Commit 9acd95d7 authored by Ian Goldberg's avatar Ian Goldberg

Build cleanly with -Wall -Wextra -Wformat-security -Wno-unused-parameter

parent 2fb55015
2012-08-22
* configure.ac: Use gcc and ld hardening flags, where possible.
* configure.ac:
* src/auth.c:
* src/dh.c:
* src/mem.c:
* src/privkey.c:
* src/proto.c:
* src/sm.c:
* toolkit/sesskey.c: Build cleanly with -Wall -Wextra
-Wformat-security -Wno-unused-parameter
2012-08-17
* src/message.c: Don't call memchr(foo,'\0',-1) even if it has
......
......@@ -145,6 +145,13 @@ if test x$enable_gcc_hardening != xno; then
OTR_CHECK_CFLAGS(-fstack-protector-all)
OTR_CHECK_CFLAGS(-Wstack-protector)
OTR_CHECK_CFLAGS(-fwrapv)
dnl Ian added the next four:
OTR_CHECK_CFLAGS(-fno-strict-overflow)
OTR_CHECK_CFLAGS(-Wall)
OTR_CHECK_CFLAGS(-Wextra -Wno-unused-parameter)
OTR_CHECK_CFLAGS(-Wformat-security)
OTR_CHECK_CFLAGS(--param ssp-buffer-size=1)
if test "$bwin32" = "false"; then
OTR_CHECK_CFLAGS(-fPIE)
......
......@@ -751,7 +751,8 @@ gcry_error_t otrl_auth_handle_key(OtrlAuthInfo *auth, const char *keymsg,
unsigned char *buf = NULL, *bufp = NULL;
size_t buflen, lenp;
gcry_mpi_t incoming_pub = NULL;
int res, msg_version;
int res;
unsigned int msg_version;
*havemsgp = 0;
......
......@@ -51,9 +51,10 @@ static gcry_mpi_t DH1536_GENERATOR = NULL;
*/
void otrl_dh_init(void)
{
gcry_mpi_scan(&DH1536_MODULUS, GCRYMPI_FMT_HEX, DH1536_MODULUS_S, 0, NULL);
gcry_mpi_scan(&DH1536_GENERATOR, GCRYMPI_FMT_HEX, DH1536_GENERATOR_S,
0, NULL);
gcry_mpi_scan(&DH1536_MODULUS, GCRYMPI_FMT_HEX,
(const unsigned char *)DH1536_MODULUS_S, 0, NULL);
gcry_mpi_scan(&DH1536_GENERATOR, GCRYMPI_FMT_HEX,
(const unsigned char *)DH1536_GENERATOR_S, 0, NULL);
DH1536_MODULUS_MINUS_2 = gcry_mpi_new(DH1536_MOD_LEN_BITS);
gcry_mpi_sub_ui(DH1536_MODULUS_MINUS_2, DH1536_MODULUS, 2);
}
......
......@@ -46,7 +46,7 @@
/* libotr headers */
#include "mem.h"
static int header_size;
static size_t header_size;
static void *otrl_mem_malloc(size_t n)
{
......
......@@ -208,7 +208,7 @@ gcry_error_t otrl_privkey_read_FILEp(OtrlUserState us, FILE *privf)
size_t tokenlen;
gcry_error_t err;
gcry_sexp_t allkeys;
size_t i;
int i;
if (!privf) return gcry_error(GPG_ERR_NO_ERROR);
......
......@@ -908,7 +908,7 @@ OtrlFragmentResult otrl_proto_fragment_accumulate(char **unfragmessagep,
size_t newsize = fraglen + 1;
free(context->context_priv->fragment);
context->context_priv->fragment = NULL;
if (newsize > fraglen) { /* Check for overflow */
if (newsize >= 1) { /* Check for overflow */
context->context_priv->fragment = malloc(newsize);
}
if (context->context_priv->fragment) {
......@@ -928,7 +928,8 @@ OtrlFragmentResult otrl_proto_fragment_accumulate(char **unfragmessagep,
int fraglen = end - start - 1;
char *newfrag = NULL;
size_t newsize = context->context_priv->fragment_len + fraglen + 1;
if (newsize > fraglen) { /* Check for overflow */
/* Check for overflow */
if (newsize > context->context_priv->fragment_len) {
newfrag = realloc(context->context_priv->fragment, newsize);
}
if (newfrag) {
......
......@@ -71,10 +71,12 @@ static gcry_mpi_t SM_MODULUS_MINUS_2 = NULL;
void otrl_sm_init(void)
{
gcry_check_version(NULL);
gcry_mpi_scan(&SM_MODULUS, GCRYMPI_FMT_HEX, SM_MODULUS_S, 0, NULL);
gcry_mpi_scan(&SM_ORDER, GCRYMPI_FMT_HEX, SM_ORDER_S, 0, NULL);
gcry_mpi_scan(&SM_GENERATOR, GCRYMPI_FMT_HEX, SM_GENERATOR_S,
0, NULL);
gcry_mpi_scan(&SM_MODULUS, GCRYMPI_FMT_HEX,
(const unsigned char *)SM_MODULUS_S, 0, NULL);
gcry_mpi_scan(&SM_ORDER, GCRYMPI_FMT_HEX,
(const unsigned char *)SM_ORDER_S, 0, NULL);
gcry_mpi_scan(&SM_GENERATOR, GCRYMPI_FMT_HEX,
(const unsigned char *)SM_GENERATOR_S, 0, NULL);
SM_MODULUS_MINUS_2 = gcry_mpi_new(SM_MOD_LEN_BITS);
gcry_mpi_sub_ui(SM_MODULUS_MINUS_2, SM_MODULUS, 2);
}
......@@ -345,8 +347,8 @@ static gcry_error_t serialize_mpi_array(unsigned char **buffer, int *buflen,
static gcry_error_t unserialize_mpi_array(gcry_mpi_t **mpis,
unsigned int expcount, const unsigned char *buffer, const int buflen)
{
int i;
int lenp = buflen;
unsigned int i;
size_t lenp = buflen;
unsigned int thecount = 0;
const unsigned char* bufp = buffer;
*mpis = NULL;
......
......@@ -48,8 +48,10 @@ void sesskeys_gen(unsigned char sessionid[20], unsigned char sendenc[16],
unsigned char hash[20];
int is_high;
gcry_mpi_scan(&modulus, GCRYMPI_FMT_HEX, DH1536_MODULUS_S, 0, NULL);
gcry_mpi_scan(&generator, GCRYMPI_FMT_HEX, DH1536_GENERATOR_S, 0, NULL);
gcry_mpi_scan(&modulus, GCRYMPI_FMT_HEX,
(const unsigned char *)DH1536_MODULUS_S, 0, NULL);
gcry_mpi_scan(&generator, GCRYMPI_FMT_HEX,
(const unsigned char *)DH1536_GENERATOR_S, 0, NULL);
*our_yp = gcry_mpi_new(0);
gcry_mpi_powm(*our_yp, generator, our_x, modulus);
secretv = gcry_mpi_new(0);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment