moparisthebest
/
curl
mirror of https://github.com/moparisthebest/curl
1
0
Fork 0
Code Issues Releases Wiki Activity

lib: reduce variable scopes 

Fixes Codacy/CppCheck warnings.

Closes https://github.com/curl/curl/pull/3872
This commit is contained in:
Marcel Raad 2019-05-11 21:42:48 +02:00
parent 27af2ec219
commit 10db3ef21e
No known key found for this signature in database
GPG Key ID: FE4D8BC5EE1701DD
23 changed files with 115 additions and 124 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
lib/connect.c
View File

@ -628,7 +628,6 @@ UNITTEST bool getaddressinfo(struct sockaddr *sa, char *addr,
UNITTEST bool getaddressinfo(struct sockaddr *sa, char *addr,
long *port)
{
unsigned short us_port;
struct sockaddr_in *si = NULL;
#ifdef ENABLE_IPV6
struct sockaddr_in6 *si6 = NULL;
@ -642,7 +641,7 @@ UNITTEST bool getaddressinfo(struct sockaddr *sa, char *addr,
si = (struct sockaddr_in *)(void *) sa;
if(Curl_inet_ntop(sa->sa_family, &si->sin_addr,
addr, MAX_IPADR_LEN)) {
us_port = ntohs(si->sin_port);
unsigned short us_port = ntohs(si->sin_port);
*port = us_port;
return TRUE;
}
@ -652,7 +651,7 @@ UNITTEST bool getaddressinfo(struct sockaddr *sa, char *addr,
si6 = (struct sockaddr_in6 *)(void *) sa;
if(Curl_inet_ntop(sa->sa_family, &si6->sin6_addr,
addr, MAX_IPADR_LEN)) {
us_port = ntohs(si6->sin6_port);
unsigned short us_port = ntohs(si6->sin6_port);
*port = us_port;
return TRUE;
}

10
lib/cookie.c
View File

@ -1509,10 +1509,6 @@ static int cookie_output(struct CookieInfo *c, const char *dumphere)
struct Cookie *co;
FILE *out;
bool use_stdout = FALSE;
char *format_ptr;
unsigned int i;
unsigned int j;
struct Cookie **array;
if(!c)
/* no cookie engine alive */
@ -1539,6 +1535,10 @@ static int cookie_output(struct CookieInfo *c, const char *dumphere)
out);
if(c->numcookies) {
unsigned int i;
unsigned int j;
struct Cookie **array;
array = malloc(sizeof(struct Cookie *) * c->numcookies);
if(!array) {
if(!use_stdout)
@ -1558,7 +1558,7 @@ static int cookie_output(struct CookieInfo *c, const char *dumphere)
qsort(array, c->numcookies, sizeof(struct Cookie *), cookie_sort_ct);
for(i = 0; i < j; i++) {
format_ptr = get_netscape_format(array[i]);
char *format_ptr = get_netscape_format(array[i]);
if(format_ptr == NULL) {
fprintf(out, "#\n# Fatal libcurl error\n");
free(array);

7
lib/doh.c
View File

@ -584,7 +584,6 @@ UNITTEST DOHcode doh_decode(unsigned char *doh,
unsigned short qdcount;
unsigned short ancount;
unsigned short type = 0;
unsigned short class;
unsigned short rdlength;
unsigned short nscount;
unsigned short arcount;
@ -612,6 +611,7 @@ UNITTEST DOHcode doh_decode(unsigned char *doh,
ancount = get16bit(doh, 6);
while(ancount) {
unsigned short class;
unsigned int ttl;
rc = skipqname(doh, dohlen, &index);
@ -896,8 +896,6 @@ CURLcode Curl_doh_is_resolved(struct connectdata *conn,
DOHcode rc;
DOHcode rc2;
struct dohentry de;
struct Curl_dns_entry *dns;
struct Curl_addrinfo *ai;
/* remove DOH handles from multi handle and close them */
curl_multi_remove_handle(data->multi, data->req.doh.probe[0].easy);
Curl_close(data->req.doh.probe[0].easy);
@ -927,6 +925,9 @@ CURLcode Curl_doh_is_resolved(struct connectdata *conn,
data->req.doh.host);
}
if(!rc || !rc2) {
struct Curl_dns_entry *dns;
struct Curl_addrinfo *ai;
infof(data, "DOH Host name: %s\n", data->req.doh.host);
showdoh(data, &de);

6
lib/hostcheck.c
View File

@ -127,16 +127,14 @@ static int hostmatch(char *hostname, char *pattern)
int Curl_cert_hostcheck(const char *match_pattern, const char *hostname)
{
char *matchp;
char *hostp;
int res = 0;
if(!match_pattern || !*match_pattern ||
!hostname || !*hostname) /* sanity check */
;
else {
matchp = strdup(match_pattern);
char *matchp = strdup(match_pattern);
if(matchp) {
hostp = strdup(hostname);
char *hostp = strdup(hostname);
if(hostp) {
if(hostmatch(hostp, matchp) == CURL_HOST_MATCH)
res = 1;

5
lib/hostip6.c
View File

@ -102,14 +102,15 @@ static void dump_addrinfo(struct connectdata *conn, const Curl_addrinfo *ai)
printf("dump_addrinfo:\n");
for(; ai; ai = ai->ai_next) {
char buf[INET6_ADDRSTRLEN];
char buffer[STRERROR_LEN];
printf(" fam %2d, CNAME %s, ",
ai->ai_family, ai->ai_canonname ? ai->ai_canonname : "<none>");
if(Curl_printable_address(ai, buf, sizeof(buf)))
printf("%s\n", buf);
else
else {
char buffer[STRERROR_LEN];
printf("failed; %s\n",
Curl_strerror(SOCKERRNO, buffer, sizeof(buffer)));
}
}
}
#else

3
lib/inet_pton.c
View File

@ -153,7 +153,7 @@ inet_pton6(const char *src, unsigned char *dst)
static const char xdigits_l[] = "0123456789abcdef",
xdigits_u[] = "0123456789ABCDEF";
unsigned char tmp[IN6ADDRSZ], *tp, *endp, *colonp;
const char *xdigits, *curtok;
const char *curtok;
int ch, saw_xdigit;
size_t val;
@ -168,6 +168,7 @@ inet_pton6(const char *src, unsigned char *dst)
saw_xdigit = 0;
val = 0;
while((ch = *src++) != '\0') {
const char *xdigits;
const char *pch;
pch = strchr((xdigits = xdigits_l), ch);

3
lib/ldap.c
View File

@ -1069,8 +1069,6 @@ static int _ldap_url_parse(const struct connectdata *conn,
static void _ldap_free_urldesc(LDAPURLDesc *ludp)
{
size_t i;
if(!ludp)
return;
@ -1078,6 +1076,7 @@ static void _ldap_free_urldesc(LDAPURLDesc *ludp)
free(ludp->lud_filter);
if(ludp->lud_attrs) {
size_t i;
for(i = 0; i < ludp->lud_attrs_dups; i++)
free(ludp->lud_attrs[i]);
free(ludp->lud_attrs);

7
lib/md4.c
View File

@ -115,7 +115,6 @@ static const void *body(MD4_CTX *ctx, const void *data, unsigned long size)
{
const unsigned char *ptr;
MD4_u32plus a, b, c, d;
MD4_u32plus saved_a, saved_b, saved_c, saved_d;
ptr = (const unsigned char *)data;
@ -125,6 +124,8 @@ static const void *body(MD4_CTX *ctx, const void *data, unsigned long size)
d = ctx->d;
do {
MD4_u32plus saved_a, saved_b, saved_c, saved_d;
saved_a = a;
saved_b = b;
saved_c = c;
@ -214,7 +215,7 @@ static void MD4_Init(MD4_CTX *ctx)
static void MD4_Update(MD4_CTX *ctx, const void *data, unsigned long size)
{
MD4_u32plus saved_lo;
unsigned long used, available;
unsigned long used;
saved_lo = ctx->lo;
ctx->lo = (saved_lo + size) & 0x1fffffff;
@ -225,7 +226,7 @@ static void MD4_Update(MD4_CTX *ctx, const void *data, unsigned long size)
used = saved_lo & 0x3f;
if(used) {
available = 64 - used;
unsigned long available = 64 - used;
if(size < available) {
memcpy(&ctx->buffer[used], data, size);

7
lib/md5.c
View File

@ -275,7 +275,6 @@ static const void *body(MD5_CTX *ctx, const void *data, unsigned long size)
{
const unsigned char *ptr;
MD5_u32plus a, b, c, d;
MD5_u32plus saved_a, saved_b, saved_c, saved_d;
ptr = (const unsigned char *)data;
@ -285,6 +284,8 @@ static const void *body(MD5_CTX *ctx, const void *data, unsigned long size)
d = ctx->d;
do {
MD5_u32plus saved_a, saved_b, saved_c, saved_d;
saved_a = a;
saved_b = b;
saved_c = c;
@ -392,7 +393,7 @@ static void MD5_Init(MD5_CTX *ctx)
static void MD5_Update(MD5_CTX *ctx, const void *data, unsigned long size)
{
MD5_u32plus saved_lo;
unsigned long used, available;
unsigned long used;
saved_lo = ctx->lo;
ctx->lo = (saved_lo + size) & 0x1fffffff;
@ -403,7 +404,7 @@ static void MD5_Update(MD5_CTX *ctx, const void *data, unsigned long size)
used = saved_lo & 0x3f;
if(used) {
available = 64 - used;
unsigned long available = 64 - used;
if(size < available) {
memcpy(&ctx->buffer[used], data, size);

3
lib/memdebug.c
View File

@ -306,9 +306,8 @@ void *curl_dbg_realloc(void *ptr, size_t wantedsize,
void curl_dbg_free(void *ptr, int line, const char *source)
{
struct memdebug *mem;
if(ptr) {
struct memdebug *mem;
#ifdef __INTEL_COMPILER
# pragma warning(push)

5
lib/security.c
View File

@ -410,8 +410,6 @@ int Curl_sec_read_msg(struct connectdata *conn, char *buffer,
static int sec_set_protection_level(struct connectdata *conn)
{
int code;
char *pbsz;
static unsigned int buffer_size = 1 << 20; /* 1048576 */
enum protection_level level = conn->request_data_prot;
DEBUGASSERT(level > PROT_NONE && level < PROT_LAST);
@ -427,6 +425,9 @@ static int sec_set_protection_level(struct connectdata *conn)
return 0;
if(level) {
char *pbsz;
static unsigned int buffer_size = 1 << 20; /* 1048576 */
code = ftp_send_command(conn, "PBSZ %u", buffer_size);
if(code < 0)
return -1;

8
lib/ssh-libssh.c
View File

@ -1946,14 +1946,13 @@ static int myssh_getsock(struct connectdata *conn,
static void myssh_block2waitfor(struct connectdata *conn, bool block)
{
struct ssh_conn *sshc = &conn->proto.sshc;
int dir;
/* If it didn't block, or nothing was returned by ssh_get_poll_flags
* have the original set */
conn->waitfor = sshc->orig_waitfor;
if(block) {
dir = ssh_get_poll_flags(sshc->ssh_session);
int dir = ssh_get_poll_flags(sshc->ssh_session);
if(dir & SSH_READ_PENDING) {
/* translate the libssh define bits into our own bit defines */
conn->waitfor = KEEP_RECV;
@ -2050,7 +2049,6 @@ static CURLcode myssh_connect(struct connectdata *conn, bool *done)
CURLcode result;
curl_socket_t sock = conn->sock[FIRSTSOCKET];
struct Curl_easy *data = conn->data;
int rc;
/* initialize per-handle data if not already */
if(!data->req.protop)
@ -2104,8 +2102,8 @@ static CURLcode myssh_connect(struct connectdata *conn, bool *done)
ssh->pubkey = NULL;
if(data->set.str[STRING_SSH_PUBLIC_KEY]) {
rc = ssh_pki_import_pubkey_file(data->set.str[STRING_SSH_PUBLIC_KEY],
&ssh->pubkey);
int rc = ssh_pki_import_pubkey_file(data->set.str[STRING_SSH_PUBLIC_KEY],
&ssh->pubkey);
if(rc != SSH_OK) {
failf(data, "Could not load public key file");
/* ignore */

2
lib/ssh.c
View File

@ -587,13 +587,13 @@ static CURLcode ssh_check_fingerprint(struct connectdata *conn)
struct Curl_easy *data = conn->data;
const char *pubkey_md5 = data->set.str[STRING_SSH_HOST_PUBLIC_KEY_MD5];
char md5buffer[33];
int i;
const char *fingerprint = libssh2_hostkey_hash(sshc->ssh_session,
LIBSSH2_HOSTKEY_HASH_MD5);
if(fingerprint) {
/* The fingerprint points to static storage (!), don't free() it. */
int i;
for(i = 0; i < 16; i++)
msnprintf(&md5buffer[i*2], 3, "%02x", (unsigned char) fingerprint[i]);
infof(data, "SSH MD5 fingerprint: %s\n", md5buffer);

14
lib/transfer.c
View File

@ -157,15 +157,8 @@ CURLcode Curl_fillreadbuffer(struct connectdata *conn, size_t bytes,
size_t buffersize = bytes;
size_t nread;
#ifndef CURL_DISABLE_HTTP
struct curl_slist *trailers = NULL;
CURLcode c;
int trailers_ret_code;
#endif
curl_read_callback readfunc = NULL;
void *extra_data = NULL;
bool added_crlf = FALSE;
#ifdef CURL_DOES_CONVERSIONS
bool sending_http_headers = FALSE;
@ -182,6 +175,10 @@ CURLcode Curl_fillreadbuffer(struct connectdata *conn, size_t bytes,
#ifndef CURL_DISABLE_HTTP
if(data->state.trailers_state == TRAILERS_INITIALIZED) {
struct curl_slist *trailers = NULL;
CURLcode c;
int trailers_ret_code;
/* at this point we already verified that the callback exists
so we compile and store the trailers buffer, then proceed */
infof(data,
@ -296,7 +293,7 @@ CURLcode Curl_fillreadbuffer(struct connectdata *conn, size_t bytes,
here, knowing they'll become CRLFs later on.
*/
char hexbuffer[11] = "";
bool added_crlf = FALSE;
int hexlen = 0;
const char *endofline_native;
const char *endofline_network;
@ -317,6 +314,7 @@ CURLcode Curl_fillreadbuffer(struct connectdata *conn, size_t bytes,
/* if we're not handling trailing data, proceed as usual */
if(data->state.trailers_state != TRAILERS_SENDING) {
char hexbuffer[11] = "";
hexlen = msnprintf(hexbuffer, sizeof(hexbuffer),
"%zx%s", nread, endofline_native);

4
lib/urlapi.c
View File

@ -605,9 +605,9 @@ static CURLUcode hostname_check(struct Curl_URL *u, char *hostname)
/* only valid letters are ok */
len = strspn(hostname, l);
if(hlen != len) {
/* this could now be '%[zone id]' */
char zoneid[16];
if(hostname[len] == '%') {
/* this could now be '%[zone id]' */
char zoneid[16];
int i = 0;
char *h = &hostname[len + 1];
/* pass '25' if present and is a url encoded percent sign */

2
lib/vtls/cyassl.c
View File

@ -143,7 +143,6 @@ static CURLcode
cyassl_connect_step1(struct connectdata *conn,
int sockindex)
{
char error_buffer[CYASSL_MAX_ERROR_SZ];
char *ciphers;
struct Curl_easy *data = conn->data;
struct ssl_connect_data* connssl = &conn->ssl[sockindex];
@ -420,6 +419,7 @@ cyassl_connect_step1(struct connectdata *conn,
if(!Curl_ssl_getsessionid(conn, &ssl_sessionid, NULL, sockindex)) {
/* we got a session id, use it! */
if(!SSL_set_session(BACKEND->handle, ssl_sessionid)) {
char error_buffer[CYASSL_MAX_ERROR_SZ];
Curl_ssl_sessionid_unlock(conn);
failf(data, "SSL: SSL_set_session failed: %s",
ERR_error_string(SSL_get_error(BACKEND->handle, 0),

15
lib/vtls/gskit.c
View File

@ -734,12 +734,11 @@ static ssize_t gskit_recv(struct connectdata *conn, int num, char *buf,
{
struct ssl_connect_data *connssl = &conn->ssl[num];
struct Curl_easy *data = conn->data;
int buffsize;
int nread;
CURLcode cc = CURLE_RECV_ERROR;
if(pipe_ssloverssl(conn, num, SOS_READ) >= 0) {
buffsize = buffersize > (size_t) INT_MAX? INT_MAX: (int) buffersize;
int buffsize = buffersize > (size_t) INT_MAX? INT_MAX: (int) buffersize;
cc = gskit_status(data, gsk_secure_soc_read(BACKEND->handle,
buf, buffsize, &nread),
"gsk_secure_soc_read()", CURLE_RECV_ERROR);
@ -806,7 +805,6 @@ static CURLcode gskit_connect_step1(struct connectdata *conn, int sockindex)
conn->host.name;
const char *sni;
unsigned int protoflags = 0;
long timeout;
Qso_OverlappedIO_t commarea;
int sockpair[2];
static const int sobufsize = CURL_MAX_WRITE_SIZE;
@ -914,7 +912,7 @@ static CURLcode gskit_connect_step1(struct connectdata *conn, int sockindex)
if(!result) {
/* Compute the handshake timeout. Since GSKit granularity is 1 second,
we round up the required value. */
timeout = Curl_timeleft(data, NULL, TRUE);
long timeout = Curl_timeleft(data, NULL, TRUE);
if(timeout < 0)
result = CURLE_OPERATION_TIMEDOUT;
else
@ -1021,14 +1019,13 @@ static CURLcode gskit_connect_step2(struct connectdata *conn, int sockindex,
struct Curl_easy *data = conn->data;
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
Qso_OverlappedIO_t cstat;
long timeout_ms;
struct timeval stmv;
CURLcode result;
/* Poll or wait for end of SSL asynchronous handshake. */
for(;;) {
timeout_ms = nonblocking? 0: Curl_timeleft(data, NULL, TRUE);
long timeout_ms = nonblocking? 0: Curl_timeleft(data, NULL, TRUE);
if(timeout_ms < 0)
timeout_ms = 0;
stmv.tv_sec = timeout_ms / 1000;
@ -1077,7 +1074,6 @@ static CURLcode gskit_connect_step3(struct connectdata *conn, int sockindex)
const char *cert = (const char *) NULL;
const char *certend;
const char *ptr;
int i;
CURLcode result;
/* SSL handshake done: gather certificate info and verify host. */
@ -1087,6 +1083,8 @@ static CURLcode gskit_connect_step3(struct connectdata *conn, int sockindex)
&cdev, &cdec),
"gsk_attribute_get_cert_info()", CURLE_SSL_CONNECT_ERROR) ==
CURLE_OK) {
int i;
infof(data, "Server certificate:\n");
p = cdev;
for(i = 0; i++ < cdec; p++)
@ -1261,7 +1259,6 @@ static int Curl_gskit_shutdown(struct connectdata *conn, int sockindex)
{
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
struct Curl_easy *data = conn->data;
ssize_t nread;
int what;
int rc;
char buf[120];
@ -1278,6 +1275,8 @@ static int Curl_gskit_shutdown(struct connectdata *conn, int sockindex)
SSL_SHUTDOWN_TIMEOUT);
for(;;) {
ssize_t nread;
if(what < 0) {
/* anything that gets here is fatally bad */
failf(data, "select/poll on SSL socket, errno: %d", SOCKERRNO);

37
lib/vtls/gtls.c
View File

@ -286,11 +286,11 @@ static CURLcode handshake(struct connectdata *conn,
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
gnutls_session_t session = BACKEND->session;
curl_socket_t sockfd = conn->sock[sockindex];
time_t timeout_ms;
int rc;
int what;
for(;;) {
time_t timeout_ms;
int rc;
/* check allowed time left */
timeout_ms = Curl_timeleft(data, NULL, duringconnect);
@ -303,7 +303,7 @@ static CURLcode handshake(struct connectdata *conn,
/* if ssl is expecting something, check if it's available. */
if(connssl->connecting_state == ssl_connect_2_reading
|| connssl->connecting_state == ssl_connect_2_writing) {
int what;
curl_socket_t writefd = ssl_connect_2_writing ==
connssl->connecting_state?sockfd:CURL_SOCKET_BAD;
curl_socket_t readfd = ssl_connect_2_reading ==
@ -957,7 +957,6 @@ static CURLcode pkp_pin_peer_pubkey(struct Curl_easy *data,
gnutls_pubkey_t key = NULL;
/* Result is returned to caller */
int ret = 0;
CURLcode result = CURLE_SSL_PINNEDPUBKEYNOTMATCH;
/* if a path wasn't specified, don't pin */
@ -968,6 +967,8 @@ static CURLcode pkp_pin_peer_pubkey(struct Curl_easy *data,
return result;
do {
int ret;
/* Begin Gyrations to get the public key */
gnutls_pubkey_init(&key);
@ -1279,10 +1280,7 @@ gtls_connect_step3(struct connectdata *conn,
#define use_addr in_addr
#endif
unsigned char addrbuf[sizeof(struct use_addr)];
unsigned char certaddr[sizeof(struct use_addr)];
size_t addrlen = 0, certaddrlen;
int i;
int ret = 0;
size_t addrlen = 0;
if(Curl_inet_pton(AF_INET, hostname, addrbuf) > 0)
addrlen = 4;
@ -1292,10 +1290,13 @@ gtls_connect_step3(struct connectdata *conn,
#endif
if(addrlen) {
unsigned char certaddr[sizeof(struct use_addr)];
int i;
for(i = 0; ; i++) {
certaddrlen = sizeof(certaddr);
ret = gnutls_x509_crt_get_subject_alt_name(x509_cert, i, certaddr,
&certaddrlen, NULL);
size_t certaddrlen = sizeof(certaddr);
int ret = gnutls_x509_crt_get_subject_alt_name(x509_cert, i, certaddr,
&certaddrlen, NULL);
/* If this happens, it wasn't an IP address. */
if(ret == GNUTLS_E_SHORT_MEMORY_BUFFER)
continue;
@ -1465,8 +1466,6 @@ gtls_connect_step3(struct connectdata *conn,
already got it from the cache and asked to use it in the connection, it
might've been rejected and then a new one is in use now and we need to
detect that. */
bool incache;
void *ssl_sessionid;
void *connect_sessionid;
size_t connect_idsize = 0;
@ -1475,6 +1474,9 @@ gtls_connect_step3(struct connectdata *conn,
connect_sessionid = malloc(connect_idsize); /* get a buffer for it */
if(connect_sessionid) {
bool incache;
void *ssl_sessionid;
/* extract session ID to the allocated buffer */
gnutls_session_get_data(session, connect_sessionid, &connect_idsize);
@ -1635,11 +1637,8 @@ static void Curl_gtls_close(struct connectdata *conn, int sockindex)
static int Curl_gtls_shutdown(struct connectdata *conn, int sockindex)
{
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
ssize_t result;
int retval = 0;
struct Curl_easy *data = conn->data;
bool done = FALSE;
char buf[120];
/* This has only been tested on the proftpd server, and the mod_tls code
sends a close notify alert without waiting for a close notify alert in
@ -1650,6 +1649,10 @@ static int Curl_gtls_shutdown(struct connectdata *conn, int sockindex)
gnutls_bye(BACKEND->session, GNUTLS_SHUT_WR);
if(BACKEND->session) {
ssize_t result;
bool done = FALSE;
char buf[120];
while(!done) {
int what = SOCKET_READABLE(conn->sock[sockindex],
SSL_SHUTDOWN_TIMEOUT);

11
lib/vtls/mbedtls.c
View File

@ -540,13 +540,6 @@ mbed_connect_step2(struct connectdata *conn,
data->set.str[STRING_SSL_PINNEDPUBLICKEY_PROXY] :
data->set.str[STRING_SSL_PINNEDPUBLICKEY_ORIG];
#ifdef HAS_ALPN
const char *next_protocol;
#endif
char errorbuf[128];
errorbuf[0] = 0;
conn->recv[sockindex] = mbed_recv;
conn->send[sockindex] = mbed_send;
@ -561,6 +554,8 @@ mbed_connect_step2(struct connectdata *conn,
return CURLE_OK;
}
else if(ret) {
char errorbuf[128];
errorbuf[0] = 0;
#ifdef MBEDTLS_ERROR_C
mbedtls_strerror(ret, errorbuf, sizeof(errorbuf));
#endif /* MBEDTLS_ERROR_C */
@ -665,7 +660,7 @@ mbed_connect_step2(struct connectdata *conn,
#ifdef HAS_ALPN
if(conn->bits.tls_enable_alpn) {
next_protocol = mbedtls_ssl_get_alpn_protocol(&BACKEND->ssl);
const char *next_protocol = mbedtls_ssl_get_alpn_protocol(&BACKEND->ssl);
if(next_protocol) {
infof(data, "ALPN, server accepted to use %s\n", next_protocol);

32
lib/vtls/polarssl_threadlock.c
View File

@ -49,25 +49,23 @@ static POLARSSL_MUTEX_T *mutex_buf = NULL;
int Curl_polarsslthreadlock_thread_setup(void)
{
int i;
int ret;
mutex_buf = calloc(NUMT * sizeof(POLARSSL_MUTEX_T), 1);
if(!mutex_buf)
return 0; /* error, no number of threads defined */
#if defined(USE_THREADS_POSIX) && defined(HAVE_PTHREAD_H)
for(i = 0; i < NUMT; i++) {
int ret;
#if defined(USE_THREADS_POSIX) && defined(HAVE_PTHREAD_H)
ret = pthread_mutex_init(&mutex_buf[i], NULL);
if(ret)
return 0; /* pthread_mutex_init failed */
}
#elif defined(USE_THREADS_WIN32) && defined(HAVE_PROCESS_H)
for(i = 0; i < NUMT; i++) {
mutex_buf[i] = CreateMutex(0, FALSE, 0);
if(mutex_buf[i] == 0)
return 0; /* CreateMutex failed */
}
#endif /* USE_THREADS_POSIX && HAVE_PTHREAD_H */
}
return 1; /* OK */
}
@ -75,24 +73,22 @@ int Curl_polarsslthreadlock_thread_setup(void)
int Curl_polarsslthreadlock_thread_cleanup(void)
{
int i;
int ret;
if(!mutex_buf)
return 0; /* error, no threads locks defined */
#if defined(USE_THREADS_POSIX) && defined(HAVE_PTHREAD_H)
for(i = 0; i < NUMT; i++) {
int ret;
#if defined(USE_THREADS_POSIX) && defined(HAVE_PTHREAD_H)
ret = pthread_mutex_destroy(&mutex_buf[i]);
if(ret)
return 0; /* pthread_mutex_destroy failed */
}
#elif defined(USE_THREADS_WIN32) && defined(HAVE_PROCESS_H)
for(i = 0; i < NUMT; i++) {
ret = CloseHandle(mutex_buf[i]);
if(!ret)
return 0; /* CloseHandle failed */
}
#endif /* USE_THREADS_POSIX && HAVE_PTHREAD_H */
}
free(mutex_buf);
mutex_buf = NULL;
@ -101,51 +97,47 @@ int Curl_polarsslthreadlock_thread_cleanup(void)
int Curl_polarsslthreadlock_lock_function(int n)
{
int ret;
#if defined(USE_THREADS_POSIX) && defined(HAVE_PTHREAD_H)
if(n < NUMT) {
int ret;
#if defined(USE_THREADS_POSIX) && defined(HAVE_PTHREAD_H)
ret = pthread_mutex_lock(&mutex_buf[n]);
if(ret) {
DEBUGF(fprintf(stderr,
"Error: polarsslthreadlock_lock_function failed\n"));
return 0; /* pthread_mutex_lock failed */
}
}
#elif defined(USE_THREADS_WIN32) && defined(HAVE_PROCESS_H)
if(n < NUMT) {
ret = (WaitForSingleObject(mutex_buf[n], INFINITE) == WAIT_FAILED?1:0);
if(ret) {
DEBUGF(fprintf(stderr,
"Error: polarsslthreadlock_lock_function failed\n"));
return 0; /* pthread_mutex_lock failed */
}
}
#endif /* USE_THREADS_POSIX && HAVE_PTHREAD_H */
}
return 1; /* OK */
}
int Curl_polarsslthreadlock_unlock_function(int n)
{
int ret;
#if defined(USE_THREADS_POSIX) && defined(HAVE_PTHREAD_H)
if(n < NUMT) {
int ret;
#if defined(USE_THREADS_POSIX) && defined(HAVE_PTHREAD_H)
ret = pthread_mutex_unlock(&mutex_buf[n]);
if(ret) {
DEBUGF(fprintf(stderr,
"Error: polarsslthreadlock_unlock_function failed\n"));
return 0; /* pthread_mutex_unlock failed */
}
}
#elif defined(USE_THREADS_WIN32) && defined(HAVE_PROCESS_H)
if(n < NUMT) {
ret = ReleaseMutex(mutex_buf[n]);
if(!ret) {
DEBUGF(fprintf(stderr,
"Error: polarsslthreadlock_unlock_function failed\n"));
return 0; /* pthread_mutex_lock failed */
}
}
#endif /* USE_THREADS_POSIX && HAVE_PTHREAD_H */
}
return 1; /* OK */
}

16
lib/vtls/schannel.c
View File

@ -868,13 +868,11 @@ schannel_connect_step2(struct connectdata *conn, int sockindex)
struct Curl_easy *data = conn->data;
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
unsigned char *reallocated_buffer;
size_t reallocated_length;
SecBuffer outbuf[3];
SecBufferDesc outbuf_desc;
SecBuffer inbuf[2];
SecBufferDesc inbuf_desc;
SECURITY_STATUS sspi_status = SEC_E_OK;
TCHAR *host_name;
CURLcode result;
bool doread;
char * const hostname = SSL_IS_PROXY() ? conn->http_proxy.host.name :
@ -917,7 +915,7 @@ schannel_connect_step2(struct connectdata *conn, int sockindex)
if(BACKEND->encdata_length - BACKEND->encdata_offset <
CURL_SCHANNEL_BUFFER_FREE_SIZE) {
/* increase internal encrypted data buffer */
reallocated_length = BACKEND->encdata_offset +
size_t reallocated_length = BACKEND->encdata_offset +
CURL_SCHANNEL_BUFFER_FREE_SIZE;
reallocated_buffer = realloc(BACKEND->encdata_buffer,
reallocated_length);
@ -933,6 +931,7 @@ schannel_connect_step2(struct connectdata *conn, int sockindex)
}
for(;;) {
TCHAR *host_name;
if(doread) {
/* read encrypted handshake data from socket */
result = Curl_read_plain(conn->sock[sockindex],
@ -2131,14 +2130,9 @@ static CURLcode Curl_schannel_random(struct Curl_easy *data UNUSED_PARAM,
static CURLcode pkp_pin_peer_pubkey(struct connectdata *conn, int sockindex,
const char *pinnedpubkey)
{
SECURITY_STATUS sspi_status;
struct Curl_easy *data = conn->data;
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
CERT_CONTEXT *pCertContextServer = NULL;
const char *x509_der;
DWORD x509_der_len;
curl_X509certificate x509_parsed;
curl_asn1Element *pubkey;
/* Result is returned to caller */
CURLcode result = CURLE_SSL_PINNEDPUBKEYNOTMATCH;
@ -2148,6 +2142,12 @@ static CURLcode pkp_pin_peer_pubkey(struct connectdata *conn, int sockindex,
return CURLE_OK;
do {
SECURITY_STATUS sspi_status;
const char *x509_der;
DWORD x509_der_len;
curl_X509certificate x509_parsed;
curl_asn1Element *pubkey;
sspi_status =
s_pSecFn->QueryContextAttributes(&BACKEND->ctxt->ctxt_handle,
SECPKG_ATTR_REMOTE_CERT_CONTEXT,

22
lib/vtls/vtls.c
View File

@ -498,9 +498,9 @@ CURLcode Curl_ssl_addsessionid(struct connectdata *conn,
void Curl_ssl_close_all(struct Curl_easy *data)
{
size_t i;
/* kill the session ID cache if not shared */
if(data->state.session && !SSLSESSION_SHARED(data)) {
size_t i;
for(i = 0; i < data->set.general_ssl.max_ssl_sessions; i++)
/* the single-killer function handles empty table slots */
Curl_ssl_kill_session(&data->state.session[i]);
@ -644,11 +644,11 @@ bool Curl_ssl_data_pending(const struct connectdata *conn,
void Curl_ssl_free_certinfo(struct Curl_easy *data)
{
int i;
struct curl_certinfo *ci = &data->info.certs;
if(ci->num_of_certs) {
/* free all individual lists used */
int i;
for(i = 0; i<ci->num_of_certs; i++) {
curl_slist_free_all(ci->certinfo[i]);
ci->certinfo[i] = NULL;
@ -808,14 +808,7 @@ CURLcode Curl_pin_peer_pubkey(struct Curl_easy *data,
{
FILE *fp;
unsigned char *buf = NULL, *pem_ptr = NULL;
long filesize;
size_t size, pem_len;
CURLcode pem_read;
CURLcode result = CURLE_SSL_PINNEDPUBKEYNOTMATCH;
CURLcode encode;
size_t encodedlen, pinkeylen;
char *encoded, *pinkeycopy, *begin_pos, *end_pos;
unsigned char *sha256sumdigest = NULL;
/* if a path wasn't specified, don't pin */
if(!pinnedpubkey)
@ -825,6 +818,11 @@ CURLcode Curl_pin_peer_pubkey(struct Curl_easy *data,
/* only do this if pinnedpubkey starts with "sha256//", length 8 */
if(strncmp(pinnedpubkey, "sha256//", 8) == 0) {
CURLcode encode;
size_t encodedlen, pinkeylen;
char *encoded, *pinkeycopy, *begin_pos, *end_pos;
unsigned char *sha256sumdigest;
if(!Curl_ssl->sha256sum) {
/* without sha256 support, this cannot match */
return result;
@ -895,6 +893,10 @@ CURLcode Curl_pin_peer_pubkey(struct Curl_easy *data,
return result;
do {
long filesize;
size_t size, pem_len;
CURLcode pem_read;
/* Determine the file's size */
if(fseek(fp, 0, SEEK_END))
break;
@ -1271,7 +1273,6 @@ static int multissl_init(const struct Curl_ssl *backend)
{
const char *env;
char *env_tmp;
int i;
if(Curl_ssl != &Curl_ssl_multi)
return 1;
@ -1290,6 +1291,7 @@ static int multissl_init(const struct Curl_ssl *backend)
env = CURL_DEFAULT_SSL_BACKEND;
#endif
if(env) {
int i;
for(i = 0; available_backends[i]; i++) {
if(strcasecompare(env, available_backends[i]->info.name)) {
Curl_ssl = available_backends[i];

15
lib/x509asn1.c
View File

@ -266,8 +266,6 @@ utf8asn1str(char **to, int type, const char *from, const char *end)
size_t inlength = end - from;
int size = 1;
size_t outlength;
int charsize;
unsigned int wc;
char *buf;
*to = NULL;
@ -305,6 +303,9 @@ utf8asn1str(char **to, int type, const char *from, const char *end)
}
else {
for(outlength = 0; from < end;) {
int charsize;
unsigned int wc;
wc = 0;
switch(size) {
case 4:
@ -877,9 +878,6 @@ static void do_pubkey(struct Curl_easy *data, int certnum,
curl_asn1Element elem;
curl_asn1Element pk;
const char *p;
const char *q;
unsigned long len;
unsigned int i;
/* Generate all information records for the public key. */
@ -888,6 +886,9 @@ static void do_pubkey(struct Curl_easy *data, int certnum,
return;
if(strcasecompare(algo, "rsaEncryption")) {
const char *q;
unsigned long len;
p = getASN1Element(&elem, pk.beg, pk.end);
if(!p)
return;
@ -896,9 +897,11 @@ static void do_pubkey(struct Curl_easy *data, int certnum,
for(q = elem.beg; !*q && q < elem.end; q++)
;
len = (unsigned long)((elem.end - q) * 8);
if(len)
if(len) {
unsigned int i;
for(i = *(unsigned char *) q; !(i & 0x80); i <<= 1)
len--;
}
if(len > 32)
elem.beg = q; /* Strip leading zero bytes. */
if(!certnum)