pam_timestamp: indicate non-null arguments to the compiler

As these functions assume their arguments to be valid pointers without
checking this pre-condition, this should be marked to the compiler.
Doing so allows to detect potential NULL dereferences when a caller
may pass in an invalid NULL pointer.

* modules/pam_timestamp/hmac_openssl_wrapper.c (generate_key, read_file,
write_file, key_management): Add PAM_NONNULL attribute.

1 files changed, 4 insertions, 0 deletions

diff --git a/modules/pam_timestamp/hmac_openssl_wrapper.c b/modules/pam_timestamp/hmac_openssl_wrapper.c
index 9926bbac..a633a2bf 100644
--- a/modules/pam_timestamp/hmac_openssl_wrapper.c
+++ b/modules/pam_timestamp/hmac_openssl_wrapper.c
@@ -81,6 +81,7 @@ get_crypto_algorithm(pam_handle_t *pamh, int debug){
 }
 
 static int
+PAM_NONNULL((1, 2))
 generate_key(pam_handle_t *pamh, char **key, size_t key_size)
 {
     int fd = 0;
@@ -117,6 +118,7 @@ generate_key(pam_handle_t *pamh, char **key, size_t key_size)
 }
 
 static int
+PAM_NONNULL((1, 3, 4))
 read_file(pam_handle_t *pamh, int fd, char **text, size_t *text_length)
 {
     struct stat st;
@@ -165,6 +167,7 @@ read_file(pam_handle_t *pamh, int fd, char **text, size_t *text_length)
 }
 
 static int
+PAM_NONNULL((1, 2, 3))
 write_file(pam_handle_t *pamh, const char *file_name, char *text,
            size_t text_length, uid_t owner, gid_t group)
 {
@@ -203,6 +206,7 @@ write_file(pam_handle_t *pamh, const char *file_name, char *text,
 }
 
 static int
+PAM_NONNULL((1, 2, 3))
 key_management(pam_handle_t *pamh, const char *file_name, char **text,
                 size_t text_length, uid_t owner, gid_t group)
 {