From ba2703498338df98924463598a942d24fd6f4fc9 Mon Sep 17 00:00:00 2001 From: Alejandro Colomar Date: Thu, 15 Jan 2026 14:30:32 +0100 Subject: [PATCH 1/4] src/vipw.c: vipwedit(): Reduce scope of local variable 'f' is already used for something else before. Create a new variable used only for this, and limit it to this block. Signed-off-by: Alejandro Colomar --- src/vipw.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/src/vipw.c b/src/vipw.c index f6a3b72eee..8902a55cb0 100644 --- a/src/vipw.c +++ b/src/vipw.c @@ -413,8 +413,10 @@ vipwedit (const char *file, int (*file_lock) (void), int (*file_unlock) (bool)) createedit = false; #ifdef WITH_TCB if (tcb_mode) { - f = fopen (fileedit, "r"); - if (NULL == f) { + FILE *fe; + + fe = fopen(fileedit, "r"); + if (NULL == fe) { vipwexit (_("failed to open scratch file"), errno, 1); } if (unlink (fileedit) != 0) { @@ -430,11 +432,11 @@ vipwedit (const char *file, int (*file_lock) (void), int (*file_unlock) (bool)) if (to_rename == NULL) vipwexit (_("aprintf() failed"), errno, 1); - if (create_backup_file (f, to_rename, &st1) != 0) { + if (create_backup_file(fe, to_rename, &st1) != 0) { free(to_rename); vipwexit (_("failed to create backup file"), errno, 1); } - (void) fclose (f); + (void) fclose(fe); } else { #endif /* WITH_TCB */ to_rename = fileedit; From b958d7ac4f9931da443771f05e713fb049c2f626 Mon Sep 17 00:00:00 2001 From: Alejandro Colomar Date: Thu, 15 Jan 2026 15:48:37 +0100 Subject: [PATCH 2/4] src/vipw.c: vipwexit(), usage(): Mark as [[noreturn]] Signed-off-by: Alejandro Colomar --- src/vipw.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/src/vipw.c b/src/vipw.c index 8902a55cb0..e9c1da108c 100644 --- a/src/vipw.c +++ b/src/vipw.c @@ -27,6 +27,7 @@ #include #include +#include "attr.h" #include "defines.h" #include "getdef.h" #include "groupio.h" @@ -72,15 +73,16 @@ static bool tcb_mode = false; #endif /* WITH_TCB */ /* local function prototypes */ -static void usage (int status); +NORETURN static void usage(int status); static int create_backup_file (FILE *, char *, struct stat *); -static void vipwexit (const char *msg, int syserr, int ret); +NORETURN static void vipwexit(const char *msg, int syserr, int ret); static void vipwedit (const char *, int (*)(void), int (*)(bool)); /* * usage - display usage message and exit */ -static void usage (int status) +static void +usage(int status) { FILE *usageout = (E_SUCCESS != status) ? stderr : stdout; (void) fprintf (usageout, @@ -153,7 +155,8 @@ static int create_backup_file (FILE * fp, char *backup, struct stat *sb) /* * */ -static void vipwexit (const char *msg, int syserr, int ret) +static void +vipwexit(const char *msg, int syserr, int ret) { int err = errno; From 4e6047998431360c60481b7ef03b523ef492fbda Mon Sep 17 00:00:00 2001 From: Alejandro Colomar Date: Thu, 15 Jan 2026 15:41:13 +0100 Subject: [PATCH 3/4] src/vipw.c: vipwedit(): Don't else after [[noreturn]] Signed-off-by: Alejandro Colomar --- src/vipw.c | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) diff --git a/src/vipw.c b/src/vipw.c index e9c1da108c..b623ce414b 100644 --- a/src/vipw.c +++ b/src/vipw.c @@ -319,18 +319,18 @@ vipwedit (const char *file, int (*file_lock) (void), int (*file_unlock) (bool)) if (-1 == status) { fprintf(stderr, _("%s: %s: %s\n"), Prog, editor, strerrno()); exit (1); - } else if ( WIFEXITED (status) - && (WEXITSTATUS (status) != 0)) { + } + if (WIFEXITED(status) && WEXITSTATUS(status) != 0) { fprintf (stderr, _("%s: %s returned with status %d\n"), Prog, editor, WEXITSTATUS (status)); exit (WEXITSTATUS (status)); - } else if (WIFSIGNALED (status)) { + } + if (WIFSIGNALED(status)) { fprintf (stderr, _("%s: %s killed by signal %d\n"), Prog, editor, WTERMSIG (status)); exit (1); - } else { - exit (0); } + exit(0); } /* Run child in a new pgrp and make it the foreground pgrp. */ @@ -382,12 +382,11 @@ vipwedit (const char *file, int (*file_lock) (void), int (*file_unlock) (bool)) sigprocmask(SIG_SETMASK, &omask, NULL); } - if (-1 == pid) { + if (-1 == pid) vipwexit (editor, 1, 1); - } else if ( WIFEXITED (status) - && (WEXITSTATUS (status) != 0)) { + if (WIFEXITED(status) && WEXITSTATUS(status) != 0) vipwexit (NULL, 0, WEXITSTATUS (status)); - } else if (WIFSIGNALED (status)) { + if (WIFSIGNALED(status)) { fprintf (stderr, _("%s: %s killed by signal %d\n"), Prog, editor, WTERMSIG(status)); vipwexit (NULL, 0, 1); From 51a5e0a0e0385104e0b6c39cbca7750b170e23ad Mon Sep 17 00:00:00 2001 From: Alejandro Colomar Date: Thu, 15 Jan 2026 16:10:06 +0100 Subject: [PATCH 4/4] src/vipw.c: vipwedit(): Set fileedit closer to its use Signed-off-by: Alejandro Colomar --- src/vipw.c | 21 ++++++++++++--------- 1 file changed, 12 insertions(+), 9 deletions(-) diff --git a/src/vipw.c b/src/vipw.c index b623ce414b..769a99a732 100644 --- a/src/vipw.c +++ b/src/vipw.c @@ -219,18 +219,10 @@ vipwedit (const char *file, int (*file_lock) (void), int (*file_unlock) (bool)) if (shadowtcb_drop_priv () == SHADOWTCB_FAILURE) { vipwexit (_("failed to drop privileges"), errno, 1); } - stprintf_a(fileedit, - TCB_DIR "/" SHADOWTCB_SCRATCHDIR "/.%s.shadow.%s.XXXXXX", - Prog, user); - } else { -#endif /* WITH_TCB */ - stprintf_a(fileedit, "/etc/.%s.XXXXXX", Prog); -#ifdef WITH_TCB } -#endif /* WITH_TCB */ +#endif unlock = file_unlock; filename = file; - fileeditname = fileedit; if (access (file, F_OK) != 0) { vipwexit (file, 1, 1); @@ -274,6 +266,16 @@ vipwedit (const char *file, int (*file_lock) (void), int (*file_unlock) (bool)) if (NULL == f) { vipwexit (file, 1, 1); } +#ifdef WITH_TCB + if (tcb_mode) { + stprintf_a(fileedit, + TCB_DIR "/" SHADOWTCB_SCRATCHDIR "/.%s.shadow.%s.XXXXXX", + Prog, user); + } else +#endif + { + stprintf_a(fileedit, "/etc/.%s.XXXXXX", Prog); + } #ifdef WITH_TCB if (tcb_mode && (shadowtcb_gain_priv () == SHADOWTCB_FAILURE)) vipwexit (_("failed to gain privileges"), errno, 1); @@ -282,6 +284,7 @@ vipwedit (const char *file, int (*file_lock) (void), int (*file_unlock) (bool)) vipwexit (_("Couldn't make backup"), errno, 1); } (void) fclose (f); + fileeditname = fileedit; createedit = true; editor = getenv ("VISUAL");