treewide: Argument cannot be negative, CWE-687

Actually harmless. Reported by Coverity.

Signed-off-by: Stefano Brivio <sbrivio@redhat.com>

pasta.c

@@ -120,33 +120,24 @@ static int pasta_setup_ns(void *arg)
 {
 	struct pasta_setup_ns_arg *a = (struct pasta_setup_ns_arg *)arg;
 	char *shell;
-	int fd;
 
 	if (!a->c->netns_only) {
 		char buf[BUFSIZ];
 
 		snprintf(buf, BUFSIZ, "%i %i %i", 0, a->euid, 1);
 
-		fd = open("/proc/self/uid_map", O_WRONLY | O_CLOEXEC);
+		FWRITE("/proc/self/uid_map", buf,
-		if (write(fd, buf, strlen(buf)) < 0)
+		       "Cannot set uid_map in namespace");
-			warn("Cannot set uid_map in namespace");
-		close(fd);
 
-		fd = open("/proc/self/setgroups", O_WRONLY | O_CLOEXEC);
+		FWRITE("/proc/self/setgroups", "deny",
-		if (write(fd, "deny", sizeof("deny")) < 0)
+		       "Cannot write to setgroups in namespace");
-			warn("Cannot write to setgroups in namespace");
-		close(fd);
 
-		fd = open("/proc/self/gid_map", O_WRONLY | O_CLOEXEC);
+		FWRITE("/proc/self/gid_map", buf,
-		if (write(fd, buf, strlen(buf)) < 0)
+		       "Cannot set gid_map in namespace");
-			warn("Cannot set gid_map in namespace");
-		close(fd);
 	}
 
-	fd = open("/proc/sys/net/ipv4/ping_group_range", O_WRONLY | O_CLOEXEC);
+	FWRITE("/proc/sys/net/ipv4/ping_group_range", "0 0",
-	if (write(fd, "0 0", strlen("0 0")) < 0)
+	       "Cannot set ping_group_range, ICMP requests might fail");
-		warn("Cannot set ping_group_range, ICMP requests might fail");
-	close(fd);
 
 	shell = getenv("SHELL") ? getenv("SHELL") : "/bin/sh";
 	if (strstr(shell, "/bash"))

qrap.c

@@ -234,16 +234,16 @@ int main(int argc, char **argv)
 valid_args:
 	for (i = 1; i < UNIX_SOCK_MAX; i++) {
 		s = socket(AF_UNIX, SOCK_STREAM, 0);
-		if (setsockopt(s, SOL_SOCKET, SO_RCVTIMEO, &tv, sizeof(tv)))
-			perror("setsockopt SO_RCVTIMEO");
-		if (setsockopt(s, SOL_SOCKET, SO_SNDTIMEO, &tv, sizeof(tv)))
-			perror("setsockopt SO_SNDTIMEO");
-
 		if (s < 0) {
 			perror("socket");
 			exit(EXIT_FAILURE);
 		}
 
+		if (setsockopt(s, SOL_SOCKET, SO_RCVTIMEO, &tv, sizeof(tv)))
+			perror("setsockopt SO_RCVTIMEO");
+		if (setsockopt(s, SOL_SOCKET, SO_SNDTIMEO, &tv, sizeof(tv)))
+			perror("setsockopt SO_SNDTIMEO");
+
 		snprintf(addr.sun_path, UNIX_PATH_MAX, UNIX_SOCK_PATH, i);
 		if (connect(s, (const struct sockaddr *)&addr, sizeof(addr)))
 			perror("connect");

tap.c

@@ -803,6 +803,11 @@ static void tap_sock_unix_init(struct ctx *c)
 			snprintf(path, UNIX_PATH_MAX, UNIX_SOCK_PATH, i);
 
 		ex = socket(AF_UNIX, SOCK_STREAM | SOCK_NONBLOCK, 0);
+		if (ex < 0) {
+			perror("UNIX domain socket check");
+			exit(EXIT_FAILURE);
+		}
+
 		ret = connect(ex, (const struct sockaddr *)&addr, sizeof(addr));
 		if (!ret || (errno != ENOENT && errno != ECONNREFUSED)) {
 			if (*c->sock_path) {

util.h

@@ -58,6 +58,18 @@ void trace_init(int enable);
 #define TMPDIR		"/tmp"
 #endif
 
+#define FWRITE(path, buf, str)						\
+	do {								\
+		int flags = O_WRONLY | O_CLOEXEC;			\
+		int fd = open(path, flags);				\
+									\
+		if (fd < 0 ||						\
+		    write(fd, buf, strlen(buf)) != (int)strlen(buf))	\
+			warn(str);					\
+		if (fd >= 0)						\
+			close(fd);					\
+	} while (0)
+
 #define V4		0
 #define V6		1
 #define IP_VERSIONS	2