From 184e03b4a97053642b2eb30d3d01ed993f6c7102 Mon Sep 17 00:00:00 2001 From: "Todd C. Miller" Date: Mon, 7 Aug 2023 08:05:00 -0600 Subject: [PATCH] ERR_get_error() returns unsigned long, not int. --- logsrvd/logsrvd_relay.c | 7 ++++--- logsrvd/sendlog.c | 11 ++++++----- plugins/sudoers/log_client.c | 7 ++++--- 3 files changed, 14 insertions(+), 11 deletions(-) diff --git a/logsrvd/logsrvd_relay.c b/logsrvd/logsrvd_relay.c index 63e34a4b8..8fe7f08b9 100644 --- a/logsrvd/logsrvd_relay.c +++ b/logsrvd/logsrvd_relay.c @@ -724,6 +724,7 @@ relay_server_msg_cb(int fd, int what, void *v) err = SSL_read_ex(ssl, buf->data + buf->len, buf->size - buf->len, &nread); if (err) { + unsigned long errcode; const char *errstr; switch (SSL_get_error(ssl, err)) { @@ -759,16 +760,16 @@ relay_server_msg_cb(int fd, int what, void *v) * alert when we read ServerHello. Convert to a more useful * message and hope that no actual internal error occurs. */ - err = ERR_get_error(); + errcode = ERR_get_error(); #if !defined(HAVE_WOLFSSL) if (closure->state == INITIAL && - ERR_GET_REASON(err) == SSL_R_TLSV1_ALERT_INTERNAL_ERROR) { + ERR_GET_REASON(errcode) == SSL_R_TLSV1_ALERT_INTERNAL_ERROR) { errstr = _("relay host name does not match certificate"); closure->errstr = errstr; } else #endif { - errstr = ERR_reason_error_string(err); + errstr = ERR_reason_error_string(errcode); closure->errstr = _("error reading from relay"); } sudo_warnx("%s: SSL_read_ex: %s", diff --git a/logsrvd/sendlog.c b/logsrvd/sendlog.c index e465071f7..29e80e855 100644 --- a/logsrvd/sendlog.c +++ b/logsrvd/sendlog.c @@ -308,8 +308,8 @@ read_io_buf(struct client_closure *closure) closure->bufsize = new_size; } - nread = iolog_read(&closure->iolog_files[timing->event], closure->buf, - timing->u.nbytes, &errstr); + nread = (size_t)iolog_read(&closure->iolog_files[timing->event], + closure->buf, timing->u.nbytes, &errstr); if (nread == (size_t)-1) { sudo_warnx(U_("unable to read %s/%s: %s"), iolog_dir, iolog_fd_to_name(timing->event), errstr); @@ -1284,6 +1284,7 @@ server_msg_cb(int fd, int what, void *v) err = SSL_read_ex(ssl, buf->data + buf->len, buf->size - buf->len, &nread); if (err) { + unsigned long errcode; const char *errstr; switch (SSL_get_error(ssl, err)) { @@ -1318,15 +1319,15 @@ server_msg_cb(int fd, int what, void *v) * alert when we read ServerHello. Convert to a more useful * message and hope that no actual internal error occurs. */ - err = ERR_get_error(); + errcode = ERR_get_error(); #if !defined(HAVE_WOLFSSL) if (closure->state == RECV_HELLO && - ERR_GET_REASON(err) == SSL_R_TLSV1_ALERT_INTERNAL_ERROR) { + ERR_GET_REASON(errcode) == SSL_R_TLSV1_ALERT_INTERNAL_ERROR) { errstr = U_("host name does not match certificate"); } else #endif { - errstr = ERR_reason_error_string(err); + errstr = ERR_reason_error_string(errcode); } sudo_warnx("%s", errstr ? errstr : strerror(errno)); goto bad; diff --git a/plugins/sudoers/log_client.c b/plugins/sudoers/log_client.c index 61a37ec20..6836407b5 100644 --- a/plugins/sudoers/log_client.c +++ b/plugins/sudoers/log_client.c @@ -1699,6 +1699,7 @@ server_msg_cb(int fd, int what, void *v) int err = SSL_read_ex(closure->ssl, buf->data + buf->len, buf->size - buf->len, &nread); if (err) { + unsigned long errcode; const char *errstr; switch (SSL_get_error(closure->ssl, err)) { @@ -1736,15 +1737,15 @@ server_msg_cb(int fd, int what, void *v) * alert when we read ServerHello. Convert to a more useful * message and hope that no actual internal error occurs. */ - err = ERR_get_error(); + errcode = ERR_get_error(); #if !defined(HAVE_WOLFSSL) if (closure->state == RECV_HELLO && - ERR_GET_REASON(err) == SSL_R_TLSV1_ALERT_INTERNAL_ERROR) { + ERR_GET_REASON(errcode) == SSL_R_TLSV1_ALERT_INTERNAL_ERROR) { errstr = U_("host name does not match certificate"); } else #endif { - errstr = ERR_reason_error_string(err); + errstr = ERR_reason_error_string(errcode); } sudo_warnx("%s", errstr ? errstr : strerror(errno)); goto bad;