From 370ea9bd3726e33e0c5dc68e2660c819c176ba45 Mon Sep 17 00:00:00 2001 From: Hamish Coleman Date: Thu, 16 Sep 2021 10:00:46 +0100 Subject: [PATCH] addressed all but one of the remaining compile warnings (#793) * Fix the mismatched char, uint8_t warnings * Ensure we leave room for zero termination and then ensure the string is terminated * GCC has a warning if it thinks your could overflow your snprintf buffer, but dont check for said overflow --- include/auth.h | 8 ++++---- include/header_encryption.h | 2 +- src/auth.c | 19 ++++++++++--------- src/edge.c | 2 +- src/edge_utils.c | 12 ++++++++---- src/header_encryption.c | 4 ++-- src/sn_selection.c | 10 ++++++++-- src/sn_utils.c | 6 +++--- tools/keygen.c | 6 +++--- 9 files changed, 40 insertions(+), 29 deletions(-) diff --git a/include/auth.h b/include/auth.h index 786d713..21a80b3 100644 --- a/include/auth.h +++ b/include/auth.h @@ -24,17 +24,17 @@ #define AUTH_H -int bin_to_ascii (uint8_t *out, uint8_t *in, size_t in_len); +int bin_to_ascii (char *out, uint8_t *in, size_t in_len); -int ascii_to_bin (uint8_t *out, uint8_t *in); +int ascii_to_bin (uint8_t *out, char *in); -int generate_private_key(n2n_private_public_key_t key, uint8_t *in); +int generate_private_key(n2n_private_public_key_t key, char *in); int generate_public_key (n2n_private_public_key_t pub, n2n_private_public_key_t prv); int generate_shared_secret (n2n_private_public_key_t shared, n2n_private_public_key_t prv, n2n_private_public_key_t pub); -int bind_private_key_to_username (n2n_private_public_key_t prv, uint8_t *username); +int bind_private_key_to_username (n2n_private_public_key_t prv, char *username); int calculate_dynamic_key (uint8_t out_key[N2N_AUTH_CHALLENGE_SIZE], uint32_t key_time, n2n_community_t comm, n2n_community_t fed); diff --git a/include/header_encryption.h b/include/header_encryption.h index 165f571..b12d858 100644 --- a/include/header_encryption.h +++ b/include/header_encryption.h @@ -30,6 +30,6 @@ void packet_header_setup_key (const char *community_name, he_context_t **ctx_static, he_context_t **ctx_dynamic, he_context_t **ctx_iv_static, he_context_t **ctx_iv_dynamic); -void packet_header_change_dynamic_key (const char *key_dynamic, +void packet_header_change_dynamic_key (uint8_t *key_dynamic, he_context_t **ctx_dynamic, he_context_t **ctx_iv_dynamic); diff --git a/src/auth.c b/src/auth.c index 7c6aff6..68b5694 100644 --- a/src/auth.c +++ b/src/auth.c @@ -35,7 +35,7 @@ static uint8_t a2b[256] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0xff, 0xff, 0xff, 0xff, 0xff }; /* 0x70 ... 0x7f */ -int bin_to_ascii (uint8_t *out, uint8_t *in, size_t in_len) { +int bin_to_ascii (char *out, uint8_t *in, size_t in_len) { // in buffer contains binary data of length in_len @@ -64,7 +64,7 @@ int bin_to_ascii (uint8_t *out, uint8_t *in, size_t in_len) { } -int ascii_to_bin (uint8_t *out, uint8_t *in) { +int ascii_to_bin (uint8_t *out, char *in) { // in buffer contains 0x00-terminated string to be decoded @@ -79,9 +79,10 @@ int ascii_to_bin (uint8_t *out, uint8_t *in) { for(in_count = 0; in_count < strlen(in); in_count++) { buf <<= 6; - if((in[in_count] > 0x20) && (in[in_count] < 0x80)) { - if(a2b[in[in_count]] != 0xFF) { - buf |= a2b[in[in_count] - 0x20]; + int ch = in[in_count]; + if((ch > 0x20) && (ch < 0x80)) { + if(a2b[ch] != 0xFF) { + buf |= a2b[ch - 0x20]; } else { traceEvent(TRACE_NORMAL, "ascii_to_bin encountered the unknown character '%c'", in[in_count]); } @@ -101,11 +102,11 @@ int ascii_to_bin (uint8_t *out, uint8_t *in) { } -int generate_private_key (n2n_private_public_key_t key, uint8_t *in) { +int generate_private_key (n2n_private_public_key_t key, char *in) { // hash the 0-terminated string input twice to generate private key - pearson_hash_256(key, in, strlen(in)); + pearson_hash_256(key, (uint8_t *)in, strlen(in)); pearson_hash_256(key, key, sizeof(n2n_private_public_key_t)); return 0; @@ -133,11 +134,11 @@ int generate_shared_secret (n2n_private_public_key_t shared, n2n_private_public_ } -int bind_private_key_to_username (n2n_private_public_key_t prv, uint8_t *username) { +int bind_private_key_to_username (n2n_private_public_key_t prv, char *username) { uint8_t tmp[32]; - pearson_hash_256(tmp, username, strlen(username)); + pearson_hash_256(tmp, (uint8_t *)username, strlen(username)); memxor(prv, tmp, sizeof(n2n_private_public_key_t)); return 0; diff --git a/src/edge.c b/src/edge.c index 5486cd3..62cc823 100644 --- a/src/edge.c +++ b/src/edge.c @@ -1029,7 +1029,7 @@ int main (int argc, char* argv[]) { // calculate public key and shared secret if(conf.federation_public_key) { traceEvent(TRACE_NORMAL, "using username and password for edge authentication"); - bind_private_key_to_username(*(conf.shared_secret), conf.dev_desc); + bind_private_key_to_username(*(conf.shared_secret), (char *)conf.dev_desc); conf.public_key = calloc(1, sizeof(n2n_private_public_key_t)); if(conf.public_key) generate_public_key(*conf.public_key, *(conf.shared_secret)); diff --git a/src/edge_utils.c b/src/edge_utils.c index 4be00bf..92b0a9b 100644 --- a/src/edge_utils.c +++ b/src/edge_utils.c @@ -2692,11 +2692,15 @@ void process_udp (n2n_edge_t *eee, const struct sockaddr_in *sender_sock, const if(eee->conf.tuntap_ip_mode == TUNTAP_IP_MODE_SN_ASSIGN) { if((ra.dev_addr.net_addr != 0) && (ra.dev_addr.net_bitlen != 0)) { net = htonl(ra.dev_addr.net_addr); - if((ip_str = inet_ntoa(*(struct in_addr *) &net)) != NULL) - strncpy(eee->tuntap_priv_conf.ip_addr, ip_str, N2N_NETMASK_STR_SIZE); + if((ip_str = inet_ntoa(*(struct in_addr *) &net)) != NULL) { + strncpy(eee->tuntap_priv_conf.ip_addr, ip_str, N2N_NETMASK_STR_SIZE-1); + eee->tuntap_priv_conf.ip_addr[N2N_NETMASK_STR_SIZE-1] = '\0'; + } net = htonl(bitlen2mask(ra.dev_addr.net_bitlen)); - if((ip_str = inet_ntoa(*(struct in_addr *) &net)) != NULL) - strncpy(eee->tuntap_priv_conf.netmask, ip_str, N2N_NETMASK_STR_SIZE); + if((ip_str = inet_ntoa(*(struct in_addr *) &net)) != NULL) { + strncpy(eee->tuntap_priv_conf.netmask, ip_str, N2N_NETMASK_STR_SIZE-1); + eee->tuntap_priv_conf.netmask[N2N_NETMASK_STR_SIZE-1] = '\0'; + } } } diff --git a/src/header_encryption.c b/src/header_encryption.c index 8971183..0018382 100644 --- a/src/header_encryption.c +++ b/src/header_encryption.c @@ -153,11 +153,11 @@ void packet_header_setup_key (const char *community_name, } -void packet_header_change_dynamic_key (const char *key_dynamic, +void packet_header_change_dynamic_key (uint8_t *key_dynamic, he_context_t **ctx_dynamic, he_context_t **ctx_iv_dynamic) { uint8_t key[16]; - pearson_hash_128(key, (uint8_t*)key_dynamic, N2N_AUTH_CHALLENGE_SIZE); + pearson_hash_128(key, key_dynamic, N2N_AUTH_CHALLENGE_SIZE); // for REGISTER_SUPER, REGISTER_SUPER_ACK, REGISTER_SUPER_NAK only // for all other packets, same as static by default (changed by user/pw auth scheme) diff --git a/src/sn_selection.c b/src/sn_selection.c index 803e026..191c446 100644 --- a/src/sn_selection.c +++ b/src/sn_selection.c @@ -167,11 +167,17 @@ extern char * sn_selection_criterion_str (selection_criterion_str_t out, peer_in // easier to sort to the end of the list). // Alternatively, typecast to (int16_t) and check for greater or equal zero if(peer->selection_criterion < (UINT32_MAX >> 2)) { + #ifndef SN_SELECTION_RTT - snprintf(out, SN_SELECTION_CRITERION_BUF_SIZE, "load = %8d", peer->selection_criterion); + int chars = snprintf(out, SN_SELECTION_CRITERION_BUF_SIZE, "load = %8d", peer->selection_criterion); #else - snprintf(out, SN_SELECTION_CRITERION_BUF_SIZE, "rtt = %6d ms", peer->selection_criterion); + int chars = snprintf(out, SN_SELECTION_CRITERION_BUF_SIZE, "rtt = %6d ms", peer->selection_criterion); #endif + + /* this test is to make "-Wformat-truncation" less sad */ + if (chars > SN_SELECTION_CRITERION_BUF_SIZE) { + traceEvent(TRACE_INFO, "selection_criterion buffer overflow"); + } } return out; diff --git a/src/sn_utils.c b/src/sn_utils.c index e5b3cc0..3a8a836 100644 --- a/src/sn_utils.c +++ b/src/sn_utils.c @@ -153,8 +153,8 @@ void calculate_dynamic_keys (n2n_sn_t *sss) { if(comm->allowed_users) { calculate_dynamic_key(comm->dynamic_key, /* destination */ sss->dynamic_key_time, /* time - same for all */ - comm->community, /* community name */ - sss->federation->community); /* federation name */ + (uint8_t *)comm->community, /* community name */ + (uint8_t *)sss->federation->community); /* federation name */ packet_header_change_dynamic_key(comm->dynamic_key, &(comm->header_encryption_ctx_dynamic), &(comm->header_iv_ctx_dynamic)); @@ -217,7 +217,7 @@ int load_allowed_sn_community (n2n_sn_t *sss) { sn_user_t *user, *tmp_user; n2n_desc_t username; n2n_private_public_key_t public_key; - uint8_t ascii_public_key[(N2N_PRIVATE_PUBLIC_KEY_SIZE * 8 + 5) / 6 + 1]; + char ascii_public_key[(N2N_PRIVATE_PUBLIC_KEY_SIZE * 8 + 5) / 6 + 1]; dec_ip_str_t ip_str = {'\0'}; uint8_t bitlen; diff --git a/tools/keygen.c b/tools/keygen.c index bfa0509..5cc21db 100644 --- a/tools/keygen.c +++ b/tools/keygen.c @@ -24,7 +24,7 @@ int main(int argc, char * argv[]) { n2n_private_public_key_t prv; /* 32 bytes private key */ n2n_private_public_key_t bin; /* 32 bytes public key binary output buffer */ - uint8_t asc[44]; /* 43 bytes + 0-terminator ascii string output */ + char asc[44]; /* 43 bytes + 0-terminator ascii string output */ uint8_t fed = 0; // exactly two parameters required @@ -50,11 +50,11 @@ int main(int argc, char * argv[]) { // to username but username and password are not interchangeable), // finally xor the result // in federation mode: only hash federation name, twice - generate_private_key(prv, (uint8_t*)argv[2]); + generate_private_key(prv, argv[2]); // hash user name only if required if(!fed) { - bind_private_key_to_username(prv, (uint8_t*)argv[1]); + bind_private_key_to_username(prv, argv[1]); } // calculate the public key into binary output buffer