diff --git a/Makefile.in b/Makefile.in index 7b758fec..2b89dca3 100644 --- a/Makefile.in +++ b/Makefile.in @@ -77,9 +77,8 @@ CFLAGS+=-DSQLITE_THREADSAFE=0 \ -DSQLITE_OMIT_LOAD_EXTENSION \ -DSQLITE_OMIT_VIRTUALTABLE \ -DSQLITE_OMIT_AUTHORIZATION -CFLAGS+=-fPIC -CFLAGS+=-Wall -Werror -CFLAGS+=-DSERVAL_ENABLE_DEBUG=1 +CFLAGS+=-fPIC -DSERVAL_ENABLE_DEBUG=1 -Wall -Werror -Wextra -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2 + # Solaris magic CFLAGS+=-DSHA2_USE_INTTYPES_H -D_XOPEN_SOURCE=600 -D_XOPEN_SOURCE_EXTENDED=1 -D__EXTENSIONS__=1 # OSX magic to compensate for the Solaris magic @@ -94,11 +93,6 @@ INSTALL_DATA= $(INSTALL) -m 644 -include $(SOURCE_PREFIX)Makefile.dbg -# More warnings, discover problems that only happen on some archs -CFLAGS+=-Wextra -# Security enhancements from Debian -CFLAGS+=-Wformat -Werror=format-security -D_FORTIFY_SOURCE=2 - DEFS= @DEFS@ CONFIG_H = @CONFIG_H@ diff --git a/jni_commandline.c b/jni_commandline.c index 24c9caa8..952cb9bb 100644 --- a/jni_commandline.c +++ b/jni_commandline.c @@ -28,7 +28,7 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. #include "conf.h" #include "debug.h" -struct cli_vtable cli_vtable_jni; +static struct cli_vtable cli_vtable_jni; struct jni_context { JNIEnv *jni_env; @@ -44,22 +44,22 @@ struct jni_context { #define OUTV_BUFFER_ALLOCSIZE (8192) -jclass IJniResults = NULL; -jmethodID putString; -jmethodID putLong; -jmethodID putDouble; -jmethodID putHexValue; -jmethodID putBlob; -jmethodID startTable; -jmethodID setColumnName; -jmethodID endTable; +static jclass IJniResults = NULL; +static jmethodID putString; +static jmethodID putLong; +static jmethodID putDouble; +static jmethodID putHexValue; +static jmethodID putBlob; +static jmethodID startTable; +static jmethodID setColumnName; +static jmethodID endTable; static int outv_growbuf(struct jni_context *context, size_t needed) { assert(context->outv_current <= context->outv_limit); size_t remaining = (size_t)(context->outv_limit - context->outv_current); if (remaining < needed) { - size_t cursize = context->outv_current - context->outv_buffer; + size_t cursize = (size_t)(context->outv_current - context->outv_buffer); size_t newsize = cursize + needed; // Round up to nearest multiple of OUTV_BUFFER_ALLOCSIZE. newsize = newsize + OUTV_BUFFER_ALLOCSIZE - ((newsize - 1) % OUTV_BUFFER_ALLOCSIZE + 1); @@ -115,7 +115,7 @@ static int put_string(struct jni_context *context, const char *str) return 0; } -static int put_byte_array(struct jni_context *context, jbyte *blob, jsize length, jmethodID method, const char *method_name) +static int put_byte_array(struct jni_context *context, const jbyte *blob, jsize length, jmethodID method, const char *method_name) { jbyteArray arr = NULL; if (context->jni_exception) @@ -204,7 +204,7 @@ JNIEXPORT jint JNICALL Java_org_servalproject_servaldna_ServalDCommand_rawComman if ((r=initJniTypes(env))!=0) return r; - unsigned char status = 0; // to match what the shell gets: 0..255 + uint8_t status = 0; // to match what the shell gets: 0..255 // Construct argv, argc from this method's arguments. jsize len = (*env)->GetArrayLength(env, args); @@ -246,7 +246,7 @@ JNIEXPORT jint JNICALL Java_org_servalproject_servaldna_ServalDCommand_rawComman context.outv_current = context.outv_buffer; // Execute the command. context.jni_env = env; - status = commandline_main(&cli_context, NULL, (int)len, argv); + status = (uint8_t)commandline_main(&cli_context, NULL, (int)len, argv); } // free any temporary output buffer @@ -299,7 +299,7 @@ static void jni_vprintf(struct cli_context *cli_context, const char *fmt, va_lis DEBUGF(jni, "%s, ...", alloca_str_toprint(fmt)); struct jni_context *context = jni_context(cli_context); assert(context->outv_current <= context->outv_limit); - size_t avail = context->outv_limit - context->outv_current; + size_t avail = (size_t)(context->outv_limit - context->outv_current); va_list aq; va_copy(aq, ap); int count = vsnprintf(context->outv_current, avail, fmt, aq); @@ -311,9 +311,9 @@ static void jni_vprintf(struct cli_context *cli_context, const char *fmt, va_lis context->outv_current += count; return; } - if (outv_growbuf(context, count) == -1) + if (outv_growbuf(context, (size_t)count) == -1) return; - avail = context->outv_limit - context->outv_current; + avail = (size_t)(context->outv_limit - context->outv_current); va_copy(aq, ap); count = vsprintf(context->outv_current, fmt, aq); va_end(aq); @@ -365,19 +365,19 @@ static void jni_put_hexvalue(struct cli_context *cli_context, const unsigned cha { DEBUGF(jni, "%s", alloca_tohex(value, length)); struct jni_context *context = jni_context(cli_context); - put_byte_array(context, (jbyte*)value, length, putHexValue, "putHexValue"); + put_byte_array(context, (const jbyte*)value, (jsize)length, putHexValue, "putHexValue"); } static void jni_put_blob(struct cli_context *cli_context, const unsigned char *blob, size_t length, const char *UNUSED(delim_opt)) { DEBUGF(jni, "%s", alloca_tohex(blob, length)); struct jni_context *context = jni_context(cli_context); - put_byte_array(context, (jbyte*)blob, length, putBlob, "putBlob"); + put_byte_array(context, (const jbyte*)blob, (jsize)length, putBlob, "putBlob"); } static void jni_start_table(struct cli_context *cli_context, size_t column_count, const char *column_names[]) { - DEBUGF(jni, "%s", alloca_argv(column_count, column_names)); + DEBUGF(jni, "%s", alloca_argv((int)column_count, column_names)); struct jni_context *context = jni_context(cli_context); if (context->jni_exception) return; @@ -445,7 +445,7 @@ static void jni_flush(struct cli_context *UNUSED(cli_context)) // nop } -struct cli_vtable cli_vtable_jni = { +static struct cli_vtable cli_vtable_jni = { .delim = jni_delim, .write = jni_write, .puts = jni_puts, diff --git a/jni_server.c b/jni_server.c index b3848761..664120da 100644 --- a/jni_server.c +++ b/jni_server.c @@ -26,10 +26,10 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. #include "conf.h" #include "instance.h" -JNIEnv *server_env=NULL; -jclass IJniServer= NULL; -jmethodID aboutToWait, wokeUp, started; -jobject JniCallback; +static JNIEnv *server_env=NULL; +static jclass IJniServer= NULL; +static jmethodID aboutToWait, wokeUp, started; +static jobject JniCallback; static time_ms_t waiting(time_ms_t now, time_ms_t next_run, time_ms_t next_wakeup) { diff --git a/os.h b/os.h index eec24269..b9cbdef1 100644 --- a/os.h +++ b/os.h @@ -74,27 +74,21 @@ time_ms_t sleep_ms(time_ms_t milliseconds); struct timeval time_ms_to_timeval(time_ms_t); #ifndef HAVE_BZERO -__SERVAL_DNA__OS_INLINE void bzero(void *buf, size_t len) { - memset(buf, 0, len); -} +#define bzero(B,L) memset((B),0,(L)) #endif #ifndef HAVE_BCOPY -__SERVAL_DNA__OS_INLINE void bcopy(const void *src, void *dst, size_t len) { - memcpy(dst, src, len); -} +#define bcopy(S,D,L) memcpy((D),(S),(L)) #endif #ifndef HAVE_BCMP -__SERVAL_DNA__OS_INLINE int bcmp(const void *s1, const void *s2, size_t n) { - // bcmp() is only an equality test, not an order test, so its return value - // is not specified as negative or positive, only non-zero. Hoewver - // memcmp() is an order test. We deliberately discard negative return - // values from memcmp(), to avoid misleading developers into assuming that - // bcmp() is an ordering operator and writing code that depends on that, - // which of course would fail on platforms with a native bcmp() function. - return memcmp(s1, s2, n) != 0; -} +// bcmp() is only an equality test, not an order test, so its return value +// is not specified as negative or positive, only non-zero. Hoewver +// memcmp() is an order test. We deliberately discard negative return +// values from memcmp(), to avoid misleading developers into assuming that +// bcmp() is an ordering operator and writing code that depends on that, +// which of course would fail on platforms with a native bcmp() function. +#define bcmp(S1,S2,N) (memcmp((S1),(S2),(N))!=0) #endif /* If there is no lseek64(2) system call but off_t is 64 bits, then we can use diff --git a/rhizome.h b/rhizome.h index 785d29af..10760bc4 100644 --- a/rhizome.h +++ b/rhizome.h @@ -340,7 +340,7 @@ int rhizome_fetch_delay_ms(); #define RHIZOME_HASH_SUBDIR "hash" extern __thread sqlite3 *rhizome_db; -serval_uuid_t rhizome_db_uuid; +extern serval_uuid_t rhizome_db_uuid; int rhizome_opendb(); int rhizome_close_db(); @@ -518,7 +518,6 @@ int is_debug_rhizome(); int is_debug_rhizome_ads(); enum sqlbind_type { - END = 0xbabecafe, INT = 1, // int value INT_TOSTR, // int value UINT_TOSTR, // unsigned value @@ -539,9 +538,10 @@ enum sqlbind_type { TEXT_TOUPPER, // const char *text, TEXT_LEN_TOUPPER, // const char *text, unsigned bytes SERVAL_UUID_T, // const serval_uuid_t *uuidp - NUL = 1 << 15, // NUL (no arg) ; NUL|INT, ... - INDEX = 0xfade0000, // INDEX|INT, int index, ... - NAMED = 0xdead0000 // NAMED|INT, const char *label, ... + NUL = 1 << 8, // NUL (no arg) ; NUL|INT, ... + INDEX = 1 << 9, // INDEX|INT, int index, ... + NAMED = 1 << 10, // NAMED|INT, const char *label, ... + END = 1 << 11, }; sqlite3_stmt *_sqlite_prepare(struct __sourceloc, int log_level, sqlite_retry_state *retry, const char *sqltext); diff --git a/rhizome_database.c b/rhizome_database.c index 8a7a1bf6..6b1cd963 100644 --- a/rhizome_database.c +++ b/rhizome_database.c @@ -564,8 +564,8 @@ int _sqlite_vbind(struct __sourceloc __whence, int log_level, sqlite_retry_state int index; const char *name = NULL; strbuf ext = NULL; - if ((typ & 0xffff0000) == INDEX) { - typ &= 0xffff; + if (typ & INDEX) { + typ &= ~INDEX; index = va_arg(ap, int); ++argnum; if (index < 1 || index > index_limit) { @@ -574,8 +574,8 @@ int _sqlite_vbind(struct __sourceloc __whence, int log_level, sqlite_retry_state } if (IF_DEBUG(rhizome)) strbuf_sprintf((ext = strbuf_alloca(35)), "|INDEX(%d)", index); - } else if ((typ & 0xffff0000) == NAMED) { - typ &= 0xffff; + } else if (typ & NAMED) { + typ &= ~NAMED; name = va_arg(ap, const char *); ++argnum; index = sqlite3_bind_parameter_index(statement, name); @@ -589,13 +589,10 @@ int _sqlite_vbind(struct __sourceloc __whence, int log_level, sqlite_retry_state strbuf_toprint_quoted(ext, "\"\"", name); strbuf_puts(ext, ")"); } - } else if ((typ & 0xffff0000) == 0) { + } else { index = ++index_counter; if (IF_DEBUG(rhizome)) ext = strbuf_alloca(10); - } else { - FATALF("at bind arg %u, unsupported bind code typ=0x%08x: %s", argnum, typ, sqlite3_sql(statement)); - return -1; } #define BIND_DEBUG(TYP,FUNC,ARGFMT,...) \ DEBUGF(rhizome_sql_bind, "%s%s %s(%d," ARGFMT ") %s", #TYP, strbuf_str(ext), #FUNC, index, ##__VA_ARGS__, sqlite3_sql(statement)) diff --git a/servalwrap.c b/servalwrap.c index 297a6c00..fe6696c2 100644 --- a/servalwrap.c +++ b/servalwrap.c @@ -39,7 +39,7 @@ int main(int argc,char **argv) return 1; } - int (*servald_main)(int, char **) = dlsym(h, entry_point); + int (*servald_main)(int, char **) = (int (*)(int, char **))dlsym(h, entry_point); if (!servald_main) { fprintf(stderr, "Could not resolve %s in %s\n", entry_point, libservald_path); return 1; diff --git a/socket.c b/socket.c index 62291f58..73174400 100644 --- a/socket.c +++ b/socket.c @@ -302,14 +302,14 @@ ssize_t _send_message(struct __sourceloc __whence, int fd, const struct socket_a ssize_t _recv_message_frag(struct __sourceloc __whence, int fd, struct socket_address *address, int *ttl, struct fragmented_data *data) { - struct cmsghdr cmsgs[16]; + uint8_t cmsg_buff[1024]; struct msghdr msg = { .msg_name = (void *)&address->addr, .msg_namelen = sizeof(address->raw), .msg_iov = data->iov, .msg_iovlen = data->fragment_count, - .msg_control = cmsgs, - .msg_controllen = sizeof cmsgs, + .msg_control = cmsg_buff, + .msg_controllen = sizeof cmsg_buff, .msg_flags = 0 }; bzero(address, sizeof(struct socket_address)); @@ -318,7 +318,7 @@ ssize_t _recv_message_frag(struct __sourceloc __whence, int fd, struct socket_ad WHYF_perror("recvmsg(%d,{name=%p,namelen=%u,iov=%s,control=%p,controllen=%u},0)", fd, &address->addr, (unsigned) address->addrlen, alloca_iovec(data->iov, data->fragment_count), - cmsgs, (unsigned) sizeof cmsgs); + cmsg_buff, (unsigned) sizeof cmsg_buff); address->addrlen = msg.msg_namelen; if (ttl && ret > 0) { struct cmsghdr *cmsg; diff --git a/str.c b/str.c index 1ce54094..c081bc52 100644 --- a/str.c +++ b/str.c @@ -563,7 +563,7 @@ size_t strn_fromprint(char *dst, size_t dstsiz, const char *src, size_t srclen, void str_digest_passphrase(unsigned char *dstBinary, size_t dstsiz, const char *passphrase) { - return strn_digest_passphrase(dstBinary, dstsiz, passphrase, strlen(passphrase)); + strn_digest_passphrase(dstBinary, dstsiz, passphrase, strlen(passphrase)); } void strn_digest_passphrase(unsigned char *dstBinary, size_t dstsiz, const char *passphrase, size_t passlen) diff --git a/str.h b/str.h index 2dc521d0..6fd0e718 100644 --- a/str.h +++ b/str.h @@ -237,7 +237,7 @@ size_t toprint_len(const char *srcBuf, size_t srcBytes, const char quotes[2]); size_t toprint_str_len(const char *srcStr, const char quotes[2]); size_t strn_fromprint(char *dst, size_t dstsiz, const char *src, size_t srclen, char endquote, const char **afterp); -#define alloca_toprint_quoted(dstsiz,buf,len,quotes) toprint((char *)alloca((dstsiz) == -1 ? toprint_len((const char *)(buf),(len), (quotes)) + 1 : (size_t)(dstsiz)), (size_t)(dstsiz), (const char *)(buf), (len), (quotes)) +#define alloca_toprint_quoted(dstsiz,buf,len,quotes) toprint((char *)alloca((dstsiz) == -1 ? toprint_len((const char *)(buf),(len), (quotes)) + 1 : (size_t)(dstsiz)), (ssize_t)(dstsiz), (const char *)(buf), (len), (quotes)) #define alloca_toprint(dstsiz,buf,len) alloca_toprint_quoted(dstsiz,buf,len,"``") #define alloca_str_toprint_quoted(str, quotes) toprint_str((char *)alloca(toprint_str_len((str), (quotes)) + 1), -1, (str), (quotes)) diff --git a/strbuf.h b/strbuf.h index f2c1f95f..c990e89a 100644 --- a/strbuf.h +++ b/strbuf.h @@ -343,9 +343,9 @@ typedef const struct strbuf *const_strbuf; strbuf strbuf_init(strbuf sb, char *buffer, ssize_t size); #ifdef __GNUC__ -__STRBUF_INLINE strbuf __strbuf_init_chk(strbuf sb, char *buffer, ssize_t size, size_t chk) { - if (chk != (size_t)-1 && size != (ssize_t)-1) - assert((size_t)size <= chk); // buffer overflow +__STRBUF_INLINE strbuf __strbuf_init_chk(strbuf sb, char *buffer, ssize_t size, ssize_t chk) { + if (chk != -1 && size != -1) + assert(size <= chk); // buffer overflow return strbuf_init(sb, buffer, size); } #endif @@ -562,7 +562,7 @@ __STRBUF_INLINE ssize_t strbuf_size(const_strbuf sb) { * @author Andrew Bettison */ __STRBUF_INLINE size_t strbuf_len(const_strbuf sb) { - return strbuf_end(sb) - sb->start; + return (size_t)(strbuf_end(sb) - sb->start); } /** Return remaining space in the strbuf, not counting the terminating nul. @@ -584,7 +584,7 @@ __STRBUF_INLINE size_t strbuf_remaining(const_strbuf sb) { * @author Andrew Bettison */ __STRBUF_INLINE size_t strbuf_count(const_strbuf sb) { - return sb->current - sb->start; + return (size_t)(sb->current - sb->start); } /** Return true iff the strbuf has been overrun, ie, any appended string has diff --git a/uri.c b/uri.c index c8eedfcb..7c02ce09 100644 --- a/uri.c +++ b/uri.c @@ -29,12 +29,13 @@ static size_t _uri_encodev(int www_form, char *const dstUrienc, ssize_t dstsiz, { char * dst = dstUrienc; char * const dstend = dstUrienc + dstsiz; + uint8_t *ptr = (uint8_t *)(*iovp)->iov_base; while (*iovcntp && (dstsiz == -1 || dst < dstend)) { if ((*iovp)->iov_len == 0) { --*iovcntp; ++*iovp; } else { - unsigned char c = *(unsigned char *)(*iovp)->iov_base; + uint8_t c = *ptr; if (www_form && c == ' ') { if (dstUrienc) *dst = '+'; @@ -53,10 +54,10 @@ static size_t _uri_encodev(int www_form, char *const dstUrienc, ssize_t dstsiz, } else { break; } - ++(*iovp)->iov_base; --(*iovp)->iov_len; } } + (*iovp)->iov_base = ptr; return dst - dstUrienc; } diff --git a/xprintf.h b/xprintf.h index 034f4ca3..bce1577b 100644 --- a/xprintf.h +++ b/xprintf.h @@ -76,7 +76,6 @@ typedef struct _xprintf { #define _XPRINTF(F,C) ((XPRINTF){(F),(C)}) void xprintf(XPRINTF xpf, const char *fmt, ...) __attribute__ ((__ATTRIBUTE_format(printf,2,3))); -; void vxprintf(XPRINTF xpf, const char *fmt, va_list); void xputs(const char *str, XPRINTF xpf); void xputc(char c, XPRINTF xpf);