From patchwork Tue Oct 7 12:27:41 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gert Doering X-Patchwork-Id: 4471 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7000:7d42:b0:72f:f16c:e055 with SMTP id fr2csp207635mab; Tue, 7 Oct 2025 05:28:02 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCVcRL16Z/5fY5VAiA/0QnAgQ0pzHIwaiQekRvX1ohUh7n0CdEtiyNBgoGei8fDb3Oze7dk98AzPrqY=@openvpn.net X-Google-Smtp-Source: AGHT+IEG+M2d///2D9tVYm8+tK3KW7dfrBLnw5k6M7Gt2/+GezbiAxzUjCjZIysCQBBXEjnaMJ7y X-Received: by 2002:a05:6871:cf:b0:30b:beb3:5420 with SMTP id 586e51a60fabf-3b0fe05e6d0mr8945391fac.17.1759840081997; Tue, 07 Oct 2025 05:28:01 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1759840081; cv=none; d=google.com; s=arc-20240605; b=EWPWtRApzOPwnH/ZUTQ177Pihd9r/44hq2cE6RC2vYUC0+caZsf4cMLraYdYhgguZ8 hxlqhS9WZCY1ZnFR/G0Ms0zZTOwtQteQk0sAIRYAXuokkXzbUvva0k3KYCKJAaU2OQVO VuSyxx/dODY77cRSN5r66Yt3+H62A2L+No3ZD6jYUaU1yCvA+PxnyiUifkAYJLL2xoWf D1+nc1aGSn/ZK6NAuag+Bkg75ZtPK9KonIvH/9wnFiidPTNbqOuvVG6RuC1uYB5wSnMA /HYbuSBDvd6/3vzD6sY4damMdzXEtFfjDkE3Ss25gS93yOLKLSsekDAR5WoVAQs1gVj5 Ma5w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:dkim-signature:dkim-signature; bh=DerzicCVQq/OQIE0c0T0gWThXohrgAinpvctlgIdtX8=; fh=4NbAC/LsuMLI0S0hprUlLSLCiHwg6SCAifhH718Jh0Q=; b=FS7BldeGCtsR4MVqEVVOBYtM4J7mLVEi3QHbIgs7q3JuDVAHzI//vTWKQ0BN2jEyoE lWVEbt/ugLNhf3RnFxc8/hMt9sZV/OoEgBeys0Qe4zXsnzVncjwm4wg85FT9OSnDn5Xd r0BfmTnJV6wk16K+uFqYmXgSUMq+pIRXHNvV71m0hsEWO2f44OI7tpf/Us45SDLctHRI 4FpxVMcyfKpyLdU8rLKY1isZCfsysJaScY9/KZAnmRITb+oVoXcKcIfL0j4ff01/0KJI ANNqmNYRACepRvU/3l+CvUSisxZCe4tOC9cGd1uab/bu6Mtqu1Hm6vFjvSkOMzquSHEE 6ULg==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=kqTBruoL; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=XGFzajaJ; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=UUzTrn+e; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id 586e51a60fabf-3be8957ba13si613172fac.56.2025.10.07.05.28.01 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 07 Oct 2025 05:28:01 -0700 (PDT) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=kqTBruoL; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=XGFzajaJ; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=UUzTrn+e; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.sourceforge.net; s=beta; h=Content-Transfer-Encoding:Content-Type: List-Subscribe:List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id: Subject:MIME-Version:References:In-Reply-To:Message-ID:Date:To:From:Sender: Reply-To:Cc:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=DerzicCVQq/OQIE0c0T0gWThXohrgAinpvctlgIdtX8=; b=kqTBruoL97wn3NBAPqXQm2SW/R nIf3HV9ogNzxEKOQwAcXBKy0+Zv5ZXgukL+UNsMmW4yKoo4EZQ86Uyl2YYTNpdtNUwL/6hE0gxQQr h6IxEJm/ClA/vgGFwbCTL1ydqCzNSnkaDUE5wL45xSvdg0frlL3137AMDF2/YKV22LKI=; Received: from [127.0.0.1] (helo=sfs-ml-3.v29.lw.sourceforge.com) by sfs-ml-3.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1v66nO-0000HA-2Q; Tue, 07 Oct 2025 12:27:58 +0000 Received: from [172.30.29.66] (helo=mx.sourceforge.net) by sfs-ml-3.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1v66nM-0000H1-OJ for openvpn-devel@lists.sourceforge.net; Tue, 07 Oct 2025 12:27:56 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-ID:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=1ipvrQIGpXXgzTEAx+6eW86rUwFF0usDCkzU13G4sMY=; b=XGFzajaJD4eTT2kbR/vJhFeOpC UjsWASaNBBvt8vC+ebOzExrAW9xEfqZ2+4MpDBDO+O5WNQaqrSIcv0c9Zb7uJjcup9raCOYLmz5GQ ncVrHSV/HztXRMydI+ZAJelgP48pItaVFHx+pv9sCD0M1Ddou9d0tka1Pq2Il61qDEFc=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-ID: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=1ipvrQIGpXXgzTEAx+6eW86rUwFF0usDCkzU13G4sMY=; b=UUzTrn+e3A6zmLhsE1SRZf4uuo IiBtzqciC4O65S1aDfY0HWTy+82hnn6txvK2on9Bu31I4JDlVbFH0aHBG8y1erCqXDTt0ZG/At3rX ijkDZZD8/KYa4+hUQy1z90pWjpcXZpd8v902jE87QFn83FzCp1RqJgzEfJpzz8BQGW4k=; Received: from [193.149.48.134] (helo=blue.greenie.muc.de) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1v66nL-0004qI-6q for openvpn-devel@lists.sourceforge.net; Tue, 07 Oct 2025 12:27:56 +0000 Received: from blue.greenie.muc.de (localhost [127.0.0.1]) by blue.greenie.muc.de (8.18.1/8.18.1) with ESMTP id 597CRmdW016103 for ; Tue, 7 Oct 2025 14:27:48 +0200 Received: (from gert@localhost) by blue.greenie.muc.de (8.18.1/8.18.1/Submit) id 597CRmXS016102 for openvpn-devel@lists.sourceforge.net; Tue, 7 Oct 2025 14:27:48 +0200 From: Gert Doering To: openvpn-devel@lists.sourceforge.net Date: Tue, 7 Oct 2025 14:27:41 +0200 Message-ID: <20251007122747.16064-1-gert@greenie.muc.de> X-Mailer: git-send-email 2.49.1 In-Reply-To: References: MIME-Version: 1.0 X-Spam-Score: 1.3 (+) X-Spam-Report: Spam detection software, running on the system "sfi-spamd-1.hosts.colo.sdot.me", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Frank Lichtenheld - Make some type casts explicit. Due to the types used in our networking API and the netlink APIs respectively this can't be avoided. - In many cases just use correct types from the start, e.g. where [...] Content analysis details: (1.3 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 1.3 RDNS_NONE Delivered to internal network by a host with no rDNS X-Headers-End: 1v66nL-0004qI-6q Subject: [Openvpn-devel] [PATCH v5] sitnl: Clean up type handling X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1845326073763690935?= X-GMAIL-MSGID: =?utf-8?q?1845326073763690935?= From: Frank Lichtenheld - Make some type casts explicit. Due to the types used in our networking API and the netlink APIs respectively this can't be avoided. - In many cases just use correct types from the start, e.g. where we use constants anyway. Change-Id: I20205ebd06bbf7cbee8c9be93f399961f5b74fcc Signed-off-by: Frank Lichtenheld Acked-by: Antonio Quartulli Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1251 --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1251 This mail reflects revision 5 of this Change. Acked-by according to Gerrit (reflected above): Antonio Quartulli diff --git a/src/openvpn/networking_sitnl.c b/src/openvpn/networking_sitnl.c index 1815faf..b3adb16 100644 --- a/src/openvpn/networking_sitnl.c +++ b/src/openvpn/networking_sitnl.c @@ -59,9 +59,9 @@ _nest; \ }) -#define SITNL_NEST_END(_msg, _nest) \ - { \ - _nest->rta_len = (void *)sitnl_nlmsg_tail(_msg) - (void *)_nest; \ +#define SITNL_NEST_END(_msg, _nest) \ + { \ + _nest->rta_len = (unsigned short)((void *)sitnl_nlmsg_tail(_msg) - (void *)_nest); \ } /* This function was originally implemented as a macro, but compiling with @@ -131,29 +131,24 @@ inet_address_t gw; }; -#if defined(__GNUC__) || defined(__clang__) -#pragma GCC diagnostic push -#pragma GCC diagnostic ignored "-Wconversion" -#endif - /** * Helper function used to easily add attributes to a rtnl message */ static int -sitnl_addattr(struct nlmsghdr *n, int maxlen, int type, const void *data, int alen) +sitnl_addattr(struct nlmsghdr *n, size_t maxlen, unsigned short type, const void *data, size_t alen) { - int len = RTA_LENGTH(alen); - struct rtattr *rta; + size_t len = RTA_LENGTH(alen); - if ((int)(NLMSG_ALIGN(n->nlmsg_len) + RTA_ALIGN(len)) > maxlen) + if ((NLMSG_ALIGN(n->nlmsg_len) + RTA_ALIGN(len)) > maxlen) { - msg(M_WARN, "%s: rtnl: message exceeded bound of %d", __func__, maxlen); + msg(M_WARN, "%s: rtnl: message exceeded bound of %zu", __func__, maxlen); return -EMSGSIZE; } - rta = sitnl_nlmsg_tail(n); + struct rtattr *rta = sitnl_nlmsg_tail(n); rta->rta_type = type; - rta->rta_len = len; + ASSERT(len <= USHRT_MAX); + rta->rta_len = (unsigned short)len; if (!data) { @@ -252,11 +247,10 @@ sitnl_send(struct nlmsghdr *payload, pid_t peer, unsigned int groups, sitnl_parse_reply_cb cb, void *arg_cb) { - int len, rem_len, fd, ret, rcv_len; + int fd, ret; struct sockaddr_nl nladdr; struct nlmsgerr *err; struct nlmsghdr *h; - unsigned int seq; char buf[1024 * 16]; struct iovec iov = { .iov_base = payload, @@ -275,7 +269,11 @@ nladdr.nl_pid = peer; nladdr.nl_groups = groups; - payload->nlmsg_seq = seq = time(NULL); + /* NB: We currently do not verify seq and pid on answers. + * If we ever want to start with that we probably need to come up + * with something better than "seconds since epoch"... + */ + payload->nlmsg_seq = (uint32_t)time(NULL); /* no need to send reply */ if (!cb) @@ -290,16 +288,14 @@ return -errno; } - ret = sitnl_bind(fd, 0); - if (ret < 0) + if (sitnl_bind(fd, 0) < 0) { msg(M_WARN | M_ERRNO, "%s: can't bind rtnl socket", __func__); ret = -errno; goto out; } - ret = sendmsg(fd, &nlmsg, 0); - if (ret < 0) + if (sendmsg(fd, &nlmsg, 0) < 0) { msg(M_WARN | M_ERRNO, "%s: rtnl: error on sendmsg()", __func__); ret = -errno; @@ -318,8 +314,8 @@ */ msg(D_RTNL, "%s: checking for received messages", __func__); iov.iov_len = sizeof(buf); - rcv_len = recvmsg(fd, &nlmsg, 0); - msg(D_RTNL, "%s: rtnl: received %d bytes", __func__, rcv_len); + ssize_t rcv_len = recvmsg(fd, &nlmsg, 0); + msg(D_RTNL, "%s: rtnl: received %zd bytes", __func__, rcv_len); if (rcv_len < 0) { if ((errno == EINTR) || (errno == EAGAIN)) @@ -350,8 +346,8 @@ h = (struct nlmsghdr *)buf; while (rcv_len >= (int)sizeof(*h)) { - len = h->nlmsg_len; - rem_len = len - sizeof(*h); + uint32_t len = h->nlmsg_len; + ssize_t rem_len = len - sizeof(*h); if ((rem_len < 0) || (len > rcv_len)) { @@ -361,7 +357,7 @@ ret = -EIO; goto out; } - msg(M_WARN, "%s: malformed message: len=%d", __func__, len); + msg(M_WARN, "%s: malformed message: len=%u", __func__, len); ret = -EIO; goto out; } @@ -388,7 +384,7 @@ if (h->nlmsg_type == NLMSG_ERROR) { err = (struct nlmsgerr *)NLMSG_DATA(h); - if (rem_len < (int)sizeof(struct nlmsgerr)) + if (rem_len < sizeof(struct nlmsgerr)) { msg(M_WARN, "%s: ERROR truncated", __func__); ret = -EIO; @@ -443,7 +439,7 @@ if (rcv_len) { - msg(M_WARN, "%s: rtnl: %d not parsed bytes", __func__, rcv_len); + msg(M_WARN, "%s: rtnl: %zd not parsed bytes", __func__, rcv_len); ret = -1; goto out; } @@ -456,7 +452,7 @@ typedef struct { - int addr_size; + size_t addr_size; inet_address_t gw; char iface[IFNAMSIZ]; bool default_only; @@ -469,7 +465,7 @@ route_res_t *res = arg; struct rtmsg *r = NLMSG_DATA(n); struct rtattr *rta = RTM_RTA(r); - int len = n->nlmsg_len - NLMSG_LENGTH(sizeof(*r)); + size_t len = n->nlmsg_len - NLMSG_LENGTH(sizeof(*r)); unsigned int table, ifindex = 0; void *gw = NULL; @@ -547,7 +543,8 @@ req.n.nlmsg_type = RTM_GETROUTE; req.n.nlmsg_flags = NLM_F_REQUEST; - req.r.rtm_family = af_family; + ASSERT(af_family <= UCHAR_MAX); + req.r.rtm_family = (unsigned char)af_family; switch (af_family) { @@ -761,7 +758,7 @@ } static int -sitnl_addr_set(int cmd, uint32_t flags, int ifindex, sa_family_t af_family, +sitnl_addr_set(uint16_t cmd, uint16_t flags, int ifindex, sa_family_t af_family, const inet_address_t *local, const inet_address_t *remote, int prefixlen) { struct sitnl_addr_req req; @@ -775,7 +772,8 @@ req.n.nlmsg_flags = NLM_F_REQUEST | flags; req.i.ifa_index = ifindex; - req.i.ifa_family = af_family; + ASSERT(af_family <= UINT8_MAX); + req.i.ifa_family = (uint8_t)af_family; switch (af_family) { @@ -797,7 +795,8 @@ { prefixlen = size * 8; } - req.i.ifa_prefixlen = prefixlen; + ASSERT(prefixlen <= UINT8_MAX); + req.i.ifa_prefixlen = (uint8_t)prefixlen; if (remote) { @@ -890,9 +889,9 @@ } static int -sitnl_route_set(int cmd, uint32_t flags, int ifindex, sa_family_t af_family, const void *dst, +sitnl_route_set(uint16_t cmd, uint16_t flags, int ifindex, sa_family_t af_family, const void *dst, int prefixlen, const void *gw, enum rt_class_t table, int metric, - enum rt_scope_t scope, int protocol, int type) + enum rt_scope_t scope, unsigned char protocol, unsigned char type) { struct sitnl_route_req req; int ret = -1, size; @@ -917,15 +916,17 @@ req.n.nlmsg_type = cmd; req.n.nlmsg_flags = NLM_F_REQUEST | flags; - req.r.rtm_family = af_family; - req.r.rtm_scope = scope; + ASSERT(af_family <= UCHAR_MAX); + req.r.rtm_family = (unsigned char)af_family; + req.r.rtm_scope = (unsigned char)scope; req.r.rtm_protocol = protocol; req.r.rtm_type = type; - req.r.rtm_dst_len = prefixlen; + ASSERT(prefixlen >= 0 && prefixlen <= UCHAR_MAX); + req.r.rtm_dst_len = (unsigned char)prefixlen; - if (table < 256) + if (table <= UCHAR_MAX) { - req.r.rtm_table = table; + req.r.rtm_table = (unsigned char)table; } else { @@ -1348,7 +1349,7 @@ } static int -sitnl_parse_rtattr_flags(struct rtattr *tb[], int max, struct rtattr *rta, int len, +sitnl_parse_rtattr_flags(struct rtattr *tb[], size_t max, struct rtattr *rta, size_t len, unsigned short flags) { unsigned short type; @@ -1369,14 +1370,14 @@ if (len) { - msg(D_ROUTE, "%s: %d bytes not parsed! (rta_len=%d)", __func__, len, rta->rta_len); + msg(D_ROUTE, "%s: %zu bytes not parsed! (rta_len=%u)", __func__, len, rta->rta_len); } return 0; } static int -sitnl_parse_rtattr(struct rtattr *tb[], int max, struct rtattr *rta, int len) +sitnl_parse_rtattr(struct rtattr *tb[], size_t max, struct rtattr *rta, size_t len) { return sitnl_parse_rtattr_flags(tb, max, rta, len, 0); } @@ -1474,10 +1475,6 @@ return sitnl_send(&req.n, 0, 0, NULL, NULL); } -#if defined(__GNUC__) || defined(__clang__) -#pragma GCC diagnostic pop -#endif - #endif /* !ENABLE_SITNL */ #endif /* TARGET_LINUX */