent.sg_adm = (char **) xmalloc (sizeof (char *));
+			sgrent.sg_adm = XMALLOC (char *);
 #ifdef FIRST_MEMBER_IS_ADMIN
 			if (sgrent.sg_mem[0]) {
 				sgrent.sg_adm[0] = xstrdup (sgrent.sg_mem[0]);
@@ -208,7 +210,7 @@ static void remove_user (const char *user,
 			static struct sgrp sgrent;
 			sgrent.sg_name = xstrdup (newgrp->gr_name);
 			sgrent.sg_mem = dup_list (newgrp->gr_mem);
-			sgrent.sg_adm = (char **) xmalloc (sizeof (char *));
+			sgrent.sg_adm = XMALLOC (char *);
 #ifdef FIRST_MEMBER_IS_ADMIN
 			if (sgrent.sg_mem[0]) {
 				sgrent.sg_adm[0] = xstrdup (sgrent.sg_mem[0]);
@@ -281,9 +283,9 @@ static void purge_members (const struct group *grp)
 			/* Create a shadow group based on this group */
 			static struct sgrp sgrent;
 			sgrent.sg_name = xstrdup (newgrp->gr_name);
-			sgrent.sg_mem = (char **) xmalloc (sizeof (char *));
+			sgrent.sg_mem = XMALLOC (char *);
 			sgrent.sg_mem[0] = NULL;
-			sgrent.sg_adm = (char **) xmalloc (sizeof (char *));
+			sgrent.sg_adm = XMALLOC (char *);
 			sgrent.sg_adm[0] = NULL;

 			/* Move any password to gshadow */
--- a/src/groupmod.c
+++ b/src/groupmod.c
@@ -24,6 +24,8 @@
 #include <pwd.h>
 #endif				/* USE_PAM */
 #endif				/* ACCT_TOOLS_SETUID */
+
+#include "alloc.h"
 #include "chkname.h"
 #include "defines.h"
 #include "groupio.h"
@@ -249,7 +251,7 @@ static void grp_update (void)
 			// requested to replace the existing groups
 			if (NULL != grp.gr_mem[0])
 				gr_free_members(&grp);
-			grp.gr_mem = (char **)xmalloc(sizeof(char *));
+			grp.gr_mem = XMALLOC(char *);
 			grp.gr_mem[0] = NULL;
 		} else {
 			// append to existing groups
@@ -557,15 +559,15 @@ static void prepare_failure_reports (void)
 #endif
 	info_passwd.name  = group_name;

-	gr                     = xmalloc (512);
+	gr                     = XMALLOCARRAY(512, char);
 	info_group.audit_msg   = gr;
 	gr_end                 = gr + 512;
 #ifdef	SHADOWGRP
-	sgr                    = xmalloc (512);
+	sgr                    = XMALLOCARRAY(512, char);
 	info_gshadow.audit_msg = sgr;
 	sgr_end                = sgr + 512;
 #endif
-	pw                     = xmalloc (512);
+	pw                     = XMALLOCARRAY(512, char);
 	info_passwd.audit_msg  = pw;
 	pw_end                 = pw + 512;

--- a/src/groups.c
+++ b/src/groups.c
@@ -14,9 +14,12 @@
 #include <grp.h>
 #include <pwd.h>
 #include <stdio.h>
+
+#include "alloc.h"
 #include "defines.h"
 #include "prototypes.h"
 #include "shadowlog.h"
+
 /*
 * Global variables
 */
@@ -88,7 +91,7 @@ int main (int argc, char **argv)
 	GETGROUPS_T *groups;

 	sys_ngroups = sysconf (_SC_NGROUPS_MAX);
-	groups = (GETGROUPS_T *) mallocarray (sys_ngroups, sizeof (GETGROUPS_T));
+	groups = MALLOCARRAY (sys_ngroups, GETGROUPS_T);

 	(void) setlocale (LC_ALL, "");
 	(void) bindtextdomain (PACKAGE, LOCALEDIR);
--- a/src/id.c
+++ b/src/id.c
@@ -23,7 +23,10 @@
 #include <pwd.h>
 #include <stdio.h>
 #include <sys/types.h>
+
+#include "alloc.h"
 #include "defines.h"
+
 /* local function prototypes */
 static void usage (void);

@@ -63,7 +66,7 @@ static void usage (void)
 	 * work if the system library is recompiled.
 	 */
 	sys_ngroups = sysconf (_SC_NGROUPS_MAX);
-	groups = (GETGROUPS_T *) mallocarray (sys_ngroups, sizeof (GETGROUPS_T));
+	groups = MALLOCARRAY (sys_ngroups, GETGROUPS_T);

 	/*
 	 * See if the -a flag has been given to print out the concurrent
--- a/src/login.c
+++ b/src/login.c
@@ -22,6 +22,8 @@
 #include <sys/stat.h>
 #include <sys/ioctl.h>
 #include <assert.h>
+
+#include "alloc.h"
 #include "defines.h"
 #include "faillog.h"
 #include "failure.h"
@@ -589,7 +591,7 @@ int main (int argc, char **argv)
 #ifdef RLOGIN
 	if (rflg) {
 		assert (NULL == username);
-		username = xmalloc (USER_NAME_MAX_LENGTH + 1);
+		username = XMALLOCARRAY (USER_NAME_MAX_LENGTH + 1, char);
 		username[USER_NAME_MAX_LENGTH] = '\0';
 		if (do_rlogin (hostname, username, USER_NAME_MAX_LENGTH, term, sizeof term)) {
 			preauth_flag = true;
@@ -906,7 +908,7 @@ int main (int argc, char **argv)
 				exit (1);
 			}
 			preauth_flag = false;
-			username = xmalloc (USER_NAME_MAX_LENGTH + 1);
+			username = XMALLOCARRAY (USER_NAME_MAX_LENGTH + 1, char);
 			username[USER_NAME_MAX_LENGTH] = '\0';
 			login_prompt (_("\n%s login: "), username, USER_NAME_MAX_LENGTH);

--- a/src/newgrp.c
+++ b/src/newgrp.c
@@ -16,6 +16,8 @@
 #include <pwd.h>
 #include <stdio.h>
 #include <assert.h>
+
+#include "alloc.h"
 #include "defines.h"
 #include "getdef.h"
 #include "prototypes.h"
@@ -531,7 +533,7 @@ int main (int argc, char **argv)
 	/* don't use getgroups(0, 0) - it doesn't work on some systems */
 	i = 16;
 	for (;;) {
-		grouplist = (GETGROUPS_T *) xmallocarray (i, sizeof (GETGROUPS_T));
+		grouplist = XMALLOCARRAY (i, GETGROUPS_T);
 		ngroups = getgroups (i, grouplist);
 		if (i > ngroups && !(ngroups == -1 && errno == EINVAL)) {
 			break;
--- a/src/newusers.c
+++ b/src/newusers.c
@@ -29,6 +29,8 @@
 #include <ctype.h>
 #include <errno.h>
 #include <string.h>
+
+#include "alloc.h"
 #ifdef ACCT_TOOLS_SETUID
 #ifdef USE_PAM
 #include "pam_defs.h"
@@ -1200,9 +1202,9 @@ int main (int argc, char **argv)
 #ifdef USE_PAM
 		/* keep the list of user/password for later update by PAM */
 		nusers++;
-		lines     = reallocf (lines,     nusers, sizeof (lines[0]));
-		usernames = reallocf (usernames, nusers, sizeof (usernames[0]));
-		passwords = reallocf (passwords, nusers, sizeof (passwords[0]));
+		lines     = REALLOCARRAYF(lines, nusers, int);
+		usernames = REALLOCARRAYF(usernames, nusers, char *);
+		passwords = REALLOCARRAYF(passwords, nusers, char *);
 		if (lines == NULL || usernames == NULL || passwords == NULL) {
 			fprintf (stderr,
 			         _("%s: line %d: %s\n"),
--- a/src/passwd.c
+++ b/src/passwd.c
@@ -19,6 +19,8 @@
 #include <stdio.h>
 #include <sys/types.h>
 #include <time.h>
+
+#include "alloc.h"
 #include "defines.h"
 #include "getdef.h"
 #include "nscd.h"
@@ -524,7 +526,7 @@ static char *update_crypt_pw (char *cp)
 	}

 	if (lflg && *cp != '!') {
-		char *newpw = xmalloc (strlen (cp) + 2);
+		char *newpw = XMALLOCARRAY (strlen (cp) + 2, char);

 		strcpy (newpw, "!");
 		strcat (newpw, cp);
--- a/src/su.c
+++ b/src/su.c
@@ -45,6 +45,8 @@
 #include <sys/stat.h>
 #include <fcntl.h>
 #endif				/* !USE_PAM */
+
+#include "alloc.h"
 #include "prototypes.h"
 #include "defines.h"
 #include "pwauth.h"
@@ -238,7 +240,7 @@ static void execve_shell (const char *shellname,
 		while (NULL != args[n_args]) {
 			n_args++;
 		}
-		targs = (char **) xmallocarray (n_args + 3, sizeof (args[0]));
+		targs = XMALLOCARRAY (n_args + 3, char *);
 		targs[0] = "sh";
 		targs[1] = "-";
 		targs[2] = xstrdup (shellname);
@@ -1176,7 +1178,7 @@ int main (int argc, char **argv)
 			cp = Basename (shellstr);
 		}

-		arg0 = xmalloc (strlen (cp) + 2);
+		arg0 = XMALLOCARRAY (strlen (cp) + 2, char);
 		arg0[0] = '-';
 		strcpy (arg0 + 1, cp);
 		cp = arg0;
--- a/src/useradd.c
+++ b/src/useradd.c
@@ -32,6 +32,8 @@
 #include <sys/wait.h>
 #include <time.h>
 #include <unistd.h>
+
+#include "alloc.h"
 #include "chkname.h"
 #include "defines.h"
 #include "faillog.h"
@@ -355,7 +357,7 @@ static void get_defaults (void)
 		int wlen;

 		len = strlen(prefix) + strlen(USER_DEFAULTS_FILE) + 2;
-		default_file = malloc(len);
+		default_file = MALLOCARRAY(len, char);
                if (default_file == NULL)
                       return;
 		wlen = snprintf(default_file, len, "%s/%s", prefix, USER_DEFAULTS_FILE);
@@ -468,7 +470,7 @@ static void get_defaults (void)
 				char* _def_template; /* avoid const warning */

 				len = strlen(prefix) + strlen(cp) + 2;
-				_def_template = xmalloc(len);
+				_def_template = XMALLOCARRAY(len, char);
 				wlen = snprintf(_def_template, len, "%s/%s", prefix, cp);
 				assert (wlen == (int) len -1);
 				def_template = _def_template;
@@ -492,7 +494,7 @@ static void get_defaults (void)
 				char* _def_usrtemplate; /* avoid const warning */

 				len = strlen(prefix) + strlen(cp) + 2;
-				_def_usrtemplate = xmalloc(len);
+				_def_usrtemplate = XMALLOCARRAY(len, char);
 				wlen = snprintf(_def_usrtemplate, len, "%s/%s", prefix, cp);
 				assert (wlen == (int) len -1);
 				def_usrtemplate = _def_usrtemplate;
@@ -582,7 +584,7 @@ static int set_defaults (void)


 	len = strlen(prefix) + strlen(NEW_USER_FILE) + 2;
-	new_file = malloc(len);
+	new_file = MALLOCARRAY(len, char);
        if (new_file == NULL) {
 		fprintf (stderr,
 		         _("%s: cannot create new defaults file: %s\n"),
@@ -594,7 +596,7 @@ static int set_defaults (void)

 	if (prefix[0]) {
 		len = strlen(prefix) + strlen(USER_DEFAULTS_FILE) + 2;
-		default_file = malloc(len);
+		default_file = MALLOCARRAY(len, char);
 		if (default_file == NULL) {
 			fprintf (stderr,
 			         _("%s: cannot create new defaults file: %s\n"),
@@ -1610,7 +1612,7 @@ static void process_flags (int argc, char **argv)
 			size_t len = strlen (def_home) + strlen (user_name) + 2;
 			int wlen;

-			uh = xmalloc (len);
+			uh = XMALLOCARRAY (len, char);
 			wlen = snprintf (uh, len, "%s/%s", def_home, user_name);
 			assert (wlen == (int) len -1);

@@ -1620,7 +1622,7 @@ static void process_flags (int argc, char **argv)
 			size_t len = strlen(prefix) + strlen(user_home) + 2;
 			int wlen;
 			char* _prefix_user_home; /* to avoid const warning */
-			_prefix_user_home = xmalloc(len);
+			_prefix_user_home = XMALLOCARRAY(len, char);
 			wlen = snprintf(_prefix_user_home, len, "%s/%s", prefix, user_home);
 			assert (wlen == (int) len -1);
 			prefix_user_home = _prefix_user_home;
@@ -2429,7 +2431,7 @@ static void create_mail (void)
 		if (NULL == spool) {
 			return;
 		}
-		file = alloca (strlen (prefix) + strlen (spool) + strlen (user_name) + 3);
+		file = ALLOCARRAY (strlen (prefix) + strlen (spool) + strlen (user_name) + 3, char);
 		if (prefix[0])
 			sprintf (file, "%s/%s/%s", prefix, spool, user_name);
 		else
@@ -2539,7 +2541,7 @@ int main (int argc, char **argv)
 #endif

 	sys_ngroups = sysconf (_SC_NGROUPS_MAX);
-	user_groups = (char **) xmallocarray (1 + sys_ngroups, sizeof (char *));
+	user_groups = XMALLOCARRAY (1 + sys_ngroups, char *);
 	/*
 	 * Initialize the list to be empty
 	 */
--- a/src/userdel.c
+++ b/src/userdel.c
@@ -19,6 +19,8 @@
 #include <sys/stat.h>
 #include <sys/types.h>
 #include <unistd.h>
+
+#include "alloc.h"
 #ifdef ACCT_TOOLS_SETUID
 #ifdef USE_PAM
 #include "pam_defs.h"
@@ -803,7 +805,7 @@ static int remove_mailbox (void)
 	}

 	len = strlen (prefix) + strlen (maildir) + strlen (user_name) + 2;
-	mailfile = xmalloc (len);
+	mailfile = XMALLOCARRAY (len, char);

 	if (prefix[0]) {
 		(void) snprintf (mailfile, len, "%s/%s/%s",
@@ -917,7 +919,7 @@ static int remove_tcbdir (const char *user_name, uid_t user_id)
 		return 0;
 	}

-	buf = malloc (buflen);
+	buf = MALLOCARRAY (buflen, char);
 	if (NULL == buf) {
 		fprintf (stderr, _("%s: Can't allocate memory, "
 		                   "tcb entry for %s not removed.\n"),
@@ -1129,7 +1131,7 @@ int main (int argc, char **argv)

 			size_t len = strlen(prefix) + strlen(pwd->pw_dir) + 2;
 			int wlen;
-			user_home = xmalloc(len);
+			user_home = XMALLOCARRAY(len, char);
 			wlen = snprintf(user_home, len, "%s/%s", prefix, pwd->pw_dir);
 			assert (wlen == (int) len -1);
 		}
--- a/src/usermod.c
+++ b/src/usermod.c
@@ -28,6 +28,8 @@
 #include <sys/stat.h>
 #include <sys/types.h>
 #include <time.h>
+
+#include "alloc.h"
 #include "chkname.h"
 #include "defines.h"
 #include "faillog.h"
@@ -342,7 +344,7 @@ static int prepend_range(const char *str, struct ulong_range_list_entry **head)
 	if (range.first > range.last)
 		return 0;

-	entry = malloc(sizeof(*entry));
+	entry = MALLOC(struct ulong_range_list_entry);
 	if (!entry) {
 		fprintf (stderr,
 			_("%s: failed to allocate memory: %s\n"),
@@ -415,7 +417,7 @@ usage (int status)
 static char *new_pw_passwd (char *pw_pass)
 {
 	if (Lflg && ('!' != pw_pass[0])) {
-		char *buf = xmalloc (strlen (pw_pass) + 2);
+		char *buf = XMALLOCARRAY (strlen (pw_pass) + 2, char);

 #ifdef WITH_AUDIT
 		audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
@@ -1258,12 +1260,12 @@ static void process_flags (int argc, char **argv)
 	if (prefix[0]) {
 		size_t len = strlen(prefix) + strlen(user_home) + 2;
 		int wlen;
-		prefix_user_home = xmalloc(len);
+		prefix_user_home = XMALLOCARRAY(len, char);
 		wlen = snprintf(prefix_user_home, len, "%s/%s", prefix, user_home);
 		assert (wlen == (int) len -1);
 		if (user_newhome) {
 			len = strlen(prefix) + strlen(user_newhome) + 2;
-			prefix_user_newhome = xmalloc(len);
+			prefix_user_newhome = XMALLOCARRAY(len, char);
 			wlen = snprintf(prefix_user_newhome, len, "%s/%s", prefix, user_newhome);
 			assert (wlen == (int) len -1);
 		}
@@ -2038,7 +2040,7 @@ static void move_mailbox (void)
 		return;
 	}
 	len = strlen (prefix) + strlen (maildir) + strlen (user_name) + 2;
-	mailfile = alloca (len);
+	mailfile = ALLOCARRAY (len, char);

 	/*
 	 * O_NONBLOCK is to make sure open won't hang on mandatory locks.
@@ -2093,7 +2095,7 @@ static void move_mailbox (void)

 	if (lflg) {
 		len = strlen (prefix) + strlen (maildir) + strlen (user_newname) + 2;
-		newmailfile = alloca(len);
+		newmailfile = ALLOCARRAY(len, char);
 		if (prefix[0]) {
 			(void) snprintf (newmailfile, len, "%s/%s/%s",
 			                 prefix, maildir, user_newname);
@@ -2150,7 +2152,7 @@ int main (int argc, char **argv)
 #endif

 	sys_ngroups = sysconf (_SC_NGROUPS_MAX);
-	user_groups = (char **) mallocarray (sys_ngroups + 1, sizeof (char *));
+	user_groups = MALLOCARRAY (sys_ngroups + 1, char *);
 	user_groups[0] = NULL;

 	is_shadow_pwd = spw_file_present ();
--- a/src/vipw.c
+++ b/src/vipw.c
@@ -26,6 +26,8 @@
 #include <sys/types.h>
 #include <unistd.h>
 #include <utime.h>
+
+#include "alloc.h"
 #include "defines.h"
 #include "groupio.h"
 #include "nscd.h"
@@ -302,7 +304,7 @@ vipwedit (const char *file, int (*file_lock) (void), int (*file_unlock) (void))
 				continue;
 		}

-		buf = (char *) malloc (strlen (editor) + strlen (fileedit) + 2);
+		buf = MALLOCARRAY(strlen(editor) + strlen(fileedit) + 2, char);
 		snprintf (buf, strlen (editor) + strlen (fileedit) + 2,
 		          "%s %s", editor, fileedit);
 		status = system (buf);
@@ -418,7 +420,7 @@ vipwedit (const char *file, int (*file_lock) (void), int (*file_unlock) (void))
 		if (stat (file, &st1) != 0) {
 			vipwexit (_("failed to stat edited file"), errno, 1);
 		}
-		to_rename = malloc (strlen (file) + 2);
+		to_rename = MALLOCARRAY (strlen (file) + 2, char);
 		if (NULL == to_rename) {
 			vipwexit (_("failed to allocate memory"), errno, 1);
 		}