diff options
| author | Theo de Raadt <deraadt@cvs.openbsd.org> | 2019-06-28 13:35:06 +0000 |
|---|---|---|
| committer | Theo de Raadt <deraadt@cvs.openbsd.org> | 2019-06-28 13:35:06 +0000 |
| commit | 61656abc7ff84215165af1bd464bc053b3b66158 (patch) | |
| tree | c7eabb0c4fa9faa024e724e99c240c40da07ca42 /usr.bin/ssh | |
| parent | 18603ebf99fbb890ae9666cb0c4aa9f879e7edaa (diff) | |
When system calls indicate an error they return -1, not some arbitrary
value < 0. errno is only updated in this case. Change all (most?)
callers of syscalls to follow this better, and let's see if this strictness
helps us in the future.
Diffstat (limited to 'usr.bin/ssh')
31 files changed, 247 insertions, 247 deletions
diff --git a/usr.bin/ssh/auth-rhosts.c b/usr.bin/ssh/auth-rhosts.c index 37f2488abd7..7c18821e73a 100644 --- a/usr.bin/ssh/auth-rhosts.c +++ b/usr.bin/ssh/auth-rhosts.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth-rhosts.c,v 1.49 2018/07/09 21:35:50 markus Exp $ */ +/* $OpenBSD: auth-rhosts.c,v 1.50 2019/06/28 13:35:04 deraadt Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -218,8 +218,8 @@ auth_rhosts2(struct passwd *pw, const char *client_user, const char *hostname, * are no system-wide files. */ if (!rhosts_files[rhosts_file_index] && - stat(_PATH_RHOSTS_EQUIV, &st) < 0 && - stat(_PATH_SSH_HOSTS_EQUIV, &st) < 0) { + stat(_PATH_RHOSTS_EQUIV, &st) == -1 && + stat(_PATH_SSH_HOSTS_EQUIV, &st) == -1) { debug3("%s: no hosts access files exist", __func__); return 0; } @@ -249,7 +249,7 @@ auth_rhosts2(struct passwd *pw, const char *client_user, const char *hostname, * Check that the home directory is owned by root or the user, and is * not group or world writable. */ - if (stat(pw->pw_dir, &st) < 0) { + if (stat(pw->pw_dir, &st) == -1) { logit("Rhosts authentication refused for %.100s: " "no home directory %.200s", pw->pw_name, pw->pw_dir); auth_debug_add("Rhosts authentication refused for %.100s: " @@ -274,7 +274,7 @@ auth_rhosts2(struct passwd *pw, const char *client_user, const char *hostname, /* Check users .rhosts or .shosts. */ snprintf(buf, sizeof buf, "%.500s/%.100s", pw->pw_dir, rhosts_files[rhosts_file_index]); - if (stat(buf, &st) < 0) + if (stat(buf, &st) == -1) continue; /* diff --git a/usr.bin/ssh/auth.c b/usr.bin/ssh/auth.c index 3b039b82542..50902095382 100644 --- a/usr.bin/ssh/auth.c +++ b/usr.bin/ssh/auth.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth.c,v 1.138 2019/01/19 21:41:18 djm Exp $ */ +/* $OpenBSD: auth.c,v 1.139 2019/06/28 13:35:04 deraadt Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -103,7 +103,7 @@ allowed_user(struct ssh *ssh, struct passwd * pw) char *shell = xstrdup((pw->pw_shell[0] == '\0') ? _PATH_BSHELL : pw->pw_shell); /* empty = /bin/sh */ - if (stat(shell, &st) != 0) { + if (stat(shell, &st) == -1) { logit("User %.100s not allowed because shell %.100s " "does not exist", pw->pw_name, shell); free(shell); @@ -427,7 +427,7 @@ auth_openfile(const char *file, struct passwd *pw, int strict_modes, return NULL; } - if (fstat(fd, &st) < 0) { + if (fstat(fd, &st) == -1) { close(fd); return NULL; } @@ -629,7 +629,7 @@ remote_hostname(struct ssh *ssh) fromlen = sizeof(from); memset(&from, 0, sizeof(from)); if (getpeername(ssh_packet_get_connection_in(ssh), - (struct sockaddr *)&from, &fromlen) < 0) { + (struct sockaddr *)&from, &fromlen) == -1) { debug("getpeername failed: %.100s", strerror(errno)); return strdup(ntop); } @@ -763,7 +763,7 @@ subprocess(const char *tag, struct passwd *pw, const char *command, return 0; } temporarily_use_uid(pw); - if (stat(av[0], &st) < 0) { + if (stat(av[0], &st) == -1) { error("Could not stat %s \"%s\": %s", tag, av[0], strerror(errno)); restore_uid(); @@ -775,7 +775,7 @@ subprocess(const char *tag, struct passwd *pw, const char *command, return 0; } /* Prepare to keep the child's stdout if requested */ - if (pipe(p) != 0) { + if (pipe(p) == -1) { error("%s: pipe: %s", tag, strerror(errno)); restore_uid(); return 0; @@ -825,12 +825,12 @@ subprocess(const char *tag, struct passwd *pw, const char *command, closefrom(STDERR_FILENO + 1); /* Don't use permanently_set_uid() here to avoid fatal() */ - if (setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) != 0) { + if (setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) == -1) { error("%s: setresgid %u: %s", tag, (u_int)pw->pw_gid, strerror(errno)); _exit(1); } - if (setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid) != 0) { + if (setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid) == -1) { error("%s: setresuid %u: %s", tag, (u_int)pw->pw_uid, strerror(errno)); _exit(1); diff --git a/usr.bin/ssh/authfd.c b/usr.bin/ssh/authfd.c index f1a6486d444..890ae832c8e 100644 --- a/usr.bin/ssh/authfd.c +++ b/usr.bin/ssh/authfd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: authfd.c,v 1.114 2019/06/21 04:21:04 djm Exp $ */ +/* $OpenBSD: authfd.c,v 1.115 2019/06/28 13:35:04 deraadt Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -99,12 +99,12 @@ ssh_get_authentication_socket(int *fdp) sunaddr.sun_family = AF_UNIX; strlcpy(sunaddr.sun_path, authsocket, sizeof(sunaddr.sun_path)); - if ((sock = socket(AF_UNIX, SOCK_STREAM, 0)) < 0) + if ((sock = socket(AF_UNIX, SOCK_STREAM, 0)) == -1) return SSH_ERR_SYSTEM_ERROR; /* close on exec */ if (fcntl(sock, F_SETFD, FD_CLOEXEC) == -1 || - connect(sock, (struct sockaddr *)&sunaddr, sizeof(sunaddr)) < 0) { + connect(sock, (struct sockaddr *)&sunaddr, sizeof(sunaddr)) == -1) { oerrno = errno; close(sock); errno = oerrno; diff --git a/usr.bin/ssh/authfile.c b/usr.bin/ssh/authfile.c index 3b81fa7d972..5a2f41d6db1 100644 --- a/usr.bin/ssh/authfile.c +++ b/usr.bin/ssh/authfile.c @@ -1,4 +1,4 @@ -/* $OpenBSD: authfile.c,v 1.131 2018/09/21 12:20:12 djm Exp $ */ +/* $OpenBSD: authfile.c,v 1.132 2019/06/28 13:35:04 deraadt Exp $ */ /* * Copyright (c) 2000, 2013 Markus Friedl. All rights reserved. * @@ -55,7 +55,7 @@ sshkey_save_private_blob(struct sshbuf *keybuf, const char *filename) { int fd, oerrno; - if ((fd = open(filename, O_WRONLY | O_CREAT | O_TRUNC, 0600)) < 0) + if ((fd = open(filename, O_WRONLY | O_CREAT | O_TRUNC, 0600)) == -1) return SSH_ERR_SYSTEM_ERROR; if (atomicio(vwrite, fd, sshbuf_mutable_ptr(keybuf), sshbuf_len(keybuf)) != sshbuf_len(keybuf)) { @@ -99,7 +99,7 @@ sshkey_load_file(int fd, struct sshbuf *blob) struct stat st; int r; - if (fstat(fd, &st) < 0) + if (fstat(fd, &st) == -1) return SSH_ERR_SYSTEM_ERROR; if ((st.st_mode & (S_IFSOCK|S_IFCHR|S_IFIFO)) == 0 && st.st_size > MAX_KEY_FILE_SIZE) @@ -139,7 +139,7 @@ sshkey_perm_ok(int fd, const char *filename) { struct stat st; - if (fstat(fd, &st) < 0) + if (fstat(fd, &st) == -1) return SSH_ERR_SYSTEM_ERROR; /* * if a key owned by the user is accessed, then we check the @@ -171,7 +171,7 @@ sshkey_load_private_type(int type, const char *filename, const char *passphrase, if (commentp != NULL) *commentp = NULL; - if ((fd = open(filename, O_RDONLY)) < 0) { + if ((fd = open(filename, O_RDONLY)) == -1) { if (perm_ok != NULL) *perm_ok = 0; return SSH_ERR_SYSTEM_ERROR; @@ -231,7 +231,7 @@ sshkey_load_private(const char *filename, const char *passphrase, if (commentp != NULL) *commentp = NULL; - if ((fd = open(filename, O_RDONLY)) < 0) + if ((fd = open(filename, O_RDONLY)) == -1) return SSH_ERR_SYSTEM_ERROR; if (sshkey_perm_ok(fd, filename) != 0) { r = SSH_ERR_KEY_BAD_PERMISSIONS; diff --git a/usr.bin/ssh/canohost.c b/usr.bin/ssh/canohost.c index 3e297055f40..1a3aeaa9a1c 100644 --- a/usr.bin/ssh/canohost.c +++ b/usr.bin/ssh/canohost.c @@ -1,4 +1,4 @@ -/* $OpenBSD: canohost.c,v 1.73 2016/03/07 19:02:43 djm Exp $ */ +/* $OpenBSD: canohost.c,v 1.74 2019/06/28 13:35:04 deraadt Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -130,12 +130,12 @@ get_sock_port(int sock, int local) fromlen = sizeof(from); memset(&from, 0, sizeof(from)); if (local) { - if (getsockname(sock, (struct sockaddr *)&from, &fromlen) < 0) { + if (getsockname(sock, (struct sockaddr *)&from, &fromlen) == -1) { error("getsockname failed: %.100s", strerror(errno)); return 0; } } else { - if (getpeername(sock, (struct sockaddr *)&from, &fromlen) < 0) { + if (getpeername(sock, (struct sockaddr *)&from, &fromlen) == -1) { debug("getpeername failed: %.100s", strerror(errno)); return -1; } diff --git a/usr.bin/ssh/channels.c b/usr.bin/ssh/channels.c index 1ef382eca7e..ad4f20984b8 100644 --- a/usr.bin/ssh/channels.c +++ b/usr.bin/ssh/channels.c @@ -1,4 +1,4 @@ -/* $OpenBSD: channels.c,v 1.392 2019/06/07 14:18:48 dtucker Exp $ */ +/* $OpenBSD: channels.c,v 1.393 2019/06/28 13:35:04 deraadt Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -1661,7 +1661,7 @@ channel_post_x11_listener(struct ssh *ssh, Channel *c, chan_mark_dead(ssh, c); errno = oerrno; } - if (newsock < 0) { + if (newsock == -1) { if (errno != EINTR && errno != EWOULDBLOCK && errno != ECONNABORTED) error("accept: %.100s", strerror(errno)); @@ -1804,7 +1804,7 @@ channel_post_port_listener(struct ssh *ssh, Channel *c, addrlen = sizeof(addr); newsock = accept(c->sock, (struct sockaddr *)&addr, &addrlen); - if (newsock < 0) { + if (newsock == -1) { if (errno != EINTR && errno != EWOULDBLOCK && errno != ECONNABORTED) error("accept: %.100s", strerror(errno)); @@ -1843,7 +1843,7 @@ channel_post_auth_listener(struct ssh *ssh, Channel *c, addrlen = sizeof(addr); newsock = accept(c->sock, (struct sockaddr *)&addr, &addrlen); - if (newsock < 0) { + if (newsock == -1) { error("accept from auth socket: %.100s", strerror(errno)); if (errno == EMFILE || errno == ENFILE) c->notbefore = monotime() + 1; @@ -1871,7 +1871,7 @@ channel_post_connecting(struct ssh *ssh, Channel *c, fatal(":%s: channel %d: no remote id", __func__, c->self); /* for rdynamic the OPEN_CONFIRMATION has been sent already */ isopen = (c->type == SSH_CHANNEL_RDYNAMIC_FINISH); - if (getsockopt(c->sock, SOL_SOCKET, SO_ERROR, &err, &sz) < 0) { + if (getsockopt(c->sock, SOL_SOCKET, SO_ERROR, &err, &sz) == -1) { err = errno; error("getsockopt SO_ERROR failed"); } @@ -1943,7 +1943,7 @@ channel_handle_rfd(struct ssh *ssh, Channel *c, return 1; len = read(c->rfd, buf, sizeof(buf)); - if (len < 0 && (errno == EINTR || errno == EAGAIN)) + if (len == -1 && (errno == EINTR || errno == EAGAIN)) return 1; if (len <= 0) { debug2("channel %d: read<=0 rfd %d len %zd", @@ -2011,7 +2011,7 @@ channel_handle_wfd(struct ssh *ssh, Channel *c, /* ignore truncated writes, datagrams might get lost */ len = write(c->wfd, buf, dlen); free(data); - if (len < 0 && (errno == EINTR || errno == EAGAIN)) + if (len == -1 && (errno == EINTR || errno == EAGAIN)) return 1; if (len <= 0) goto write_fail; @@ -2019,7 +2019,7 @@ channel_handle_wfd(struct ssh *ssh, Channel *c, } len = write(c->wfd, buf, dlen); - if (len < 0 && (errno == EINTR || errno == EAGAIN)) + if (len == -1 && (errno == EINTR || errno == EAGAIN)) return 1; if (len <= 0) { write_fail: @@ -2070,7 +2070,7 @@ channel_handle_efd_write(struct ssh *ssh, Channel *c, len = write(c->efd, sshbuf_ptr(c->extended), sshbuf_len(c->extended)); debug2("channel %d: written %zd to efd %d", c->self, len, c->efd); - if (len < 0 && (errno == EINTR || errno == EAGAIN)) + if (len == -1 && (errno == EINTR || errno == EAGAIN)) return 1; if (len <= 0) { debug2("channel %d: closing write-efd %d", c->self, c->efd); @@ -2098,7 +2098,7 @@ channel_handle_efd_read(struct ssh *ssh, Channel *c, len = read(c->efd, buf, sizeof(buf)); debug2("channel %d: read %zd from efd %d", c->self, len, c->efd); - if (len < 0 && (errno == EINTR || errno == EAGAIN)) + if (len == -1 && (errno == EINTR || errno == EAGAIN)) return 1; if (len <= 0) { debug2("channel %d: closing read-efd %d", @@ -2186,7 +2186,7 @@ read_mux(struct ssh *ssh, Channel *c, u_int need) if (sshbuf_len(c->input) < need) { rlen = need - sshbuf_len(c->input); len = read(c->rfd, buf, MINIMUM(rlen, CHAN_RBUF)); - if (len < 0 && (errno == EINTR || errno == EAGAIN)) + if (len == -1 && (errno == EINTR || errno == EAGAIN)) return sshbuf_len(c->input); if (len <= 0) { debug2("channel %d: ctl read<=0 rfd %d len %zd", @@ -2250,7 +2250,7 @@ channel_post_mux_client_write(struct ssh *ssh, Channel *c, return; len = write(c->wfd, sshbuf_ptr(c->output), sshbuf_len(c->output)); - if (len < 0 && (errno == EINTR || errno == EAGAIN)) + if (len == -1 && (errno == EINTR || errno == EAGAIN)) return; if (len <= 0) { chan_mark_dead(ssh, c); @@ -2298,7 +2298,7 @@ channel_post_mux_listener(struct ssh *ssh, Channel *c, return; } - if (getpeereid(newsock, &euid, &egid) < 0) { + if (getpeereid(newsock, &euid, &egid) == -1) { error("%s getpeereid failed: %s", __func__, strerror(errno)); close(newsock); @@ -3428,7 +3428,7 @@ channel_setup_fwd_listener_tcpip(struct ssh *ssh, int type, } /* Create a port to listen for the host. */ sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol); - if (sock < 0) { + if (sock == -1) { /* this is no error since kernel may not support ipv6 */ verbose("socket [%s]:%s: %.100s", ntop, strport, strerror(errno)); @@ -3441,7 +3441,7 @@ channel_setup_fwd_listener_tcpip(struct ssh *ssh, int type, ntop, strport); /* Bind the socket to the address. */ - if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) { + if (bind(sock, ai->ai_addr, ai->ai_addrlen) == -1) { /* * address can be in if use ipv6 address is * already bound @@ -3452,7 +3452,7 @@ channel_setup_fwd_listener_tcpip(struct ssh *ssh, int type, continue; } /* Start listening for connections on the socket. */ - if (listen(sock, SSH_LISTEN_BACKLOG) < 0) { + if (listen(sock, SSH_LISTEN_BACKLOG) == -1) { error("listen [%s]:%s: %.100s", ntop, strport, strerror(errno)); close(sock); @@ -4471,7 +4471,7 @@ channel_send_window_changes(struct ssh *ssh) if (sc->channels[i] == NULL || !sc->channels[i]->client_tty || sc->channels[i]->type != SSH_CHANNEL_OPEN) continue; - if (ioctl(sc->channels[i]->rfd, TIOCGWINSZ, &ws) < 0) + if (ioctl(sc->channels[i]->rfd, TIOCGWINSZ, &ws) == -1) continue; channel_request_start(ssh, i, "window-change", 0); if ((r = sshpkt_put_u32(ssh, (u_int)ws.ws_col)) != 0 || @@ -4574,13 +4574,13 @@ x11_create_display_inet(struct ssh *ssh, int x11_display_offset, continue; sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol); - if (sock < 0) { + if (sock == -1) { error("socket: %.100s", strerror(errno)); freeaddrinfo(aitop); return -1; } set_reuseaddr(sock); - if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) { + if (bind(sock, ai->ai_addr, ai->ai_addrlen) == -1) { debug2("%s: bind port %d: %.100s", __func__, port, strerror(errno)); close(sock); @@ -4604,7 +4604,7 @@ x11_create_display_inet(struct ssh *ssh, int x11_display_offset, /* Start listening for connections on the socket. */ for (n = 0; n < num_socks; n++) { sock = socks[n]; - if (listen(sock, SSH_LISTEN_BACKLOG) < 0) { + if (listen(sock, SSH_LISTEN_BACKLOG) == -1) { error("listen: %.100s", strerror(errno)); close(sock); return -1; @@ -4636,7 +4636,7 @@ connect_local_xsocket(u_int dnr) struct sockaddr_un addr; sock = socket(AF_UNIX, SOCK_STREAM, 0); - if (sock < 0) + if (sock == -1) error("socket: %.100s", strerror(errno)); memset(&addr, 0, sizeof(addr)); addr.sun_family = AF_UNIX; @@ -4724,12 +4724,12 @@ x11_connect_display(struct ssh *ssh) for (ai = aitop; ai; ai = ai->ai_next) { /* Create a socket. */ sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol); - if (sock < 0) { + if (sock == -1) { debug2("socket: %.100s", strerror(errno)); continue; } /* Connect it to the display. */ - if (connect(sock, ai->ai_addr, ai->ai_addrlen) < 0) { + if (connect(sock, ai->ai_addr, ai->ai_addrlen) == -1) { debug2("connect %.100s port %u: %.100s", buf, 6000 + display_number, strerror(errno)); close(sock); diff --git a/usr.bin/ssh/clientloop.c b/usr.bin/ssh/clientloop.c index 4c6d187c53b..b02f58923bb 100644 --- a/usr.bin/ssh/clientloop.c +++ b/usr.bin/ssh/clientloop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: clientloop.c,v 1.325 2019/06/26 22:29:43 dtucker Exp $ */ +/* $OpenBSD: clientloop.c,v 1.326 2019/06/28 13:35:04 deraadt Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -553,7 +553,7 @@ client_wait_until_can_do_something(struct ssh *ssh, } ret = select((*maxfdp)+1, *readsetp, *writesetp, NULL, tvp); - if (ret < 0) { + if (ret == -1) { /* * We have to clear the select masks, because we return. * We have to return, because the mainloop checks for the flags @@ -636,10 +636,10 @@ client_process_net_input(struct ssh *ssh, fd_set *readset) * There is a kernel bug on Solaris that causes select to * sometimes wake up even though there is no data available. */ - if (len < 0 && (errno == EAGAIN || errno == EINTR)) + if (len == -1 && (errno == EAGAIN || errno == EINTR)) len = 0; - if (len < 0) { + if (len == -1) { /* * An error has encountered. Perhaps there is a * network problem. @@ -1087,7 +1087,7 @@ process_escapes(struct ssh *ssh, Channel *c, /* Fork into background. */ pid = fork(); - if (pid < 0) { + if (pid == -1) { error("fork: %.100s", strerror(errno)); continue; } @@ -2233,7 +2233,7 @@ client_session2_setup(struct ssh *ssh, int id, int want_tty, int want_subsystem, struct winsize ws; /* Store window size in the packet. */ - if (ioctl(in_fd, TIOCGWINSZ, &ws) < 0) + if (ioctl(in_fd, TIOCGWINSZ, &ws) == -1) memset(&ws, 0, sizeof(ws)); channel_request_start(ssh, id, "pty-req", 1); diff --git a/usr.bin/ssh/misc.c b/usr.bin/ssh/misc.c index 3271eaf2f58..3dc810c38cc 100644 --- a/usr.bin/ssh/misc.c +++ b/usr.bin/ssh/misc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: misc.c,v 1.138 2019/06/27 18:03:37 deraadt Exp $ */ +/* $OpenBSD: misc.c,v 1.139 2019/06/28 13:35:04 deraadt Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2005,2006 Damien Miller. All rights reserved. @@ -84,7 +84,7 @@ set_nonblock(int fd) int val; val = fcntl(fd, F_GETFL); - if (val < 0) { + if (val == -1) { error("fcntl(%d, F_GETFL): %s", fd, strerror(errno)); return (-1); } @@ -108,7 +108,7 @@ unset_nonblock(int fd) int val; val = fcntl(fd, F_GETFL); - if (val < 0) { + if (val == -1) { error("fcntl(%d, F_GETFL): %s", fd, strerror(errno)); return (-1); } @@ -1100,7 +1100,7 @@ tun_open(int tun, int mode, char **ifname) return -1; } - if (fd < 0) { + if (fd == -1) { debug("%s: %s open: %s", __func__, name, strerror(errno)); return -1; } @@ -1511,7 +1511,7 @@ unix_listener(const char *path, int backlog, int unlink_first) } sock = socket(PF_UNIX, SOCK_STREAM, 0); - if (sock < 0) { + if (sock == -1) { saved_errno = errno; error("%s: socket: %.100s", __func__, strerror(errno)); errno = saved_errno; @@ -1521,7 +1521,7 @@ unix_listener(const char *path, int backlog, int unlink_first) if (unlink(path) != 0 && errno != ENOENT) error("unlink(%s): %.100s", path, strerror(errno)); } - if (bind(sock, (struct sockaddr *)&sunaddr, sizeof(sunaddr)) < 0) { + if (bind(sock, (struct sockaddr *)&sunaddr, sizeof(sunaddr)) == -1) { saved_errno = errno; error("%s: cannot bind to path %s: %s", __func__, path, strerror(errno)); @@ -1529,7 +1529,7 @@ unix_listener(const char *path, int backlog, int unlink_first) errno = saved_errno; return -1; } - if (listen(sock, backlog) < 0) { + if (listen(sock, backlog) == -1) { saved_errno = errno; error("%s: cannot listen on path %s: %s", __func__, path, strerror(errno)); @@ -1799,7 +1799,7 @@ safe_path(const char *name, struct stat *stp, const char *pw_dir, } strlcpy(buf, cp, sizeof(buf)); - if (stat(buf, &st) < 0 || + if (stat(buf, &st) == -1 || (st.st_uid != 0 && st.st_uid != uid) || (st.st_mode & 022) != 0) { snprintf(err, errlen, @@ -1834,7 +1834,7 @@ safe_path_fd(int fd, const char *file, struct passwd *pw, struct stat st; /* check the open file to avoid races */ - if (fstat(fd, &st) < 0) { + if (fstat(fd, &st) == -1) { snprintf(err, errlen, "cannot stat file %s: %s", file, strerror(errno)); return -1; diff --git a/usr.bin/ssh/monitor.c b/usr.bin/ssh/monitor.c index d01924ee7ca..edaa8fd4ff8 100644 --- a/usr.bin/ssh/monitor.c +++ b/usr.bin/ssh/monitor.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor.c,v 1.197 2019/01/21 10:38:54 djm Exp $ */ +/* $OpenBSD: monitor.c,v 1.198 2019/06/28 13:35:04 deraadt Exp $ */ /* * Copyright 2002 Niels Provos <provos@citi.umich.edu> * Copyright 2002 Markus Friedl <markus@openbsd.org> @@ -1226,7 +1226,7 @@ mm_record_login(struct ssh *ssh, Session *s, struct passwd *pw) fromlen = sizeof(from); if (ssh_packet_connection_is_on_socket(ssh)) { if (getpeername(ssh_packet_get_connection_in(ssh), - (struct sockaddr *)&from, &fromlen) < 0) { + (struct sockaddr *)&from, &fromlen) == -1) { debug("getpeername: %.100s", strerror(errno)); cleanup_exit(255); } @@ -1294,7 +1294,7 @@ mm_answer_pty(struct ssh *ssh, int sock, struct sshbuf *m) fatal("%s: send fds failed", __func__); /* make sure nothing uses fd 0 */ - if ((fd0 = open(_PATH_DEVNULL, O_RDONLY)) < 0) + if ((fd0 = open(_PATH_DEVNULL, O_RDONLY)) == -1) fatal("%s: open(/dev/null): %s", __func__, strerror(errno)); if (fd0 != 0) error("%s: fd0 %d != 0", __func__, fd0); @@ -1432,9 +1432,9 @@ monitor_openfds(struct monitor *mon, int do_logfds) if (socketpair(AF_UNIX, SOCK_STREAM, 0, pair) == -1) fatal("%s: socketpair: %s", __func__, strerror(errno)); #ifdef SO_ZEROIZE - if (setsockopt(pair[0], SOL_SOCKET, SO_ZEROIZE, &on, sizeof(on)) < 0) + if (setsockopt(pair[0], SOL_SOCKET, SO_ZEROIZE, &on, sizeof(on)) == -1) error("setsockopt SO_ZEROIZE(0): %.100s", strerror(errno)); - if (setsockopt(pair[1], SOL_SOCKET, SO_ZEROIZE, &on, sizeof(on)) < 0) + if (setsockopt(pair[1], SOL_SOCKET, SO_ZEROIZE, &on, sizeof(on)) == -1) error("setsockopt SO_ZEROIZE(1): %.100s", strerror(errno)); #endif FD_CLOSEONEXEC(pair[0]); diff --git a/usr.bin/ssh/monitor_wrap.c b/usr.bin/ssh/monitor_wrap.c index 24cdfa6897e..57ebd082bf3 100644 --- a/usr.bin/ssh/monitor_wrap.c +++ b/usr.bin/ssh/monitor_wrap.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor_wrap.c,v 1.112 2019/01/21 09:54:11 djm Exp $ */ +/* $OpenBSD: monitor_wrap.c,v 1.113 2019/06/28 13:35:04 deraadt Exp $ */ /* * Copyright 2002 Niels Provos <provos@citi.umich.edu> * Copyright 2002 Markus Friedl <markus@openbsd.org> @@ -593,7 +593,7 @@ mm_session_pty_cleanup2(Session *s) sshbuf_free(m); /* closed dup'ed master */ - if (s->ptymaster != -1 && close(s->ptymaster) < 0) + if (s->ptymaster != -1 && close(s->ptymaster) == -1) error("close(s->ptymaster/%d): %s", s->ptymaster, strerror(errno)); diff --git a/usr.bin/ssh/mux.c b/usr.bin/ssh/mux.c index 0bf88d10e00..776bec17a9e 100644 --- a/usr.bin/ssh/mux.c +++ b/usr.bin/ssh/mux.c @@ -1,4 +1,4 @@ -/* $OpenBSD: mux.c,v 1.79 2019/01/19 21:35:25 djm Exp $ */ +/* $OpenBSD: mux.c,v 1.80 2019/06/28 13:35:04 deraadt Exp $ */ /* * Copyright (c) 2002-2008 Damien Miller <djm@openbsd.org> * @@ -1479,7 +1479,7 @@ mux_client_read(int fd, struct sshbuf *b, size_t need) return -1; } len = read(fd, p + have, need - have); - if (len < 0) { + if (len == -1) { switch (errno) { case EAGAIN: (void)poll(&pfd, 1, -1); @@ -1525,7 +1525,7 @@ mux_client_write_packet(int fd, struct sshbuf *m) return -1; } len = write(fd, ptr + have, need - have); - if (len < 0) { + if (len == -1) { switch (errno) { case EAGAIN: (void)poll(&pfd, 1, -1); @@ -2303,7 +2303,7 @@ muxclient(const char *path) fatal("ControlPath too long ('%s' >= %u bytes)", path, (unsigned int)sizeof(addr.sun_path)); - if ((sock = socket(PF_UNIX, SOCK_STREAM, 0)) < 0) + if ((sock = socket(PF_UNIX, SOCK_STREAM, 0)) == -1) fatal("%s socket(): %s", __func__, strerror(errno)); if (connect(sock, (struct sockaddr *)&addr, sizeof(addr)) == -1) { diff --git a/usr.bin/ssh/nchan.c b/usr.bin/ssh/nchan.c index 85d5d9e36f3..0665cd6e494 100644 --- a/usr.bin/ssh/nchan.c +++ b/usr.bin/ssh/nchan.c @@ -1,4 +1,4 @@ -/* $OpenBSD: nchan.c,v 1.69 2018/10/04 07:47:35 djm Exp $ */ +/* $OpenBSD: nchan.c,v 1.70 2019/06/28 13:35:04 deraadt Exp $ */ /* * Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl. All rights reserved. * @@ -378,7 +378,7 @@ chan_shutdown_write(struct ssh *ssh, Channel *c) c->self, __func__, c->istate, c->ostate, c->sock, c->wfd, c->efd, channel_format_extended_usage(c)); if (c->sock != -1) { - if (shutdown(c->sock, SHUT_WR) < 0) { + if (shutdown(c->sock, SHUT_WR) == -1) { debug2("channel %d: %s: shutdown() failed for " "fd %d [i%d o%d]: %.100s", c->self, __func__, c->sock, c->istate, c->ostate, @@ -403,7 +403,7 @@ chan_shutdown_read(struct ssh *ssh, Channel *c) c->self, __func__, c->istate, c->ostate, c->sock, c->rfd, c->efd, channel_format_extended_usage(c)); if (c->sock != -1) { - if (shutdown(c->sock, SHUT_RD) < 0) { + if (shutdown(c->sock, SHUT_RD) == -1) { error("channel %d: %s: shutdown() failed for " "fd %d [i%d o%d]: %.100s", c->self, __func__, c->sock, c->istate, c->ostate, diff --git a/usr.bin/ssh/packet.c b/usr.bin/ssh/packet.c index e21177609f8..a0e4f8e243d 100644 --- a/usr.bin/ssh/packet.c +++ b/usr.bin/ssh/packet.c @@ -1,4 +1,4 @@ -/* $OpenBSD: packet.c,v 1.285 2019/06/07 14:18:48 dtucker Exp $ */ +/* $OpenBSD: packet.c,v 1.286 2019/06/28 13:35:04 deraadt Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -422,12 +422,12 @@ ssh_packet_connection_is_on_socket(struct ssh *ssh) fromlen = sizeof(from); memset(&from, 0, sizeof(from)); if (getpeername(state->connection_in, (struct sockaddr *)&from, - &fromlen) < 0) + &fromlen) == -1) return 0; tolen = sizeof(to); memset(&to, 0, sizeof(to)); if (getpeername(state->connection_out, (struct sockaddr *)&to, - &tolen) < 0) + &tolen) == -1) return 0; if (fromlen != tolen || memcmp(&from, &to, fromlen) != 0) return 0; @@ -453,7 +453,7 @@ ssh_packet_connection_af(struct ssh *ssh) memset(&to, 0, sizeof(to)); if (getsockname(ssh->state->connection_out, (struct sockaddr *)&to, - &tolen) < 0) + &tolen) == -1) return 0; return to.ss_family; } @@ -1335,7 +1335,7 @@ ssh_packet_read_seqnr(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p) r = SSH_ERR_CONN_CLOSED; goto out; } - if (len < 0) { + if (len == -1) { r = SSH_ERR_SYSTEM_ERROR; goto out; } @@ -2008,14 +2008,14 @@ ssh_packet_set_tos(struct ssh *ssh, int tos) case AF_INET: debug3("%s: set IP_TOS 0x%02x", __func__, tos); if (setsockopt(ssh->state->connection_in, - IPPROTO_IP, IP_TOS, &tos, sizeof(tos)) < 0) + IPPROTO_IP, IP_TOS, &tos, sizeof(tos)) == -1) error("setsockopt IP_TOS %d: %.100s:", tos, strerror(errno)); break; case AF_INET6: debug3("%s: set IPV6_TCLASS 0x%02x", __func__, tos); if (setsockopt(ssh->state->connection_in, - IPPROTO_IPV6, IPV6_TCLASS, &tos, sizeof(tos)) < 0) + IPPROTO_IPV6, IPV6_TCLASS, &tos, sizeof(tos)) == -1) error("setsockopt IPV6_TCLASS %d: %.100s:", tos, strerror(errno)); break; diff --git a/usr.bin/ssh/readconf.c b/usr.bin/ssh/readconf.c index 5ddaae77fb6..b902aa35c1f 100644 --- a/usr.bin/ssh/readconf.c +++ b/usr.bin/ssh/readconf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.c,v 1.306 2019/06/12 11:31:50 jmc Exp $ */ +/* $OpenBSD: readconf.c,v 1.307 2019/06/28 13:35:04 deraadt Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -503,7 +503,7 @@ execute_in_shell(const char *cmd) _exit(1); } /* Parent. */ - if (pid < 0) + if (pid == -1) fatal("%s: fork: %.100s", __func__, strerror(errno)); close(devnull); diff --git a/usr.bin/ssh/readpass.c b/usr.bin/ssh/readpass.c index d40d5da4923..57b91aa4a2f 100644 --- a/usr.bin/ssh/readpass.c +++ b/usr.bin/ssh/readpass.c @@ -1,4 +1,4 @@ -/* $OpenBSD: readpass.c,v 1.53 2019/01/19 04:15:56 tb Exp $ */ +/* $OpenBSD: readpass.c,v 1.54 2019/06/28 13:35:04 deraadt Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * @@ -58,19 +58,19 @@ ssh_askpass(char *askpass, const char *msg) error("ssh_askpass: fflush: %s", strerror(errno)); if (askpass == NULL) fatal("internal error: askpass undefined"); - if (pipe(p) < 0) { + if (pipe(p) == -1) { error("ssh_askpass: pipe: %s", strerror(errno)); return NULL; } osigchld = signal(SIGCHLD, SIG_DFL); - if ((pid = fork()) < 0) { + if ((pid = fork()) == -1) { error("ssh_askpass: fork: %s", strerror(errno)); signal(SIGCHLD, osigchld); return NULL; } if (pid == 0) { close(p[0]); - if (dup2(p[1], STDOUT_FILENO) < 0) + if (dup2(p[1], STDOUT_FILENO) == -1) fatal("ssh_askpass: dup2: %s", strerror(errno)); execlp(askpass, askpass, msg, (char *)NULL); fatal("ssh_askpass: exec(%s): %s", askpass, strerror(errno)); @@ -90,7 +90,7 @@ ssh_askpass(char *askpass, const char *msg) buf[len] = '\0'; close(p[0]); - while ((ret = waitpid(pid, &status, 0)) < 0) + while ((ret = waitpid(pid, &status, 0)) == -1) if (errno != EINTR) break; signal(SIGCHLD, osigchld); diff --git a/usr.bin/ssh/scp.c b/usr.bin/ssh/scp.c index 4fb0fca6e9c..f310ca7047e 100644 --- a/usr.bin/ssh/scp.c +++ b/usr.bin/ssh/scp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: scp.c,v 1.204 2019/02/10 11:15:52 djm Exp $ */ +/* $OpenBSD: scp.c,v 1.205 2019/06/28 13:35:04 deraadt Exp $ */ /* * scp - secure remote copy. This is basically patched BSD rcp which * uses ssh to do the data transfer (instead of using rcmd). @@ -235,13 +235,13 @@ do_cmd(char *host, char *remuser, int port, char *cmd, int *fdin, int *fdout) * Reserve two descriptors so that the real pipes won't get * descriptors 0 and 1 because that will screw up dup2 below. */ - if (pipe(reserved) < 0) + if (pipe(reserved) == -1) fatal("pipe: %s", strerror(errno)); /* Create a socket pair for communicating with ssh. */ - if (pipe(pin) < 0) + if (pipe(pin) == -1) fatal("pipe: %s", strerror(errno)); - if (pipe(pout) < 0) + if (pipe(pout) == -1) fatal("pipe: %s", strerror(errno)); /* Free the reserved descriptors. */ @@ -1050,13 +1050,13 @@ source(int argc, char **argv) len = strlen(name); while (len > 1 && name[len-1] == '/') name[--len] = '\0'; - if ((fd = open(name, O_RDONLY|O_NONBLOCK, 0)) < 0) + if ((fd = open(name, O_RDONLY|O_NONBLOCK, 0)) == -1) goto syserr; if (strchr(name, '\n') != NULL) { strnvis(encname, name, sizeof(encname), VIS_NL); name = encname; } - if (fstat(fd, &stb) < 0) { + if (fstat(fd, &stb) == -1) { syserr: run_err("%s: %s", name, strerror(errno)); goto next; } @@ -1130,7 +1130,7 @@ next: if (fd != -1) { unset_nonblock(remout); if (fd != -1) { - if (close(fd) < 0 && !haderr) + if (close(fd) == -1 && !haderr) haderr = errno; fd = -1; } @@ -1394,14 +1394,14 @@ sink(int argc, char **argv, const char *src) /* Handle copying from a read-only directory */ mod_flag = 1; - if (mkdir(np, mode | S_IRWXU) < 0) + if (mkdir(np, mode | S_IRWXU) == -1) goto bad; } vect[0] = xstrdup(np); sink(1, vect, src); if (setimes) { setimes = 0; - if (utimes(vect[0], tv) < 0) + if (utimes(vect[0], tv) == -1) run_err("%s: set times: %s", vect[0], strerror(errno)); } @@ -1412,7 +1412,7 @@ sink(int argc, char **argv, const char *src) } omode = mode; mode |= S_IWUSR; - if ((ofd = open(np, O_WRONLY|O_CREAT, mode)) < 0) { + if ((ofd = open(np, O_WRONLY|O_CREAT, mode)) == -1) { bad: run_err("%s: %s", np, strerror(errno)); continue; } @@ -1494,7 +1494,7 @@ bad: run_err("%s: %s", np, strerror(errno)); stop_progress_meter(); if (setimes && wrerr == NO) { setimes = 0; - if (utimes(np, tv) < 0) { + if (utimes(np, tv) == -1) { run_err("%s: set times: %s", np, strerror(errno)); wrerr = DISPLAYED; @@ -1647,7 +1647,7 @@ allocbuf(BUF *bp, int fd, int blksize) size_t size; struct stat stb; - if (fstat(fd, &stb) < 0) { + if (fstat(fd, &stb) == -1) { run_err("fstat: %s", strerror(errno)); return (0); } diff --git a/usr.bin/ssh/serverloop.c b/usr.bin/ssh/serverloop.c index 3cd54788720..33c81feafed 100644 --- a/usr.bin/ssh/serverloop.c +++ b/usr.bin/ssh/serverloop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: serverloop.c,v 1.215 2019/03/27 09:29:14 djm Exp $ */ +/* $OpenBSD: serverloop.c,v 1.216 2019/06/28 13:35:04 deraadt Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -119,7 +119,7 @@ static int notify_pipe[2]; static void notify_setup(void) { - if (pipe(notify_pipe) < 0) { + if (pipe(notify_pipe) == -1) { error("pipe(notify_pipe) failed %s", strerror(errno)); } else if ((fcntl(notify_pipe[0], F_SETFD, FD_CLOEXEC) == -1) || (fcntl(notify_pipe[1], F_SETFD, FD_CLOEXEC) == -1)) { @@ -324,7 +324,7 @@ process_input(struct ssh *ssh, fd_set *readset, int connection_in) verbose("Connection closed by %.100s port %d", ssh_remote_ipaddr(ssh), ssh_remote_port(ssh)); return -1; - } else if (len < 0) { + } else if (len == -1) { if (errno != EINTR && errno != EAGAIN) { verbose("Read error from remote host " "%.100s port %d: %.100s", @@ -379,7 +379,7 @@ collect_children(struct ssh *ssh) if (child_terminated) { debug("Received SIGCHLD."); while ((pid = waitpid(-1, &status, WNOHANG)) > 0 || - (pid < 0 && errno == EINTR)) + (pid == -1 && errno == EINTR)) if (pid > 0) session_close_by_pid(ssh, pid, status); child_terminated = 0; diff --git a/usr.bin/ssh/session.c b/usr.bin/ssh/session.c index 0a96db6f967..2cf229d5d7e 100644 --- a/usr.bin/ssh/session.c +++ b/usr.bin/ssh/session.c @@ -1,4 +1,4 @@ -/* $OpenBSD: session.c,v 1.315 2019/02/22 03:37:11 djm Exp $ */ +/* $OpenBSD: session.c,v 1.316 2019/06/28 13:35:04 deraadt Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * All rights reserved @@ -384,17 +384,17 @@ do_exec_no_pty(struct ssh *ssh, Session *s, const char *command) fatal("do_exec_no_pty: no session"); /* Allocate pipes for communicating with the program. */ - if (pipe(pin) < 0) { + if (pipe(pin) == -1) { error("%s: pipe in: %.100s", __func__, strerror(errno)); return -1; } - if (pipe(pout) < 0) { + if (pipe(pout) == -1) { error("%s: pipe out: %.100s", __func__, strerror(errno)); close(pin[0]); close(pin[1]); return -1; } - if (pipe(perr) < 0) { + if (pipe(perr) == -1) { error("%s: pipe err: %.100s", __func__, strerror(errno)); close(pin[0]); @@ -410,11 +410,11 @@ do_exec_no_pty(struct ssh *ssh, Session *s, const char *command) fatal("do_exec_no_pty: no session"); /* Uses socket pairs to communicate with the program. */ - if (socketpair(AF_UNIX, SOCK_STREAM, 0, inout) < 0) { + if (socketpair(AF_UNIX, SOCK_STREAM, 0, inout) == -1) { error("%s: socketpair #1: %.100s", __func__, strerror(errno)); return -1; } - if (socketpair(AF_UNIX, SOCK_STREAM, 0, err) < 0) { + if (socketpair(AF_UNIX, SOCK_STREAM, 0, err) == -1) { error("%s: socketpair #2: %.100s", __func__, strerror(errno)); close(inout[0]); @@ -450,7 +450,7 @@ do_exec_no_pty(struct ssh *ssh, Session *s, const char *command) * Create a new session and process group since the 4.4BSD * setlogin() affects the entire process group. */ - if (setsid() < 0) + if (setsid() == -1) error("setsid failed: %.100s", strerror(errno)); #ifdef USE_PIPES @@ -459,19 +459,19 @@ do_exec_no_pty(struct ssh *ssh, Session *s, const char *command) * pair, and make the child side the standard input. */ close(pin[1]); - if (dup2(pin[0], 0) < 0) + if (dup2(pin[0], 0) == -1) perror("dup2 stdin"); close(pin[0]); /* Redirect stdout. */ close(pout[0]); - if (dup2(pout[1], 1) < 0) + if (dup2(pout[1], 1) == -1) perror("dup2 stdout"); close(pout[1]); /* Redirect stderr. */ close(perr[0]); - if (dup2(perr[1], 2) < 0) + if (dup2(perr[1], 2) == -1) perror("dup2 stderr"); close(perr[1]); #else @@ -482,12 +482,12 @@ do_exec_no_pty(struct ssh *ssh, Session *s, const char *command) */ close(inout[1]); close(err[1]); - if (dup2(inout[0], 0) < 0) /* stdin */ + if (dup2(inout[0], 0) == -1) /* stdin */ perror("dup2 stdin"); - if (dup2(inout[0], 1) < 0) /* stdout (same as stdin) */ + if (dup2(inout[0], 1) == -1) /* stdout (same as stdin) */ perror("dup2 stdout"); close(inout[0]); - if (dup2(err[0], 2) < 0) /* stderr */ + if (dup2(err[0], 2) == -1) /* stderr */ perror("dup2 stderr"); close(err[0]); #endif @@ -551,14 +551,14 @@ do_exec_pty(struct ssh *ssh, Session *s, const char *command) * Do this before forking (and cleanup in the child) so as to * detect and gracefully fail out-of-fd conditions. */ - if ((fdout = dup(ptyfd)) < 0) { + if ((fdout = dup(ptyfd)) == -1) { error("%s: dup #1: %s", __func__, strerror(errno)); close(ttyfd); close(ptyfd); return -1; } /* we keep a reference to the pty master */ - if ((ptymaster = dup(ptyfd)) < 0) { + if ((ptymaster = dup(ptyfd)) == -1) { error("%s: dup #2: %s", __func__, strerror(errno)); close(ttyfd); close(ptyfd); @@ -588,11 +588,11 @@ do_exec_pty(struct ssh *ssh, Session *s, const char *command) pty_make_controlling_tty(&ttyfd, s->tty); /* Redirect stdin/stdout/stderr from the pseudo tty. */ - if (dup2(ttyfd, 0) < 0) + if (dup2(ttyfd, 0) == -1) error("dup2 stdin: %s", strerror(errno)); - if (dup2(ttyfd, 1) < 0) + if (dup2(ttyfd, 1) == -1) error("dup2 stdout: %s", strerror(errno)); - if (dup2(ttyfd, 2) < 0) + if (dup2(ttyfd, 2) == -1) error("dup2 stderr: %s", strerror(errno)); /* Close the extra descriptor for the pseudo tty. */ @@ -720,7 +720,7 @@ do_login(struct ssh *ssh, Session *s, const char *command) fromlen = sizeof(from); if (ssh_packet_connection_is_on_socket(ssh)) { if (getpeername(ssh_packet_get_connection_in(ssh), - (struct sockaddr *)&from, &fromlen) < 0) { + (struct sockaddr *)&from, &fromlen) == -1) { debug("getpeername: %.100s", strerror(errno)); cleanup_exit(255); } @@ -1305,7 +1305,7 @@ do_child(struct ssh *ssh, Session *s, const char *command) #endif /* Change current directory to the user's home directory. */ - if (chdir(pw->pw_dir) < 0) { + if (chdir(pw->pw_dir) == -1) { /* Suppress missing homedir warning for chroot case */ r = login_getcapbool(lc, "requirehome", 0); if (r || !in_chroot) { @@ -1654,7 +1654,7 @@ session_subsystem_req(struct ssh *ssh, Session *s) s->is_subsystem = SUBSYSTEM_INT_SFTP; debug("subsystem: %s", prog); } else { - if (stat(prog, &st) < 0) + if (stat(prog, &st) == -1) debug("subsystem: cannot stat %s: %s", prog, strerror(errno)); s->is_subsystem = SUBSYSTEM_EXT; @@ -1743,7 +1743,7 @@ session_break_req(struct ssh *ssh, Session *s) (r = sshpkt_get_end(ssh)) != 0) sshpkt_fatal(ssh, r, "%s: parse packet", __func__); - if (s->ptymaster == -1 || tcsendbreak(s->ptymaster, 0) < 0) + if (s->ptymaster == -1 || tcsendbreak(s->ptymaster, 0) == -1) return 0; return 1; } @@ -1965,7 +1965,7 @@ session_pty_cleanup2(Session *s) * the pty cleanup, so that another process doesn't get this pty * while we're still cleaning up. */ - if (s->ptymaster != -1 && close(s->ptymaster) < 0) + if (s->ptymaster != -1 && close(s->ptymaster) == -1) error("close(s->ptymaster/%d): %s", s->ptymaster, strerror(errno)); @@ -2265,7 +2265,7 @@ session_setup_x11fwd(struct ssh *ssh, Session *s) } /* Set up a suitable value for the DISPLAY variable. */ - if (gethostname(hostname, sizeof(hostname)) < 0) + if (gethostname(hostname, sizeof(hostname)) == -1) fatal("gethostname: %.100s", strerror(errno)); /* * auth_display must be used as the displayname when the diff --git a/usr.bin/ssh/sftp-server.c b/usr.bin/ssh/sftp-server.c index 356b6195d97..afb671398b8 100644 --- a/usr.bin/ssh/sftp-server.c +++ b/usr.bin/ssh/sftp-server.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp-server.c,v 1.115 2019/06/06 05:13:13 otto Exp $ */ +/* $OpenBSD: sftp-server.c,v 1.116 2019/06/28 13:35:04 deraadt Exp $ */ /* * Copyright (c) 2000-2004 Markus Friedl. All rights reserved. * @@ -693,7 +693,7 @@ process_open(u_int32_t id) status = SSH2_FX_PERMISSION_DENIED; } else { fd = open(name, flags, mode); - if (fd < 0) { + if (fd == -1) { status = errno_to_portable(errno); } else { handle = handle_new(HANDLE_FILE, name, fd, flags, NULL); @@ -746,12 +746,12 @@ process_read(u_int32_t id) } fd = handle_to_fd(handle); if (fd >= 0) { - if (lseek(fd, off, SEEK_SET) < 0) { + if (lseek(fd, off, SEEK_SET) == -1) { error("process_read: seek failed"); status = errno_to_portable(errno); } else { ret = read(fd, buf, len); - if (ret < 0) { + if (ret == -1) { status = errno_to_portable(errno); } else if (ret == 0) { status = SSH2_FX_EOF; @@ -787,13 +787,13 @@ process_write(u_int32_t id) status = SSH2_FX_FAILURE; else { if (!(handle_to_flags(handle) & O_APPEND) && - lseek(fd, off, SEEK_SET) < 0) { + lseek(fd, off, SEEK_SET) == -1) { status = errno_to_portable(errno); error("process_write: seek failed"); } else { /* XXX ATOMICIO ? */ ret = write(fd, data, len); - if (ret < 0) { + if (ret == -1) { error("process_write: write failed"); status = errno_to_portable(errno); } else if ((size_t)ret == len) { @@ -823,7 +823,7 @@ process_do_stat(u_int32_t id, int do_lstat) debug3("request %u: %sstat", id, do_lstat ? "l" : ""); verbose("%sstat name \"%s\"", do_lstat ? "l" : "", name); r = do_lstat ? lstat(name, &st) : stat(name, &st); - if (r < 0) { + if (r == -1) { status = errno_to_portable(errno); } else { stat_to_attrib(&st, &a); @@ -861,7 +861,7 @@ process_fstat(u_int32_t id) fd = handle_to_fd(handle); if (fd >= 0) { r = fstat(fd, &st); - if (r < 0) { + if (r == -1) { status = errno_to_portable(errno); } else { stat_to_attrib(&st, &a); @@ -1059,7 +1059,7 @@ process_readdir(u_int32_t id) /* XXX OVERFLOW ? */ snprintf(pathname, sizeof pathname, "%s%s%s", path, strcmp(path, "/") ? "/" : "", dp->d_name); - if (lstat(pathname, &st) < 0) + if (lstat(pathname, &st) == -1) continue; stat_to_attrib(&st, &(stats[count].attrib)); stats[count].name = xstrdup(dp->d_name); @@ -1682,7 +1682,7 @@ sftp_server_main(int argc, char **argv, struct passwd *user_pw) if (olen > 0) FD_SET(out, wset); - if (select(max+1, rset, wset, NULL, NULL) < 0) { + if (select(max+1, rset, wset, NULL, NULL) == -1) { if (errno == EINTR) continue; error("select: %s", strerror(errno)); @@ -1695,7 +1695,7 @@ sftp_server_main(int argc, char **argv, struct passwd *user_pw) if (len == 0) { debug("read eof"); sftp_server_cleanup_exit(0); - } else if (len < 0) { + } else if (len == -1) { error("read: %s", strerror(errno)); sftp_server_cleanup_exit(1); } else if ((r = sshbuf_put(iqueue, buf, len)) != 0) { @@ -1706,7 +1706,7 @@ sftp_server_main(int argc, char **argv, struct passwd *user_pw) /* send oqueue to stdout */ if (FD_ISSET(out, wset)) { len = write(out, sshbuf_ptr(oqueue), olen); - if (len < 0) { + if (len == -1) { error("write: %s", strerror(errno)); sftp_server_cleanup_exit(1); } else if ((r = sshbuf_consume(oqueue, len)) != 0) { diff --git a/usr.bin/ssh/ssh-add.c b/usr.bin/ssh/ssh-add.c index ee49ba3ed25..cf978f65fb5 100644 --- a/usr.bin/ssh/ssh-add.c +++ b/usr.bin/ssh/ssh-add.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-add.c,v 1.139 2019/06/06 05:13:13 otto Exp $ */ +/* $OpenBSD: ssh-add.c,v 1.140 2019/06/28 13:35:04 deraadt Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -195,7 +195,7 @@ add_file(int agent_fd, const char *filename, int key_only, int qflag) if (strcmp(filename, "-") == 0) { fd = STDIN_FILENO; filename = "(stdin)"; - } else if ((fd = open(filename, O_RDONLY)) < 0) { + } else if ((fd = open(filename, O_RDONLY)) == -1) { perror(filename); return -1; } @@ -718,7 +718,7 @@ main(int argc, char **argv) for (i = 0; default_files[i]; i++) { snprintf(buf, sizeof(buf), "%s/%s", pw->pw_dir, default_files[i]); - if (stat(buf, &st) < 0) + if (stat(buf, &st) == -1) continue; if (do_file(agent_fd, deleting, key_only, buf, qflag) == -1) diff --git a/usr.bin/ssh/ssh-agent.c b/usr.bin/ssh/ssh-agent.c index d7df394f476..15591c48327 100644 --- a/usr.bin/ssh/ssh-agent.c +++ b/usr.bin/ssh/ssh-agent.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-agent.c,v 1.236 2019/06/21 04:21:04 djm Exp $ */ +/* $OpenBSD: ssh-agent.c,v 1.237 2019/06/28 13:35:04 deraadt Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -812,11 +812,11 @@ handle_socket_read(u_int socknum) slen = sizeof(sunaddr); fd = accept(sockets[socknum].fd, (struct sockaddr *)&sunaddr, &slen); - if (fd < 0) { + if (fd == -1) { error("accept from AUTH_SOCKET: %s", strerror(errno)); return -1; } - if (getpeereid(fd, &euid, &egid) < 0) { + if (getpeereid(fd, &euid, &egid) == -1) { error("getpeereid %d failed: %s", fd, strerror(errno)); close(fd); return -1; @@ -1293,7 +1293,7 @@ main(int ac, char **av) /* deny core dumps, since memory contains unencrypted private keys */ rlim.rlim_cur = rlim.rlim_max = 0; - if (setrlimit(RLIMIT_CORE, &rlim) < 0) { + if (setrlimit(RLIMIT_CORE, &rlim) == -1) { error("setrlimit RLIMIT_CORE: %s", strerror(errno)); cleanup_exit(1); } @@ -1324,7 +1324,7 @@ skip: if (parent_alive_interval != 0) check_parent_exists(); (void) reaper(); /* remove expired keys */ - if (result < 0) { + if (result == -1) { if (saved_errno == EINTR) continue; fatal("poll: %s", strerror(saved_errno)); diff --git a/usr.bin/ssh/ssh-keygen.c b/usr.bin/ssh/ssh-keygen.c index eb953019078..19909d6da15 100644 --- a/usr.bin/ssh/ssh-keygen.c +++ b/usr.bin/ssh/ssh-keygen.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keygen.c,v 1.332 2019/06/21 04:21:04 djm Exp $ */ +/* $OpenBSD: ssh-keygen.c,v 1.333 2019/06/28 13:35:04 deraadt Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -355,7 +355,7 @@ do_convert_to(struct passwd *pw) if (!have_identity) ask_filename(pw, "Enter file in which the key is"); - if (stat(identity_file, &st) < 0) + if (stat(identity_file, &st) == -1) fatal("%s: %s: %s", __progname, identity_file, strerror(errno)); if ((r = sshkey_load_public(identity_file, &k, NULL)) != 0) k = load_identity(identity_file); @@ -679,7 +679,7 @@ do_convert_from(struct passwd *pw) if (!have_identity) ask_filename(pw, "Enter file in which the key is"); - if (stat(identity_file, &st) < 0) + if (stat(identity_file, &st) == -1) fatal("%s: %s: %s", __progname, identity_file, strerror(errno)); switch (convert_format) { @@ -737,7 +737,7 @@ do_print_public(struct passwd *pw) if (!have_identity) ask_filename(pw, "Enter file in which the key is"); - if (stat(identity_file, &st) < 0) + if (stat(identity_file, &st) == -1) fatal("%s: %s", identity_file, strerror(errno)); prv = load_identity(identity_file); if ((r = sshkey_write(prv, stdout)) != 0) @@ -835,7 +835,7 @@ fingerprint_private(const char *path) struct sshkey *public = NULL; int r; - if (stat(identity_file, &st) < 0) + if (stat(identity_file, &st) == -1) fatal("%s: %s", path, strerror(errno)); if ((r = sshkey_load_public(path, &public, &comment)) != 0) { debug("load public \"%s\": %s", path, ssh_err(r)); @@ -1319,7 +1319,7 @@ do_change_passphrase(struct passwd *pw) if (!have_identity) ask_filename(pw, "Enter file in which the key is"); - if (stat(identity_file, &st) < 0) + if (stat(identity_file, &st) == -1) fatal("%s: %s", identity_file, strerror(errno)); /* Try to load the file with empty passphrase. */ r = sshkey_load_private(identity_file, "", &private, &comment); @@ -1403,7 +1403,7 @@ do_print_resource_record(struct passwd *pw, char *fname, char *hname, if (fname == NULL) fatal("%s: no filename", __func__); - if (stat(fname, &st) < 0) { + if (stat(fname, &st) == -1) { if (errno == ENOENT) return 0; fatal("%s: %s", fname, strerror(errno)); @@ -1432,7 +1432,7 @@ do_change_comment(struct passwd *pw, const char *identity_comment) if (!have_identity) ask_filename(pw, "Enter file in which the key is"); - if (stat(identity_file, &st) < 0) + if (stat(identity_file, &st) == -1) fatal("%s: %s", identity_file, strerror(errno)); if ((r = sshkey_load_private(identity_file, "", &private, &comment)) == 0) @@ -2024,7 +2024,7 @@ do_show_cert(struct passwd *pw) if (!have_identity) ask_filename(pw, "Enter file in which the key is"); - if (strcmp(identity_file, "-") != 0 && stat(identity_file, &st) < 0) + if (strcmp(identity_file, "-") != 0 && stat(identity_file, &st) == -1) fatal("%s: %s: %s", __progname, identity_file, strerror(errno)); path = identity_file; @@ -2450,7 +2450,7 @@ main(int argc, char **argv) pw = getpwuid(getuid()); if (!pw) fatal("No user exists for uid %lu", (u_long)getuid()); - if (gethostname(hostname, sizeof(hostname)) < 0) + if (gethostname(hostname, sizeof(hostname)) == -1) fatal("gethostname: %s", strerror(errno)); /* Remaining characters: Ydw */ @@ -2832,11 +2832,11 @@ main(int argc, char **argv) snprintf(dotsshdir, sizeof dotsshdir, "%s/%s", pw->pw_dir, _PATH_SSH_USER_DIR); if (strstr(identity_file, dotsshdir) != NULL) { - if (stat(dotsshdir, &st) < 0) { + if (stat(dotsshdir, &st) == -1) { if (errno != ENOENT) { error("Could not stat %s: %s", dotsshdir, strerror(errno)); - } else if (mkdir(dotsshdir, 0700) < 0) { + } else if (mkdir(dotsshdir, 0700) == -1) { error("Could not create directory '%s': %s", dotsshdir, strerror(errno)); } else if (!quiet) diff --git a/usr.bin/ssh/ssh-keyscan.c b/usr.bin/ssh/ssh-keyscan.c index d21140b326a..735d4713b27 100644 --- a/usr.bin/ssh/ssh-keyscan.c +++ b/usr.bin/ssh/ssh-keyscan.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keyscan.c,v 1.127 2019/06/06 05:13:13 otto Exp $ */ +/* $OpenBSD: ssh-keyscan.c,v 1.128 2019/06/28 13:35:04 deraadt Exp $ */ /* * Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>. * @@ -115,7 +115,7 @@ fdlim_get(int hard) { struct rlimit rlfd; - if (getrlimit(RLIMIT_NOFILE, &rlfd) < 0) + if (getrlimit(RLIMIT_NOFILE, &rlfd) == -1) return (-1); if ((hard ? rlfd.rlim_max : rlfd.rlim_cur) == RLIM_INFINITY) return sysconf(_SC_OPEN_MAX); @@ -130,10 +130,10 @@ fdlim_set(int lim) if (lim <= 0) return (-1); - if (getrlimit(RLIMIT_NOFILE, &rlfd) < 0) + if (getrlimit(RLIMIT_NOFILE, &rlfd) == -1) return (-1); rlfd.rlim_cur = lim; - if (setrlimit(RLIMIT_NOFILE, &rlfd) < 0) + if (setrlimit(RLIMIT_NOFILE, &rlfd) == -1) return (-1); return (0); } @@ -325,13 +325,13 @@ tcpconnect(char *host) } for (ai = aitop; ai; ai = ai->ai_next) { s = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol); - if (s < 0) { + if (s == -1) { error("socket: %s", strerror(errno)); continue; } if (set_nonblock(s) == -1) fatal("%s: set_nonblock(%d)", __func__, s); - if (connect(s, ai->ai_addr, ai->ai_addrlen) < 0 && + if (connect(s, ai->ai_addr, ai->ai_addrlen) == -1 && errno != EINPROGRESS) error("connect (`%s'): %s", host, strerror(errno)); else diff --git a/usr.bin/ssh/ssh.c b/usr.bin/ssh/ssh.c index 37de82e4787..d42a76cf067 100644 --- a/usr.bin/ssh/ssh.c +++ b/usr.bin/ssh/ssh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh.c,v 1.504 2019/06/14 04:13:58 djm Exp $ */ +/* $OpenBSD: ssh.c,v 1.505 2019/06/28 13:35:04 deraadt Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -747,7 +747,7 @@ main(int ac, char **av) break; case 'i': p = tilde_expand_filename(optarg, getuid()); - if (stat(p, &st) < 0) + if (stat(p, &st) == -1) fprintf(stderr, "Warning: Identity file %s " "not accessible: %s.\n", p, strerror(errno)); @@ -1405,8 +1405,8 @@ main(int ac, char **av) if (config == NULL) { r = snprintf(buf, sizeof buf, "%s%s%s", pw->pw_dir, strcmp(pw->pw_dir, "/") ? "/" : "", _PATH_SSH_USER_DIR); - if (r > 0 && (size_t)r < sizeof(buf) && stat(buf, &st) < 0) - if (mkdir(buf, 0700) < 0) + if (r > 0 && (size_t)r < sizeof(buf) && stat(buf, &st) == -1) + if (mkdir(buf, 0700) == -1) error("Could not create directory '%.200s'.", buf); } @@ -1566,7 +1566,7 @@ fork_postauth(void) control_persist_detach(); debug("forking to background"); fork_after_authentication_flag = 0; - if (daemon(1, 1) < 0) + if (daemon(1, 1) == -1) fatal("daemon() failed: %.200s", strerror(errno)); } @@ -1662,8 +1662,8 @@ ssh_init_stdio_forwarding(struct ssh *ssh) debug3("%s: %s:%d", __func__, options.stdio_forward_host, options.stdio_forward_port); - if ((in = dup(STDIN_FILENO)) < 0 || - (out = dup(STDOUT_FILENO)) < 0) + if ((in = dup(STDIN_FILENO)) == -1 || + (out = dup(STDOUT_FILENO)) == -1) fatal("channel_connect_stdio_fwd: dup() in/out failed"); if ((c = channel_connect_stdio_fwd(ssh, options.stdio_forward_host, options.stdio_forward_port, in, out)) == NULL) @@ -1816,7 +1816,7 @@ ssh_session2_open(struct ssh *ssh) out = dup(STDOUT_FILENO); err = dup(STDERR_FILENO); - if (in < 0 || out < 0 || err < 0) + if (in == -1 || out == -1 || err == -1) fatal("dup() in/out/err failed"); /* enable nonblocking unless tty */ @@ -1947,7 +1947,7 @@ ssh_session2(struct ssh *ssh, struct passwd *pw) if ((devnull = open(_PATH_DEVNULL, O_WRONLY)) == -1) error("%s: open %s: %s", __func__, _PATH_DEVNULL, strerror(errno)); - if (dup2(devnull, STDOUT_FILENO) < 0) + if (dup2(devnull, STDOUT_FILENO) == -1) fatal("%s: dup2() stdout failed", __func__); if (devnull > STDERR_FILENO) close(devnull); @@ -2134,7 +2134,7 @@ main_sigchld_handler(int sig) int status; while ((pid = waitpid(-1, &status, WNOHANG)) > 0 || - (pid < 0 && errno == EINTR)) + (pid == -1 && errno == EINTR)) ; errno = save_errno; } diff --git a/usr.bin/ssh/sshconnect.c b/usr.bin/ssh/sshconnect.c index fb577c1731a..cf50da405ec 100644 --- a/usr.bin/ssh/sshconnect.c +++ b/usr.bin/ssh/sshconnect.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect.c,v 1.316 2019/06/21 04:21:04 djm Exp $ */ +/* $OpenBSD: sshconnect.c,v 1.317 2019/06/28 13:35:04 deraadt Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -119,7 +119,7 @@ ssh_proxy_fdpass_connect(struct ssh *ssh, const char *host, u_short port, if ((shell = getenv("SHELL")) == NULL) shell = _PATH_BSHELL; - if (socketpair(AF_UNIX, SOCK_STREAM, 0, sp) < 0) + if (socketpair(AF_UNIX, SOCK_STREAM, 0, sp) == -1) fatal("Could not create socketpair to communicate with " "proxy dialer: %.100s", strerror(errno)); @@ -134,11 +134,11 @@ ssh_proxy_fdpass_connect(struct ssh *ssh, const char *host, u_short port, close(sp[1]); /* Redirect stdin and stdout. */ if (sp[0] != 0) { - if (dup2(sp[0], 0) < 0) + if (dup2(sp[0], 0) == -1) perror("dup2 stdin"); } if (sp[0] != 1) { - if (dup2(sp[0], 1) < 0) + if (dup2(sp[0], 1) == -1) perror("dup2 stdout"); } if (sp[0] >= 2) @@ -166,7 +166,7 @@ ssh_proxy_fdpass_connect(struct ssh *ssh, const char *host, u_short port, exit(1); } /* Parent. */ - if (pid < 0) + if (pid == -1) fatal("fork failed: %.100s", strerror(errno)); close(sp[0]); free(command_string); @@ -202,7 +202,7 @@ ssh_proxy_connect(struct ssh *ssh, const char *host, u_short port, shell = _PATH_BSHELL; /* Create pipes for communicating with the proxy. */ - if (pipe(pin) < 0 || pipe(pout) < 0) + if (pipe(pin) == -1 || pipe(pout) == -1) fatal("Could not create pipes to communicate with the proxy: %.100s", strerror(errno)); @@ -217,12 +217,12 @@ ssh_proxy_connect(struct ssh *ssh, const char *host, u_short port, /* Redirect stdin and stdout. */ close(pin[1]); if (pin[0] != 0) { - if (dup2(pin[0], 0) < 0) + if (dup2(pin[0], 0) == -1) perror("dup2 stdin"); close(pin[0]); } close(pout[0]); - if (dup2(pout[1], 1) < 0) + if (dup2(pout[1], 1) == -1) perror("dup2 stdout"); /* Cannot be 1 because pin allocated two descriptors. */ close(pout[1]); @@ -248,7 +248,7 @@ ssh_proxy_connect(struct ssh *ssh, const char *host, u_short port, exit(1); } /* Parent. */ - if (pid < 0) + if (pid == -1) fatal("fork failed: %.100s", strerror(errno)); else proxy_command_pid = pid; /* save pid to clean up later */ @@ -353,7 +353,7 @@ ssh_create_socket(struct addrinfo *ai) char ntop[NI_MAXHOST]; sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol); - if (sock < 0) { + if (sock == -1) { error("socket: %s", strerror(errno)); return -1; } @@ -508,7 +508,7 @@ ssh_connect_direct(struct ssh *ssh, const char *host, struct addrinfo *aitop, /* Set SO_KEEPALIVE if requested. */ if (want_keepalive && setsockopt(sock, SOL_SOCKET, SO_KEEPALIVE, (void *)&on, - sizeof(on)) < 0) + sizeof(on)) == -1) error("setsockopt SO_KEEPALIVE: %.100s", strerror(errno)); /* Set the connection. */ @@ -529,8 +529,8 @@ ssh_connect(struct ssh *ssh, const char *host, struct addrinfo *addrs, return ssh_connect_direct(ssh, host, addrs, hostaddr, port, family, connection_attempts, timeout_ms, want_keepalive); } else if (strcmp(options.proxy_command, "-") == 0) { - if ((in = dup(STDIN_FILENO)) < 0 || - (out = dup(STDOUT_FILENO)) < 0) { + if ((in = dup(STDIN_FILENO)) == -1 || + (out = dup(STDOUT_FILENO)) == -1) { if (in >= 0) close(in); error("%s: dup() in/out failed", __func__); diff --git a/usr.bin/ssh/sshconnect2.c b/usr.bin/ssh/sshconnect2.c index 123fb6c2818..0ccf0fb2646 100644 --- a/usr.bin/ssh/sshconnect2.c +++ b/usr.bin/ssh/sshconnect2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect2.c,v 1.305 2019/05/31 03:20:07 djm Exp $ */ +/* $OpenBSD: sshconnect2.c,v 1.306 2019/06/28 13:35:04 deraadt Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2008 Damien Miller. All rights reserved. @@ -1400,7 +1400,7 @@ load_identity_file(Identity *id) int r, perm_ok = 0, quit = 0, i; struct stat st; - if (stat(id->filename, &st) < 0) { + if (stat(id->filename, &st) == -1) { (id->userprovided ? logit : debug3)("no such identity: %s: %s", id->filename, strerror(errno)); return NULL; @@ -1833,7 +1833,7 @@ ssh_keysign(struct ssh *ssh, struct sshkey *key, u_char **sigp, size_t *lenp, *sigp = NULL; *lenp = 0; - if (stat(_PATH_SSH_KEY_SIGN, &st) < 0) { + if (stat(_PATH_SSH_KEY_SIGN, &st) == -1) { error("%s: not installed: %s", __func__, strerror(errno)); return -1; } @@ -1841,30 +1841,30 @@ ssh_keysign(struct ssh *ssh, struct sshkey *key, u_char **sigp, size_t *lenp, error("%s: fflush: %s", __func__, strerror(errno)); return -1; } - if (pipe(to) < 0) { + if (pipe(to) == -1) { error("%s: pipe: %s", __func__, strerror(errno)); return -1; } - if (pipe(from) < 0) { + if (pipe(from) == -1) { error("%s: pipe: %s", __func__, strerror(errno)); return -1; } - if ((pid = fork()) < 0) { + if ((pid = fork()) == -1) { error("%s: fork: %s", __func__, strerror(errno)); return -1; } osigchld = signal(SIGCHLD, SIG_DFL); if (pid == 0) { close(from[0]); - if (dup2(from[1], STDOUT_FILENO) < 0) + if (dup2(from[1], STDOUT_FILENO) == -1) fatal("%s: dup2: %s", __func__, strerror(errno)); close(to[1]); - if (dup2(to[0], STDIN_FILENO) < 0) + if (dup2(to[0], STDIN_FILENO) == -1) fatal("%s: dup2: %s", __func__, strerror(errno)); close(from[1]); close(to[0]); - if (dup2(sock, STDERR_FILENO + 1) < 0) + if (dup2(sock, STDERR_FILENO + 1) == -1) fatal("%s: dup2: %s", __func__, strerror(errno)); sock = STDERR_FILENO + 1; fcntl(sock, F_SETFD, 0); /* keep the socket on exec */ @@ -1898,7 +1898,7 @@ ssh_keysign(struct ssh *ssh, struct sshkey *key, u_char **sigp, size_t *lenp, } errno = 0; - while (waitpid(pid, &status, 0) < 0) { + while (waitpid(pid, &status, 0) == -1) { if (errno != EINTR) { error("%s: waitpid %ld: %s", __func__, (long)pid, strerror(errno)); diff --git a/usr.bin/ssh/sshd.c b/usr.bin/ssh/sshd.c index 9cabfca0307..471ec0b6b14 100644 --- a/usr.bin/ssh/sshd.c +++ b/usr.bin/ssh/sshd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshd.c,v 1.536 2019/06/21 04:21:05 djm Exp $ */ +/* $OpenBSD: sshd.c,v 1.537 2019/06/28 13:35:04 deraadt Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -321,7 +321,7 @@ main_sigchld_handler(int sig) int status; while ((pid = waitpid(-1, &status, WNOHANG)) > 0 || - (pid < 0 && errno == EINTR)) + (pid == -1 && errno == EINTR)) ; errno = save_errno; } @@ -432,7 +432,7 @@ privsep_preauth_child(void) debug3("privsep user:group %u:%u", (u_int)pw->pw_uid, (u_int)pw->pw_gid); gidset[0] = pw->pw_gid; - if (setgroups(1, gidset) < 0) + if (setgroups(1, gidset) == -1) fatal("setgroups: %.100s", strerror(errno)); permanently_set_uid(pw); } @@ -472,7 +472,7 @@ privsep_preauth(struct ssh *ssh) monitor_child_preauth(ssh, pmonitor); /* Wait for the child's exit status */ - while (waitpid(pid, &status, 0) < 0) { + while (waitpid(pid, &status, 0) == -1) { if (errno == EINTR) continue; pmonitor->m_pid = -1; @@ -916,7 +916,7 @@ listen_on_addrs(struct listenaddr *la) /* Create socket for listening. */ listen_sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol); - if (listen_sock < 0) { + if (listen_sock == -1) { /* kernel may not support ipv6 */ verbose("socket: %.100s", strerror(errno)); continue; @@ -941,7 +941,7 @@ listen_on_addrs(struct listenaddr *la) debug("Bind to port %s on %s.", strport, ntop); /* Bind the socket to the desired port. */ - if (bind(listen_sock, ai->ai_addr, ai->ai_addrlen) < 0) { + if (bind(listen_sock, ai->ai_addr, ai->ai_addrlen) == -1) { error("Bind to port %s on %s failed: %.200s.", strport, ntop, strerror(errno)); close(listen_sock); @@ -951,7 +951,7 @@ listen_on_addrs(struct listenaddr *la) num_listen_socks++; /* Start listening on the port. */ - if (listen(listen_sock, SSH_LISTEN_BACKLOG) < 0) + if (listen(listen_sock, SSH_LISTEN_BACKLOG) == -1) fatal("listen on [%s]:%s: %.100s", ntop, strport, strerror(errno)); logit("Server listening on %s port %s%s%s.", @@ -1035,7 +1035,7 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s) /* Wait in select until there is a connection. */ ret = select(maxfd+1, fdset, NULL, NULL, NULL); - if (ret < 0 && errno != EINTR) + if (ret == -1 && errno != EINTR) error("select: %.100s", strerror(errno)); if (received_sigterm) { logit("Received signal %d; terminating.", @@ -1045,7 +1045,7 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s) unlink(options.pid_file); exit(received_sigterm == SIGTERM ? 0 : 255); } - if (ret < 0) + if (ret == -1) continue; for (i = 0; i < options.max_startups; i++) { @@ -1085,7 +1085,7 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s) fromlen = sizeof(from); *newsock = accept(listen_socks[i], (struct sockaddr *)&from, &fromlen); - if (*newsock < 0) { + if (*newsock == -1) { if (errno != EINTR && errno != EWOULDBLOCK && errno != ECONNABORTED) error("accept: %.100s", @@ -1202,7 +1202,7 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s) } /* Parent. Stay in the loop. */ - if (pid < 0) + if (pid == -1) error("fork: %.100s", strerror(errno)); else debug("Forked child %ld.", (long)pid); @@ -1241,7 +1241,7 @@ check_ip_options(struct ssh *ssh) memset(&from, 0, sizeof(from)); if (getpeername(sock_in, (struct sockaddr *)&from, - &fromlen) < 0) + &fromlen) == -1) return; if (from.ss_family != AF_INET) return; @@ -1757,7 +1757,7 @@ main(int ac, char **av) already_daemon = daemonized(); if (!(debug_flag || inetd_flag || no_daemon_flag || already_daemon)) { - if (daemon(0, 0) < 0) + if (daemon(0, 0) == -1) fatal("daemon() failed: %.200s", strerror(errno)); disconnect_controlling_tty(); @@ -1813,7 +1813,7 @@ main(int ac, char **av) * setlogin() affects the entire process group. We don't * want the child to be able to affect the parent. */ - if (!debug_flag && !inetd_flag && setsid() < 0) + if (!debug_flag && !inetd_flag && setsid() == -1) error("setsid: %.100s", strerror(errno)); if (rexec_flag) { @@ -1889,7 +1889,7 @@ main(int ac, char **av) /* Set SO_KEEPALIVE if requested. */ if (options.tcp_keep_alive && ssh_packet_connection_is_on_socket(ssh) && - setsockopt(sock_in, SOL_SOCKET, SO_KEEPALIVE, &on, sizeof(on)) < 0) + setsockopt(sock_in, SOL_SOCKET, SO_KEEPALIVE, &on, sizeof(on)) == -1) error("setsockopt SO_KEEPALIVE: %.100s", strerror(errno)); if ((remote_port = ssh_remote_port(ssh)) < 0) { diff --git a/usr.bin/ssh/sshkey-xmss.c b/usr.bin/ssh/sshkey-xmss.c index 88c1a141dfe..883ea57303e 100644 --- a/usr.bin/ssh/sshkey-xmss.c +++ b/usr.bin/ssh/sshkey-xmss.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshkey-xmss.c,v 1.4 2019/06/27 18:03:37 deraadt Exp $ */ +/* $OpenBSD: sshkey-xmss.c,v 1.5 2019/06/28 13:35:04 deraadt Exp $ */ /* * Copyright (c) 2017 Markus Friedl. All rights reserved. * @@ -467,12 +467,12 @@ sshkey_xmss_get_state(const struct sshkey *k, sshkey_printfn *pr) ret = SSH_ERR_ALLOC_FAIL; goto done; } - if ((lockfd = open(lockfile, O_CREAT|O_RDONLY, 0600)) < 0) { + if ((lockfd = open(lockfile, O_CREAT|O_RDONLY, 0600)) == -1) { ret = SSH_ERR_SYSTEM_ERROR; PRINT("%s: cannot open/create: %s", __func__, lockfile); goto done; } - while (flock(lockfd, LOCK_EX|LOCK_NB) < 0) { + while (flock(lockfd, LOCK_EX|LOCK_NB) == -1) { if (errno != EWOULDBLOCK) { ret = SSH_ERR_SYSTEM_ERROR; PRINT("%s: cannot lock: %s", __func__, lockfile); @@ -607,7 +607,7 @@ sshkey_xmss_update_state(const struct sshkey *k, sshkey_printfn *pr) PRINT("%s: ENCRYPT FAILED: %d", __func__, ret); goto done; } - if ((fd = open(nstatefile, O_CREAT|O_WRONLY|O_EXCL, 0600)) < 0) { + if ((fd = open(nstatefile, O_CREAT|O_WRONLY|O_EXCL, 0600)) == -1) { ret = SSH_ERR_SYSTEM_ERROR; PRINT("%s: open new state file: %s", __func__, nstatefile); goto done; @@ -626,13 +626,13 @@ sshkey_xmss_update_state(const struct sshkey *k, sshkey_printfn *pr) close(fd); goto done; } - if (fsync(fd) < 0) { + if (fsync(fd) == -1) { ret = SSH_ERR_SYSTEM_ERROR; PRINT("%s: sync new state file: %s", __func__, nstatefile); close(fd); goto done; } - if (close(fd) < 0) { + if (close(fd) == -1) { ret = SSH_ERR_SYSTEM_ERROR; PRINT("%s: close new state file: %s", __func__, nstatefile); goto done; @@ -646,7 +646,7 @@ sshkey_xmss_update_state(const struct sshkey *k, sshkey_printfn *pr) goto done; } } - if (rename(nstatefile, statefile) < 0) { + if (rename(nstatefile, statefile) == -1) { ret = SSH_ERR_SYSTEM_ERROR; PRINT("%s: rename %s to %s", __func__, nstatefile, statefile); goto done; diff --git a/usr.bin/ssh/sshlogin.c b/usr.bin/ssh/sshlogin.c index d90dc3b2deb..f5ba180ca15 100644 --- a/usr.bin/ssh/sshlogin.c +++ b/usr.bin/ssh/sshlogin.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshlogin.c,v 1.33 2018/07/09 21:26:02 markus Exp $ */ +/* $OpenBSD: sshlogin.c,v 1.34 2019/06/28 13:35:04 deraadt Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -81,7 +81,7 @@ get_last_login_time(uid_t uid, const char *logname, buf[0] = '\0'; fd = open(lastlog, O_RDONLY); - if (fd < 0) + if (fd == -1) return 0; pos = (off_t)uid * sizeof(ll); diff --git a/usr.bin/ssh/sshpty.c b/usr.bin/ssh/sshpty.c index c7a984611de..8baadf62eb0 100644 --- a/usr.bin/ssh/sshpty.c +++ b/usr.bin/ssh/sshpty.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshpty.c,v 1.31 2016/11/29 03:54:50 dtucker Exp $ */ +/* $OpenBSD: sshpty.c,v 1.32 2019/06/28 13:35:04 deraadt Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -48,7 +48,7 @@ pty_allocate(int *ptyfd, int *ttyfd, char *namebuf, size_t namebuflen) int i; i = openpty(ptyfd, ttyfd, buf, NULL, NULL); - if (i < 0) { + if (i == -1) { error("openpty: %.100s", strerror(errno)); return 0; } @@ -61,9 +61,9 @@ pty_allocate(int *ptyfd, int *ttyfd, char *namebuf, size_t namebuflen) void pty_release(const char *tty) { - if (chown(tty, (uid_t) 0, (gid_t) 0) < 0) + if (chown(tty, (uid_t) 0, (gid_t) 0) == -1) error("chown %.100s 0 0 failed: %.100s", tty, strerror(errno)); - if (chmod(tty, (mode_t) 0666) < 0) + if (chmod(tty, (mode_t) 0666) == -1) error("chmod %.100s 0666 failed: %.100s", tty, strerror(errno)); } @@ -82,7 +82,7 @@ pty_make_controlling_tty(int *ttyfd, const char *tty) close(fd); } #endif /* TIOCNOTTY */ - if (setsid() < 0) + if (setsid() == -1) error("setsid: %.100s", strerror(errno)); /* @@ -97,18 +97,18 @@ pty_make_controlling_tty(int *ttyfd, const char *tty) /* Make it our controlling tty. */ #ifdef TIOCSCTTY debug("Setting controlling tty using TIOCSCTTY."); - if (ioctl(*ttyfd, TIOCSCTTY, NULL) < 0) + if (ioctl(*ttyfd, TIOCSCTTY, NULL) == -1) error("ioctl(TIOCSCTTY): %.100s", strerror(errno)); #endif /* TIOCSCTTY */ fd = open(tty, O_RDWR); - if (fd < 0) + if (fd == -1) error("%.100s: %.100s", tty, strerror(errno)); else close(fd); /* Verify that we now have a controlling tty. */ fd = open(_PATH_TTY, O_WRONLY); - if (fd < 0) + if (fd == -1) error("open /dev/tty failed - could not set controlling tty: %.100s", strerror(errno)); else @@ -154,7 +154,7 @@ pty_setowner(struct passwd *pw, const char *tty) strerror(errno)); if (st.st_uid != pw->pw_uid || st.st_gid != gid) { - if (chown(tty, pw->pw_uid, gid) < 0) { + if (chown(tty, pw->pw_uid, gid) == -1) { if (errno == EROFS && (st.st_uid == pw->pw_uid || st.st_uid == 0)) debug("chown(%.100s, %u, %u) failed: %.100s", @@ -168,7 +168,7 @@ pty_setowner(struct passwd *pw, const char *tty) } if ((st.st_mode & (S_IRWXU|S_IRWXG|S_IRWXO)) != mode) { - if (chmod(tty, mode) < 0) { + if (chmod(tty, mode) == -1) { if (errno == EROFS && (st.st_mode & (S_IRGRP | S_IROTH)) == 0) debug("chmod(%.100s, 0%o) failed: %.100s", diff --git a/usr.bin/ssh/uidswap.c b/usr.bin/ssh/uidswap.c index 03ed375e987..415313df2d0 100644 --- a/usr.bin/ssh/uidswap.c +++ b/usr.bin/ssh/uidswap.c @@ -1,4 +1,4 @@ -/* $OpenBSD: uidswap.c,v 1.41 2018/07/18 11:34:04 dtucker Exp $ */ +/* $OpenBSD: uidswap.c,v 1.42 2019/06/28 13:35:04 deraadt Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -63,23 +63,23 @@ temporarily_use_uid(struct passwd *pw) privileged = 1; temporarily_use_uid_effective = 1; saved_egroupslen = getgroups(NGROUPS_MAX, saved_egroups); - if (saved_egroupslen < 0) + if (saved_egroupslen == -1) fatal("getgroups: %.100s", strerror(errno)); /* set and save the user's groups */ if (user_groupslen == -1 || user_groups_uid != pw->pw_uid) { - if (initgroups(pw->pw_name, pw->pw_gid) < 0) + if (initgroups(pw->pw_name, pw->pw_gid) == -1) fatal("initgroups: %s: %.100s", pw->pw_name, strerror(errno)); user_groupslen = getgroups(NGROUPS_MAX, user_groups); - if (user_groupslen < 0) + if (user_groupslen == -1) fatal("getgroups: %.100s", strerror(errno)); user_groups_uid = pw->pw_uid; } /* Set the effective uid to the given (unprivileged) uid. */ - if (setgroups(user_groupslen, user_groups) < 0) + if (setgroups(user_groupslen, user_groups) == -1) fatal("setgroups: %.100s", strerror(errno)); - if (setegid(pw->pw_gid) < 0) + if (setegid(pw->pw_gid) == -1) fatal("setegid %u: %.100s", (u_int)pw->pw_gid, strerror(errno)); if (seteuid(pw->pw_uid) == -1) @@ -102,11 +102,11 @@ restore_uid(void) fatal("restore_uid: temporarily_use_uid not effective"); debug("restore_uid: %u/%u", (u_int)saved_euid, (u_int)saved_egid); /* Set the effective uid back to the saved privileged uid. */ - if (seteuid(saved_euid) < 0) + if (seteuid(saved_euid) == -1) fatal("seteuid %u: %.100s", (u_int)saved_euid, strerror(errno)); - if (setgroups(saved_egroupslen, saved_egroups) < 0) + if (setgroups(saved_egroupslen, saved_egroups) == -1) fatal("setgroups: %.100s", strerror(errno)); - if (setegid(saved_egid) < 0) + if (setegid(saved_egid) == -1) fatal("setegid %u: %.100s", (u_int)saved_egid, strerror(errno)); temporarily_use_uid_effective = 0; } @@ -122,8 +122,8 @@ permanently_set_uid(struct passwd *pw) fatal("permanently_set_uid: temporarily_use_uid effective"); debug("permanently_set_uid: %u/%u", (u_int)pw->pw_uid, (u_int)pw->pw_gid); - if (setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) != 0) + if (setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) == -1) fatal("setresgid %u: %s", (u_int)pw->pw_gid, strerror(errno)); - if (setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid) != 0) + if (setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid) == -1) fatal("setresuid %u: %s", (u_int)pw->pw_uid, strerror(errno)); } |