--- pid_file.c 2001-07-04 11:35:01.000000000 +0200 +++ pid_file.c.fixes 2013-12-13 23:55:23.212451006 +0100 @@ -34,8 +34,17 @@ oldegid = getegid(); oldeuid = geteuid(); - setegid(getgid()); - seteuid(getuid()); + if (setegid(getgid()) != 0) { + fprintf(stderr, "could not setegid(%d).\n", (int)getgid()); + return(-1); + } + if (seteuid(getuid()) != 0) { + fprintf(stderr, "could not seteuid(%d).\n", (int)getuid()); + if (setegid(oldegid) != 0) { + fprintf(stderr, "could not setegid(%d).\n", (int)oldegid); + } + return(-1); + } #endif // check if the pid file exists @@ -74,8 +83,11 @@ pid_file, (int)mypid)); #if HAVE_SETEUID && HAVE_SETEGID - setegid(oldegid); - seteuid(oldeuid); + if (setegid(oldegid) == 0 && seteuid(oldeuid) == 0) { + return 0; + } else { + goto ERR; + } #endif return 0; @@ -83,8 +95,12 @@ ERR: if(fp) { fclose(fp); fp = NULL; } #if HAVE_SETEUID && HAVE_SETEGID - setegid(oldegid); - seteuid(oldeuid); + if (setegid(oldegid) != 0) { + fprintf(stderr, "could not setegid(%d).\n", (int)oldegid); + } + if (seteuid(oldeuid) != 0) { + fprintf(stderr, "could not seteuid(%d).\n", (int)oldeuid); + } #endif return(-1); @@ -106,15 +122,23 @@ oldegid = getegid(); oldeuid = geteuid(); - setegid(getgid()); - seteuid(getuid()); + if (setegid(getgid()) != 0) { + fprintf(stderr, "could not setegid(%d).\n", (int)getgid()); + } + if (seteuid(getuid()) != 0) { + fprintf(stderr, "could not seteuid(%d).\n", (int)getuid()); + } #endif ret = unlink(pid_file); #if HAVE_SETEUID && HAVE_SETEGID - setegid(oldegid); - seteuid(oldeuid); + if (setegid(oldegid) != 0) { + fprintf(stderr, "could not setegid(%d).\n", (int)oldegid); + } + if (seteuid(oldeuid) != 0) { + fprintf(stderr, "could not seteuid(%d).\n", (int)oldeuid); + } #endif return ret; --- ez-ipupdate.c 2013-12-13 23:40:16.029173192 +0100 +++ ez-ipupdate.c.buildfixes 2013-12-14 15:35:09.217704189 +0100 @@ -737,7 +737,7 @@ { char message[] = "interrupted\n"; close(client_sockfd); - write(2, message, sizeof(message)-1); + if (write(2, message, sizeof(message)-1) != 0) {}; #if HAVE_GETPID if(pid_file) @@ -1757,7 +1757,7 @@ } printf("service: "); *buf = '\0'; - fgets(buf, sizeof(buf), stdin); + if (fgets(buf, sizeof(buf), stdin) == NULL ) { return(-1); } chomp(buf); option_handler(CMD_service_type, buf); @@ -1902,7 +1902,7 @@ if(host) { free(host); } printf("host: "); *buf = '\0'; - fgets(buf, BUFSIZ, stdin); + if (fgets(buf, BUFSIZ, stdin) == NULL ) { return(-1); } host = strdup(buf); chomp(host); } @@ -1923,7 +1923,7 @@ if(interface) { free(interface); } printf("interface: "); *buf = '\0'; - fgets(buf, BUFSIZ, stdin); + if (fgets(buf, BUFSIZ, stdin) == NULL ) { return(-1); } chomp(buf); option_handler(CMD_interface, buf); } @@ -2198,7 +2198,7 @@ if(host) { free(host); } printf("host: "); *buf = '\0'; - fgets(buf, BUFSIZ, stdin); + if (fgets(buf, BUFSIZ, stdin) == NULL ) { return(-1); } host = strdup(buf); chomp(host); } @@ -2213,7 +2213,7 @@ if(interface) { free(interface); } printf("interface: "); *buf = '\0'; - fgets(buf, BUFSIZ, stdin); + if (fgets(buf, BUFSIZ, stdin) == NULL ) { return(-1); } chomp(buf); option_handler(CMD_interface, buf); } @@ -2397,7 +2397,7 @@ } if(host) { free(host); } printf("host: "); - fgets(buf, BUFSIZ, stdin); + if (fgets(buf, BUFSIZ, stdin) == NULL ) { return(-1); } host = strdup(buf); chomp(host); } @@ -2412,7 +2412,7 @@ if(interface) { free(interface); } printf("interface: "); *buf = '\0'; - fgets(buf, BUFSIZ, stdin); + if (fgets(buf, BUFSIZ, stdin) == NULL ) { return(-1); } chomp(buf); option_handler(CMD_interface, buf); } @@ -2751,7 +2751,7 @@ if(host) { free(host); } printf("host: "); *buf = '\0'; - fgets(buf, BUFSIZ, stdin); + if (fgets(buf, BUFSIZ, stdin) == NULL ) { return(-1); } host = strdup(buf); chomp(host); } @@ -2875,7 +2875,7 @@ if(host) { free(host); } printf("host: "); *buf = '\0'; - fgets(buf, BUFSIZ, stdin); + if (fgets(buf, BUFSIZ, stdin) == NULL ) { return(-1); } host = strdup(buf); chomp(host); } @@ -2890,7 +2890,7 @@ if(interface) { free(interface); } printf("interface: "); *buf = '\0'; - fgets(buf, BUFSIZ, stdin); + if (fgets(buf, BUFSIZ, stdin) == NULL ) { return(-1); } chomp(buf); option_handler(CMD_interface, buf); } @@ -3043,7 +3043,7 @@ if(host) { free(host); } printf("host: "); *buf = '\0'; - fgets(buf, BUFSIZ, stdin); + if (fgets(buf, BUFSIZ, stdin) == NULL ) { return(-1); } host = strdup(buf); chomp(host); } @@ -3058,7 +3058,7 @@ if(interface) { free(interface); } printf("interface: "); *buf = '\0'; - fgets(buf, BUFSIZ, stdin); + if (fgets(buf, BUFSIZ, stdin) == NULL ) { return(-1); } chomp(buf); option_handler(CMD_interface, buf); } @@ -3199,7 +3199,7 @@ if(host) { free(host); } printf("host: "); *buf = '\0'; - fgets(buf, BUFSIZ, stdin); + if (fgets(buf, BUFSIZ, stdin) == NULL ) { return(-1); } host = strdup(buf); chomp(host); } @@ -3213,7 +3213,7 @@ if(partner) { free(partner); } printf("easyDNS partner: "); *buf = '\0'; - fgets(buf, BUFSIZ, stdin); + if (fgets(buf, BUFSIZ, stdin) == NULL ) { return(-1); } partner = strdup(buf); chomp(partner); } @@ -3228,7 +3228,7 @@ if(interface) { free(interface); } printf("interface: "); *buf = '\0'; - fgets(buf, BUFSIZ, stdin); + if (fgets(buf, BUFSIZ, stdin) == NULL ) { return(-1); } chomp(buf); option_handler(CMD_interface, buf); } @@ -3395,7 +3395,7 @@ if(server) { free(server); } printf("server: "); *buf = '\0'; - fgets(buf, BUFSIZ, stdin); + if (fgets(buf, BUFSIZ, stdin) == NULL ) { return(-1); } server = strdup(buf); chomp(server); } @@ -3409,7 +3409,7 @@ if(host) { free(host); } printf("host: "); *buf = '\0'; - fgets(buf, BUFSIZ, stdin); + if (fgets(buf, BUFSIZ, stdin) == NULL ) { return(-1); } host = strdup(buf); chomp(host); } @@ -3570,7 +3570,7 @@ } printf("host: "); *buf = '\0'; - fgets(buf, BUFSIZ, stdin); + if (fgets(buf, BUFSIZ, stdin) == NULL ) { return(-1); } chomp(buf); host = strdup(buf); } @@ -3585,7 +3585,7 @@ if(interface) { free(interface); } printf("interface: "); *buf = '\0'; - fgets(buf, BUFSIZ, stdin); + if (fgets(buf, BUFSIZ, stdin) == NULL ) { return(-1); } chomp(buf); option_handler(CMD_interface, buf); } @@ -3720,7 +3720,7 @@ } printf("host: "); *buf = '\0'; - fgets(buf, BUFSIZ, stdin); + if (fgets(buf, BUFSIZ, stdin) == NULL ) { return(-1); } chomp(buf); host = strdup(buf); } @@ -3735,7 +3735,7 @@ if(interface) { free(interface); } printf("interface: "); *buf = '\0'; - fgets(buf, BUFSIZ, stdin); + if (fgets(buf, BUFSIZ, stdin) == NULL ) { return(-1); } chomp(buf); option_handler(CMD_interface, buf); } @@ -3958,7 +3958,7 @@ case 200: ret = -1; - if((p=strstr(buf, "DDNS_Response_")) != NULL) + char *p; if((p=strstr(buf, "DDNS_Response_")) != NULL) { sscanf(p, "DDNS_Response_%*code=%3d", &ret); } @@ -4056,7 +4056,7 @@ if(host) { free(host); } printf("host: "); *buf = '\0'; - fgets(buf, BUFSIZ, stdin); + if (fgets(buf, BUFSIZ, stdin) == NULL ) { return(-1); } host = strdup(buf); chomp(host); } @@ -4195,7 +4195,7 @@ if(interface) { free(interface); } printf("interface: "); *buf = '\0'; - fgets(buf, BUFSIZ, stdin); + if (fgets(buf, BUFSIZ, stdin) == NULL ) { return(-1); } chomp(buf); option_handler(CMD_interface, buf); } @@ -4303,7 +4303,7 @@ if(host) { free(host); } printf("host: "); *buf = '\0'; - fgets(buf, BUFSIZ, stdin); + if (fgets(buf, BUFSIZ, stdin) == NULL ) { return(-1); } host = strdup(buf); chomp(host); } @@ -4318,7 +4318,7 @@ if(interface) { free(interface); } printf("interface: "); *buf = '\0'; - fgets(buf, BUFSIZ, stdin); + if (fgets(buf, BUFSIZ, stdin) == NULL ) { return(-1); } chomp(buf); option_handler(CMD_interface, buf); } @@ -4478,7 +4478,7 @@ if(host) { free(host); } printf("host: "); *buf = '\0'; - fgets(buf, BUFSIZ, stdin); + if (fgets(buf, BUFSIZ, stdin) == NULL ) { return(-1); } host = strdup(buf); chomp(host); } @@ -4493,7 +4493,7 @@ if(interface) { free(interface); } printf("interface: "); *buf = '\0'; - fgets(buf, BUFSIZ, stdin); + if (fgets(buf, BUFSIZ, stdin) == NULL ) { return(-1); } chomp(buf); option_handler(CMD_interface, buf); } @@ -4848,7 +4848,11 @@ if(*user_name == '\0' && !(options & OPT_DAEMON)) { printf("user name: "); - fgets(user_name, sizeof(user_name), stdin); + if (fgets(user_name, sizeof(user_name), stdin) == NULL) + { + fprintf(stderr, "invalid input\n"); + exit(1); + } chomp(user_name); } if(*password == '\0' && !(options & OPT_DAEMON)) @@ -5072,7 +5076,9 @@ " updater for %s due to fatal error.\" | %s %s", host, SEND_EMAIL_CMD, notify_email); - system(buf); + if (system(buf) != 0) { + show_message("and email error notification failed\n"); + } } break; }