From patchwork Sun Apr 19 13:41:57 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gert Doering X-Patchwork-Id: 4898 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7000:66c6:b0:84a:48f:a1fd with SMTP id x6csp1102484mal; Sun, 19 Apr 2026 06:42:22 -0700 (PDT) X-Forwarded-Encrypted: i=2; AFNElJ/i3IuhtrDlzUs2/bCULzZbZU4zY+fKRdGW8ZyngnPCvRmpuaUny/qE8f4iuEO2nxLnE70cRVP/LzQ=@openvpn.net X-Received: by 2002:a05:6871:3308:b0:41c:4c64:8e55 with SMTP id 586e51a60fabf-42adecb0bf1mr5678586fac.19.1776606142637; Sun, 19 Apr 2026 06:42:22 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1776606142; cv=none; d=google.com; s=arc-20240605; b=ZBwj1MSbw9PAg1OSOKDXFhisuEohM8E65grtNjlC1qduu8S6U4bzILaDGqAS4NclU0 /beuyWJ1I2AXL3iUPuYDeDwHLYcMQvtDGekDABqweXYgqV7YR0Y6xlroQfnPUfZ2GBi3 4bDp+9yVuVaqF0hgrf3KS9BZ9q/McWiQfiu76Ey56ZD/059hzP1S/CfFAiOhk7PyGl5c GlSiY6EcQQpXxtS6gvYi6IpeITWmRU0D5ywmNOwbEP64v5FeBlIn2v5OpcWdOhlDhUIg BJVrhX1Z7qMjBVyR8SLmoO9DF3DEd+vOQ4OXcOXjqO6uzzvGpfN0xoMNcLl/BC7Ax9hj KI5w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:dkim-signature:dkim-signature; bh=H57uvrmJVMPuowfmtPhJgc0fwKBJmai1rcSZMs1VrVk=; fh=4NbAC/LsuMLI0S0hprUlLSLCiHwg6SCAifhH718Jh0Q=; b=NCMWkaFaEFSK55DiyMrWBoW/HUV6gcvqCOvF1NIoCNcI6PSqI9I+uqlEkGgTlJgYG9 LOD1RVpZ4dX44lwhrVyRQt1V66Ni/EDdjShXrbed/r8wJ9LRbvyhH8pDcExuIM+NTDbk BPA3xK2+xdHzoFKardNEo8IbHrg80VoAeV9ppwF64kWVQAF8aqquiRiF2ddSmiw1VvYF PIBwO0f6l5Rab/LXpndzcXD/pd/E2INrmGJo7cD7RjwSYEShEF3H1tjuYCdpbWwNmiqn 3E7WwpxswuaGsT+Tl7MBAwh4J1ptHnc7pbxI9sf0n7vxFWTIamceZuXX1bw96yt/Al6k LokQ==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=TBletiz1; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=Pl6Hds+V; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=P7Vus1BZ; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id 586e51a60fabf-42b930d0be2si5689402fac.98.2026.04.19.06.42.22 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Sun, 19 Apr 2026 06:42:22 -0700 (PDT) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=TBletiz1; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=Pl6Hds+V; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=P7Vus1BZ; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.sourceforge.net; s=beta; h=Content-Transfer-Encoding:Content-Type: List-Subscribe:List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id: Subject:MIME-Version:References:In-Reply-To:Message-ID:Date:To:From:Sender: Reply-To:Cc:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=H57uvrmJVMPuowfmtPhJgc0fwKBJmai1rcSZMs1VrVk=; b=TBletiz1400OLuEYgOF0Hsy1rW Tv1M50wNtUp1ck9Us+tkLtWAEYixnjTHa6qsRXWz4gl4RBVR4Aolm44ZgxHKx5NXrtovaAepV6RiG CWVx+2t0gPiK9ba1PF/40Y0mgQw7Z9af1zuYZ2kP7qKUf6ZVFOwlEtEQbNF7SmrhCNik=; Received: from [127.0.0.1] (helo=sfs-ml-1.v29.lw.sourceforge.com) by sfs-ml-1.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1wESPk-0006jH-7Z; Sun, 19 Apr 2026 13:42:20 +0000 Received: from [172.30.29.66] (helo=mx.sourceforge.net) by sfs-ml-1.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1wESPi-0006jA-7n for openvpn-devel@lists.sourceforge.net; Sun, 19 Apr 2026 13:42:18 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-ID:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=qr93uHoIAe4mQnKM6JGlyRpA4J8P4dBXEz/it9qmi50=; b=Pl6Hds+V/Bc1BkSVivQ/oVfGAu M7RCC7Mcze5Ph3hFSHNHOSZhXv/K+Nq/aCFHbzzn1+EPMlB2M/v+GethnWnl1uvnIqyrcTlVMQT63 VtrrUyU3eikldvySFl0J9DON6Y6W1VssSue3fNENur70Yg8wtxKEo4y2+ePpiB3OErnE=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-ID: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=qr93uHoIAe4mQnKM6JGlyRpA4J8P4dBXEz/it9qmi50=; b=P7Vus1BZGaHJhknV3/lya9j5eg v+1ZO1Wh8VOgTx19lIeeV4mzRGGylRBtCuCcjh0hJnWQm0IzMdOcVEU0ECIxcEiuIF+4d9hIlAUZB A8a10Upy3acj6mGojcgkVCciZK+5d8LkOZB6SAKI2jv/dYkEqfFMgvBSPBmSkLH3KFRo=; Received: from [193.149.48.129] (helo=blue.greenie.muc.de) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1wESPh-0000P2-6e for openvpn-devel@lists.sourceforge.net; Sun, 19 Apr 2026 13:42:18 +0000 Received: from blue.greenie.muc.de (localhost [127.0.0.1]) by blue.greenie.muc.de (8.18.1/8.18.1) with ESMTP id 63JDg5il021477 for ; Sun, 19 Apr 2026 15:42:05 +0200 Received: (from gert@localhost) by blue.greenie.muc.de (8.18.1/8.18.1/Submit) id 63JDg5sq021476 for openvpn-devel@lists.sourceforge.net; Sun, 19 Apr 2026 15:42:05 +0200 From: Gert Doering To: openvpn-devel@lists.sourceforge.net Date: Sun, 19 Apr 2026 15:41:57 +0200 Message-ID: <20260419134205.21459-1-gert@greenie.muc.de> X-Mailer: git-send-email 2.52.0 In-Reply-To: References: MIME-Version: 1.0 X-Spam-Score: 1.3 (+) X-Spam-Report: Spam detection software, running on the system "sfi-spamd-1.hosts.colo.sdot.me", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Frank Lichtenheld Also add a suitable suppressions-list file to make it possible to run it without reporting errors. Tested with cppcheck 2.19.0 (Ubuntu 26.04). Content analysis details: (1.3 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 RCVD_IN_DNSWL_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to DNSWL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#DnsBlocklists-dnsbl-block for more information. [193.149.48.129 listed in list.dnswl.org] 1.3 RDNS_NONE Delivered to internal network by a host with no rDNS X-Headers-End: 1wESPh-0000P2-6e Subject: [Openvpn-devel] [PATCH v5] dev-tools: Add script to run cppcheck against the code-base X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1862906562625345261?= X-GMAIL-MSGID: =?utf-8?q?1862906562625345261?= From: Frank Lichtenheld Also add a suitable suppressions-list file to make it possible to run it without reporting errors. Tested with cppcheck 2.19.0 (Ubuntu 26.04). Change-Id: I125cf63f11257d7245ead2f7feafb86b841580a5 Signed-off-by: Frank Lichtenheld Acked-by: Gert Doering Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1620 --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1620 This mail reflects revision 5 of this Change. Acked-by according to Gerrit (reflected above): Gert Doering diff --git a/Makefile.am b/Makefile.am index 362ae96..2df7eea 100644 --- a/Makefile.am +++ b/Makefile.am @@ -89,3 +89,10 @@ doxygen: $(MAKE) -C doc/doxygen doxygen + +.PHONY: cppcheck +cppcheck: + BUILD_DIR="$(abs_top_builddir)" \ + SOURCE_DIR="$(abs_top_srcdir)" \ + INCLUDE_FLAGS="$(LIBNL_GENL_CFLAGS)" \ + "$(top_srcdir)/dev-tools/run-cppcheck.sh" diff --git a/dev-tools/cppcheck-suppression b/dev-tools/cppcheck-suppression new file mode 100644 index 0000000..1f31edb --- /dev/null +++ b/dev-tools/cppcheck-suppression @@ -0,0 +1,87 @@ +# We start with --enable=all, but then suppress some issues that have too many +# occurences right now. They still should be fixed at some point +constParameter +constParameterCallback +constParameterPointer +constVariable +constVariablePointer +variableScope +# We have a lot of library includes, not all of them are really required, +# so ignore them +missingIncludeSystem +# cppcheck doesn't understand about check_malloc_return, so these are +# usually misleading +nullPointerOutOfMemory +nullPointerArithmeticOutOfMemory +# These are specific false-positives (FP) or ignored (IGN) issues +# We might want to move some of them to inline-suppression to avoid +# the static line-numbers +# IGN: multi code does weird things with pointers to local variables... +autoVariables:src/openvpn/multi.c:4177 +autoVariables:src/openvpn/multi_io.c:280 +# IGN: the code header = 0 | (OPCODE << P_OPCODE_SHIFT) is used intentionally +badBitmaskCheck:src/openvpn/mudp.c +badBitmaskCheck:tests/unit_tests/openvpn/test_pkt.c +# IGN: event code uses a pointer to store integers +intToPointerCast:src/openvpn/multi_io.c +intToPointerCast:src/openvpn/forward.c +# FP: crt_error is always true on Unix, but not Windows +knownConditionTrueFalse:src/openvpn/error.h:380 +# FP: code needs to accomodate many different defines +knownConditionTrueFalse:src/openvpn/event.c:1148 +# FP: dco_win support has "false" stubs +knownConditionTrueFalse:src/openvpn/forward.c +knownConditionTrueFalse:src/openvpn/init.c +knownConditionTrueFalse:src/openvpn/multi_io.c:163 +# FP: cppcheck thinks that management_query_user_pass is always true, +# but no idea why +knownConditionTrueFalse:src/openvpn/misc.c:97 +# FP: cert_uri_supported is a wrapper around defines, so it's +# always constant but differs depending on OpenSSL version +knownConditionTrueFalse:src/openvpn/ssl_openssl.c:1258 +# FP: cppcheck doesn't understand that the function changes szErrMessage +knownConditionTrueFalse:src/tapctl/main.c:704 +knownConditionTrueFalse:src/openvpnmsica/dllmain.c:164 +# FP: cppcheck seems to be confused since we cast the pointer to integer +memleak:src/plugins/down-root/down-root.c:337 +# FP: eventmsg.h is not built on Unix +missingInclude:src/openvpnserv/common.c:25 +# IGN: strlen(NULL) is not nice code, but seems to work +nullPointerRedundantCheck:src/openvpn/init.c:299 +# IGN: We reuse the same variable name due to macro usage +shadowVariable:src/openvpn/options.c:2580 +shadowVariable:src/openvpn/options.c:2598 +# FP: yes, t_prev is unitialized, but t_prev_len is 0, so that's handled +uninitvar:src/openvpn/crypto_epoch.c:60 +# FP: yes, parm is unitialized, but parm_len is 0, so that's handled +uninitvar:src/openvpn/options_parse.c:148 +# FP: uninit is fine when it is a return parameter +ctuuninitvar:src/openvpn/crypto_mbedtls_legacy.c:698 +uninitvar:src/openvpnserv/interactive.c:1935 +uninitvar:src/tapctl/main.c:566 +# FP: cppcheck doesn't account for short-circuiting +unreadVariable:src/openvpn/manage.c:682 +unusedFunction:src/openvpn/siphash_reference.c +# FP: exported as DLL +unusedFunction:src/openvpnmsica/*.c +# FP: loaded as plugins +unusedFunction:src/plugins/* +unusedFunction:sample/sample-plugins/* +# FP: wmain +unusedFunction:src/tapctl/main.c:613 +unusedFunction:tests/unit_tests/openvpnserv/test_openvpnserv.c +# IGN: keep mocking around for future use +unusedFunction:tests/unit_tests/openvpn/mock_msg.c +# FP: doesn't account for --wrap +unusedFunction:tests/unit_tests/openvpn/test_tls_crypt.c +unusedFunction:/usr/include/* +# IGN: old code that is difficult to test (MSG_ERRQUEUE), ignore for now +unusedStructMember:src/openvpn/mtu.c:281 +# FP: used implictly by NL macros +unusedStructMember:src/openvpn/networking_sitnl.c +# IGN: keep explanatory fields in test data +unusedStructMember:tests/unit_tests/openvpn/test_pkcs11.c +# IGN: nicer to assign generic "arg" early +variableScope:src/openvpn/networking_sitnl.c:1390 +# IGN: nicer to keep the "variable" earlier +variableScope:src/openvpnserv/interactive.c:2687 diff --git a/dev-tools/run-cppcheck.sh b/dev-tools/run-cppcheck.sh new file mode 100755 index 0000000..674fc092 --- /dev/null +++ b/dev-tools/run-cppcheck.sh @@ -0,0 +1,26 @@ +#!/bin/bash + +set -eu + +SCRIPT_DIR=$(dirname $(readlink -e "${BASH_SOURCE[0]}")) +: ${SOURCE_DIR:=$SCRIPT_DIR/..} +: ${BUILD_DIR:=$PWD} +: ${INCLUDE_FLAGS:=} +CPPCHECK_DIR="${BUILD_DIR}/cppcheck_build_dir" + +set -x + +mkdir -p "$CPPCHECK_DIR" +cd "${SOURCE_DIR}" +cppcheck -j$(nproc) \ + -DHAVE_CONFIG_H -U_WIN32 \ + -DMBEDTLS_SSL_PROTO_TLS1_3 -DMBEDTLS_SSL_KEYING_MATERIAL_EXPORT \ + -I./include/ -I./tests/unit_tests/openvpn/ \ + -I./src/compat/ -I./src/openvpn/ -I./src/openvpnserv/ -I./src/plugins/auth-pam/ \ + -I"${BUILD_DIR}" -I"${BUILD_DIR}/include/" $INCLUDE_FLAGS \ + --enable=all \ + --suppressions-list="${SCRIPT_DIR}/cppcheck-suppression" \ + --cppcheck-build-dir="${CPPCHECK_DIR}" \ + --check-level=exhaustive \ + --error-exitcode=1 \ + src/ tests/ sample/