From patchwork Tue Sep 23 10:34:23 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gert Doering X-Patchwork-Id: 4438 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7000:c08a:b0:72f:f16c:e055 with SMTP id jr10csp765785mab; Tue, 23 Sep 2025 03:34:46 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCUG81qTCWdlcnbRM4CM93K+jErOAH1GOSyfnIguHUxHyvUVFY6TaPQUmL9IZBCxamAgHrWuBOMhyUU=@openvpn.net X-Google-Smtp-Source: AGHT+IH36UuRjGROrKPeXRhV46CmB4g5F59drUTZ5/Ga8+HLInczntc/1ZcWQ1uYVw9SfCuT7eaL X-Received: by 2002:a05:687c:3397:20b0:351:7530:5c54 with SMTP id 586e51a60fabf-351756d85ecmr122512fac.20.1758623686567; Tue, 23 Sep 2025 03:34:46 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1758623686; cv=none; d=google.com; s=arc-20240605; b=IkFrKwEHEr+9mdOOsnL9IveR6svvShnnBqqSWM61YIbv9Ac1qPFMoFsOUg24Rc/QgD uyPHqYN2btqjr6B49FxA2k2yMTrGCyjTv2RG7yChzb6FM9Gq8NjDHeBx4saxtIxPGIIy suPwmTjUY5G5e8TUm2pXJNTCYro36BXXiQxma3xOXvW7PLnZ950M8voNCk8iaytkQgZB fkcNL2xcWNmEQeeBFBlXwMiticOQyomotZXUFt6oDcoaNLffLntnHNOSV01IZH1aJqMN LL1ffYwS558xH+wrz609FkUcbIhJzRRwLB+sejqdDPnL58DPnWjKuQGVuYEuhAM0swhZ EfpA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:dkim-signature:dkim-signature; bh=40IaDtXkJCFl5g+YZkGfyo3H7GvrgLl3GsgwMTyLcb8=; fh=4NbAC/LsuMLI0S0hprUlLSLCiHwg6SCAifhH718Jh0Q=; b=Gmdfp82ekT0yAuHoKH1gb0DSVS0vjrTQ6AFsncDmYvWgSkDB6+xX0L0v/84WZukJRv cP88uG6kaLfraim6RYbQObr8hyLhSIQTSa39dytEI4Xs0i/CS3nLK++I35yr8S1TOmaZ c6a3sN4tKqeJpRNj1z4hF6NsQPrFspLbyIo/EiCb9kH3/A1Rc9IPYU8UE7B/6AbSGq69 g45BoODt0rSZ9Q2HTPu7AlWNjlDt5Euqvzgzycp7E/jnpjZ4WeSLgznrIK/p1jtD2Gy6 GUCBrnFL3nlwgl7BxpvtWgzSbMB0WHfKAa/niPZU3irDG7l0SXGi3OKklVV2TILWYVT5 Nbyw==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=fkoJS6U9; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=J9ljU8G0; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=U+5i+Qj9; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id 586e51a60fabf-3499059e880si783756fac.61.2025.09.23.03.34.46 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 23 Sep 2025 03:34:46 -0700 (PDT) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=fkoJS6U9; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=J9ljU8G0; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=U+5i+Qj9; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.sourceforge.net; s=beta; h=Content-Transfer-Encoding:Content-Type: List-Subscribe:List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id: Subject:MIME-Version:References:In-Reply-To:Message-ID:Date:To:From:Sender: Reply-To:Cc:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=40IaDtXkJCFl5g+YZkGfyo3H7GvrgLl3GsgwMTyLcb8=; b=fkoJS6U9vk/5NuhqrQyyxzQwhU lU0m5KKgDNNsKbu4t2KiJZKMhgabPVurKdOMIozU2+IJ4P+9RBe7bpXao4nKhAZMsLrVlJJxIwWYl IVZ/YNMzE4zsXONV4PpRwXoWDlJyuVnrXbONbQnBbcpl68Zaa7jU48DbZaUehaPoaGx4=; Received: from [127.0.0.1] (helo=sfs-ml-3.v29.lw.sourceforge.com) by sfs-ml-3.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1v10M7-0003EP-BC; Tue, 23 Sep 2025 10:34:43 +0000 Received: from [172.30.29.66] (helo=mx.sourceforge.net) by sfs-ml-3.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1v10M6-0003EH-MJ for openvpn-devel@lists.sourceforge.net; Tue, 23 Sep 2025 10:34:42 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-ID:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=03St13EIR5kvOxXrj14Q5uZtg0kI1zJBj6niPzA8x54=; b=J9ljU8G0Ug9HaMDzPZIJUpYUgM 3eGOLVZr0h9yWP3uCW12Yx/duNi5R4c9lGC0ip4HQV3FSBreauLP3xYKjhvQd/BgggKpIhZsYp63g dQzQSvx+4Q60EGqGGYpiW8SH84+TzYsl8VB97NnrAK5lrW840S/VSGlBIGTqZPfKV2V4=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-ID: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=03St13EIR5kvOxXrj14Q5uZtg0kI1zJBj6niPzA8x54=; b=U+5i+Qj9vOKUfTYh1DkQKYnKYa 6a47HbSO1gDW/z3ulD3m17XBlCJoMoLqhwhfoZBYcgzsP6gHQZZo6u6GDfRMlpkGw0I5ZKR7DK/xe +ckXXuQLoV1Vp1Cv1umD1RFtg1zWIl3w8uH8Ch93MFMYVRhLJdLtoRx4QSvkoxobgdeI=; Received: from [193.149.48.134] (helo=blue.greenie.muc.de) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1v10M5-0001kX-MJ for openvpn-devel@lists.sourceforge.net; Tue, 23 Sep 2025 10:34:42 +0000 Received: from blue.greenie.muc.de (localhost [127.0.0.1]) by blue.greenie.muc.de (8.18.1/8.18.1) with ESMTP id 58NAYTeh001281 for ; Tue, 23 Sep 2025 12:34:29 +0200 Received: (from gert@localhost) by blue.greenie.muc.de (8.18.1/8.18.1/Submit) id 58NAYTDE001280 for openvpn-devel@lists.sourceforge.net; Tue, 23 Sep 2025 12:34:29 +0200 From: Gert Doering To: openvpn-devel@lists.sourceforge.net Date: Tue, 23 Sep 2025 12:34:23 +0200 Message-ID: <20250923103429.1257-1-gert@greenie.muc.de> X-Mailer: git-send-email 2.49.1 In-Reply-To: References: MIME-Version: 1.0 X-Spam-Score: 1.3 (+) X-Spam-Report: Spam detection software, running on the system "sfi-spamd-2.hosts.colo.sdot.me", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Frank Lichtenheld It seems unlikely that we can change the API at this point, especially with the integration into the plugin API. So - clean up the functions internally to not throw -Wconversion warnings - clean up any warnings on the caller side Content analysis details: (1.3 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 1.3 RDNS_NONE Delivered to internal network by a host with no rDNS X-Headers-End: 1v10M5-0001kX-MJ Subject: [Openvpn-devel] [PATCH v3] Clean up conversion warnings related to base64_{en, de}code X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1844050590659243680?= X-GMAIL-MSGID: =?utf-8?q?1844050590659243680?= From: Frank Lichtenheld It seems unlikely that we can change the API at this point, especially with the integration into the plugin API. So - clean up the functions internally to not throw -Wconversion warnings - clean up any warnings on the caller side Change-Id: Id7a5b2d8dea01bd532f5bcc8abea0e52b00d1169 Signed-off-by: Frank Lichtenheld Acked-by: Gert Doering Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1148 --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1148 This mail reflects revision 3 of this Change. Acked-by according to Gerrit (reflected above): Gert Doering diff --git a/src/openvpn/base64.c b/src/openvpn/base64.c index 54d5b79..7af8976 100644 --- a/src/openvpn/base64.c +++ b/src/openvpn/base64.c @@ -50,32 +50,32 @@ int openvpn_base64_encode(const void *data, int size, char **str) { - char *s, *p; - int i; - int c; - const unsigned char *q; - if (size < 0) { return -1; } - p = s = (char *)malloc(size * 4 / 3 + 4); + size_t out_size = (size_t)size * 4 / 3 + 4; + if (out_size > INT_MAX) + { + return -1; + } + char *p = (char *)malloc(out_size); + char *start = p; if (p == NULL) { return -1; } - q = (const unsigned char *)data; - i = 0; - for (i = 0; i < size;) + const unsigned char *q = (const unsigned char *)data; + for (int i = 0; i < size;) { - c = q[i++]; - c *= 256; + unsigned int c = q[i++]; + c <<= 8; if (i < size) { c += q[i]; } i++; - c *= 256; + c <<= 8; if (i < size) { c += q[i]; @@ -96,19 +96,18 @@ p += 4; } *p = 0; - *str = s; - return strlen(s); + *str = start; + return (int)strlen(start); } static int pos(char c) { - char *p; - for (p = base64_chars; *p; p++) + for (char *p = base64_chars; *p; p++) { if (*p == c) { - return p - base64_chars; + return (int)(p - base64_chars); } } return -1; @@ -119,16 +118,15 @@ static unsigned int token_decode(const char *token) { - int i; unsigned int val = 0; - int marker = 0; + unsigned int marker = 0; if (!token[0] || !token[1] || !token[2] || !token[3]) { return DECODE_ERROR; } - for (i = 0; i < 4; i++) + for (unsigned int i = 0; i < 4; i++) { - val *= 64; + val <<= 6; if (token[i] == '=') { marker++; @@ -139,7 +137,12 @@ } else { - val += pos(token[i]); + int char_pos = pos(token[i]); + if (unlikely(char_pos < 0)) /* caller should check */ + { + return DECODE_ERROR; + } + val += (unsigned int)char_pos; } } if (marker > 2) @@ -195,5 +198,5 @@ *q++ = val & 0xff; } } - return q - (unsigned char *)data; + return (int)(q - (unsigned char *)data); } diff --git a/src/openvpn/misc.c b/src/openvpn/misc.c index 59bf52b..e0b5da1 100644 --- a/src/openvpn/misc.c +++ b/src/openvpn/misc.c @@ -420,8 +420,8 @@ } if (!(flags & GET_USER_PASS_STATIC_CHALLENGE_CONCAT)) { - if (openvpn_base64_encode(up->password, strlen(up->password), &pw64) == -1 - || openvpn_base64_encode(response, strlen(response), &resp64) == -1) + if (openvpn_base64_encode(up->password, (int)strlen(up->password), &pw64) == -1 + || openvpn_base64_encode(response, (int)strlen(response), &resp64) == -1) { msg(M_FATAL, "ERROR: could not base64-encode password/static_response"); } diff --git a/src/openvpn/proxy.c b/src/openvpn/proxy.c index 054cc79..9d8fe75 100644 --- a/src/openvpn/proxy.c +++ b/src/openvpn/proxy.c @@ -229,7 +229,7 @@ uint8_t * make_base64_string(const uint8_t *str, struct gc_arena *gc) { - return make_base64_string2(str, strlen((const char *)str), gc); + return make_base64_string2(str, (int)strlen((const char *)str), gc); } static const char * diff --git a/src/openvpn/ssl_mbedtls.c b/src/openvpn/ssl_mbedtls.c index 635b53c..23c1e78 100644 --- a/src/openvpn/ssl_mbedtls.c +++ b/src/openvpn/ssl_mbedtls.c @@ -754,7 +754,7 @@ char *src_b64 = NULL; char *dst_b64 = NULL; - if (!management || (openvpn_base64_encode(src, src_len, &src_b64) <= 0)) + if (!management || (openvpn_base64_encode(src, (int)src_len, &src_b64) <= 0)) { goto cleanup; } @@ -768,7 +768,7 @@ goto cleanup; } - if (openvpn_base64_decode(dst_b64, dst, dst_len) != dst_len) + if (openvpn_base64_decode(dst_b64, dst, (int)dst_len) != dst_len) { goto cleanup; }