Changeset 3e61371 in mod_gnutls
- Timestamp:
- Oct 11, 2020, 1:32:17 PM (6 months ago)
- Branches:
- asyncio
- Children:
- 305ea31
- Parents:
- 90d750d (diff), d54572e (diff)
Note: this is a merge changeset, the changes displayed below correspond to the merge itself.
Use the(diff)
links above to see all the changes relative to each parent. - Files:
-
- 6 edited
Legend:
- Unmodified
- Added
- Removed
-
.github/workflows/analysis.yaml
r90d750d r3e61371 14 14 15 15 jobs: 16 16 17 clang: 17 18 runs-on: ubuntu-20.04 … … 24 25 export DEBIAN_FRONTEND=noninteractive 25 26 apt-get update 26 apt-get -y install python3-yaml apache2-bin apache2-dev curl gnutls-bin libapr1-dev libgnutls28-dev opensslpkg-config procps clang-10 clang-tools-10 libmsv-dev27 apt-get -y install python3-yaml apache2-bin apache2-dev gnutls-bin libapr1-dev libgnutls28-dev pkg-config procps clang-10 clang-tools-10 libmsv-dev 27 28 - name: find usable IPs for tests 28 29 run: | … … 51 52 sarif_file: ${{ env.SARIF_DIR }} 52 53 checkout_path: ${{ env.CONTAINER_WORKSPACE }} 54 55 cppcheck: 56 runs-on: ubuntu-20.04 57 container: debian:sid 58 name: cppcheck 59 steps: 60 - uses: actions/checkout@v2 61 - name: install dependencies 62 run: | 63 export DEBIAN_FRONTEND=noninteractive 64 apt-get update 65 apt-get -y install python3-yaml apache2-bin apache2-dev gnutls-bin libapr1-dev libgnutls28-dev libmsv-dev pkg-config procps bear cppcheck 66 - name: autoreconf 67 run: autoreconf -fiv 68 - name: configure 69 run: ./configure APACHE_MUTEX=pthread 70 - name: make and create compile_commands.json 71 run: bear make -j4 72 - name: cppcheck 73 run: | 74 cppcheck --project=compile_commands.json -DAF_UNIX=1 --enable=warning,style,unusedFunction --xml 2>cppcheck.xml 75 - uses: airtower-luna/convert-to-sarif@main 76 with: 77 tool: 'CppCheck' 78 input_file: 'cppcheck.xml' 79 sarif_file: 'cppcheck.sarif' 80 - name: define CONTAINER_WORKSPACE 81 run: | 82 echo "CONTAINER_WORKSPACE=${PWD}" >> ${GITHUB_ENV} 83 - name: upload SARIF results 84 uses: github/codeql-action/upload-sarif@v1 85 with: 86 sarif_file: 'cppcheck.sarif' 87 checkout_path: ${{ env.CONTAINER_WORKSPACE }} -
src/gnutls_hooks.c
r90d750d r3e61371 577 577 int rv; 578 578 server_rec *s; 579 mgs_srvconf_rec *sc;580 579 mgs_srvconf_rec *sc_base; 581 580 … … 646 645 for (s = base_server; s; s = s->next) 647 646 { 648 sc = (mgs_srvconf_rec *) ap_get_module_config(s->module_config, &gnutls_module); 647 mgs_srvconf_rec *sc = (mgs_srvconf_rec *) 648 ap_get_module_config(s->module_config, &gnutls_module); 649 649 sc->s = s; 650 650 sc->cache_enable = sc_base->cache_enable; … … 942 942 static int vhost_cb(void *baton, conn_rec *conn, server_rec * s) 943 943 { 944 mgs_srvconf_rec *tsc;945 944 vhost_cb_rec *x = baton; 946 int ret;947 945 mgs_srvconf_rec *tsc = (mgs_srvconf_rec *) 946 ap_get_module_config(s->module_config, &gnutls_module); 948 947 _gnutls_log(debug_log_fp, "%s: %d\n", __func__, __LINE__); 949 tsc = (mgs_srvconf_rec *) ap_get_module_config(s->module_config,950 &gnutls_module);951 948 952 949 if (tsc->enabled != GNUTLS_ENABLED_TRUE) { … … 957 954 /* this check is there to warn administrator of any missing hostname 958 955 * in the certificate. */ 959 ret = gnutls_x509_crt_check_hostname(tsc->certs_x509_crt_chain[0], s->server_hostname); 956 int ret = gnutls_x509_crt_check_hostname(tsc->certs_x509_crt_chain[0], 957 s->server_hostname); 960 958 if (0 == ret) 961 959 ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, conn, … … 1608 1606 for (int i = 0; !(ret < 0); i++) 1609 1607 { 1610 const char *san, *sanlabel;1611 1608 len = 0; 1612 1609 ret = gnutls_x509_crt_get_subject_alt_name(cert, i, … … 1624 1621 tmp2[len] = 0; 1625 1622 1623 const char *san, *sanlabel; 1626 1624 sanlabel = apr_psprintf(r->pool, "%s%u", MGS_SIDE("_S_AN"), i); 1627 1625 if (ret == GNUTLS_SAN_DNSNAME) { -
src/gnutls_io.c
r90d750d r3e61371 103 103 const char *str; 104 104 apr_size_t str_len; 105 apr_size_t consume;106 105 107 106 /* Justin points out this is an http-ism that might … … 140 139 141 140 /* Assure we don't overflow. */ 142 consume = 143 (str_len + actual > 144 *len) ? *len - actual : str_len; 141 apr_size_t consume = 142 (str_len + actual > *len) ? *len - actual : str_len; 145 143 146 144 memcpy(c, str, consume); … … 177 175 apr_size_t wanted = *len; 178 176 apr_size_t bytes = 0; 179 int rc;180 177 181 178 *len = 0; … … 221 218 { 222 219 /* Note: The pull function sets ctxt->input_rc */ 223 rc = gnutls_record_recv(ctxt->session, buf + bytes, wanted - bytes); 220 int rc = gnutls_record_recv(ctxt->session, 221 buf + bytes, wanted - bytes); 224 222 225 223 if (rc > 0) { … … 311 309 char *buf, apr_size_t * len) { 312 310 const char *pos = NULL; 313 apr_status_t status;314 311 apr_size_t tmplen = *len, buflen = *len, offset = 0; 315 312 316 313 *len = 0; 317 314 318 while (tmplen > 0) { 319 status = gnutls_io_input_read(ctxt, buf + offset, &tmplen); 315 while (tmplen > 0) 316 { 317 apr_status_t status = 318 gnutls_io_input_read(ctxt, buf + offset, &tmplen); 320 319 321 320 if (status != APR_SUCCESS) { … … 959 958 { 960 959 mgs_handle_t *ctxt = ptr; 961 apr_status_t rc;962 960 apr_size_t in = len; 963 961 apr_read_type_e block = ctxt->input_block; … … 980 978 if (APR_BRIGADE_EMPTY(ctxt->input_bb)) 981 979 { 982 rc = ap_get_brigade(ctxt->input_filter->next,983 ctxt->input_bb, AP_MODE_READBYTES,984 ctxt->input_block, in);980 apr_status_t rc = ap_get_brigade(ctxt->input_filter->next, 981 ctxt->input_bb, AP_MODE_READBYTES, 982 ctxt->input_block, in); 985 983 986 984 /* Not a problem, there was simply no data ready yet. -
src/gnutls_ocsp.c
r90d750d r3e61371 1125 1125 ocsp_response.size = OCSP_RESP_SIZE_MAX; 1126 1126 1127 apr_status_t rv = mgs_cache_fetch(sc->ocsp_cache, server, 1128 ocsp_data->fingerprint, 1129 &ocsp_response, 1130 pool); 1127 rv = mgs_cache_fetch(sc->ocsp_cache, server, ocsp_data->fingerprint, 1128 &ocsp_response, pool); 1131 1129 1132 1130 if (rv != APR_SUCCESS || (IS_FAILURE_RESPONSE(&ocsp_response))) -
src/gnutls_proxy.c
r90d750d r3e61371 133 133 return APR_EGENERAL; 134 134 135 apr_status_t ret = APR_EINIT;136 int err = GNUTLS_E_SUCCESS;137 138 135 /* Cleanup function for the GnuTLS structures allocated below */ 139 136 apr_pool_cleanup_register(pconf, sc, cleanup_proxy_x509_credentials, … … 142 139 /* Function pool, gets destroyed before exit. */ 143 140 apr_pool_t *pool; 144 ret = apr_pool_create(&pool, ptemp);141 apr_status_t ret = apr_pool_create(&pool, ptemp); 145 142 if (ret != APR_SUCCESS) 146 143 { … … 151 148 152 149 /* allocate credentials structures */ 153 err = gnutls_certificate_allocate_credentials(&sc->proxy_x509_creds);150 int err = gnutls_certificate_allocate_credentials(&sc->proxy_x509_creds); 154 151 if (err != GNUTLS_E_SUCCESS) 155 152 { -
src/gnutls_util.c
r90d750d r3e61371 100 100 gnutls_datum_t *datum) 101 101 { 102 apr_status_t rv = APR_EINIT;103 102 apr_file_t *file; 104 103 apr_finfo_t finfo; 105 104 apr_size_t br = 0; 106 rv = apr_file_open(&file, filename, 107 APR_READ | APR_BINARY, APR_OS_DEFAULT, p); 105 106 apr_status_t rv = apr_file_open(&file, filename, 107 APR_READ | APR_BINARY, APR_OS_DEFAULT, p); 108 108 if (rv != APR_SUCCESS) 109 109 return rv;
Note: See TracChangeset
for help on using the changeset viewer.