[OpenWrt-Devel] [PATCH ucert 3/9] cmake: enable hardening compiler flags and fix the reported issues

Petr Štetiar ynezz at true.cz
Thu Dec 19 17:04:15 EST 2019


Lets enable some useful flags in order to spot possible issues during
QA on CI (GCC version 6 and higher). Fix warnings uncovered by this new
flags as reported by clang-9 on x86/64:

 ucert.c:158:33: error: comparison of integers of different signs: 'unsigned long' and 'int' [-Werror,-Wsign-compare]
 ucert.c:176:14: error: comparison of integers of different signs: 'int' and 'unsigned long' [-Werror,-Wsign-compare]
 ucert.c:314:18: error: comparison of integers of different signs: '__time_t' (aka 'long') and 'uint64_t' (aka 'unsigned long') [-Werror,-Wsign-compare]
 ucert.c:315:18: error: comparison of integers of different signs: '__time_t' (aka 'long') and 'uint64_t' (aka 'unsigned long') [-Werror,-Wsign-compare]
 ucert.c:557:17: error: comparison of integers of different signs: '__time_t' (aka 'long') and 'uint64_t' (aka 'unsigned long') [-Werror,-Wsign-compare]

Ref: https://developers.redhat.com/blog/2018/03/21/compiler-and-linker-flags-gcc/
Signed-off-by: Petr Štetiar <ynezz at true.cz>
---
 CMakeLists.txt |  8 +++++++-
 ucert.c        | 18 +++++++++++-------
 2 files changed, 18 insertions(+), 8 deletions(-)

diff --git a/CMakeLists.txt b/CMakeLists.txt
index 14888ac38135..436abc6857b3 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -1,7 +1,13 @@
 cmake_minimum_required(VERSION 2.6)
 
 PROJECT(ucert C)
-ADD_DEFINITIONS(-Os -ggdb -Wall --std=gnu99 -Wmissing-declarations)
+
+ADD_DEFINITIONS(-Wall -Werror)
+IF(CMAKE_C_COMPILER_VERSION VERSION_GREATER 6)
+	ADD_DEFINITIONS(-Wextra -Werror=implicit-function-declaration)
+	ADD_DEFINITIONS(-Wformat -Werror=format-security -Werror=format-nonliteral)
+ENDIF()
+ADD_DEFINITIONS(-Os -std=gnu99 -ggdb -Wmissing-declarations -Wno-unused-parameter)
 
 SET(CMAKE_SHARED_LIBRARY_LINK_C_FLAGS "")
 
diff --git a/ucert.c b/ucert.c
index 569b31d5f16e..8503eeb26cd8 100644
--- a/ucert.c
+++ b/ucert.c
@@ -48,9 +48,13 @@ static enum {
 
 static bool quiet;
 #ifndef UCERT_STRIP_MESSAGES
-#define DPRINTF(format, ...) if (!quiet) fprintf(stderr, "%s(%d): " format, __func__, __LINE__, ## __VA_ARGS__)
+#define DPRINTF(format, ...)									\
+	do {											\
+		if (!quiet)									\
+			fprintf(stderr, "%s(%d): " format, __func__, __LINE__, ## __VA_ARGS__);	\
+	} while (0)
 #else
-#define DPRINTF(format, ...)
+#define DPRINTF(format, ...) do { } while (0)
 #endif
 
 /*
@@ -133,7 +137,7 @@ static int cert_load(const char *certfile, struct list_head *chain) {
 	struct cert_object *cobj;
 	char filebuf[CERT_BUF_LEN];
 	int ret = 0, pret = 0;
-	int len, pos = 0;
+	size_t len, pos = 0;
 
 	f = fopen(certfile, "r");
 	if (!f)
@@ -269,8 +273,8 @@ static int chain_verify(const char *msgfile, const char *pubkeyfile,
 	list_for_each_entry(cobj, chain, list) {
 		/* blob has payload, verify that using signature */
 		if (cobj->cert[CERT_ATTR_PAYLOAD]) {
-			uint64_t validfrom;
-			uint64_t expiresat;
+			time_t validfrom;
+			time_t expiresat;
 			uint32_t certtype;
 
 			ret = cert_verify_blob(cobj->cert, chainedpubkey[0]?chainedpubkey:pubkeyfile, pubkeydir);
@@ -499,8 +503,8 @@ static int cert_process_revoker(const char *certfile, const char *pubkeydir) {
 	struct blob_attr *payloadtb[CERT_PL_ATTR_MAX];
 	struct stat st;
 	struct timeval tv;
-	uint64_t validfrom;
-	uint32_t certtype;
+	time_t validfrom;
+	enum certtype_id certtype;
 	char *fingerprint;
 	char rfname[512];
 

_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel


More information about the openwrt-devel mailing list