Merge pull request #10510 from poettering/uacess-brackets

coverity fixes

src/basic/string-util.c

@@ -1059,8 +1059,11 @@ typedef void *(*memset_t)(void *,int,size_t);
 
 static volatile memset_t memset_func = memset;
 
-void explicit_bzero(void *p, size_t l) {
-        memset_func(p, '\0', l);
+void* explicit_bzero_safe(void *p, size_t l) {
+        if (l > 0)
+                memset_func(p, '\0', l);
+
+        return p;
 }
 #endif
 
@@ -1070,7 +1073,7 @@ char* string_erase(char *x) {
 
         /* A delicious drop of snake-oil! To be called on memory where
          * we stored passphrases or so, after we used them. */
-        explicit_bzero(x, strlen(x));
+        explicit_bzero_safe(x, strlen(x));
         return x;
 }
 

src/basic/string-util.h

@@ -198,8 +198,15 @@ static inline void *memmem_safe(const void *haystack, size_t haystacklen, const
         return memmem(haystack, haystacklen, needle, needlelen);
 }
 
-#if !HAVE_EXPLICIT_BZERO
-void explicit_bzero(void *p, size_t l);
+#if HAVE_EXPLICIT_BZERO
+static inline void* explicit_bzero_safe(void *p, size_t l) {
+        if (l > 0)
+                explicit_bzero(p, l);
+
+        return p;
+}
+#else
+void explicit_bzero_safe(void *p, size_t l);
 #endif
 
 char *string_erase(char *x);

src/reply-password/reply-password.c

@@ -95,7 +95,7 @@ int main(int argc, char *argv[]) {
         r = send_on_socket(fd, argv[2], packet, length);
 
 finish:
-        explicit_bzero(packet, length);
+        explicit_bzero_safe(packet, length);
 
         return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
 }

src/shared/ask-password-api.c

@@ -79,7 +79,7 @@ static int retrieve_key(key_serial_t serial, char ***ret) {
                 if (n < m)
                         break;
 
-                explicit_bzero(p, n);
+                explicit_bzero_safe(p, n);
                 free(p);
                 m *= 2;
         }
@@ -88,7 +88,7 @@ static int retrieve_key(key_serial_t serial, char ***ret) {
         if (!l)
                 return -ENOMEM;
 
-        explicit_bzero(p, n);
+        explicit_bzero_safe(p, n);
 
         *ret = l;
         return 0;
@@ -124,7 +124,7 @@ static int add_to_keyring(const char *keyname, AskPasswordFlags flags, char **pa
                 return r;
 
         serial = add_key("user", keyname, p, n, KEY_SPEC_USER_KEYRING);
-        explicit_bzero(p, n);
+        explicit_bzero_safe(p, n);
         if (serial == -1)
                 return -errno;
 
@@ -349,7 +349,7 @@ int ask_password_tty(
                         if (!(flags & ASK_PASSWORD_SILENT))
                                 backspace_string(ttyfd, passphrase);
 
-                        explicit_bzero(passphrase, sizeof(passphrase));
+                        explicit_bzero_safe(passphrase, sizeof(passphrase));
                         p = codepoint = 0;
 
                 } else if (IN_SET(c, '\b', 127)) {
@@ -379,7 +379,7 @@ int ask_password_tty(
                                 }
 
                                 p = codepoint = q == (size_t) -1 ? p - 1 : q;
-                                explicit_bzero(passphrase + p, sizeof(passphrase) - p);
+                                explicit_bzero_safe(passphrase + p, sizeof(passphrase) - p);
 
                         } else if (!dirty && !(flags & ASK_PASSWORD_SILENT)) {
 
@@ -430,7 +430,7 @@ int ask_password_tty(
         }
 
         x = strndup(passphrase, p);
-        explicit_bzero(passphrase, sizeof(passphrase));
+        explicit_bzero_safe(passphrase, sizeof(passphrase));
         if (!x) {
                 r = -ENOMEM;
                 goto finish;
@@ -681,7 +681,7 @@ int ask_password_agent(
                                 l = strv_new("", NULL);
                         else
                                 l = strv_parse_nulstr(passphrase+1, n-1);
-                        explicit_bzero(passphrase, n);
+                        explicit_bzero_safe(passphrase, n);
                         if (!l) {
                                 r = -ENOMEM;
                                 goto finish;

src/tty-ask-password-agent/tty-ask-password-agent.c

@@ -228,7 +228,7 @@ static int ask_password_plymouth(
         r = 0;
 
 finish:
-        explicit_bzero(buffer, sizeof(buffer));
+        explicit_bzero_safe(buffer, sizeof(buffer));
         return r;
 }
 
@@ -275,7 +275,7 @@ static int send_passwords(const char *socket_name, char **passwords) {
         r = (int) n;
 
 finish:
-        explicit_bzero(packet, packet_length);
+        explicit_bzero_safe(packet, packet_length);
         return r;
 }
 

src/udev/udev-builtin-uaccess.c

@@ -29,9 +29,10 @@ static int builtin_uaccess(sd_device *dev, int argc, char *argv[], bool test) {
                 return 0;
 
         r = sd_device_get_devname(dev, &path);
-        if (r < 0)
+        if (r < 0) {
                 log_device_error_errno(dev, r, "Failed to get device name: %m");
                 goto finish;
+        }
 
         if (sd_device_get_property_value(dev, "ID_SEAT", &seat) < 0)
                 seat = "seat0";
@@ -63,7 +64,7 @@ finish:
                 /* Better be safe than sorry and reset ACL */
                 k = devnode_acl(path, true, false, 0, false, 0);
                 if (k < 0) {
-                        log_device_full(dev, errno == ENOENT ? LOG_DEBUG : LOG_ERR, k, "Failed to apply ACL: %m");
+                        log_device_full(dev, k == -ENOENT ? LOG_DEBUG : LOG_ERR, k, "Failed to apply ACL: %m");
                         if (r >= 0)
                                 r = k;
                 }