From patchwork Tue Jan 27 22:11:30 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gert Doering X-Patchwork-Id: 4736 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7000:8468:b0:80a:3855:ce6a with SMTP id u8csp2344209max; Tue, 27 Jan 2026 14:11:57 -0800 (PST) X-Forwarded-Encrypted: i=2; AJvYcCU4uVyk44mRZ3+LQTju+xtxQLUdgCOelyM3FvH6dNLdbgZd0lbpcq1x0lK7xEQ4PiRx6y8hX87hKKY=@openvpn.net X-Received: by 2002:a05:6871:e6:b0:3e8:8e57:a40a with SMTP id 586e51a60fabf-409400766a3mr1876000fac.26.1769551917424; Tue, 27 Jan 2026 14:11:57 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1769551917; cv=none; d=google.com; s=arc-20240605; b=LJfDvLUmQCTHa38E7IiufiWbwd4harjnDVClsWVdnHKrjBaDmwep85e2yu1kZdntRw SsFuAgtFDdfI9vgzThRqhO6hPNfTsafIje1xLqth80tgz8qpRzI8xjNL8y53RwQ75zkV tO6cWz6m3MNP4zBbeW2l725vSM6R3nHZg/JiJw1mskY1NuLdDLfO4uCxedNOX9C16IHr BwoS7r+EzcZb4n2tDlctS0eZBmCh6lGigtsAgXAh6ndvHKXfbebu5fgIF7hxs/+8Zrvr dTrzlQ+7l6Ab19IDvggv9xf8DsDsxMrkty4MBwqtj3fscik+yBBbZiOM6nviLmYPjErz 24YQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:dkim-signature:dkim-signature; bh=D4B7dWQzNk4UjFQc3A3Vo1wSyOF4cDTmAYytJQOcdLk=; fh=4NbAC/LsuMLI0S0hprUlLSLCiHwg6SCAifhH718Jh0Q=; b=En8yvb0Lo5NAjVtNU0yZZamZ47L2O2AEG2iNkRzTfB3F0qbsq7E6QjlgkA25CIHNdY LE3nQfFDsnr5ePvVVye8zLGb0Gw1jCv0KtGRCA4dL/RYwAgtNMoZvh5Gk2hOulq3UkY4 1mTfb/UiNMCqG4WbM8DYMElEbFd7DUksJqIBvLKMnsWti4zxl2pJ/8jbZFTCIR4HAzEQ WzafpaKVrqMUUUm3aR50yEQt4MBYnd4fYxILFkNO4Blg5qi/LLKCZ8smSAhRZJxh6XQg ycQqs6HaRcu6KszGTllTHqI0iq0OVn2dY8APRVHWugzZwdpL2TM97Niu9j7qd2cjqUFb cxgA==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=cZqGbXQU; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b="fva+I/Lo"; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=kKebKsCY; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id 586e51a60fabf-40957820bc6si696271fac.394.2026.01.27.14.11.57 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 27 Jan 2026 14:11:57 -0800 (PST) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=cZqGbXQU; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b="fva+I/Lo"; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=kKebKsCY; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.sourceforge.net; s=beta; h=Content-Transfer-Encoding:Content-Type: List-Subscribe:List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id: Subject:MIME-Version:References:In-Reply-To:Message-ID:Date:To:From:Sender: Reply-To:Cc:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=D4B7dWQzNk4UjFQc3A3Vo1wSyOF4cDTmAYytJQOcdLk=; b=cZqGbXQUFnql3J94DlNYw9jUS/ oOag3C4ya5YnSPFGuH/k+zxrL7FupR4d++p0PdCDiOD61nja8jyGauGxVDilVc+6fdS4bTFZmEtaP Ybktdq9WpKIOWuiUmpBg8tGElFzh8/vup+foEhp/62jZllmhIbmrG8bZQhVTspQip2MQ=; Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com) by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1vkrHt-0001Rd-EL; Tue, 27 Jan 2026 22:11:53 +0000 Received: from [172.30.29.66] (helo=mx.sourceforge.net) by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1vkrHs-0001RU-3l for openvpn-devel@lists.sourceforge.net; Tue, 27 Jan 2026 22:11:52 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-ID:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=Xu/VjFFtLQBq55R38b6Nf5I1iw6KeptSeHkJEhUiQJU=; b=fva+I/LohkvqfKKsvrTHJ8Qv9j raqBn83oVr9ke6lw0Z7f/d9Bz3XMsu758jEEr/Qu7qY3a/UX/oiK+cYBxk515yO1SU/wYqf5zYkVA +gTObIYRmMh9zzeBPE3Ysik1u2ZkDuZoFcwU5vVnCdmuKprpk2hjxI3yr3HCiwPoWWCk=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-ID: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=Xu/VjFFtLQBq55R38b6Nf5I1iw6KeptSeHkJEhUiQJU=; b=kKebKsCY7k1vnU098zExQrqhsY ku8Yrdk5EHJUNZEV3ieNXr4jvqlBMb/lZ0Qv8I8zgvG548USpxsbWnTmiajGzkMSM8pTEVflra/IY E1uShmVjumu6UO8t4/C2BwSmlnDW7STOjBFf5agOh1CzaLVaa5Gl7FpQcLfJizggDJ6w=; Received: from [193.149.48.134] (helo=blue.greenie.muc.de) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1vkrHp-0005Ej-5d for openvpn-devel@lists.sourceforge.net; Tue, 27 Jan 2026 22:11:50 +0000 Received: from blue.greenie.muc.de (localhost [127.0.0.1]) by blue.greenie.muc.de (8.18.1/8.18.1) with ESMTP id 60RMBbvP029439 for ; Tue, 27 Jan 2026 23:11:37 +0100 Received: (from gert@localhost) by blue.greenie.muc.de (8.18.1/8.18.1/Submit) id 60RMBbw9029438 for openvpn-devel@lists.sourceforge.net; Tue, 27 Jan 2026 23:11:37 +0100 From: Gert Doering To: openvpn-devel@lists.sourceforge.net Date: Tue, 27 Jan 2026 23:11:30 +0100 Message-ID: <20260127221136.29426-1-gert@greenie.muc.de> X-Mailer: git-send-email 2.51.2 In-Reply-To: References: MIME-Version: 1.0 X-Spam-Score: 1.3 (+) X-Spam-Report: Spam detection software, running on the system "sfi-spamd-2.hosts.colo.sdot.me", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Frank Lichtenheld As we did before with -Wconversion, ignore existing issues for now so that we can tackle them one-by-one. Change-Id: I880cf01b0db80fc9b40ca4afa30aa51e3fb8ce3b Signed-off-by: Frank Lichtenheld Acked-by: Gert Doering Gerrit URL: https://gerrit.openvpn.net/c/open [...] Content analysis details: (1.3 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 1.3 RDNS_NONE Delivered to internal network by a host with no rDNS X-Headers-End: 1vkrHp-0005Ej-5d Subject: [Openvpn-devel] [PATCH v10] Enable -Wsign-compare X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1855509671112228275?= X-GMAIL-MSGID: =?utf-8?q?1855509671112228275?= From: Frank Lichtenheld As we did before with -Wconversion, ignore existing issues for now so that we can tackle them one-by-one. Change-Id: I880cf01b0db80fc9b40ca4afa30aa51e3fb8ce3b Signed-off-by: Frank Lichtenheld Acked-by: Gert Doering Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1386 --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1386 This mail reflects revision 10 of this Change. Acked-by according to Gerrit (reflected above): Gert Doering diff --git a/CMakeLists.txt b/CMakeLists.txt index e25ecae..a232a7c 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -117,7 +117,7 @@ check_and_add_compiler_flag(-Wstrict-prototypes StrictPrototypes) check_and_add_compiler_flag(-Wold-style-definition OldStyleDefinition) add_compile_options(-Wconversion -Wno-sign-conversion) - add_compile_options(-Wextra -Wno-sign-compare -Wno-unused-parameter) + add_compile_options(-Wextra -Wno-unused-parameter) # clang doesn't have the different levels but also doesn't include it in -Wextra check_and_add_compiler_flag(-Wimplicit-fallthrough=2 GCCImplicitFallthrough) if (WIN32) diff --git a/configure.ac b/configure.ac index 841b0d1..997dd22 100644 --- a/configure.ac +++ b/configure.ac @@ -1269,7 +1269,7 @@ ACL_CHECK_ADD_COMPILE_FLAGS([-Wold-style-definition]) ACL_CHECK_ADD_COMPILE_FLAGS([-Wconversion -Wno-sign-conversion]) ACL_CHECK_ADD_COMPILE_FLAGS([-Wall]) -ACL_CHECK_ADD_COMPILE_FLAGS([-Wextra -Wno-sign-compare -Wno-unused-parameter]) +ACL_CHECK_ADD_COMPILE_FLAGS([-Wextra -Wno-unused-parameter]) # clang doesn't have the different levels but also doesn't include it in -Wextra ACL_CHECK_ADD_COMPILE_FLAGS([-Wimplicit-fallthrough=2]) if test "${WIN32}" = "yes"; then diff --git a/src/openvpn/argv.c b/src/openvpn/argv.c index 8e37115..b5d9603 100644 --- a/src/openvpn/argv.c +++ b/src/openvpn/argv.c @@ -263,6 +263,11 @@ gc_free(&gc); } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wsign-compare" +#endif + /** * Prepares argv format string for further processing * @@ -418,6 +423,10 @@ return res; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + /** * printf() variant which populates a struct argv. It processes the * format string with the provided arguments. For each space separator found diff --git a/src/openvpn/auth_token.c b/src/openvpn/auth_token.c index a694e81..eb2b4d5 100644 --- a/src/openvpn/auth_token.c +++ b/src/openvpn/auth_token.c @@ -287,6 +287,11 @@ return memcmp_constant_time(&hmac_output, hmac, 32) == 0; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wsign-compare" +#endif + unsigned int verify_auth_token(struct user_pass *up, struct tls_multi *multi, struct tls_session *session) { @@ -391,6 +396,10 @@ return ret; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + void wipe_auth_token(struct tls_multi *multi) { diff --git a/src/openvpn/buffer.c b/src/openvpn/buffer.c index d078d79..3ae8d92 100644 --- a/src/openvpn/buffer.c +++ b/src/openvpn/buffer.c @@ -280,6 +280,11 @@ return ret; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wsign-compare" +#endif + /* * write a string to the end of a buffer that was * truncated by buf_printf @@ -1299,6 +1304,10 @@ } } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + void buffer_list_aggregate(struct buffer_list *bl, const size_t max) { diff --git a/src/openvpn/crypto.c b/src/openvpn/crypto.c index e3d1fa5..49f2b91 100644 --- a/src/openvpn/crypto.c +++ b/src/openvpn/crypto.c @@ -39,6 +39,11 @@ #include "memdbg.h" +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wsign-compare" +#endif + /* * Encryption and Compression Routines. * @@ -1275,6 +1280,10 @@ gc_free(&gc); } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + const char * print_key_filename(const char *str, bool is_inline) { diff --git a/src/openvpn/crypto_epoch.c b/src/openvpn/crypto_epoch.c index 3a716f4..f04ba4b4 100644 --- a/src/openvpn/crypto_epoch.c +++ b/src/openvpn/crypto_epoch.c @@ -72,6 +72,11 @@ hmac_ctx_free(hmac_ctx); } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wsign-compare" +#endif + bool ovpn_expand_label(const uint8_t *secret, size_t secret_len, const uint8_t *label, size_t label_len, const uint8_t *context, size_t context_len, uint8_t *out, int out_len) @@ -114,6 +119,10 @@ return true; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + /** * Iterates the epoch key to make it E_n+1, ie increase the epoch by one * and derive the new key material accordingly diff --git a/src/openvpn/crypto_mbedtls_legacy.c b/src/openvpn/crypto_mbedtls_legacy.c index 7a2f6ff..f9b7ae6 100644 --- a/src/openvpn/crypto_mbedtls_legacy.c +++ b/src/openvpn/crypto_mbedtls_legacy.c @@ -236,6 +236,7 @@ #if defined(__GNUC__) || defined(__clang__) #pragma GCC diagnostic push #pragma GCC diagnostic ignored "-Wconversion" +#pragma GCC diagnostic ignored "-Wsign-compare" #endif bool diff --git a/src/openvpn/crypto_openssl.c b/src/openvpn/crypto_openssl.c index 2e49197..9576cb2 100644 --- a/src/openvpn/crypto_openssl.c +++ b/src/openvpn/crypto_openssl.c @@ -1190,6 +1190,11 @@ HMAC_CTX_free(ctx); } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wsign-compare" +#endif + void hmac_ctx_init(HMAC_CTX *ctx, const uint8_t *key, const char *mdname) { @@ -1207,6 +1212,10 @@ ASSERT(HMAC_size(ctx) <= key_len); } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + void hmac_ctx_cleanup(HMAC_CTX *ctx) { diff --git a/src/openvpn/cryptoapi.c b/src/openvpn/cryptoapi.c index 49f5bbb..b74320d 100644 --- a/src/openvpn/cryptoapi.c +++ b/src/openvpn/cryptoapi.c @@ -61,7 +61,7 @@ return 0; } -#else /* HAVE_XKEY_PROVIDER */ +#else /* HAVE_XKEY_PROVIDER */ static XKEY_EXTERNAL_SIGN_fn xkey_cng_sign; @@ -145,6 +145,11 @@ free(cd); } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wsign-compare" +#endif + /** * Parse a hex string with optional embedded spaces into * a byte array. @@ -177,6 +182,10 @@ return i; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + static void * decode_object(struct gc_arena *gc, LPCSTR struct_type, const CRYPT_OBJID_BLOB *val, DWORD flags, DWORD *cb) diff --git a/src/openvpn/dco_freebsd.c b/src/openvpn/dco_freebsd.c index d1ad092..62954de 100644 --- a/src/openvpn/dco_freebsd.c +++ b/src/openvpn/dco_freebsd.c @@ -559,6 +559,11 @@ return ret; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wsign-compare" +#endif + static void dco_update_peer_stat(struct multi_context *m, uint32_t peerid, const nvlist_t *nvl) { @@ -577,6 +582,10 @@ __func__, peerid, mi->context.c2.dco_read_bytes, mi->context.c2.dco_write_bytes); } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + int dco_read_and_process(dco_context_t *dco) { diff --git a/src/openvpn/dco_linux.c b/src/openvpn/dco_linux.c index 3ad8b90..b92fa43 100644 --- a/src/openvpn/dco_linux.c +++ b/src/openvpn/dco_linux.c @@ -858,6 +858,11 @@ } } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wsign-compare" +#endif + static int ovpn_handle_peer(dco_context_t *dco, struct nlattr *attrs[]) { @@ -913,6 +918,10 @@ return NL_OK; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + static bool ovpn_iface_check(dco_context_t *dco, struct nlattr *attrs[]) { diff --git a/src/openvpn/dco_win.c b/src/openvpn/dco_win.c index 695bf41..f46c24d 100644 --- a/src/openvpn/dco_win.c +++ b/src/openvpn/dco_win.c @@ -739,6 +739,11 @@ return 0; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wsign-compare" +#endif + int dco_get_peer_stats_multi(dco_context_t *dco, const bool raise_sigusr1_on_err) { @@ -866,6 +871,10 @@ return ret; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + int dco_get_peer_stats_fallback(struct context *c, const bool raise_sigusr1_on_err) { diff --git a/src/openvpn/dns.c b/src/openvpn/dns.c index 996622a..fd388ce 100644 --- a/src/openvpn/dns.c +++ b/src/openvpn/dns.c @@ -475,7 +475,12 @@ send_msg_iservice(o->msg_channel, &nrpt, sizeof(nrpt), &ack, "DNS"); } -#else /* ifdef _WIN32 */ +#else /* ifdef _WIN32 */ + +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wsign-compare" +#endif static void setenv_dns_option(struct env_set *es, const char *format, int i, int j, const char *value) @@ -560,6 +565,10 @@ gc_free(&gc); } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + static void updown_env_set(bool up, const struct dns_options *o, const struct tuntap *tt, struct env_set *es) { diff --git a/src/openvpn/error.c b/src/openvpn/error.c index bc8cc98..6fb4f32 100644 --- a/src/openvpn/error.c +++ b/src/openvpn/error.c @@ -97,6 +97,11 @@ forked = true; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wsign-compare" +#endif + bool set_debug_level(const int level, const unsigned int flags) { @@ -113,6 +118,10 @@ return false; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + bool set_mute_cutoff(const int cutoff) { @@ -612,6 +621,11 @@ x_cs_verbose_level = verbose_level; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wsign-compare" +#endif + /* * Called after most socket or tun/tap operations, via the inline * function check_status(). @@ -680,6 +694,10 @@ } } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + /* * In multiclient mode, put a client-specific prefix * before each message. diff --git a/src/openvpn/init.c b/src/openvpn/init.c index 70c0b5d..df704c3 100644 --- a/src/openvpn/init.c +++ b/src/openvpn/init.c @@ -325,6 +325,11 @@ return l->len; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wsign-compare" +#endif + static bool management_callback_remote_entry_get(void *arg, unsigned int index, char **remote) { @@ -359,6 +364,10 @@ return ret; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + static bool management_callback_remote_cmd(void *arg, const char **p) { @@ -457,6 +466,7 @@ #if defined(__GNUC__) || defined(__clang__) #pragma GCC diagnostic push #pragma GCC diagnostic ignored "-Wconversion" +#pragma GCC diagnostic ignored "-Wsign-compare" #endif /* diff --git a/src/openvpn/mudp.c b/src/openvpn/mudp.c index 8b2332e..b359750 100644 --- a/src/openvpn/mudp.c +++ b/src/openvpn/mudp.c @@ -180,6 +180,11 @@ return false; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wsign-compare" +#endif + /* * Get a client instance based on real address. If * the instance doesn't exist, create it while @@ -310,6 +315,10 @@ return mi; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + /* * Send a packet to UDP socket. */ diff --git a/src/openvpn/multi.c b/src/openvpn/multi.c index 2af49d2..231507e 100644 --- a/src/openvpn/multi.c +++ b/src/openvpn/multi.c @@ -704,6 +704,11 @@ } } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wsign-compare" +#endif + /* * Create a client instance object for a newly connected client. */ @@ -794,6 +799,10 @@ return NULL; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + /* * Dump tables -- triggered by SIGUSR2. * If status file is defined, write to file. @@ -4119,6 +4128,11 @@ #endif /* ifdef ENABLE_MANAGEMENT */ } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wsign-compare" +#endif + void multi_assign_peer_id(struct multi_context *m, struct multi_instance *mi) { @@ -4140,6 +4154,10 @@ ASSERT(mi->context.c2.tls_multi->peer_id < m->max_clients); } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + /** * @brief Determines the earliest wakeup interval based on periodic operations. * diff --git a/src/openvpn/multi.h b/src/openvpn/multi.h index 11f68b0..c686e47 100644 --- a/src/openvpn/multi.h +++ b/src/openvpn/multi.h @@ -380,6 +380,11 @@ #endif +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wsign-compare" +#endif + /* * Return true if our output queue is not full */ @@ -396,6 +401,10 @@ } } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + /* * Determine which instance has pending output * and prepare the output for sending in diff --git a/src/openvpn/ntlm.c b/src/openvpn/ntlm.c index 8e913dc..615cbad 100644 --- a/src/openvpn/ntlm.c +++ b/src/openvpn/ntlm.c @@ -77,6 +77,7 @@ #if defined(__GNUC__) || defined(__clang__) #pragma GCC diagnostic push #pragma GCC diagnostic ignored "-Wconversion" +#pragma GCC diagnostic ignored "-Wsign-compare" #endif static void diff --git a/src/openvpn/options.c b/src/openvpn/options.c index 9708062..334ea64 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -4696,6 +4696,11 @@ return BSTR(&out); } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wsign-compare" +#endif + char * options_string_extract_option(const char *options_string, const char *opt_name, struct gc_arena *gc) { @@ -4725,6 +4730,10 @@ return ret; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + /* * parse/print topology coding */ @@ -5564,6 +5573,11 @@ return ret; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wsign-compare" +#endif + void add_option(struct options *options, char *p[], bool is_inline, const char *file, int line, const int level, const msglvl_t msglevel, const unsigned int permission_mask, @@ -9288,6 +9302,10 @@ gc_free(&gc); } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + bool has_udp_in_local_list(const struct options *options) { diff --git a/src/openvpn/ps.c b/src/openvpn/ps.c index e4c5794..e98502d 100644 --- a/src/openvpn/ps.c +++ b/src/openvpn/ps.c @@ -327,6 +327,11 @@ } } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wsign-compare" +#endif + /* * Record IP/port of client in filesystem, so that server receiving * the proxy can determine true client origin. @@ -368,6 +373,10 @@ } } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + /* * Cleanup function, on proxy process exit. */ diff --git a/src/openvpn/push.c b/src/openvpn/push.c index e328d9b..d13b24a 100644 --- a/src/openvpn/push.c +++ b/src/openvpn/push.c @@ -800,6 +800,11 @@ gc_free(&gc); } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wsign-compare" +#endif + bool send_push_reply(struct context *c, struct push_list *per_client_push_list) { @@ -939,6 +944,10 @@ return true; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + void push_reset(struct options *o) { diff --git a/src/openvpn/route.c b/src/openvpn/route.c index 9a0dcc4..329f3b0 100644 --- a/src/openvpn/route.c +++ b/src/openvpn/route.c @@ -570,6 +570,11 @@ } } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wsign-compare" +#endif + static void add_block_local_routes(struct route_list *rl) { @@ -602,6 +607,10 @@ && (rl->spec.flags & RTSA_REMOTE_ENDPOINT) && rl->spec.remote_host_local != TLA_LOCAL; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + bool init_route_list(struct route_list *rl, const struct route_option_list *opt, const char *remote_endpoint, int default_metric, in_addr_t remote_host, @@ -1436,6 +1445,11 @@ #define LR_MATCH 1 /* route is local */ #define LR_ERROR 2 /* caller should abort adding route */ +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wsign-compare" +#endif + static int local_route(in_addr_t network, in_addr_t netmask, in_addr_t gateway, const struct route_gateway_info *rgi) @@ -1465,6 +1479,10 @@ return LR_NOMATCH; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + /* Return true if the "on-link" form of the route should be used. This is when the gateway for * a route is specified as an interface rather than an address. */ #if defined(TARGET_LINUX) || defined(_WIN32) || defined(TARGET_DARWIN) @@ -2869,6 +2887,11 @@ return ret; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wsign-compare" +#endif + /* Returns RTA_SUCCESS on success, RTA_EEXIST if route exists, RTA_ERROR on error */ static int do_route_ipv4_service(const bool add, const struct route_ipv4 *r, const struct tuntap *tt) @@ -3018,6 +3041,10 @@ return status; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + /* Returns RTA_SUCCESS on success, RTA_EEXIST if route exists, RTA_ERROR on error */ static int add_route_service(const struct route_ipv4 *r, const struct tuntap *tt) diff --git a/src/openvpn/socket.c b/src/openvpn/socket.c index 58ccda9..698e724 100644 --- a/src/openvpn/socket.c +++ b/src/openvpn/socket.c @@ -2523,6 +2523,11 @@ return WSAGetLastError(); } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wsign-compare" +#endif + int socket_recv_queue(struct link_socket *sock, int maxsize) { @@ -2624,6 +2629,10 @@ return sock->reads.iostate; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + int socket_send_queue(struct link_socket *sock, struct buffer *buf, const struct link_socket_actual *to) { diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c index 69d0e4e..aac31c2 100644 --- a/src/openvpn/ssl.c +++ b/src/openvpn/ssl.c @@ -2909,6 +2909,11 @@ return true; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wsign-compare" +#endif + /** * Determines if a renegotiation should be triggerred based on the various * factors that can trigger one @@ -2987,6 +2992,11 @@ return false; } + +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + /* * This is the primary routine for processing TLS stuff inside the * the main event loop. When this routine exits diff --git a/src/openvpn/ssl_mbedtls.c b/src/openvpn/ssl_mbedtls.c index 3e1698f..bb29a14 100644 --- a/src/openvpn/ssl_mbedtls.c +++ b/src/openvpn/ssl_mbedtls.c @@ -588,6 +588,7 @@ #if defined(__GNUC__) || defined(__clang__) #pragma GCC diagnostic push #pragma GCC diagnostic ignored "-Wconversion" +#pragma GCC diagnostic ignored "-Wsign-compare" #endif #if MBEDTLS_VERSION_NUMBER < 0x04000000 diff --git a/src/openvpn/ssl_ncp.c b/src/openvpn/ssl_ncp.c index 686f823..500e09d 100644 --- a/src/openvpn/ssl_ncp.c +++ b/src/openvpn/ssl_ncp.c @@ -92,6 +92,11 @@ } } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wsign-compare" +#endif + char * mutate_ncp_cipher_list(const char *list, struct gc_arena *gc) { @@ -202,6 +207,10 @@ o->ncp_ciphers = ncp_ciphers; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + bool tls_item_in_cipher_list(const char *item, const char *list) { diff --git a/src/openvpn/ssl_openssl.c b/src/openvpn/ssl_openssl.c index 09f23964..c61e4b2 100644 --- a/src/openvpn/ssl_openssl.c +++ b/src/openvpn/ssl_openssl.c @@ -1491,6 +1491,11 @@ return len; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wsign-compare" +#endif + /* sign arbitrary data */ static int rsa_priv_enc(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding) @@ -1509,6 +1514,10 @@ return (ret == len) ? ret : -1; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + static int tls_ctx_use_external_rsa_key(struct tls_root_ctx *ctx, EVP_PKEY *pkey) { diff --git a/src/openvpn/ssl_verify_mbedtls.c b/src/openvpn/ssl_verify_mbedtls.c index ad5479c..7495085 100644 --- a/src/openvpn/ssl_verify_mbedtls.c +++ b/src/openvpn/ssl_verify_mbedtls.c @@ -565,6 +565,11 @@ gc_free(&gc); } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wsign-compare" +#endif + /* * Save X509 fields to environment, using the naming convention: * @@ -673,6 +678,10 @@ return fFound; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + result_t x509_verify_cert_eku(mbedtls_x509_crt *cert, const char *const expected_oid) { diff --git a/src/openvpn/ssl_verify_openssl.c b/src/openvpn/ssl_verify_openssl.c index 60d5756..58f665c 100644 --- a/src/openvpn/ssl_verify_openssl.c +++ b/src/openvpn/ssl_verify_openssl.c @@ -118,6 +118,11 @@ return nid == NID_subject_alt_name || nid == NID_issuer_alt_name; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wsign-compare" +#endif + static bool extract_x509_extension(X509 *cert, char *fieldname, char *out, size_t size) { @@ -180,6 +185,10 @@ return retval; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + /* * Extract a field from an X509 subject name. * diff --git a/src/openvpn/status.c b/src/openvpn/status.c index d09f367..4d42863 100644 --- a/src/openvpn/status.c +++ b/src/openvpn/status.c @@ -206,6 +206,11 @@ return ret; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wsign-compare" +#endif + #define STATUS_PRINTF_MAXLEN 512 void @@ -253,6 +258,10 @@ } } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + bool status_read(struct status_output *so, struct buffer *buf) { diff --git a/src/openvpn/tls_crypt.c b/src/openvpn/tls_crypt.c index 730c20d..44aaad9 100644 --- a/src/openvpn/tls_crypt.c +++ b/src/openvpn/tls_crypt.c @@ -206,6 +206,11 @@ return false; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wsign-compare" +#endif + bool tls_crypt_unwrap(const struct buffer *src, struct buffer *dst, struct crypto_options *opt) { @@ -796,3 +801,7 @@ gc_free(&gc); } + +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif diff --git a/src/openvpn/tun.c b/src/openvpn/tun.c index 3c20e97..ad77117 100644 --- a/src/openvpn/tun.c +++ b/src/openvpn/tun.c @@ -112,6 +112,11 @@ static const char *netsh_get_id(const char *dev_node, struct gc_arena *gc); +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wsign-compare" +#endif + static bool do_address_service(const bool add, const short family, const struct tuntap *tt) { @@ -363,6 +368,10 @@ gc_free(&gc); } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + static bool do_set_mtu_service(const struct tuntap *tt, const short family, const int mtu) { @@ -1706,6 +1715,11 @@ #include #include +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wsign-compare" +#endif + static inline ssize_t header_modify_read_write_return(ssize_t len) { @@ -1719,6 +1733,10 @@ } } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + static ssize_t write_tun_header(struct tuntap *tt, uint8_t *buf, int len) { @@ -3255,6 +3273,11 @@ #elif defined(_WIN32) +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wsign-compare" +#endif + int tun_read_queue(struct tuntap *tt, int maxsize) { @@ -5595,6 +5618,10 @@ gc_free(&gc); } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + static void tuntap_set_connected(const struct tuntap *tt) { diff --git a/src/openvpn/wfp_block.c b/src/openvpn/wfp_block.c index 212a4b2..74d19ce 100644 --- a/src/openvpn/wfp_block.c +++ b/src/openvpn/wfp_block.c @@ -131,6 +131,11 @@ return err; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wsign-compare" +#endif + /* * Block outgoing local traffic, possibly DNS only, except for * (i) adapter with the specified index (and loopback, if all is blocked) @@ -340,6 +345,10 @@ return err; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + DWORD delete_wfp_block_filters(HANDLE engine_handle) { diff --git a/src/openvpn/win32-util.c b/src/openvpn/win32-util.c index 9d38cb7..e60cbac 100644 --- a/src/openvpn/win32-util.c +++ b/src/openvpn/win32-util.c @@ -146,6 +146,11 @@ return true; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wsign-compare" +#endif + const char * win_get_tempdir(void) { @@ -167,4 +172,8 @@ WideCharToMultiByte(CP_UTF8, 0, wtmpdir, -1, tmpdir, sizeof(tmpdir), NULL, NULL); return tmpdir; } + +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif #endif /* _WIN32 */ diff --git a/src/openvpnmsica/dllmain.c b/src/openvpnmsica/dllmain.c index ac9379d..2bb0e1b 100644 --- a/src/openvpnmsica/dllmain.c +++ b/src/openvpnmsica/dllmain.c @@ -98,6 +98,10 @@ return true; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wsign-compare" +#endif void x_msg_va(const unsigned int flags, const char *format, va_list arglist) @@ -190,3 +194,7 @@ hRecordProg); MsiCloseHandle(hRecordProg); } + +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif diff --git a/src/openvpnserv/interactive.c b/src/openvpnserv/interactive.c index 4fa4889..227431a 100644 --- a/src/openvpnserv/interactive.c +++ b/src/openvpnserv/interactive.c @@ -1247,6 +1247,11 @@ return err; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wsign-compare" +#endif + /** * Check for a valid search list in a certain key of the registry * @@ -3000,6 +3005,10 @@ return err; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + static DWORD HandleEnableDHCPMessage(const enable_dhcp_message_t *dhcp) { diff --git a/src/plugins/auth-pam/auth-pam.c b/src/plugins/auth-pam/auth-pam.c index c012320..0f3346f 100644 --- a/src/plugins/auth-pam/auth-pam.c +++ b/src/plugins/auth-pam/auth-pam.c @@ -184,6 +184,11 @@ return -1; } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wsign-compare" +#endif + static ssize_t send_string(int fd, const char *string) { @@ -199,6 +204,10 @@ } } +#if defined(__GNUC__) || defined(__clang__) +#pragma GCC diagnostic pop +#endif + #ifdef DO_DAEMONIZE /*