 @@ -1,602 +1,601 @@
-/*	$NetBSD: do_command.c,v 1.8 2017/06/09 17:36:30 christos Exp $	*/
+/*	$NetBSD: do_command.c,v 1.9 2017/08/17 08:53:00 christos Exp $	*/
 /* Copyright 1988,1990,1993,1994 by Paul Vixie
  * All rights reserved
  */
 /*
  * Copyright (c) 2004 by Internet Systems Consortium, Inc. ("ISC")
  * Copyright (c) 1997,2000 by Internet Software Consortium, Inc.
+ *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
  * copyright notice and this permission notice appear in all copies.
+ *
  * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES
  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
  * MERCHANTABILITY AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR
  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT
  * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 #include <sys/cdefs.h>
 #if !defined(lint) && !defined(LINT)
 #if 0
 static char rcsid[] = "Id: do_command.c,v 1.9 2004/01/23 18:56:42 vixie Exp";
 #else
-__RCSID("$NetBSD: do_command.c,v 1.8 2017/06/09 17:36:30 christos Exp $");
+__RCSID("$NetBSD: do_command.c,v 1.9 2017/08/17 08:53:00 christos Exp $");
 #endif
 #endif
 #include "cron.h"
 #include <unistd.h>
 static int		child_process(entry *);
 static int		safe_p(const char *, const char *);
 void
 do_command(entry *e, user *u) {
 	int retval;
 	Debug(DPROC, ("[%ld] do_command(%s, (%s,%ld,%ld))\n",
 		      (long)getpid(), e->cmd, u->name,
 		      (long)e->pwd->pw_uid, (long)e->pwd->pw_gid));
 	/* fork to become asynchronous -- parent process is done immediately,
 	 * and continues to run the normal cron code, which means return to
 	 * tick().  the child and grandchild don't leave this function, alive.
+	 *
 	 * vfork() is unsuitable, since we have much to do, and the parent
 	 * needs to be able to run off and fork other processes.
 	 */
 	switch (fork()) {
 	case -1:
 		log_it("CRON", getpid(), "error", "can't fork");
 		break;
 	case 0:
 		/* child process */
 		acquire_daemonlock(1);
 		retval = child_process(e);
 		Debug(DPROC, ("[%ld] child process done (rc=%d), exiting\n",
 			      (long)getpid(), retval));
 		_exit(retval);
 		break;
 	default:
 		/* parent process */
 		break;
+	}
 	Debug(DPROC, ("[%ld] main process returning to work\n",(long)getpid()));
+}
 static void
 sigchld_handler(int signo) {
 	for (;;) {
 		WAIT_T waiter;
 		PID_T pid = waitpid(-1, &waiter, WNOHANG);
 		switch (pid) {
 		case -1:
 			if (errno == EINTR)
 				continue;
 		case 0:
 			return;
 		default:
 			break;
+		}
+	}
+}
 extern char **environ;
 static int
 child_process(entry *e) {
 	int stdin_pipe[2], stdout_pipe[2];
 	char * volatile input_data;
 	char *homedir, *usernm, * volatile mailto;
 	struct sigaction sact;
 	char **envp = e->envp;
 	int retval = OK_EXIT;
 	Debug(DPROC, ("[%ld] child_process('%s')\n", (long)getpid(), e->cmd));
 	setproctitle("running job");
 	/* discover some useful and important environment settings
 	 */
 	usernm = e->pwd->pw_name;
 	mailto = env_get("MAILTO", envp);
 	memset(&sact, 0, sizeof(sact));
 	sigemptyset(&sact.sa_mask);
 	sact.sa_flags = 0;
 #ifdef SA_RESTART
 	sact.sa_flags |= SA_RESTART;
 #endif
 	sact.sa_handler = sigchld_handler;
 	(void) sigaction(SIGCHLD, &sact, NULL);
 	/* create some pipes to talk to our future child
 	 */
 	if (pipe(stdin_pipe) == -1) 	/* child's stdin */
 		log_it("CRON", getpid(), "error", "create child stdin pipe");
 	if (pipe(stdout_pipe) == -1)	/* child's stdout */
 		log_it("CRON", getpid(), "error", "create child stdout pipe");
 	/* since we are a forked process, we can diddle the command string
 	 * we were passed -- nobody else is going to use it again, right?
+	 *
 	 * if a % is present in the command, previous characters are the
 	 * command, and subsequent characters are the additional input to
 	 * the command.  An escaped % will have the escape character stripped
 	 * from it.  Subsequent %'s will be transformed into newlines,
 	 * but that happens later.
 	 */
 	/*local*/{
 		int escaped = FALSE;
 		int ch;
 		char *p;
 		/* translation:
 		 *	\% -> %
 		 *	%  -> end of command, following is command input.
 		 *	\x -> \x	for all x != %
 		 */
 		input_data = p = e->cmd;
 		while ((ch = *input_data++) != '\0') {
  			if (escaped) {
 				if (ch != '%')
 					*p++ = '\\';
 			} else {
 				if (ch == '%') {
 					break;
+				}
+			}
 			if (!(escaped = (ch == '\\'))) {
 				*p++ = (char)ch;
+			}
+		}
 		if (ch == '\0') {
 			/* move pointer back, so that code below
 			 * won't think we encountered % sequence */
 			input_data--;
+		}
 		if (escaped)
 			*p++ = '\\';
 		*p = '\0';
+	}
 #ifdef USE_PAM
 	if (!cron_pam_start(usernm))
 		return ERROR_EXIT;
 	if (!(envp = cron_pam_getenvlist(envp))) {
 		retval = ERROR_EXIT;
 		goto child_process_end;
+	}
 #endif
 	/* fork again, this time so we can exec the user's command.
 	 */
 	switch (vfork()) {
 	case -1:
 		retval = ERROR_EXIT;
 		goto child_process_end;
 		/*NOTREACHED*/
 	case 0:
 		Debug(DPROC, ("[%ld] grandchild process vfork()'ed\n",
 			      (long)getpid()));
 		/* write a log message.  we've waited this long to do it
 		 * because it was not until now that we knew the PID that
 		 * the actual user command shell was going to get and the
 		 * PID is part of the log message.
 		 */
 		if ((e->flags & DONT_LOG) == 0) {
 			char *x = mkprints(e->cmd, strlen(e->cmd));
 			log_it(usernm, getpid(), "CMD START", x);
 			free(x);
+		}
 		/* that's the last thing we'll log.  close the log files.
 		 */
 		log_close();
 		/* get new pgrp, void tty, etc.
 		 */
 		if (setsid() == -1)
 			syslog(LOG_ERR, "setsid() failure: %m");
 		/* close the pipe ends that we won't use.  this doesn't affect
 		 * the parent, who has to read and write them; it keeps the
 		 * kernel from recording us as a potential client TWICE --
 		 * which would keep it from sending SIGPIPE in otherwise
 		 * appropriate circumstances.
 		 */
 		(void)close(stdin_pipe[WRITE_PIPE]);
 		(void)close(stdout_pipe[READ_PIPE]);
 		/* grandchild process.  make std{in,out} be the ends of
 		 * pipes opened by our daddy; make stderr go to stdout.
 		 */
 		if (stdin_pipe[READ_PIPE] != STDIN) {
 			(void)dup2(stdin_pipe[READ_PIPE], STDIN);
 			(void)close(stdin_pipe[READ_PIPE]);
+		}
 		if (stdout_pipe[WRITE_PIPE] != STDOUT) {
 			(void)dup2(stdout_pipe[WRITE_PIPE], STDOUT);
 			(void)close(stdout_pipe[WRITE_PIPE]);
+		}
 		(void)dup2(STDOUT, STDERR);
 		/* set our directory, uid and gid.  Set gid first, since once
 		 * we set uid, we've lost root privledges.
 		 */
 #ifdef LOGIN_CAP
+		{
 #ifdef BSD_AUTH
 			auth_session_t *as;
 #endif
 			login_cap_t *lc;
 			char *p;
 			if ((lc = login_getclass(e->pwd->pw_class)) == NULL) {
 				warnx("unable to get login class for `%s'",
 				    e->pwd->pw_name);
 				_exit(ERROR_EXIT);
+			}
 			if (setusercontext(lc, e->pwd, e->pwd->pw_uid, LOGIN_SETALL) < 0) {
 				warnx("setusercontext failed for `%s'",
 				    e->pwd->pw_name);
 				_exit(ERROR_EXIT);
+			}
 #ifdef BSD_AUTH
 			as = auth_open();
 			if (as == NULL || auth_setpwd(as, e->pwd) != 0) {
 				warn("can't malloc");
 				_exit(ERROR_EXIT);
+			}
 			if (auth_approval(as, lc, usernm, "cron") <= 0) {
 				warnx("approval failed for `%s'",
 				    e->pwd->pw_name);
 				_exit(ERROR_EXIT);
+			}
 			auth_close(as);
 #endif /* BSD_AUTH */
 			login_close(lc);
 			/* If no PATH specified in crontab file but
 			 * we just added one via login.conf, add it to
 			 * the crontab environment.
 			 */
 			if (env_get("PATH", envp) == NULL && environ != NULL) {
 				if ((p = getenv("PATH")) != NULL)
 					envp = env_set(envp, p);
+			}
+		}
 #else
 		if (setgid(e->pwd->pw_gid) != 0) {
 			syslog(LOG_ERR, "setgid(%d) failed for %s: %m",
 			    e->pwd->pw_gid, e->pwd->pw_name);
 			_exit(ERROR_EXIT);
+		}
 		if (initgroups(usernm, e->pwd->pw_gid) != 0) {
 			syslog(LOG_ERR, "initgroups(%s, %d) failed for %s: %m",
 			    usernm, e->pwd->pw_gid, e->pwd->pw_name);
 			_exit(ERROR_EXIT);
+		}
 #if (defined(BSD)) && (BSD >= 199103)
 		if (setlogin(usernm) < 0) {
 			syslog(LOG_ERR, "setlogin(%s) failure for %s: %m",
 			    usernm, e->pwd->pw_name);
 			_exit(ERROR_EXIT);
+		}
 #endif /* BSD */
 #ifdef USE_PAM
 		if (!cron_pam_setcred())
 			_exit(ERROR_EXIT);
 		cron_pam_child_close();
 #endif
 		if (setuid(e->pwd->pw_uid) != 0) {
 			syslog(LOG_ERR, "setuid(%d) failed for %s: %m",
 			    e->pwd->pw_uid, e->pwd->pw_name);
 			_exit(ERROR_EXIT);
+		}
 		/* we aren't root after this... */
 #endif /* LOGIN_CAP */
 		homedir = env_get("HOME", envp);
 		if (chdir(homedir) != 0) {
 			syslog(LOG_ERR, "chdir(%s) $HOME failed for %s: %m",
 			    homedir, e->pwd->pw_name);
 			_exit(ERROR_EXIT);
+		}
 #ifdef USE_SIGCHLD
 		/* our grandparent is watching for our death by catching
 		 * SIGCHLD.  the parent is ignoring SIGCHLD's; we want
 		 * to restore default behaviour.
 		 */
 		(void) signal(SIGCHLD, SIG_DFL);
 #endif
 		(void) signal(SIGPIPE, SIG_DFL);
 		(void) signal(SIGUSR1, SIG_DFL);
 		(void) signal(SIGHUP, SIG_DFL);
 		/*
 		 * Exec the command.
 		 */
+		{
 			char	*shell = env_get("SHELL", envp);
 # if DEBUGGING
 			if (DebugFlags & DTEST) {
 				(void)fprintf(stderr,
 				"debug DTEST is on, not exec'ing command.\n");
 				(void)fprintf(stderr,
 				"\tcmd='%s' shell='%s'\n", e->cmd, shell);
 				_exit(OK_EXIT);
+			}
 # endif /*DEBUGGING*/
 			(void)execle(shell, shell, "-c", e->cmd, NULL, envp);
 			warn("execl: couldn't exec `%s'", shell);
 			_exit(ERROR_EXIT);
+		}
 		break;
 	default:
 		/* parent process */
 		break;
+	}
 	/* middle process, child of original cron, parent of process running
 	 * the user's command.
 	 */
 	Debug(DPROC, ("[%ld] child continues, closing pipes\n",(long)getpid()));
 	/* close the ends of the pipe that will only be referenced in the
 	 * grandchild process...
 	 */
 	(void)close(stdin_pipe[READ_PIPE]);
 	(void)close(stdout_pipe[WRITE_PIPE]);
 	/*
 	 * write, to the pipe connected to child's stdin, any input specified
 	 * after a % in the crontab entry.  while we copy, convert any
 	 * additional %'s to newlines.  when done, if some characters were
 	 * written and the last one wasn't a newline, write a newline.
+	 *
 	 * Note that if the input data won't fit into one pipe buffer (2K
 	 * or 4K on most BSD systems), and the child doesn't read its stdin,
 	 * we would block here.  thus we must fork again.
 	 */
 	if (*input_data && fork() == 0) {
 		FILE *out = fdopen(stdin_pipe[WRITE_PIPE], "w");
 		int need_newline = FALSE;
 		int escaped = FALSE;
 		int ch;
 		Debug(DPROC, ("[%ld] child2 sending data to grandchild\n",
 			      (long)getpid()));
 #ifdef USE_PAM
 		cron_pam_child_close();
 #else
 		log_close();
 #endif
 		/* close the pipe we don't use, since we inherited it and
 		 * are part of its reference count now.
 		 */
 		(void)close(stdout_pipe[READ_PIPE]);
 		/* translation:
 		 *	\% -> %
 		 *	%  -> \n
 		 *	\x -> \x	for all x != %
 		 */
 		while ((ch = *input_data++) != '\0') {
 			if (escaped) {
 				if (ch != '%')
 					(void)putc('\\', out);
 			} else {
 				if (ch == '%')
 					ch = '\n';
+			}
 			if (!(escaped = (ch == '\\'))) {
 				(void)putc(ch, out);
 				need_newline = (ch != '\n');
+			}
+		}
 		if (escaped)
 			(void)putc('\\', out);
 		if (need_newline)
 			(void)putc('\n', out);
 		/* close the pipe, causing an EOF condition.  fclose causes
 		 * stdin_pipe[WRITE_PIPE] to be closed, too.
 		 */
 		(void)fclose(out);
 		Debug(DPROC, ("[%ld] child2 done sending to grandchild\n",
 			      (long)getpid()));
 		exit(0);
+	}
 	/* close the pipe to the grandkiddie's stdin, since its wicked uncle
 	 * ernie back there has it open and will close it when he's done.
 	 */
 	(void)close(stdin_pipe[WRITE_PIPE]);
 	/*
 	 * read output from the grandchild.  it's stderr has been redirected to
 	 * it's stdout, which has been redirected to our pipe.  if there is any
 	 * output, we'll be mailing it to the user whose crontab this is...
 	 * when the grandchild exits, we'll get EOF.
 	 */
 	Debug(DPROC, ("[%ld] child reading output from grandchild\n",
 		      (long)getpid()));
 	/*local*/{
 		FILE	*in = fdopen(stdout_pipe[READ_PIPE], "r");
 		int	ch = getc(in);
 		if (ch != EOF) {
 			FILE	*mail = NULL;
 			int	bytes = 1;
 			int	status = 0;
 			Debug(DPROC|DEXT,
 			      ("[%ld] got data (%x:%c) from grandchild\n",
 			       (long)getpid(), ch, ch));
 			/* get name of recipient.  this is MAILTO if set to a
 			 * valid local username; USER otherwise.
 			 */
 			if (mailto) {
 				/* MAILTO was present in the environment
 				 */
 				if (!*mailto) {
 					/* ... but it's empty. set to NULL
 					 */
 					mailto = NULL;
+				}
 			} else {
 				/* MAILTO not present, set to USER.
 				 */
 				mailto = usernm;
+			}
 			/* if we are supposed to be mailing, MAILTO will
 			 * be non-NULL.  only in this case should we set
 			 * up the mail command and subjects and stuff...
 			 */
 			if (mailto && safe_p(usernm, mailto)) {
 				char	**env;
 				char	mailcmd[MAX_COMMAND];
 				char	hostname[MAXHOSTNAMELEN + 1];
 				(void)gethostname(hostname, MAXHOSTNAMELEN);
 				if (strlens(MAILFMT, MAILARG, NULL) + 1
 				    >= sizeof mailcmd) {
-					warnx("mailcmd too long");
+					log_it(usernm, getpid(), "MAIL",
 					    "mailcmd too long");
 					retval = ERROR_EXIT;
 					goto child_process_end;
+				}
 				(void)snprintf(mailcmd, sizeof(mailcmd),
 				    MAILFMT, MAILARG);
 				if (!(mail = cron_popen(mailcmd, "w", e->pwd))) {
-					warn("cannot run `%s'", mailcmd);
+					log_itx(usernm, getpid(), "MAIL",
 					    "cannot run `%s'", mailcmd);
 					retval = ERROR_EXIT;
 					goto child_process_end;
+				}
 				(void)fprintf(mail,
 				    "From: root (Cron Daemon)\n");
 				(void)fprintf(mail, "To: %s\n", mailto);
 				(void)fprintf(mail,
 				    "Subject: Cron <%s@%s> %s\n",
 				    usernm, hostname, e->cmd);
 				(void)fprintf(mail,
 				    "Auto-Submitted: auto-generated\n");
 #ifdef MAIL_DATE
 				(void)fprintf(mail, "Date: %s\n",
 					arpadate(&StartTime));
 #endif /*MAIL_DATE*/
 				for (env = envp;  *env;  env++)
 					(void)fprintf(mail,
 					    "X-Cron-Env: <%s>\n", *env);
 				(void)fprintf(mail, "\n");
 				/* this was the first char from the pipe
 				 */
 				(void)putc(ch, mail);
+			}
 			/* we have to read the input pipe no matter whether
 			 * we mail or not, but obviously we only write to
 			 * mail pipe if we ARE mailing.
 			 */
 			while (EOF != (ch = getc(in))) {
 				bytes++;
 				if (mailto)
 					(void)putc(ch, mail);
+			}
 			/* only close pipe if we opened it -- i.e., we're
 			 * mailing...
 			 */
 			if (mailto) {
 				Debug(DPROC, ("[%ld] closing pipe to mail\n",
 					      (long)getpid()));
 				/* Note: the pclose will probably see
 				 * the termination of the grandchild
 				 * in addition to the mail process, since
 				 * it (the grandchild) is likely to exit
 				 * after closing its stdout.
 				 */
 				status = cron_pclose(mail);
+			}
 			/* if there was output and we could not mail it,
 			 * log the facts so the poor user can figure out
 			 * what's going on.
 			 */
 			if (mailto && status) {
-				char buf[MAX_TEMPSTR];
+				log_itx(usernm, getpid(), "MAIL",
 				    "mailed %d byte%s of output but got status"
-				(void)snprintf(buf, sizeof(buf),
+				    " %#04x", bytes, bytes == 1 ? "" : "s",
-			"mailed %d byte%s of output but got status 0x%04x\n",
+				    status);
 					bytes, (bytes==1)?"":"s",
 					status);
 				log_it(usernm, getpid(), "MAIL", buf);
+			}
 		} /*if data from grandchild*/
 		Debug(DPROC, ("[%ld] got EOF from grandchild\n",
 			      (long)getpid()));
 		(void)fclose(in);	/* also closes stdout_pipe[READ_PIPE] */
+	}
 	/* wait for children to die.
 	 */
 	sigchld_handler(0);
 	/* Log the time when we finished deadling with the job */
 	/*local*/{
 		char *x = mkprints(e->cmd, strlen(e->cmd));
 		log_it(usernm, getpid(), "CMD FINISH", x);
 		free(x);
+	}
 child_process_end:
 #ifdef USE_PAM
 	cron_pam_finish();
 #endif
 	return retval;
+}
 static int
 safe_p(const char *usernm, const char *s) {
 	static const char safe_delim[] = "@!:%-.,";     /* conservative! */
 	const char *t;
 	int ch, first;
 	for (t = s, first = 1; (ch = *t++) != '\0'; first = 0) {
 		if (isascii(ch) && isprint(ch) &&
 		    (isalnum(ch) || (!first && strchr(safe_delim, ch))))
 			continue;
 		log_it(usernm, getpid(), "UNSAFE", s);
 		return (FALSE);
+	}
 	return (TRUE);
+}

 @@ -1,625 +1,626 @@
-/*	$NetBSD: misc.c,v 1.4 2017/06/09 17:36:30 christos Exp $	*/
+/*	$NetBSD: misc.c,v 1.5 2017/08/17 08:53:00 christos Exp $	*/
 /* Copyright 1988,1990,1993,1994 by Paul Vixie
  * All rights reserved
  */
 /*
  * Copyright (c) 2004 by Internet Systems Consortium, Inc. ("ISC")
  * Copyright (c) 1997,2000 by Internet Software Consortium, Inc.
+ *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
  * copyright notice and this permission notice appear in all copies.
+ *
  * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES
  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
  * MERCHANTABILITY AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR
  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT
  * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 #include <sys/cdefs.h>
 #if !defined(lint) && !defined(LINT)
 #if 0
 static char rcsid[] = "Id: misc.c,v 1.16 2004/01/23 18:56:43 vixie Exp";
 #else
-__RCSID("$NetBSD: misc.c,v 1.4 2017/06/09 17:36:30 christos Exp $");
+__RCSID("$NetBSD: misc.c,v 1.5 2017/08/17 08:53:00 christos Exp $");
 #endif
 #endif
 /* vix 26jan87 [RCS has the rest of the log]
  * vix 30dec86 [written]
  */
 #include "cron.h"
 #include <limits.h>
 #include <vis.h>
 #if defined(SYSLOG) && defined(LOG_FILE)
 # undef LOG_FILE
 #endif
 #if defined(LOG_DAEMON) && !defined(LOG_CRON)
 # define LOG_CRON LOG_DAEMON
 #endif
 #ifndef FACILITY
 #define FACILITY LOG_CRON
 #endif
 static int LogFD = ERR;
 #if defined(SYSLOG)
 static int syslog_open = FALSE;
 #endif
 static void mkprint(char *, char *, size_t);
 /*
  * glue_strings is the overflow-safe equivalent of
  *		sprintf(buffer, "%s%c%s", a, separator, b);
+ *
  * returns 1 on success, 0 on failure.  'buffer' MUST NOT be used if
  * glue_strings fails.
  */
 int
 glue_strings(char *buffer, size_t buffer_size, const char *a, const char *b,
 	     char separator)
+{
 	char *buf;
 	char *buf_end;
 	if (buffer_size == 0)
 		return (0);
 	buf_end = buffer + buffer_size;
 	buf = buffer;
 	for ( /* nothing */; buf < buf_end && *a != '\0'; buf++, a++ )
 		*buf = *a;
 	if (buf == buf_end)
 		return (0);
 	if (separator != '/' || buf == buffer || buf[-1] != '/')
 		*buf++ = separator;
 	if (buf == buf_end)
 		return (0);
 	for ( /* nothing */; buf < buf_end && *b != '\0'; buf++, b++ )
 		*buf = *b;
 	if (buf == buf_end)
 		return (0);
 	*buf = '\0';
 	return (1);
+}
 int
 strcmp_until(const char *left, const char *right, char until) {
 	while (*left && *left != until && *left == *right) {
 		left++;
 		right++;
+	}
 	if ((*left=='\0' || *left == until) &&
 	    (*right=='\0' || *right == until)) {
 		return (0);
+	}
 	return (*left - *right);
+}
 #ifdef notdef
 /* strdtb(s) - delete trailing blanks in string 's' and return new length
  */
 int
 strdtb(char *s) {
 	char	*x = s;
 	/* scan forward to the null
 	 */
 	while (*x)
 		x++;
 	/* scan backward to either the first character before the string,
 	 * or the last non-blank in the string, whichever comes first.
 	 */
 	do	{x--;}
 	while (x >= s && isspace((unsigned char)*x));
 	/* one character beyond where we stopped above is where the null
 	 * goes.
 	 */
 	*++x = '\0';
 	/* the difference between the position of the null character and
 	 * the position of the first character of the string is the length.
 	 */
 	return (int)(x - s);
+}
 #endif
 int
 set_debug_flags(const char *flags) {
 	/* debug flags are of the form    flag[,flag ...]
+	 *
 	 * if an error occurs, print a message to stdout and return FALSE.
 	 * otherwise return TRUE after setting ERROR_FLAGS.
 	 */
 #if !DEBUGGING
 	printf("this program was compiled without debugging enabled\n");
 	return (FALSE);
 #else /* DEBUGGING */
 	const char *pc = flags;
 	DebugFlags = 0;
 	while (*pc) {
 		const char	* const *test;
 		int		mask;
 		/* try to find debug flag name in our list.
 		 */
 		for (test = DebugFlagNames, mask = 1;
 		     *test != NULL && strcmp_until(*test, pc, ',');
 		     test++, mask <<= 1)
 			continue;
 		if (!*test) {
 			warnx("unrecognized debug flag <%s> <%s>\n", flags, pc);
 			return (FALSE);
+		}
 		DebugFlags |= mask;
 		/* skip to the next flag
 		 */
 		while (*pc && *pc != ',')
 			pc++;
 		if (*pc == ',')
 			pc++;
+	}
 	if (DebugFlags) {
 		int flag;
 		(void)fprintf(stderr, "debug flags enabled:");
 		for (flag = 0;  DebugFlagNames[flag];  flag++)
 			if (DebugFlags & (1 << flag))
 				(void)fprintf(stderr, " %s", DebugFlagNames[flag]);
 		(void)fprintf(stderr, "\n");
+	}
 	return (TRUE);
 #endif /* DEBUGGING */
+}
 void
 set_cron_uid(void) {
 #if defined(BSD) || defined(POSIX)
 	if (seteuid(ROOT_UID) < OK) {
 		err(ERROR_EXIT, "cannot seteuid");
+	}
 #else
 	if (setuid(ROOT_UID) < OK) {
 		err(ERROR_EXIT, "cannot setuid");
+	}
 #endif
+}
 void
 set_cron_cwd(void) {
 	struct stat sb;
 	struct group *grp = NULL;
 #ifdef CRON_GROUP
 	grp = getgrnam(CRON_GROUP);
 #endif
 	/* first check for CRONDIR ("/var/cron" or some such)
 	 */
 #ifdef ENABLE_FIX_DIRECTORIES
 	if (stat(CRONDIR, &sb) < OK && errno == ENOENT) {
 		warn("Cannot stat `%s'", CRONDIR);
 		if (OK == mkdir(CRONDIR, 0710)) {
 			(void)fprintf(stderr, "%s: created\n", CRONDIR);
 			if (stat(CRONDIR, &sb) == -1)
 				err(ERROR_EXIT, "cannot stat `%s'", CRONDIR);
 		} else {
 			err(ERROR_EXIT, "cannot create `%s'", CRONDIR);
+		}
+	}
 	if (!S_ISDIR(sb.st_mode)) {
 		errx(ERROR_EXIT, "`%s' is not a directory, bailing out.",
 			CRONDIR);
+	}
 #endif /* ENABLE_FIX_DIRECTORIES */
 	if (chdir(CRONDIR) < OK) {
 		err(ERROR_EXIT, "cannot chdir `%s', bailing out.\n", CRONDIR);
+	}
 	/* CRONDIR okay (now==CWD), now look at SPOOL_DIR ("tabs" or some such)
 	 */
 #ifdef ENABLE_FIX_DIRECTORIES
 	if (stat(SPOOL_DIR, &sb) < OK && errno == ENOENT) {
 		warn("cannot stat `%s'", SPOOL_DIR);
 		if (OK == mkdir(SPOOL_DIR, 0700)) {
 			(void)fprintf(stderr, "%s: created\n", SPOOL_DIR);
 			if (stat(SPOOL_DIR, &sb) == -1)
 				err(ERROR_EXIT, "cannot stat `%s'", CRONDIR);
 		} else {
 			err(ERROR_EXIT, "cannot create `%s'", SPOOL_DIR);
+		}
+	}
 #else
 	if (stat(SPOOL_DIR, &sb)) {
 		err(ERROR_EXIT, "cannot stat `%s'", SPOOL_DIR);
+	}
 #endif /* ENABLE_FIX_DIRECTORIES */
 	if (!S_ISDIR(sb.st_mode)) {
 		errx(ERROR_EXIT, "`%s' is not a directory, bailing out.",
 			SPOOL_DIR);
+	}
 	if (grp != NULL) {
 		if (sb.st_gid != grp->gr_gid) {
 #ifdef ENABLE_FIX_DIRECTORIES
 			errx(ERROR_EXIT, "Bad group %d != %d for `%s'",
 			    (int)sb.st_gid, (int)grp->gr_gid, SPOOL_DIR);
 #else
 			if (chown(SPOOL_DIR, (uid_t)-1, grp->gr_gid) == -1)
 			    err(ERROR_EXIT, "cannot chown `%s'", SPOOL_DIR);
 #endif
+		}
 		if (sb.st_mode != 01730)
 #ifdef ENABLE_FIX_DIRECTORIES
 			errx(ERROR_EXIT, "Bad mode %#o != %#o for `%s'",
 			    (int)sb.st_mode, 01730, SPOOL_DIR);
 #else
 			if (chmod(SPOOL_DIR, 01730) == -1)
 			    err(ERROR_EXIT, "cannot chmod `%s'", SPOOL_DIR);
 #endif
+	}
+}
 /* acquire_daemonlock() - write our PID into /etc/cron.pid, unless
  *	another daemon is already running, which we detect here.
+ *
  * note: main() calls us twice; once before forking, once after.
  *	we maintain static storage of the file pointer so that we
  *	can rewrite our PID into _PATH_CRON_PID after the fork.
  */
 void
 acquire_daemonlock(int closeflag) {
 	static int fd = -1;
 	char buf[3*MAX_FNAME];
 	const char *pidfile;
 	char *ep;
 	long otherpid;
 	ssize_t num;
 	if (closeflag) {
 		/* close stashed fd for child so we don't leak it. */
 		if (fd != -1) {
 			(void)close(fd);
 			fd = -1;
+		}
 		return;
+	}
 	if (fd == -1) {
 		pidfile = _PATH_CRON_PID;
 		/* Initial mode is 0600 to prevent flock() race/DoS. */
 		if ((fd = open(pidfile, O_RDWR|O_CREAT, 0600)) == -1) {
-			(void)snprintf(buf, sizeof(buf),
+			log_itx("CRON", getpid(), "DEATH",
-				"can't open or create %s: %s",
+			    "can't open or create %s: %s",
-				pidfile, strerror(errno));
+			    pidfile, strerror(errno));
-			log_it("CRON", getpid(), "DEATH", buf);
+			exit(ERROR_EXIT);
 			errx(ERROR_EXIT, "%s", buf);
+		}
 		/* fd must be > STDERR since we dup fd 0-2 to /dev/null */
 		if (fd <= STDERR) {
 			if (dup2(fd, STDERR + 1) < 0) {
-				snprintf(buf, sizeof buf,
+				log_itx("CRON", getpid(), "DEATH",
 				    "can't dup pid fd: %s", strerror(errno));
 				log_it("CRON", getpid(), "DEATH", buf);
  				exit(ERROR_EXIT);
+ 			}
 			close(fd);
 			fd = STDERR + 1;
+		}
 		if (flock(fd, LOCK_EX|LOCK_NB) < OK) {
 			int save_errno = errno;
 			memset(buf, 0, sizeof(buf));
 			if ((num = read(fd, buf, sizeof(buf) - 1)) > 0 &&
 			    (otherpid = strtol(buf, &ep, 10)) > 0 &&
 			    ep != buf && *ep == '\n' && otherpid != LONG_MAX) {
-				(void)snprintf(buf, sizeof(buf),
+				log_itx("CRON", getpid(), "DEATH",
 				    "can't lock %s, otherpid may be %ld: %s",
 				    pidfile, otherpid, strerror(save_errno));
 			} else {
-				(void)snprintf(buf, sizeof(buf),
+				log_itx("CRON", getpid(), "DEATH",
 				    "can't lock %s, otherpid unknown: %s",
 				    pidfile, strerror(save_errno));
+			}
-			log_it("CRON", getpid(), "DEATH", buf);
+			exit(ERROR_EXIT);
 			errx(ERROR_EXIT, "%s", buf);
+		}
 		(void) fchmod(fd, 0644);
 		(void) fcntl(fd, F_SETFD, 1);
+	}
 	(void)snprintf(buf, sizeof(buf), "%ld\n", (long)getpid());
 	(void) lseek(fd, (off_t)0, SEEK_SET);
 	num = write(fd, buf, strlen(buf));
 	(void) ftruncate(fd, num);
 	/* abandon fd even though the file is open. we need to keep
 	 * it open and locked, but we don't need the handles elsewhere.
 	 */
+}
 /* get_char(file) : like getc() but increment LineNumber on newlines
  */
 int
 get_char(FILE *file) {
 	int ch;
 	ch = getc(file);
 	if (ch == '\n')
 		Set_LineNum(LineNumber + 1);
 	return (ch);
+}
 /* unget_char(ch, file) : like ungetc but do LineNumber processing
  */
 void
 unget_char(int ch, FILE *file) {
 	(void)ungetc(ch, file);
 	if (ch == '\n')
 		Set_LineNum(LineNumber - 1);
+}
 /* get_string(str, max, file, termstr) : like fgets() but
  *		(1) has terminator string which should include \n
  *		(2) will always leave room for the null
  *		(3) uses get_char() so LineNumber will be accurate
  *		(4) returns EOF or terminating character, whichever
  */
 int
 get_string(char *string, int size, FILE *file, const char *terms) {
 	int ch;
 	while (EOF != (ch = get_char(file)) && !strchr(terms, ch)) {
 		if (size > 1) {
 			*string++ = (char) ch;
 			size--;
+		}
+	}
 	if (size > 0)
 		*string = '\0';
 	return (ch);
+}
 /* skip_comments(file) : read past comment (if any)
  */
 void
 skip_comments(FILE *file) {
 	int ch;
 	while (EOF != (ch = get_char(file))) {
 		/* ch is now the first character of a line.
 		 */
 		while (ch == ' ' || ch == '\t')
 			ch = get_char(file);
 		if (ch == EOF)
 			break;
 		/* ch is now the first non-blank character of a line.
 		 */
 		if (ch != '\n' && ch != '#')
 			break;
 		/* ch must be a newline or comment as first non-blank
 		 * character on a line.
 		 */
 		while (ch != '\n' && ch != EOF)
 			ch = get_char(file);
 		/* ch is now the newline of a line which we're going to
 		 * ignore.
 		 */
+	}
 	if (ch != EOF)
 		unget_char(ch, file);
+}
 void
 log_itx(const char *username, PID_T xpid, const char *event, const char *fmt,
     ...)
+{
 	char *detail;
 	va_list ap;
 	va_start(ap, fmt);
 	if (vasprintf(&detail, fmt, ap) == -1) {
 		va_end(ap);
 		return;
+	}
 	log_it(username, xpid, event, detail);
 	free(detail);
+}
 void
 log_it(const char *username, PID_T xpid, const char *event, const char *detail) {
 #if defined(LOG_FILE) || DEBUGGING
 	PID_T pid = xpid;
 #endif
 #if defined(LOG_FILE)
 	char *msg;
-	size_t msglen;
+	int msglen;
 	TIME_T now = time((TIME_T) 0);
 	struct tm *t = localtime(&now);
 #endif /*LOG_FILE*/
 #if defined(LOG_FILE)
 	/* we assume that MAX_TEMPSTR will hold the date, time, &punctuation.
 	 */
 	msglen = strlen(username) + strlen(event) + strlen(detail) +
 	    MAX_TEMPSTR);
 	msg = malloc(msglen);
 	if (msg == NULL)
 		return;
 	if (LogFD < OK) {
 		LogFD = open(LOG_FILE, O_WRONLY|O_APPEND|O_CREAT, 0600);
 		if (LogFD < OK) {
 			warn("can't open log file `%s'", LOG_FILE);
 		} else {
 			(void) fcntl(LogFD, F_SETFD, FD_CLOEXEC);
+		}
+	}
 	/* we have to sprintf() it because fprintf() doesn't always write
 	 * everything out in one chunk and this has to be atomically appended
 	 * to the log file.
 	 */
-	(void)snprintf(msg, msglen,
+	msglen = asprintf(&msg,
-		"%s (%02d/%02d-%02d:%02d:%02d-%d) %s (%s)\n",
+	    "%s (%02d/%02d-%02d:%02d:%02d-%d) %s (%s)\n", username,
-		username,
+	    t->tm_mon + 1, t->tm_mday, t->tm_hour, t->tm_min, t->tm_sec, pid,
-		t->tm_mon+1, t->tm_mday, t->tm_hour, t->tm_min, t->tm_sec, pid,
+	    event, detail);
-		event, detail);
+	if (msglen == -1)
 		return;
-	/* we have to run strlen() because sprintf() returns (char*) on old BSD
+	if (LogFD < OK || write(LogFD, msg, (size_t)msglen) < OK) {
 	 */
 	if (LogFD < OK || write(LogFD, msg, strlen(msg)) < OK) {
 		warn("can't write to log file");
-		write(STDERR, msg, strlen(msg));
+		write(STDERR, msg, (size_t)msglen);
+	}
 	free(msg);
 #endif /*LOG_FILE*/
 #if defined(SYSLOG)
 	if (!syslog_open) {
 # ifdef LOG_DAEMON
 		openlog(getprogname(), LOG_PID, FACILITY);
 # else
 		openlog(getprogname(), LOG_PID);
 # endif
 		syslog_open = TRUE;		/* assume openlog success */
+	}
 	syslog(LOG_INFO, "(%s) %s (%s)", username, event, detail);
 #endif /*SYSLOG*/
 #if DEBUGGING
 	if (DebugFlags) {
 		(void)fprintf(stderr, "log_it: (%s %ld) %s (%s)\n",
 			username, (long)pid, event, detail);
+	}
 #endif
+}
 void
 log_close(void) {
 	if (LogFD != ERR) {
 		(void)close(LogFD);
 		LogFD = ERR;
+	}
 #if defined(SYSLOG)
 	closelog();
 	syslog_open = FALSE;
 #endif /*SYSLOG*/
+}
 /* warning:
  *	heavily ascii-dependent.
  */
 static void
 mkprint(char *dst, char *src, size_t len)
+{
 	while(len > 0 && isblank((unsigned char) *src))
 		len--, src++;
 	(void)strvisx(dst, src, len, VIS_TAB|VIS_NL);
+}
 /* warning:
  *	returns a pointer to malloc'd storage, you must call free yourself.
  */
 char *
 mkprints(char *src, size_t len)
+{
 	char *dst = malloc(len*4 + 1);
 	if (dst)
 		mkprint(dst, src, len);
 	return (dst);
+}
 #ifdef MAIL_DATE
 /* Sat, 27 Feb 1993 11:44:51 -0800 (CST)
  * 1234567890123456789012345678901234567
  */
 char *
 arpadate(time_t *clock)
+{
 	time_t t = clock ? *clock : time((TIME_T) 0);
 	struct tm tm = *localtime(&t);
 	long gmtoff = get_gmtoff(&t, &tm);
 	int hours = gmtoff / SECONDS_PER_HOUR;
 	int minutes = (gmtoff - (hours * SECONDS_PER_HOUR)) / SECONDS_PER_MINUTE;
 	static char ret[64];	/* zone name might be >3 chars */
 	if (minutes < 0)
 		minutes = -minutes;
 	(void)strftime(ret, sizeof(ret), "%a, %e %b %Y %T ????? (%Z)", &tm);
 	(void)snprintf(strchr(ret, '?'), "% .2d%.2d", hours, minutes);
 	ret[sizeof(ret) - 1] = '\0';
 	return ret;
+}
 #endif /*MAIL_DATE*/
 size_t
 strlens(const char *last, ...) {
 	va_list ap;
 	size_t ret = 0;
 	const char *str;
 	va_start(ap, last);
 	for (str = last; str != NULL; str = va_arg(ap, const char *))
 		ret += strlen(str);
 	va_end(ap);
 	return (ret);
+}
 /* Return the offset from GMT in seconds (algorithm taken from sendmail).
+ *
  * warning:
  *	clobbers the static storage space used by localtime() and gmtime().
  *	If the local pointer is non-NULL it *must* point to a local copy.
  */
 #ifndef HAVE_TM_GMTOFF
 long get_gmtoff(time_t *clock, struct tm *local)
+{
 	struct tm gmt;
 	long offset;
 	gmt = *gmtime(clock);
 	if (local == NULL)
 		local = localtime(clock);
 	offset = (local->tm_sec - gmt.tm_sec) +
 	    ((local->tm_min - gmt.tm_min) * 60) +
 	    ((local->tm_hour - gmt.tm_hour) * 3600);
 	/* Timezone may cause year rollover to happen on a different day. */
 	if (local->tm_year < gmt.tm_year)
 		offset -= 24 * 3600;
 	else if (local->tm_year > gmt.tm_year)
 		offset -= 24 * 3600;
 	else if (local->tm_yday < gmt.tm_yday)
 		offset -= 24 * 3600;
 	else if (local->tm_yday > gmt.tm_yday)
 		offset += 24 * 3600;
 	return (offset);
+}
 #endif /* HAVE_TM_GMTOFF */

 @@ -1,86 +1,91 @@
-/*	$NetBSD: funcs.h,v 1.4 2017/06/09 17:36:30 christos Exp $	*/
+/*	$NetBSD: funcs.h,v 1.5 2017/08/17 08:53:00 christos Exp $	*/
 /*
  * Id: funcs.h,v 1.9 2004/01/23 18:56:42 vixie Exp
  */
 /*
  * Copyright (c) 2004 by Internet Systems Consortium, Inc. ("ISC")
  * Copyright (c) 1997,2000 by Internet Software Consortium, Inc.
+ *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
  * copyright notice and this permission notice appear in all copies.
+ *
  * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES
  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
  * MERCHANTABILITY AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR
  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT
  * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 /* Notes:
  *	This file has to be included by cron.h after data structure defs.
  *	We should reorg this into sections by module.
  */
 void		set_cron_uid(void),
 		set_cron_cwd(void),
 		load_database(cron_db *),
 		open_logfile(void),
 		sigpipe_func(void),
 		job_add(entry *, user *, time_t),
 		do_command(entry *, user *),
 		link_user(cron_db *, user *),
 		unlink_user(cron_db *, user *),
 		free_user(user *),
 		env_free(char **),
 		unget_char(int, FILE *),
 		free_entry(entry *),
 		acquire_daemonlock(int),
 		skip_comments(FILE *),
 		log_it(const char *, int, const char *, const char *),
 		log_close(void);
 void
 		log_itx(const char *, int, const char *, const char *, ...)
 		    __printflike(4, 5);
 int		job_runqueue(void),
 		set_debug_flags(const char *),
 		get_char(FILE *),
 		get_string(char *, int, FILE *, const char *),
 		load_env(char *, FILE *),
 		cron_pclose(FILE *),
 		glue_strings(char *, size_t, const char *, const char *, char),
 		strcmp_until(const char *, const char *, char),
 		strdtb(char *);
 size_t		strlens(const char *, ...);
 char		*env_get(const char *, char **),
 		*arpadate(time_t *),
 		*mkprints(char *, size_t),
 		**env_init(void),
 		**env_copy(char **),
 		**env_set(char **, char *);
 user		*load_user(int, struct passwd *, const char *),
 		*find_user(cron_db *, const char *);
 entry		*load_entry(FILE *, void (*)(const char *), struct passwd *, char **);
 FILE		*cron_popen(char *, const char *, struct passwd *);
 struct passwd	*pw_dup(const struct passwd *);
 #ifndef HAVE_TM_GMTOFF
 long		get_gmtoff(time_t *, struct tm *);
 #endif
 extern int close_all(int);
 #ifdef USE_PAM
 extern int cron_pam_start (const char *user);
 extern int cron_pam_setcred (void);
 extern void cron_pam_finish (void);
 extern void cron_pam_child_close (void);
 extern char **cron_pam_getenvlist (char **envp);
 #endif