Changeset 3e61371 in mod_gnutls


Ignore:
Timestamp:
Oct 11, 2020, 1:32:17 PM (10 months ago)
Author:
Fiona Klute <fiona.klute@…>
Branches:
asyncio, master
Children:
305ea31
Parents:
90d750d (diff), d54572e (diff)
Note: this is a merge changeset, the changes displayed below correspond to the merge itself.
Use the (diff) links above to see all the changes relative to each parent.
Message:

Merge CppCheck? code scanning

Files:
6 edited

Legend:

Unmodified
Added
Removed
  • .github/workflows/analysis.yaml

    r90d750d r3e61371  
    1414
    1515jobs:
     16
    1617  clang:
    1718    runs-on: ubuntu-20.04
     
    2425          export DEBIAN_FRONTEND=noninteractive
    2526          apt-get update
    26           apt-get -y install python3-yaml apache2-bin apache2-dev curl gnutls-bin libapr1-dev libgnutls28-dev openssl pkg-config procps clang-10 clang-tools-10 libmsv-dev
     27          apt-get -y install python3-yaml apache2-bin apache2-dev gnutls-bin libapr1-dev libgnutls28-dev pkg-config procps clang-10 clang-tools-10 libmsv-dev
    2728      - name: find usable IPs for tests
    2829        run: |
     
    5152          sarif_file: ${{ env.SARIF_DIR }}
    5253          checkout_path: ${{ env.CONTAINER_WORKSPACE }}
     54
     55  cppcheck:
     56    runs-on: ubuntu-20.04
     57    container: debian:sid
     58    name: cppcheck
     59    steps:
     60      - uses: actions/checkout@v2
     61      - name: install dependencies
     62        run: |
     63          export DEBIAN_FRONTEND=noninteractive
     64          apt-get update
     65          apt-get -y install python3-yaml apache2-bin apache2-dev gnutls-bin libapr1-dev libgnutls28-dev libmsv-dev pkg-config procps bear cppcheck
     66      - name: autoreconf
     67        run: autoreconf -fiv
     68      - name: configure
     69        run: ./configure APACHE_MUTEX=pthread
     70      - name: make and create compile_commands.json
     71        run: bear make -j4
     72      - name: cppcheck
     73        run: |
     74          cppcheck --project=compile_commands.json -DAF_UNIX=1 --enable=warning,style,unusedFunction --xml 2>cppcheck.xml
     75      - uses: airtower-luna/convert-to-sarif@main
     76        with:
     77          tool: 'CppCheck'
     78          input_file: 'cppcheck.xml'
     79          sarif_file: 'cppcheck.sarif'
     80      - name: define CONTAINER_WORKSPACE
     81        run: |
     82          echo "CONTAINER_WORKSPACE=${PWD}" >> ${GITHUB_ENV}
     83      - name: upload SARIF results
     84        uses: github/codeql-action/upload-sarif@v1
     85        with:
     86          sarif_file: 'cppcheck.sarif'
     87          checkout_path: ${{ env.CONTAINER_WORKSPACE }}
  • src/gnutls_hooks.c

    r90d750d r3e61371  
    577577    int rv;
    578578    server_rec *s;
    579     mgs_srvconf_rec *sc;
    580579    mgs_srvconf_rec *sc_base;
    581580
     
    646645    for (s = base_server; s; s = s->next)
    647646    {
    648         sc = (mgs_srvconf_rec *) ap_get_module_config(s->module_config, &gnutls_module);
     647        mgs_srvconf_rec *sc = (mgs_srvconf_rec *)
     648            ap_get_module_config(s->module_config, &gnutls_module);
    649649        sc->s = s;
    650650        sc->cache_enable = sc_base->cache_enable;
     
    942942static int vhost_cb(void *baton, conn_rec *conn, server_rec * s)
    943943{
    944     mgs_srvconf_rec *tsc;
    945944    vhost_cb_rec *x = baton;
    946     int ret;
    947 
     945    mgs_srvconf_rec *tsc = (mgs_srvconf_rec *)
     946        ap_get_module_config(s->module_config, &gnutls_module);
    948947    _gnutls_log(debug_log_fp, "%s: %d\n", __func__, __LINE__);
    949     tsc = (mgs_srvconf_rec *) ap_get_module_config(s->module_config,
    950             &gnutls_module);
    951948
    952949    if (tsc->enabled != GNUTLS_ENABLED_TRUE) {
     
    957954        /* this check is there to warn administrator of any missing hostname
    958955         * in the certificate. */
    959         ret = gnutls_x509_crt_check_hostname(tsc->certs_x509_crt_chain[0], s->server_hostname);
     956        int ret = gnutls_x509_crt_check_hostname(tsc->certs_x509_crt_chain[0],
     957                                                 s->server_hostname);
    960958        if (0 == ret)
    961959            ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, conn,
     
    16081606    for (int i = 0; !(ret < 0); i++)
    16091607    {
    1610         const char *san, *sanlabel;
    16111608        len = 0;
    16121609        ret = gnutls_x509_crt_get_subject_alt_name(cert, i,
     
    16241621            tmp2[len] = 0;
    16251622
     1623            const char *san, *sanlabel;
    16261624            sanlabel = apr_psprintf(r->pool, "%s%u", MGS_SIDE("_S_AN"), i);
    16271625            if (ret == GNUTLS_SAN_DNSNAME) {
  • src/gnutls_io.c

    r90d750d r3e61371  
    103103        const char *str;
    104104        apr_size_t str_len;
    105         apr_size_t consume;
    106105
    107106        /* Justin points out this is an http-ism that might
     
    140139
    141140            /* Assure we don't overflow. */
    142             consume =
    143                     (str_len + actual >
    144                     *len) ? *len - actual : str_len;
     141            apr_size_t consume =
     142                (str_len + actual > *len) ? *len - actual : str_len;
    145143
    146144            memcpy(c, str, consume);
     
    177175    apr_size_t wanted = *len;
    178176    apr_size_t bytes = 0;
    179     int rc;
    180177
    181178    *len = 0;
     
    221218    {
    222219        /* Note: The pull function sets ctxt->input_rc */
    223         rc = gnutls_record_recv(ctxt->session, buf + bytes, wanted - bytes);
     220        int rc = gnutls_record_recv(ctxt->session,
     221                                    buf + bytes, wanted - bytes);
    224222
    225223        if (rc > 0) {
     
    311309        char *buf, apr_size_t * len) {
    312310    const char *pos = NULL;
    313     apr_status_t status;
    314311    apr_size_t tmplen = *len, buflen = *len, offset = 0;
    315312
    316313    *len = 0;
    317314
    318     while (tmplen > 0) {
    319         status = gnutls_io_input_read(ctxt, buf + offset, &tmplen);
     315    while (tmplen > 0)
     316    {
     317        apr_status_t status =
     318            gnutls_io_input_read(ctxt, buf + offset, &tmplen);
    320319
    321320        if (status != APR_SUCCESS) {
     
    959958{
    960959    mgs_handle_t *ctxt = ptr;
    961     apr_status_t rc;
    962960    apr_size_t in = len;
    963961    apr_read_type_e block = ctxt->input_block;
     
    980978    if (APR_BRIGADE_EMPTY(ctxt->input_bb))
    981979    {
    982         rc = ap_get_brigade(ctxt->input_filter->next,
    983                             ctxt->input_bb, AP_MODE_READBYTES,
    984                             ctxt->input_block, in);
     980        apr_status_t rc = ap_get_brigade(ctxt->input_filter->next,
     981                                         ctxt->input_bb, AP_MODE_READBYTES,
     982                                         ctxt->input_block, in);
    985983
    986984        /* Not a problem, there was simply no data ready yet.
  • src/gnutls_ocsp.c

    r90d750d r3e61371  
    11251125        ocsp_response.size = OCSP_RESP_SIZE_MAX;
    11261126
    1127         apr_status_t rv = mgs_cache_fetch(sc->ocsp_cache, server,
    1128                                           ocsp_data->fingerprint,
    1129                                           &ocsp_response,
    1130                                           pool);
     1127        rv = mgs_cache_fetch(sc->ocsp_cache, server, ocsp_data->fingerprint,
     1128                             &ocsp_response, pool);
    11311129
    11321130        if (rv != APR_SUCCESS || (IS_FAILURE_RESPONSE(&ocsp_response)))
  • src/gnutls_proxy.c

    r90d750d r3e61371  
    133133        return APR_EGENERAL;
    134134
    135     apr_status_t ret = APR_EINIT;
    136     int err = GNUTLS_E_SUCCESS;
    137 
    138135    /* Cleanup function for the GnuTLS structures allocated below */
    139136    apr_pool_cleanup_register(pconf, sc, cleanup_proxy_x509_credentials,
     
    142139    /* Function pool, gets destroyed before exit. */
    143140    apr_pool_t *pool;
    144     ret = apr_pool_create(&pool, ptemp);
     141    apr_status_t ret = apr_pool_create(&pool, ptemp);
    145142    if (ret != APR_SUCCESS)
    146143    {
     
    151148
    152149    /* allocate credentials structures */
    153     err = gnutls_certificate_allocate_credentials(&sc->proxy_x509_creds);
     150    int err = gnutls_certificate_allocate_credentials(&sc->proxy_x509_creds);
    154151    if (err != GNUTLS_E_SUCCESS)
    155152    {
  • src/gnutls_util.c

    r90d750d r3e61371  
    100100                             gnutls_datum_t *datum)
    101101{
    102     apr_status_t rv = APR_EINIT;
    103102    apr_file_t *file;
    104103    apr_finfo_t finfo;
    105104    apr_size_t br = 0;
    106     rv = apr_file_open(&file, filename,
    107                        APR_READ | APR_BINARY, APR_OS_DEFAULT, p);
     105
     106    apr_status_t rv = apr_file_open(&file, filename,
     107                                    APR_READ | APR_BINARY, APR_OS_DEFAULT, p);
    108108    if (rv != APR_SUCCESS)
    109109        return rv;
Note: See TracChangeset for help on using the changeset viewer.