From patchwork Tue Sep 10 12:20:08 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gert Doering X-Patchwork-Id: 3818 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7000:6bd4:b0:5b9:581e:f939 with SMTP id c20csp2061193max; Tue, 10 Sep 2024 05:20:35 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCVP2W/IBZsgjz7EtMsMD3v4+1/6SddaiLGOzi4+/JHWBsPNqxs94g3vDFvjTVoZw7ahh3e68L7EOPg=@openvpn.net X-Google-Smtp-Source: AGHT+IF+RWvCpzd0MBTWTPdhgLKSNn0/sx1AWo79Sl41Om7CcvMJ5+KZtq52r7Jyfoazbkdp9asW X-Received: by 2002:a05:6830:6202:b0:709:4ef3:244 with SMTP id 46e09a7af769-710cc26e139mr14542772a34.30.1725970835502; Tue, 10 Sep 2024 05:20:35 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1725970835; cv=none; d=google.com; s=arc-20240605; b=lixBJn/j54Qu66UIJI3GQRtA+l9b4Cv9A2jl9MrS+5qEtYyL+mizhmpAFbMrMqsIdL 7fsviOingi+Ctsh8owv1jbpGdIXg2HyjnULT52JBkXfSklA1fo5JL5KdlHa4cBqTav6h XTslocnw0L+UEv/xCV1TVXkpL+DcbxRfB8K15ESAEufLN8IZzAts4ztVPDhU9bAhbpfz v9yL63/58Be5tfcQoqzAkQbHOfX4NtkIWoKV6mYKvPDwA1uTmoPLbB66GkadSBodjSKQ wzWontR0/NRyjMtX6lKKbjWaL54+xDdC0YjiXPQqB53l/5F5f1/jUP84R47IlJIBBN79 mVfw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:dkim-signature; bh=9aeFgPJvxB7/jJSDg9XhKG4EQO07X2KqfnAAfZyRiec=; fh=4NbAC/LsuMLI0S0hprUlLSLCiHwg6SCAifhH718Jh0Q=; b=XRLAgS8XIsjZqRvmacZnB1I84yoGZiyU1djUEoccMaBRNChlBO9YGqoVOymeNH4IQb eCRPlpV7XVFvRX0Z3+H0h3MPsyY1xeclGI3+rQR3UGVME9x0XVlNeGaUxDAHWgU7t+OX 6usYTC5rfHgKtamDAI9OFoC1Waw4i4IhpB8wcq+ERlHlOJxL0rCeKxvyc6MaVEqQfWZY KR3Bzk3GktZ7Q771jq+99NAgGdIyH+N6wKGFTvWv5RFsCtkFk03B0hEGe4DKQ3r9S90J bHEyYfyBntMJ61WsDYr6IZ3mBAaOmcnJqVlzjZ4NG04ij9CWqFf7Qt/5f66zZ85TZXSD 28Ig==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=lXoQHD6a; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=hAa1JOK9; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id 006d021491bc7-5e1c95f8517si2366676eaf.2.2024.09.10.05.20.34 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 10 Sep 2024 05:20:35 -0700 (PDT) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=lXoQHD6a; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=hAa1JOK9; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de Received: from [127.0.0.1] (helo=sfs-ml-3.v29.lw.sourceforge.com) by sfs-ml-3.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1snzr7-0006VV-3h; Tue, 10 Sep 2024 12:20:24 +0000 Received: from [172.30.29.66] (helo=mx.sourceforge.net) by sfs-ml-3.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1snzr5-0006VP-Pe for openvpn-devel@lists.sourceforge.net; Tue, 10 Sep 2024 12:20:23 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-ID:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=KBdCZFUjNB9XihQU5xW9m/xa1f+Xvv5B2eNnuD0VthA=; b=lXoQHD6actcqs6Oom00DqxbXRt W8w5O3t3QIJPUqfU2c4On7izJpho4YT4lDX+oYoMzP/zKnFCGYDEFqp9XVxLskPPrzzCw/Rl53zDT yPa8g/XxWzmhfBmV+v9Ornh0KzPmh9XjFsiH93ea4fFT9Q/0F838LkOxwZCf4bHEIuYA=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-ID: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=KBdCZFUjNB9XihQU5xW9m/xa1f+Xvv5B2eNnuD0VthA=; b=hAa1JOK9rhNsFJ0c31DKKnDHuB rmbuax/ksb2S027em1CxQ3C8xAiIF6ZVHpoSJEm7JEMd/77Vu/vtqUs2smfIzpBmO9HvcyvTOK7GA +MV0HGNlrMfdixnpG11Vaf9ypugdK/8psV+guA368P95EcCMlIsdgi8O4oN4AsUUXNjc=; Received: from dhcp-174.greenie.muc.de ([193.149.48.174] helo=blue.greenie.muc.de) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1snzr2-0003ib-Q1 for openvpn-devel@lists.sourceforge.net; Tue, 10 Sep 2024 12:20:23 +0000 Received: from blue.greenie.muc.de (localhost [127.0.0.1]) by blue.greenie.muc.de (8.17.1.9/8.17.1.9) with ESMTP id 48ACK9B6023519 for ; Tue, 10 Sep 2024 14:20:09 +0200 Received: (from gert@localhost) by blue.greenie.muc.de (8.17.1.9/8.17.1.9/Submit) id 48ACK8e0023518 for openvpn-devel@lists.sourceforge.net; Tue, 10 Sep 2024 14:20:08 +0200 From: Gert Doering To: openvpn-devel@lists.sourceforge.net Date: Tue, 10 Sep 2024 14:20:08 +0200 Message-ID: <20240910122008.23507-1-gert@greenie.muc.de> X-Mailer: git-send-email 2.44.2 In-Reply-To: References: MIME-Version: 1.0 X-Spam-Score: -0.0 (/) X-Spam-Report: Spam detection software, running on the system "util-spamd-2.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Frank Lichtenheld These are all fixes I considered "safe". They either - Have sufficient checks/shifts for a cast to be safe - Fix the type of a variable without requiring code changes - Are in non-critical unittest code Content analysis details: (-0.0 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 SPF_PASS SPF: sender matches SPF record -0.0 SPF_HELO_PASS SPF: HELO matches SPF record X-Headers-End: 1snzr2-0003ib-Q1 Subject: [Openvpn-devel] [PATCH v6] Various fixes for -Wconversion errors X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1783167999477090371?= X-GMAIL-MSGID: =?utf-8?q?1809811594833930967?= From: Frank Lichtenheld These are all fixes I considered "safe". They either - Have sufficient checks/shifts for a cast to be safe - Fix the type of a variable without requiring code changes - Are in non-critical unittest code v2: - add min_size instead of abusing min_int v6: - remove change of return value of link_socket_write. Move to separate patch. Change-Id: I6818b153bdeb1eed65870af99b0531e95807fe0f Signed-off-by: Frank Lichtenheld --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/267 This mail reflects revision 6 of this Change. Acked-by according to Gerrit (reflected above): diff --git a/src/openvpn/buffer.c b/src/openvpn/buffer.c index abe6a9c..9ee76aa 100644 --- a/src/openvpn/buffer.c +++ b/src/openvpn/buffer.c @@ -326,7 +326,7 @@ return false; } - const int size = write(fd, BPTR(buf), BLEN(buf)); + const ssize_t size = write(fd, BPTR(buf), BLEN(buf)); if (size != BLEN(buf)) { msg(M_ERRNO, "Write error on file '%s'", filename); @@ -863,7 +863,7 @@ { break; } - line[n++] = c; + line[n++] = (char)c; } while (c); diff --git a/src/openvpn/crypto.c b/src/openvpn/crypto.c index c226727..12ad0b9 100644 --- a/src/openvpn/crypto.c +++ b/src/openvpn/crypto.c @@ -26,6 +26,8 @@ #include "config.h" #endif +#include + #include "syshead.h" #include @@ -1283,8 +1285,8 @@ hex_byte[hb_index++] = c; if (hb_index == 2) { - unsigned int u; - ASSERT(sscanf((const char *)hex_byte, "%x", &u) == 1); + uint8_t u; + ASSERT(sscanf((const char *)hex_byte, "%" SCNx8, &u) == 1); *out++ = u; hb_index = 0; if (++count == keylen) @@ -1546,13 +1548,13 @@ ASSERT(cipher_kt_key_size(kt->cipher) <= MAX_CIPHER_KEY_LENGTH && md_kt_size(kt->digest) <= MAX_HMAC_KEY_LENGTH); - const uint8_t cipher_length = cipher_kt_key_size(kt->cipher); + const uint8_t cipher_length = (uint8_t)cipher_kt_key_size(kt->cipher); if (!buf_write(buf, &cipher_length, 1)) { return false; } - uint8_t hmac_length = md_kt_size(kt->digest); + uint8_t hmac_length = (uint8_t)md_kt_size(kt->digest); if (!buf_write(buf, &hmac_length, 1)) { diff --git a/src/openvpn/integer.h b/src/openvpn/integer.h index a1acaf9..34088ab 100644 --- a/src/openvpn/integer.h +++ b/src/openvpn/integer.h @@ -28,12 +28,12 @@ #ifndef htonll #define htonll(x) ((1==htonl(1)) ? (x) : \ - ((uint64_t)htonl((x) & 0xFFFFFFFF) << 32) | htonl((x) >> 32)) + ((uint64_t)htonl((uint32_t)((x) & 0xFFFFFFFF)) << 32) | htonl((uint32_t)((x) >> 32))) #endif #ifndef ntohll #define ntohll(x) ((1==ntohl(1)) ? (x) : \ - ((uint64_t)ntohl((x) & 0xFFFFFFFF) << 32) | ntohl((x) >> 32)) + ((uint64_t)ntohl((uint32_t)((x) & 0xFFFFFFFF)) << 32) | ntohl((uint32_t)((x) >> 32))) #endif static inline int @@ -72,6 +72,19 @@ } } +static inline size_t +min_size(size_t x, size_t y) +{ + if (x < y) + { + return x; + } + else + { + return y; + } +} + static inline int max_int(int x, int y) { diff --git a/src/openvpn/mss.c b/src/openvpn/mss.c index 635557c..ebdec25 100644 --- a/src/openvpn/mss.c +++ b/src/openvpn/mss.c @@ -165,7 +165,7 @@ return; } - for (olen = hlen - sizeof(struct openvpn_tcphdr), + for (olen = hlen - (int) sizeof(struct openvpn_tcphdr), opt = (uint8_t *)(tc + 1); olen > 1; olen -= optlen, opt += optlen) diff --git a/src/openvpn/otime.c b/src/openvpn/otime.c index 3cde574..d77c99e 100644 --- a/src/openvpn/otime.c +++ b/src/openvpn/otime.c @@ -105,7 +105,7 @@ /* format a time_t as ascii, or use current time if 0 */ const char * -time_string(time_t t, int usec, bool show_usec, struct gc_arena *gc) +time_string(time_t t, long usec, bool show_usec, struct gc_arena *gc) { struct buffer out = alloc_buf_gc(64, gc); struct timeval tv; diff --git a/src/openvpn/otime.h b/src/openvpn/otime.h index c37673e..9543732 100644 --- a/src/openvpn/otime.h +++ b/src/openvpn/otime.h @@ -43,7 +43,7 @@ bool frequency_limit_event_allowed(struct frequency_limit *f); /* format a time_t as ascii, or use current time if 0 */ -const char *time_string(time_t t, int usec, bool show_usec, struct gc_arena *gc); +const char *time_string(time_t t, long usec, bool show_usec, struct gc_arena *gc); /* struct timeval functions */ diff --git a/src/openvpn/packet_id.c b/src/openvpn/packet_id.c index be28999..fb962e4 100644 --- a/src/openvpn/packet_id.c +++ b/src/openvpn/packet_id.c @@ -588,14 +588,14 @@ } else { - diff = (int) prev_now - v; + diff = (int)(prev_now - v); if (diff < 0) { c = 'N'; } else if (diff < 10) { - c = '0' + diff; + c = (char)('0' + diff); } else { diff --git a/src/openvpn/reliable.c b/src/openvpn/reliable.c index a789990..019ec18 100644 --- a/src/openvpn/reliable.c +++ b/src/openvpn/reliable.c @@ -257,8 +257,7 @@ struct buffer *buf, const struct session_id *sid, int max, bool prepend) { - int i, j; - uint8_t n; + int i, j, n; struct buffer sub; n = ack->len; @@ -270,9 +269,9 @@ copy_acks_to_mru(ack, ack_mru, n); /* Number of acks we can resend that still fit into the packet */ - uint8_t total_acks = min_int(max, ack_mru->len); + uint8_t total_acks = (uint8_t)min_int(max, ack_mru->len); - sub = buf_sub(buf, ACK_SIZE(total_acks), prepend); + sub = buf_sub(buf, (int)ACK_SIZE(total_acks), prepend); if (!BDEF(&sub)) { goto error; diff --git a/src/openvpn/tls_crypt.c b/src/openvpn/tls_crypt.c index 90fe6e9..b8894db 100644 --- a/src/openvpn/tls_crypt.c +++ b/src/openvpn/tls_crypt.c @@ -634,7 +634,7 @@ memcpy(&net_len, BEND(&wrapped_client_key) - sizeof(net_len), sizeof(net_len)); - size_t wkc_len = ntohs(net_len); + uint16_t wkc_len = ntohs(net_len); if (!buf_advance(&wrapped_client_key, BLEN(&wrapped_client_key) - wkc_len)) { msg(D_TLS_ERRORS, "Can not locate tls-crypt-v2 client key"); diff --git a/src/openvpn/xkey_helper.c b/src/openvpn/xkey_helper.c index b68fb43..10cdc0b 100644 --- a/src/openvpn/xkey_helper.c +++ b/src/openvpn/xkey_helper.c @@ -292,7 +292,7 @@ * @return false on error, true on success * * On return enc_len is set to actual size of the result. - * enc is NULL or enc_len is not enough to store the result, it is set + * If enc is NULL or enc_len is not enough to store the result, it is set * to the required size and false is returned. */ bool @@ -337,8 +337,8 @@ MAKE_DI(sha512), MAKE_DI(sha224), MAKE_DI(sha512_224), MAKE_DI(sha512_256), {0, NULL, 0}}; - int out_len = 0; - int ret = 0; + size_t out_len = 0; + bool ret = false; int nid = OBJ_sn2nid(mdname); if (nid == NID_undef) @@ -354,7 +354,7 @@ if (tbslen != EVP_MD_size(EVP_get_digestbyname(mdname))) { - msg(M_WARN, "Error: encode_pkcs11: invalid input length <%d>", (int)tbslen); + msg(M_WARN, "Error: encode_pkcs11: invalid input length <%zu>", tbslen); goto done; } @@ -383,13 +383,13 @@ out_len = tbslen + di->sz; - if (enc && (out_len <= (int) *enc_len)) + if (enc && (out_len <= *enc_len)) { /* combine header and digest */ memcpy(enc, di->header, di->sz); memcpy(enc + di->sz, tbs, tbslen); - dmsg(D_XKEY, "encode_pkcs1: digest length = %d encoded length = %d", - (int) tbslen, (int) out_len); + dmsg(D_XKEY, "encode_pkcs1: digest length = %zu encoded length = %zu", + tbslen, out_len); ret = true; } diff --git a/tests/unit_tests/openvpn/mock_get_random.c b/tests/unit_tests/openvpn/mock_get_random.c index 787b5e3..dfc7287 100644 --- a/tests/unit_tests/openvpn/mock_get_random.c +++ b/tests/unit_tests/openvpn/mock_get_random.c @@ -41,6 +41,6 @@ { for (int i = 0; i < len; i++) { - output[i] = rand(); + output[i] = (uint8_t)rand(); } } diff --git a/tests/unit_tests/openvpn/test_crypto.c b/tests/unit_tests/openvpn/test_crypto.c index 9d3ea1a..fdc8fbd 100644 --- a/tests/unit_tests/openvpn/test_crypto.c +++ b/tests/unit_tests/openvpn/test_crypto.c @@ -97,8 +97,8 @@ for (int i = 0; i < strlen(ciphername); i++) { - upper[i] = toupper(ciphername[i]); - lower[i] = tolower(ciphername[i]); + upper[i] = (char)toupper((unsigned char)ciphername[i]); + lower[i] = (char)tolower((unsigned char)ciphername[i]); if (rand() & 0x1) { random_case[i] = upper[i]; @@ -155,7 +155,7 @@ uint8_t out[32]; - bool ret = ssl_tls1_PRF(seed, seed_len, secret, secret_len, out, sizeof(out)); + bool ret = ssl_tls1_PRF(seed, (int)seed_len, secret, (int)secret_len, out, sizeof(out)); #if defined(LIBRESSL_VERSION_NUMBER) || defined(ENABLE_CRYPTO_WOLFSSL) /* No TLS1 PRF support in these libraries */ diff --git a/tests/unit_tests/openvpn/test_packet_id.c b/tests/unit_tests/openvpn/test_packet_id.c index ff3f788..a3567bc 100644 --- a/tests/unit_tests/openvpn/test_packet_id.c +++ b/tests/unit_tests/openvpn/test_packet_id.c @@ -93,7 +93,7 @@ assert(data->pis.id == 1); assert(data->pis.time == now); assert_true(data->test_buf_data.buf_id == htonl(1)); - assert_true(data->test_buf_data.buf_time == htonl(now)); + assert_true(data->test_buf_data.buf_time == htonl((uint32_t)now)); } static void @@ -120,7 +120,7 @@ assert(data->pis.id == 1); assert(data->pis.time == now); assert_true(data->test_buf_data.buf_id == htonl(1)); - assert_true(data->test_buf_data.buf_time == htonl(now)); + assert_true(data->test_buf_data.buf_time == htonl((uint32_t)now)); } static void @@ -151,7 +151,7 @@ assert(data->pis.id == 1); assert(data->pis.time == now); assert_true(data->test_buf_data.buf_id == htonl(1)); - assert_true(data->test_buf_data.buf_time == htonl(now)); + assert_true(data->test_buf_data.buf_time == htonl((uint32_t)now)); } static void diff --git a/tests/unit_tests/openvpn/test_provider.c b/tests/unit_tests/openvpn/test_provider.c index cfe9ac3..b92412d 100644 --- a/tests/unit_tests/openvpn/test_provider.c +++ b/tests/unit_tests/openvpn/test_provider.c @@ -368,7 +368,7 @@ } /* return a predefined string as sig */ - memcpy(sig, good_sig, min_int(sizeof(good_sig), *siglen)); + memcpy(sig, good_sig, min_size(sizeof(good_sig), *siglen)); return 1; } diff --git a/tests/unit_tests/openvpn/test_tls_crypt.c b/tests/unit_tests/openvpn/test_tls_crypt.c index a01fbe5..4f12f88 100644 --- a/tests/unit_tests/openvpn/test_tls_crypt.c +++ b/tests/unit_tests/openvpn/test_tls_crypt.c @@ -137,7 +137,7 @@ { for (int i = 0; i < len; i++) { - output[i] = i; + output[i] = (uint8_t)i; } return true; }