diff mbox series

[Openvpn-devel,v3] pkcs11: Avoid some conversion warnings

Message ID 20251111172531.7754-1-gert@greenie.muc.de
State New
Headers show
Series [Openvpn-devel,v3] pkcs11: Avoid some conversion warnings | expand

Commit Message

Gert Doering Nov. 11, 2025, 5:25 p.m. UTC 
From: Frank Lichtenheld <frank@lichtenheld.com>

Since we translate between different APIs
casts are unavoidable. Make sure they are safe.

Change-Id: If3331a2d0477634af077b4c29963dbec6d04e17b
Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com>
Acked-by: Arne Schwabe <arne-openvpn@rfc2549.org>
Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1296
---

This change was reviewed on Gerrit and approved by at least one
developer. I request to merge it to master.

Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1296
This mail reflects revision 3 of this Change.

Acked-by according to Gerrit (reflected above):
Arne Schwabe <arne-openvpn@rfc2549.org>
diff mbox series

Patch

diff --git a/src/openvpn/pkcs11.c b/src/openvpn/pkcs11.c
index 9afb181..14118a9 100644
--- a/src/openvpn/pkcs11.c
+++ b/src/openvpn/pkcs11.c
@@ -53,18 +53,17 @@ 
 }
 #endif
 
-#if defined(__GNUC__) || defined(__clang__)
-#pragma GCC diagnostic push
-#pragma GCC diagnostic ignored "-Wconversion"
-#endif
-
 static void
-__mysleep(const unsigned long usec)
+__mysleep(unsigned long usec)
 {
 #if defined(_WIN32)
     Sleep(usec / 1000);
 #else
-    usleep(usec);
+    if (usec > UINT_MAX)
+    {
+        usec = UINT_MAX;
+    }
+    usleep((useconds_t)usec);
 #endif
 }
 
@@ -528,7 +527,13 @@ 
         goto cleanup;
     }
 
-    if (openvpn_base64_encode(certificate_blob, certificate_blob_size, &internal_base64) == -1)
+    if (certificate_blob_size > INT_MAX)
+    {
+        msg(M_WARN, "PKCS#11: Invalid certificate size %zu", certificate_blob_size);
+        goto cleanup;
+    }
+
+    if (openvpn_base64_encode(certificate_blob, (int)certificate_blob_size, &internal_base64) == -1)
     {
         msg(M_WARN, "PKCS#11: Cannot encode certificate");
         goto cleanup;
@@ -563,10 +568,6 @@ 
     return success;
 }
 
-#if defined(__GNUC__) || defined(__clang__)
-#pragma GCC diagnostic pop
-#endif
-
 int
 tls_ctx_use_pkcs11(struct tls_root_ctx *const ssl_ctx, bool pkcs11_id_management,
                    const char *const pkcs11_id)