[Pkg-privacy-commits] [libotr] 98/225: Build cleanly with -Wall -Wextra -Wformat-security -Wno-unused-parameter

Ximin Luo infinity0 at moszumanska.debian.org
Sat Aug 22 12:45:03 UTC 2015 

This is an automated email from the git hooks/post-receive script.

infinity0 pushed a commit to branch master
in repository libotr.

commit 9acd95d72baecce56f8b70b686e2a9a96b14452f
Author: Ian Goldberg <iang at cs.uwaterloo.ca>
Date:   Wed Aug 22 14:49:04 2012 -0400

    Build cleanly with -Wall -Wextra -Wformat-security -Wno-unused-parameter
---
 ChangeLog          | 13 +++++++++++++
 configure.ac       |  7 +++++++
 src/auth.c         |  3 ++-
 src/dh.c           |  7 ++++---
 src/mem.c          |  2 +-
 src/privkey.c      |  2 +-
 src/proto.c        |  5 +++--
 src/sm.c           | 14 ++++++++------
 toolkit/sesskeys.c |  6 ++++--
 9 files changed, 43 insertions(+), 16 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index e63ec33..1fc02e2 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,16 @@
+2012-08-22
+
+	* configure.ac: Use gcc and ld hardening flags, where possible.
+	* configure.ac:
+	* src/auth.c:
+	* src/dh.c:
+	* src/mem.c:
+	* src/privkey.c:
+	* src/proto.c:
+	* src/sm.c:
+	* toolkit/sesskey.c: Build cleanly with -Wall -Wextra
+	-Wformat-security -Wno-unused-parameter
+
 2012-08-17
 
 	* src/message.c: Don't call memchr(foo,'\0',-1) even if it has
diff --git a/configure.ac b/configure.ac
index ff5ca17..d7aa6d6 100644
--- a/configure.ac
+++ b/configure.ac
@@ -145,6 +145,13 @@ if test x$enable_gcc_hardening != xno; then
     OTR_CHECK_CFLAGS(-fstack-protector-all)
     OTR_CHECK_CFLAGS(-Wstack-protector)
     OTR_CHECK_CFLAGS(-fwrapv)
+
+    dnl Ian added the next four:
+    OTR_CHECK_CFLAGS(-fno-strict-overflow)
+    OTR_CHECK_CFLAGS(-Wall)
+    OTR_CHECK_CFLAGS(-Wextra -Wno-unused-parameter)
+    OTR_CHECK_CFLAGS(-Wformat-security)
+
     OTR_CHECK_CFLAGS(--param ssp-buffer-size=1)
     if test "$bwin32" = "false"; then
        OTR_CHECK_CFLAGS(-fPIE)
diff --git a/src/auth.c b/src/auth.c
index 764d132..b402d30 100644
--- a/src/auth.c
+++ b/src/auth.c
@@ -751,7 +751,8 @@ gcry_error_t otrl_auth_handle_key(OtrlAuthInfo *auth, const char *keymsg,
     unsigned char *buf = NULL, *bufp = NULL;
     size_t buflen, lenp;
     gcry_mpi_t incoming_pub = NULL;
-    int res, msg_version;
+    int res;
+    unsigned int msg_version;
 
     *havemsgp = 0;
 
diff --git a/src/dh.c b/src/dh.c
index b3e43b3..8a22437 100644
--- a/src/dh.c
+++ b/src/dh.c
@@ -51,9 +51,10 @@ static gcry_mpi_t DH1536_GENERATOR = NULL;
  */
 void otrl_dh_init(void)
 {
-    gcry_mpi_scan(&DH1536_MODULUS, GCRYMPI_FMT_HEX, DH1536_MODULUS_S, 0, NULL);
-    gcry_mpi_scan(&DH1536_GENERATOR, GCRYMPI_FMT_HEX, DH1536_GENERATOR_S,
-	    0, NULL);
+    gcry_mpi_scan(&DH1536_MODULUS, GCRYMPI_FMT_HEX,
+	(const unsigned char *)DH1536_MODULUS_S, 0, NULL);
+    gcry_mpi_scan(&DH1536_GENERATOR, GCRYMPI_FMT_HEX,
+	(const unsigned char *)DH1536_GENERATOR_S, 0, NULL);
     DH1536_MODULUS_MINUS_2 = gcry_mpi_new(DH1536_MOD_LEN_BITS);
     gcry_mpi_sub_ui(DH1536_MODULUS_MINUS_2, DH1536_MODULUS, 2);
 }
diff --git a/src/mem.c b/src/mem.c
index 63b962e..f01a8fa 100644
--- a/src/mem.c
+++ b/src/mem.c
@@ -46,7 +46,7 @@
 /* libotr headers */
 #include "mem.h"
 
-static int header_size;
+static size_t header_size;
 
 static void *otrl_mem_malloc(size_t n)
 {
diff --git a/src/privkey.c b/src/privkey.c
index d0186b3..6e4bbe4 100644
--- a/src/privkey.c
+++ b/src/privkey.c
@@ -208,7 +208,7 @@ gcry_error_t otrl_privkey_read_FILEp(OtrlUserState us, FILE *privf)
     size_t tokenlen;
     gcry_error_t err;
     gcry_sexp_t allkeys;
-    size_t i;
+    int i;
 
     if (!privf) return gcry_error(GPG_ERR_NO_ERROR);
 
diff --git a/src/proto.c b/src/proto.c
index 70c3aa6..fc33081 100644
--- a/src/proto.c
+++ b/src/proto.c
@@ -908,7 +908,7 @@ OtrlFragmentResult otrl_proto_fragment_accumulate(char **unfragmessagep,
 	    size_t newsize = fraglen + 1;
 	    free(context->context_priv->fragment);
 	    context->context_priv->fragment = NULL;
-	    if (newsize > fraglen) {  /* Check for overflow */
+	    if (newsize >= 1) {  /* Check for overflow */
 		context->context_priv->fragment = malloc(newsize);
 	    }
 	    if (context->context_priv->fragment) {
@@ -928,7 +928,8 @@ OtrlFragmentResult otrl_proto_fragment_accumulate(char **unfragmessagep,
 	    int fraglen = end - start - 1;
 	    char *newfrag = NULL;
 	    size_t newsize = context->context_priv->fragment_len + fraglen + 1;
-	    if (newsize > fraglen) {  /* Check for overflow */
+	    /* Check for overflow */
+	    if (newsize > context->context_priv->fragment_len) {
 		newfrag = realloc(context->context_priv->fragment, newsize);
 	    }
 	    if (newfrag) {
diff --git a/src/sm.c b/src/sm.c
index 585c269..46f87f7 100644
--- a/src/sm.c
+++ b/src/sm.c
@@ -71,10 +71,12 @@ static gcry_mpi_t SM_MODULUS_MINUS_2 = NULL;
 void otrl_sm_init(void)
 {
     gcry_check_version(NULL);
-    gcry_mpi_scan(&SM_MODULUS, GCRYMPI_FMT_HEX, SM_MODULUS_S, 0, NULL);
-    gcry_mpi_scan(&SM_ORDER, GCRYMPI_FMT_HEX, SM_ORDER_S, 0, NULL);
-    gcry_mpi_scan(&SM_GENERATOR, GCRYMPI_FMT_HEX, SM_GENERATOR_S,
-	    0, NULL);
+    gcry_mpi_scan(&SM_MODULUS, GCRYMPI_FMT_HEX,
+	(const unsigned char *)SM_MODULUS_S, 0, NULL);
+    gcry_mpi_scan(&SM_ORDER, GCRYMPI_FMT_HEX,
+	(const unsigned char *)SM_ORDER_S, 0, NULL);
+    gcry_mpi_scan(&SM_GENERATOR, GCRYMPI_FMT_HEX,
+	(const unsigned char *)SM_GENERATOR_S, 0, NULL);
     SM_MODULUS_MINUS_2 = gcry_mpi_new(SM_MOD_LEN_BITS);
     gcry_mpi_sub_ui(SM_MODULUS_MINUS_2, SM_MODULUS, 2);
 }
@@ -345,8 +347,8 @@ static gcry_error_t serialize_mpi_array(unsigned char **buffer, int *buflen,
 static gcry_error_t unserialize_mpi_array(gcry_mpi_t **mpis,
 	unsigned int expcount, const unsigned char *buffer, const int buflen)
 {
-    int i;
-    int lenp = buflen;
+    unsigned int i;
+    size_t lenp = buflen;
     unsigned int thecount = 0;
     const unsigned char* bufp = buffer;
     *mpis = NULL;
diff --git a/toolkit/sesskeys.c b/toolkit/sesskeys.c
index ce58249..575e984 100644
--- a/toolkit/sesskeys.c
+++ b/toolkit/sesskeys.c
@@ -48,8 +48,10 @@ void sesskeys_gen(unsigned char sessionid[20], unsigned char sendenc[16],
     unsigned char hash[20];
     int is_high;
 
-    gcry_mpi_scan(&modulus, GCRYMPI_FMT_HEX, DH1536_MODULUS_S, 0, NULL);
-    gcry_mpi_scan(&generator, GCRYMPI_FMT_HEX, DH1536_GENERATOR_S, 0, NULL);
+    gcry_mpi_scan(&modulus, GCRYMPI_FMT_HEX,
+	(const unsigned char *)DH1536_MODULUS_S, 0, NULL);
+    gcry_mpi_scan(&generator, GCRYMPI_FMT_HEX,
+	(const unsigned char *)DH1536_GENERATOR_S, 0, NULL);
     *our_yp = gcry_mpi_new(0);
     gcry_mpi_powm(*our_yp, generator, our_x, modulus);
     secretv = gcry_mpi_new(0);

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-privacy/packages/libotr.git

More information about the Pkg-privacy-commits mailing list